001    /**
002     * 
003     */
004    package org.springframework.richclient.security.support;
005    
006    import java.util.Iterator;
007    
008    import junit.framework.TestCase;
009    
010    import org.springframework.security.Authentication;
011    import org.springframework.security.ConfigAttribute;
012    import org.springframework.security.ConfigAttributeDefinition;
013    import org.springframework.security.GrantedAuthority;
014    import org.springframework.security.GrantedAuthorityImpl;
015    import org.springframework.security.providers.TestingAuthenticationToken;
016    
017    /**
018     * @author Larry Streepy
019     * 
020     */
021    public class UserRoleSecurityControllerTests extends TestCase {
022    
023        private TestUserRoleSecurityController controller;
024    
025        /*
026         * @see TestCase#setUp()
027         */
028        protected void setUp() throws Exception {
029            super.setUp();
030            controller = new TestUserRoleSecurityController();
031        }
032    
033        /**
034         * Test that the role string is properly parsed
035         */
036        public void testSetAuthorizingRoles() {
037            controller.setAuthorizingRoles( "ROLE_1,ROLE_2" );
038    
039            ConfigAttributeDefinition cad = controller.getParsedConfigs();
040            assertTrue( "Should be 2 roles", cad.getConfigAttributes().size() == 2 );
041    
042            Iterator iter = cad.getConfigAttributes().iterator();
043            ConfigAttribute attr1 = (ConfigAttribute) iter.next();
044            ConfigAttribute attr2 = (ConfigAttribute) iter.next();
045    
046            assertEquals( "Should be ROLE_1", attr1.getAttribute(), "ROLE_1" );
047            assertEquals( "Should be ROLE_2", attr2.getAttribute(), "ROLE_2" );
048        }
049    
050        /**
051         * Test that objects are properly authorized when the user holds any of the indicated
052         * roles.
053         */
054        public void testAuthorization() {
055            controller.setAuthorizingRoles( "ROLE_1,ROLE_2" );
056    
057            TestAuthorizable a1 = new TestAuthorizable( false );
058    
059            controller.addControlledObject( a1 );
060            assertFalse( "Object should not be authorized", a1.isAuthorized() );
061    
062            // Now set the authentication token so that it contains one of these roles
063            Authentication auth = new TestingAuthenticationToken( "USER1", "FOO",
064                new GrantedAuthority[] { new GrantedAuthorityImpl( "ROLE_1" ) } );
065            controller.setAuthenticationToken( auth );
066    
067            assertTrue( "Object should be authorized", a1.isAuthorized() );
068            assertEquals( "Object should be updated", a1.getAuthCount(), 2 );
069    
070            // Now to a token that does not contain one of the roles
071            auth = new TestingAuthenticationToken( "USER1", "FOO", new GrantedAuthority[] { new GrantedAuthorityImpl(
072                "ROLE_NOTFOUND" ) } );
073            controller.setAuthenticationToken( auth );
074    
075            assertFalse( "Object should not be authorized", a1.isAuthorized() );
076            assertEquals( "Object should be updated", a1.getAuthCount(), 3 );
077    
078            // Now to a null
079            controller.setAuthenticationToken( null );
080    
081            assertFalse( "Object should not be authorized", a1.isAuthorized() );
082            assertEquals( "Object should be updated", a1.getAuthCount(), 4 );
083        }
084    
085        /**
086         * More accessible implementation.
087         */
088        public class TestUserRoleSecurityController extends UserRoleSecurityController {
089            public ConfigAttributeDefinition getParsedConfigs() {
090                return getConfigAttributeDefinition( null );
091            }
092        }
093    }