Add ACL Document Management System XML sample
Closes gh-34
This commit is contained in:
committed by
Marcus Hert Da Coregio
parent
c35ba7bf5d
commit
f3348eec4a
@@ -0,0 +1,156 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package sample;
|
||||
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import sample.dms.AbstractElement;
|
||||
import sample.dms.Directory;
|
||||
import sample.dms.DocumentDao;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Basic integration test for DMS sample.
|
||||
*
|
||||
* @author Ben Alex
|
||||
*
|
||||
*/
|
||||
@ContextConfiguration(
|
||||
locations = { "classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-insecure.xml" })
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@Transactional
|
||||
public class DmsIntegrationTests {
|
||||
|
||||
@Autowired
|
||||
protected JdbcTemplate jdbcTemplate;
|
||||
|
||||
@Autowired
|
||||
protected DocumentDao documentDao;
|
||||
|
||||
@AfterEach
|
||||
void clearContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
public void setDocumentDao(DocumentDao documentDao) {
|
||||
this.documentDao = documentDao;
|
||||
}
|
||||
|
||||
@Test
|
||||
void testBasePopulation() {
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from DIRECTORY", Integer.class)).isEqualTo(9);
|
||||
assertThat((int) this.jdbcTemplate.queryForObject("select count(id) from FILE", Integer.class)).isEqualTo(90);
|
||||
assertThat(this.documentDao.findElements(Directory.ROOT_DIRECTORY).length).isEqualTo(3);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testMarissaRetrieval() {
|
||||
process("rod", "koala", false);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testScottRetrieval() {
|
||||
process("scott", "wombat", false);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testDianneRetrieval() {
|
||||
process("dianne", "emu", false);
|
||||
}
|
||||
|
||||
protected void process(String username, String password, boolean shouldBeFiltered) {
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new UsernamePasswordAuthenticationToken(username, password));
|
||||
System.out.println("------ Test for username: " + username + " ------");
|
||||
AbstractElement[] rootElements = this.documentDao.findElements(Directory.ROOT_DIRECTORY);
|
||||
assertThat(rootElements).hasSize(3);
|
||||
Directory homeDir = null;
|
||||
Directory nonHomeDir = null;
|
||||
for (AbstractElement rootElement : rootElements) {
|
||||
if (rootElement.getName().equals(username)) {
|
||||
homeDir = (Directory) rootElement;
|
||||
}
|
||||
else {
|
||||
nonHomeDir = (Directory) rootElement;
|
||||
}
|
||||
}
|
||||
System.out.println("Home directory......: " + homeDir.getFullName());
|
||||
System.out.println("Non-home directory..: " + nonHomeDir.getFullName());
|
||||
|
||||
AbstractElement[] homeElements = this.documentDao.findElements(homeDir);
|
||||
assertThat(homeElements).hasSize(12); // confidential and shared
|
||||
// directories,
|
||||
// plus 10 files
|
||||
|
||||
AbstractElement[] nonHomeElements = this.documentDao.findElements(nonHomeDir);
|
||||
assertThat(nonHomeElements).hasSize(shouldBeFiltered ? 11 : 12);
|
||||
|
||||
// cannot see the user's "confidential" sub-directory when filtering
|
||||
|
||||
// Attempt to read the other user's confidential directory from the returned
|
||||
// results
|
||||
// Of course, we shouldn't find a "confidential" directory in the results if we're
|
||||
// filtering
|
||||
Directory nonHomeConfidentialDir = null;
|
||||
for (AbstractElement nonHomeElement : nonHomeElements) {
|
||||
if (nonHomeElement.getName().equals("confidential")) {
|
||||
nonHomeConfidentialDir = (Directory) nonHomeElement;
|
||||
}
|
||||
}
|
||||
|
||||
if (shouldBeFiltered) {
|
||||
assertThat(nonHomeConfidentialDir).withFailMessage("Found confidential directory when we should not have")
|
||||
.isNull();
|
||||
}
|
||||
else {
|
||||
System.out.println("Inaccessible dir....: " + nonHomeConfidentialDir.getFullName());
|
||||
assertThat(this.documentDao.findElements(nonHomeConfidentialDir).length).isEqualTo(10); // 10
|
||||
// files
|
||||
// (no
|
||||
// sub-directories)
|
||||
}
|
||||
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,71 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package sample;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Basic integration test for DMS sample when security has been added.
|
||||
*
|
||||
* @author Ben Alex
|
||||
*
|
||||
*/
|
||||
@ContextConfiguration(
|
||||
locations = { "classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-secure.xml" })
|
||||
public class SecureDmsIntegrationTests extends DmsIntegrationTests {
|
||||
|
||||
@Override
|
||||
@Test
|
||||
void testBasePopulation() {
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from DIRECTORY", Integer.class)).isEqualTo(9);
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from FILE", Integer.class)).isEqualTo(90);
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from ACL_SID", Integer.class)).isEqualTo(4); // 3
|
||||
// users
|
||||
// +
|
||||
// 1
|
||||
// role
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from ACL_CLASS", Integer.class)).isEqualTo(2); // Directory
|
||||
// and
|
||||
// File
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from ACL_OBJECT_IDENTITY", Integer.class))
|
||||
.isEqualTo(100);
|
||||
assertThat(this.jdbcTemplate.queryForObject("select count(id) from ACL_ENTRY", Integer.class)).isEqualTo(115);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
void testMarissaRetrieval() {
|
||||
process("rod", "koala", true);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
void testScottRetrieval() {
|
||||
process("scott", "wombat", true);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
void testDianneRetrieval() {
|
||||
process("dianne", "emu", true);
|
||||
}
|
||||
|
||||
}
|
||||
15
servlet/xml/java/dms/src/test/resources/logback-test.xml
Normal file
15
servlet/xml/java/dms/src/test/resources/logback-test.xml
Normal file
@@ -0,0 +1,15 @@
|
||||
<configuration>
|
||||
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
|
||||
<encoder>
|
||||
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
|
||||
<logger name="org.springframework.security" level="${sec.log.level:-WARN}"/>
|
||||
|
||||
|
||||
<root level="${root.level:-WARN}">
|
||||
<appender-ref ref="STDOUT" />
|
||||
</root>
|
||||
|
||||
</configuration>
|
||||
Reference in New Issue
Block a user