2 * Copyright (C) 2011 EDIT
3 * European Distributed Institute of Taxonomy
4 * http://www.e-taxonomy.eu
6 * The contents of this file are subject to the Mozilla Public License Version 1.1
7 * See LICENSE.TXT at the top of this package for the full license terms.
9 package eu
.etaxonomy
.cdm
.api
.service
;
11 import static org
.junit
.Assert
.assertEquals
;
12 import static org
.junit
.Assert
.assertFalse
;
13 import static org
.junit
.Assert
.assertTrue
;
15 import java
.io
.FileNotFoundException
;
16 import java
.util
.Collection
;
17 import java
.util
.EnumSet
;
18 import java
.util
.HashSet
;
19 import java
.util
.List
;
21 import java
.util
.UUID
;
23 import javax
.sql
.DataSource
;
25 import org
.apache
.log4j
.Logger
;
26 import org
.junit
.Assert
;
27 import org
.junit
.Ignore
;
28 import org
.junit
.Test
;
29 import org
.springframework
.security
.access
.AccessDeniedException
;
30 import org
.springframework
.security
.authentication
.AuthenticationManager
;
31 import org
.springframework
.security
.authentication
.UsernamePasswordAuthenticationToken
;
32 import org
.springframework
.security
.authentication
.dao
.SaltSource
;
33 import org
.springframework
.security
.authentication
.encoding
.PasswordEncoder
;
34 import org
.springframework
.security
.core
.Authentication
;
35 import org
.springframework
.security
.core
.GrantedAuthority
;
36 import org
.springframework
.security
.core
.context
.SecurityContext
;
37 import org
.springframework
.security
.core
.context
.SecurityContextHolder
;
38 import org
.unitils
.database
.annotations
.TestDataSource
;
39 import org
.unitils
.dbunit
.annotation
.DataSet
;
40 import org
.unitils
.spring
.annotation
.SpringBean
;
41 import org
.unitils
.spring
.annotation
.SpringBeanByType
;
43 import eu
.etaxonomy
.cdm
.database
.PermissionDeniedException
;
44 import eu
.etaxonomy
.cdm
.model
.description
.DescriptionElementBase
;
45 import eu
.etaxonomy
.cdm
.model
.description
.Feature
;
46 import eu
.etaxonomy
.cdm
.model
.description
.TaxonDescription
;
47 import eu
.etaxonomy
.cdm
.model
.description
.TextData
;
48 import eu
.etaxonomy
.cdm
.model
.name
.Rank
;
49 import eu
.etaxonomy
.cdm
.model
.name
.TaxonName
;
50 import eu
.etaxonomy
.cdm
.model
.name
.TaxonNameFactory
;
51 import eu
.etaxonomy
.cdm
.model
.permission
.CRUD
;
52 import eu
.etaxonomy
.cdm
.model
.permission
.GrantedAuthorityImpl
;
53 import eu
.etaxonomy
.cdm
.model
.permission
.Operation
;
54 import eu
.etaxonomy
.cdm
.model
.permission
.PermissionClass
;
55 import eu
.etaxonomy
.cdm
.model
.permission
.User
;
56 import eu
.etaxonomy
.cdm
.model
.reference
.Reference
;
57 import eu
.etaxonomy
.cdm
.model
.reference
.ReferenceFactory
;
58 import eu
.etaxonomy
.cdm
.model
.taxon
.Synonym
;
59 import eu
.etaxonomy
.cdm
.model
.taxon
.SynonymType
;
60 import eu
.etaxonomy
.cdm
.model
.taxon
.Taxon
;
61 import eu
.etaxonomy
.cdm
.model
.taxon
.TaxonBase
;
62 import eu
.etaxonomy
.cdm
.model
.taxon
.TaxonNode
;
63 import eu
.etaxonomy
.cdm
.persistence
.permission
.CdmAuthority
;
64 import eu
.etaxonomy
.cdm
.persistence
.permission
.CdmAuthorityParsingException
;
65 import eu
.etaxonomy
.cdm
.persistence
.permission
.ICdmPermissionEvaluator
;
66 import eu
.etaxonomy
.cdm
.persistence
.query
.MatchMode
;
67 import eu
.etaxonomy
.cdm
.test
.unitils
.CleanSweepInsertLoadStrategy
;
69 @DataSet(loadStrategy
=CleanSweepInsertLoadStrategy
.class)
70 public class SecurityTest
extends AbstractSecurityTestBase
{
72 private static final Logger logger
= Logger
.getLogger(SecurityTest
.class);
75 private ITaxonService taxonService
;
78 private INameService nameService
;
81 private IReferenceService referenceService
;
84 private ITaxonNodeService taxonNodeService
;
87 private IDescriptionService descriptionService
;
90 private IUserService userService
;
93 private IClassificationService classificationService
;
96 private AuthenticationManager authenticationManager
;
99 private SaltSource saltSource
;
102 private PasswordEncoder passwordEncoder
;
104 @SpringBean("cdmPermissionEvaluator")
105 private ICdmPermissionEvaluator permissionEvaluator
;
108 protected DataSource dataSource
;
110 private Authentication authentication
;
113 * no assertions in this test, since it is only used to create password hashes for test data
116 public void testEncryptPassword(){
118 String password
= PASSWORD_ADMIN
;
119 User user
= User
.NewInstance("userManager", "");
121 Object salt
= this.saltSource
.getSalt(user
);
122 String passwordEncrypted
= passwordEncoder
.encodePassword(password
, salt
);
123 logger
.info("encrypted password: " + passwordEncrypted
);
128 public void testHasPermission(){
130 Taxon taxon
= Taxon
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.GENUS()),null);
132 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
133 boolean hasPermission
= permissionEvaluator
.hasPermission(authentication
, taxon
, Operation
.UPDATE
);
134 assertTrue(hasPermission
);
136 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
137 hasPermission
= permissionEvaluator
.hasPermission(authentication
, taxon
, Operation
.UPDATE
);
138 assertFalse(hasPermission
);
143 public void testListByUsernameAllow(){
145 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
146 SecurityContext context
= SecurityContextHolder
.getContext();
147 context
.setAuthentication(authentication
);
149 List
<User
> userList
= userService
.listByUsername("Editor", MatchMode
.ANYWHERE
, null, null, 0, null, null);
150 Assert
.assertTrue("The user list must have elements", userList
.size() > 0 );
155 public void testUserService_CreateDeny(){
157 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
158 SecurityContext context
= SecurityContextHolder
.getContext();
159 context
.setAuthentication(authentication
);
161 RuntimeException exception
= null;
163 userService
.createUser(User
.NewInstance("new guy", "alkjdsfalkj"));
164 commitAndStartNewTransaction(null);
165 } catch (AccessDeniedException e
){
166 logger
.debug("Expected failure of evaluation.", e
);
168 } catch (RuntimeException e
){
169 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
170 logger
.debug("Expected failure of evaluation.", e
);
172 // needed in case saveOrUpdate was interrupted by the RuntimeException
173 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
175 startNewTransaction();
177 Assert
.assertNotNull("Must fail here!", exception
);
183 public void testUserService_CreateAllow(){
185 authentication
= authenticationManager
.authenticate(tokenForUserManager
);
186 SecurityContext context
= SecurityContextHolder
.getContext();
187 context
.setAuthentication(authentication
);
189 RuntimeException exception
= null;
191 userService
.createUser(User
.NewInstance("new guy", "alkjdsfalkj"));
192 commitAndStartNewTransaction(null);
193 } catch (AccessDeniedException e
){
194 logger
.error("Unexpected failure of evaluation.", e
);
196 } catch (RuntimeException e
){
197 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
198 logger
.error("unexpected failure of evaluation.", exception
);
200 // needed in case saveOrUpdate was interrupted by the RuntimeException
201 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
203 startNewTransaction();
205 Assert
.assertNull("Must not fail here!", exception
);
212 @Ignore // FIXME https://dev.e-taxonomy.eu/redmine/issues/3098
213 public void testHasPermissions(){
215 Taxon taxon
= Taxon
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.GENUS()),null);
217 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
218 boolean hasPermission
= permissionEvaluator
.hasPermission(authentication
, taxon
, Operation
.ALL
);
219 assertTrue(hasPermission
);
224 * Test method for {@link eu.etaxonomy.cdm.api.service.TaxonServiceImpl#saveTaxon(eu.etaxonomy.cdm.model.taxon.TaxonBase)}.
227 public final void testSaveTaxon() {
229 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
230 SecurityContext context
= SecurityContextHolder
.getContext();
231 context
.setAuthentication(authentication
);
233 Taxon expectedTaxon
= Taxon
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.SPECIES()), null);
234 expectedTaxon
.getName().setTitleCache("Newby admin", true);
235 UUID uuid
= taxonService
.save(expectedTaxon
).getUuid();
236 commitAndStartNewTransaction(null);
237 TaxonBase
<?
> actualTaxon
= taxonService
.load(uuid
);
238 assertEquals(expectedTaxon
, actualTaxon
);
240 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
241 context
= SecurityContextHolder
.getContext();
242 context
.setAuthentication(authentication
);
243 expectedTaxon
= Taxon
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.GENUS()), null);
244 expectedTaxon
.getName().setTitleCache("Newby taxonEditor", true);
245 uuid
= taxonService
.saveOrUpdate(expectedTaxon
);
246 commitAndStartNewTransaction(null);
247 actualTaxon
= taxonService
.load(uuid
);
248 assertEquals(expectedTaxon
, actualTaxon
);
253 public final void testSaveNameAllow() {
255 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
256 SecurityContext context
= SecurityContextHolder
.getContext();
257 context
.setAuthentication(authentication
);
259 TaxonName newName
= TaxonNameFactory
.NewZoologicalInstance(Rank
.SPECIES());
260 newName
.setTitleCache("Newby taxonEditor", true);
261 UUID uuid
= nameService
.saveOrUpdate(newName
);
262 commitAndStartNewTransaction(null);
263 TaxonName savedName
= nameService
.load(uuid
);
264 assertEquals(newName
, savedName
);
269 @Ignore //#5829 should be fixed as soon as possible
270 public final void testReuseNameAllow() {
272 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
273 SecurityContext context
= SecurityContextHolder
.getContext();
274 context
.setAuthentication(authentication
);
276 TaxonBase
<?
> taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
277 TaxonName n_acherontia_thetis
= taxon
.getName();
279 Reference sec
= ReferenceFactory
.newGeneric();
280 sec
.setUuid(UUID
.fromString("bd7e4a15-6403-49a9-a6df-45b46fa99efd"));
281 Taxon newTaxon
= Taxon
.NewInstance(n_acherontia_thetis
, sec
);
282 Exception exception
= null;
284 taxonService
.save(newTaxon
);
285 commitAndStartNewTransaction(null);
286 } catch (AccessDeniedException e
){
287 logger
.error("Unexpected failure of evaluation.", e
);
289 } catch (RuntimeException e
){
290 logger
.error("Unexpected failure of evaluation.", e
);
291 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
293 // needed in case saveOrUpdate was interrupted by the RuntimeException
294 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
296 startNewTransaction();
298 Assert
.assertNull("must not fail here!", exception
);
302 public final void testMakeTaxonNodeASynonymOfAnotherTaxonNodeAllow_1() {
304 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
305 SecurityContext context
= SecurityContextHolder
.getContext();
306 context
.setAuthentication(authentication
);
308 Reference book
= referenceService
.load(BOOK1_UUID
);
310 TaxonNode n_acherontia_styx
= taxonNodeService
.find(ACHERONTIA_STYX_NODE_UUID
);
311 TaxonNode n_acherontia_lachersis
= taxonNodeService
.find(ACHERONTIA_LACHESIS_NODE_UUID
);
313 Exception exception
= null;
315 taxonNodeService
.makeTaxonNodeASynonymOfAnotherTaxonNode(n_acherontia_styx
, n_acherontia_lachersis
, SynonymType
.HETEROTYPIC_SYNONYM_OF(), book
, "33", true);
316 commitAndStartNewTransaction(null);
317 } catch (AccessDeniedException e
){
318 logger
.error("Unexpected failure of evaluation.", e
);
320 } catch (RuntimeException e
){
321 logger
.error("Unexpected failure of evaluation.", e
);
322 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
324 // needed in case saveOrUpdate was interrupted by the RuntimeException
325 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
327 startNewTransaction();
329 Assert
.assertNull("must not fail here!", exception
);
333 public final void testMakeTaxonNodeASynonymOfAnotherTaxonNodeAllow_2() {
335 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
336 SecurityContext context
= SecurityContextHolder
.getContext();
337 context
.setAuthentication(authentication
);
339 Reference book
= referenceService
.load(BOOK1_UUID
);
341 TaxonNode n_acherontia_styx
= taxonNodeService
.find(ACHERONTIA_STYX_NODE_UUID
);
342 TaxonNode n_acherontia_lachersis
= taxonNodeService
.find(ACHERONTIA_LACHESIS_NODE_UUID
);
344 Exception exception
= null;
346 taxonNodeService
.makeTaxonNodeASynonymOfAnotherTaxonNode(n_acherontia_lachersis
, n_acherontia_styx
, SynonymType
.HOMOTYPIC_SYNONYM_OF(), book
, "33", true);
347 commitAndStartNewTransaction(null);
348 } catch (AccessDeniedException e
){
349 logger
.error("Unexpected failure of evaluation.", e
);
351 } catch (RuntimeException e
){
352 logger
.error("Unexpected failure of evaluation.", e
);
353 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
355 // needed in case saveOrUpdate was interrupted by the RuntimeException
356 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
358 startNewTransaction();
360 Assert
.assertNull("must not fail here!", exception
);
364 public final void testUpdateReferenceAllow() throws CdmAuthorityParsingException
{
367 authentication
= authenticationManager
.authenticate(tokenForUserManager
);
368 SecurityContext context
= SecurityContextHolder
.getContext();
369 context
.setAuthentication(authentication
);
371 // add REFERENCE[UPDATE] to taxonEditor
372 User taxonEditor
= userService
.load(TAXON_EDITOR_UUID
);
373 Set
<GrantedAuthority
> grantedAuthorities
= new HashSet
<GrantedAuthority
>();
374 grantedAuthorities
.addAll(taxonEditor
.getGrantedAuthorities());
375 GrantedAuthorityImpl referenceUpdate_ga
= new CdmAuthority(PermissionClass
.REFERENCE
, null, EnumSet
.of(CRUD
.UPDATE
), null).asNewGrantedAuthority();
376 grantedAuthorities
.add(referenceUpdate_ga
);
377 taxonEditor
.setGrantedAuthorities(grantedAuthorities
);
378 userService
.saveOrUpdate(taxonEditor
);
379 commitAndStartNewTransaction(null);
381 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
382 context
= SecurityContextHolder
.getContext();
383 context
.setAuthentication(authentication
);
385 Reference book
= referenceService
.load(BOOK1_UUID
);
386 book
.setTitleCache("Mobydick", true);
387 Exception exception
= null;
389 referenceService
.saveOrUpdate(book
);
390 commitAndStartNewTransaction(null);
391 } catch (AccessDeniedException e
){
392 logger
.error("Unexpected failure of evaluation.", e
);
394 } catch (RuntimeException e
){
395 logger
.error("Unexpected failure of evaluation.", e
);
396 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
398 // needed in case saveOrUpdate was interrupted by the RuntimeException
399 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
401 startNewTransaction();
403 Assert
.assertNull("must not fail here!", exception
);
404 book
= referenceService
.load(BOOK1_UUID
);
405 Assert
.assertEquals("Mobydick", book
.getTitleCache());
409 public final void testUpateReferenceDeny() {
411 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
412 SecurityContext context
= SecurityContextHolder
.getContext();
413 context
.setAuthentication(authentication
);
415 TaxonBase
<?
> taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
416 taxon
.getName().getNomenclaturalReference().setTitleCache("Mobydick", true);
417 Exception exception
= null;
419 taxonService
.saveOrUpdate(taxon
);
420 commitAndStartNewTransaction(null);
421 } catch (AccessDeniedException e
){
422 logger
.debug("Expected failure of evaluation.", e
);
424 } catch (RuntimeException e
){
425 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
426 logger
.debug("Expected failure of evaluation.", e
);
428 // needed in case saveOrUpdate was interrupted by the RuntimeException
429 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
431 startNewTransaction();
433 Assert
.assertNotNull("must fail here!", exception
);
437 public void testChangeOwnPassword(){
439 SecurityContext context
= SecurityContextHolder
.getContext();
440 // authenticate as admin
441 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
442 context
.setAuthentication(authentication
);
444 // User currentUser = (User) context.getAuthentication().getPrincipal();
446 String newPass
= "poiweorijo";
447 userService
.changePassword(PASSWORD_TAXON_EDITOR
, newPass
);
448 commitAndStartNewTransaction(null);
450 // try to re-authenticate user with changed password
451 UsernamePasswordAuthenticationToken newTokenForTaxonEditor
= new UsernamePasswordAuthenticationToken("taxonEditor", newPass
);
452 authentication
= authenticationManager
.authenticate(newTokenForTaxonEditor
);
456 public void testChangeOthersPasswordAllow(){
458 SecurityContext context
= SecurityContextHolder
.getContext();
459 RuntimeException exception
= null;
461 // (1) authenticate as admin
462 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
463 context
.setAuthentication(authentication
);
467 userService
.changePasswordForUser("taxonomist", "zuaisd");
468 commitAndStartNewTransaction(null);
469 } catch (AccessDeniedException e
){
470 logger
.error("Unexpected failure of evaluation.", e
);
472 } catch (RuntimeException e
){
473 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
474 logger
.error("Unexpected failure of evaluation.", exception
);
476 // needed in case saveOrUpdate was interrupted by the RuntimeException
477 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
479 startNewTransaction();
481 Assert
.assertNull("must not fail here!", exception
);
483 // ok, now try authenticating taxonomist with new password
484 UsernamePasswordAuthenticationToken newToken
= new UsernamePasswordAuthenticationToken("taxonomist", "zuaisd");
485 authentication
= authenticationManager
.authenticate(newToken
);
489 public void testChangeOthersPasswordDeny(){
491 SecurityContext context
= SecurityContextHolder
.getContext();
492 RuntimeException exception
= null;
494 // (2) authenticate as under privileged user - not an admin !!!
495 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
496 context
.setAuthentication(authentication
);
498 // check test preconditions user name and authorities
499 Assert
.assertEquals("descriptionEditor", context
.getAuthentication().getName());
500 Collection
<?
extends GrantedAuthority
> authorities
= context
.getAuthentication().getAuthorities();
501 for(GrantedAuthority authority
: authorities
){
502 // role prefix 'ROLE_' is defined in org.springframework.security.access.vote.RoleVoter !!!
503 Assert
.assertNotSame("user must not have authority 'ROLE_ADMIN'", "ROLE_ADMIN", authority
.getAuthority());
505 // finally perform the test :
507 userService
.changePasswordForUser("partEditor", "poiweorijo");
508 commitAndStartNewTransaction(null);
509 } catch (AccessDeniedException e
){
510 logger
.debug("Expected failure of evaluation.", e
);
512 } catch (RuntimeException e
){
513 exception
= findThrowableOfTypeIn(PermissionDeniedException
.class, e
);
514 logger
.debug("Expected failure of evaluation.", e
);
516 // needed in case saveOrUpdate was interrupted by the RuntimeException
517 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
519 startNewTransaction();
521 Assert
.assertNotNull("must fail here!", exception
);
525 public void testUpdateUser(){
527 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
528 SecurityContext context
= SecurityContextHolder
.getContext();
529 context
.setAuthentication(authentication
);
530 String username
= "standardUser";
531 String password
= "pw";
532 User user
= User
.NewInstance(username
, password
);
534 userService
.createUser(user
);
535 user
.setEmailAddress("test@bgbm.org");
537 userService
.updateUser(user
);
538 userService
.update(user
);
539 userService
.saveOrUpdate(user
);
540 commitAndStartNewTransaction(null);
545 * test with admin account - should succeed
548 public final void testTaxonSaveOrUpdateAllow_1() {
550 SecurityContext context
= SecurityContextHolder
.getContext();
552 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
553 context
.setAuthentication(authentication
);
554 RuntimeException securityException
= null;
556 TaxonBase
<?
> taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
557 Assert
.assertFalse(taxon
.isDoubtful());
558 taxon
.setDoubtful(true);
560 taxonService
.saveOrUpdate(taxon
);
561 commitAndStartNewTransaction(null);
562 } catch (RuntimeException e
){
563 securityException
= findSecurityRuntimeException(e
);
564 logger
.error("Unexpected failure of evaluation.", e
);
566 // needed in case saveOrUpdate was interrupted by the RuntimeException
567 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
569 startNewTransaction();
571 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
573 taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
574 Assert
.assertTrue("The change must be persisted", taxon
.isDoubtful());
578 * test with taxonEditor account - should succeed
581 public final void testTaxonSaveOrUpdateAllow_2() {
584 RuntimeException securityException
= null;
585 SecurityContext context
= SecurityContextHolder
.getContext();
587 // taxonEditor account - should succeed
588 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
590 context
.setAuthentication(authentication
);
592 TaxonBase
<?
> taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
593 Assert
.assertFalse(taxon
.isDoubtful());
594 taxon
.setDoubtful(true);
596 taxonService
.saveOrUpdate(taxon
);
597 commitAndStartNewTransaction(null);
598 } catch (RuntimeException e
){
599 securityException
= findSecurityRuntimeException(e
);
600 logger
.error("Unexpected failure of evaluation.", e
);
602 // needed in case saveOrUpdate was interrupted by the RuntimeException
603 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
605 startNewTransaction();
607 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
609 taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
610 Assert
.assertTrue("The change must be persited", taxon
.isDoubtful());
614 * test with tokenForDescriptionEditor account - should fail
617 public final void testTaxonSaveOrUpdateDeny_2() {
619 SecurityContext context
= SecurityContextHolder
.getContext();
620 RuntimeException securityException
= null;
622 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
623 context
.setAuthentication(authentication
);
625 TaxonBase
<?
> taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
627 Assert
.assertFalse(taxon
.isDoubtful());
628 taxon
.setDoubtful(true);
630 taxonService
.saveOrUpdate(taxon
);
631 commitAndStartNewTransaction(null);
632 } catch (RuntimeException e
){
633 securityException
= findSecurityRuntimeException(e
);
634 logger
.debug("Expected failure of evaluation.", securityException
);
636 // needed in case saveOrUpdate was interrupted by the RuntimeException
637 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
639 startNewTransaction();
642 Assert
.assertNotNull("evaluation must fail since the user is not permitted", securityException
);
644 taxon
= taxonService
.find(UUID_ACHERONTIA_STYX
);
645 Assert
.assertFalse("The change must not be persited", taxon
.isDoubtful());
649 public final void testTaxonPublishAllow_ROLE_ADMIN() {
651 SecurityContext context
= SecurityContextHolder
.getContext();
653 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
654 context
.setAuthentication(authentication
);
655 RuntimeException securityException
= null;
657 Taxon taxon
= (Taxon
) taxonService
.find(UUID_ACHERONTIA_STYX
);
659 boolean lastIsPublish
= taxon
.isPublish();
660 taxon
.setPublish(!lastIsPublish
);
662 taxonService
.saveOrUpdate(taxon
);
663 commitAndStartNewTransaction(null);
664 } catch (RuntimeException e
){
665 securityException
= findSecurityRuntimeException(e
);
666 logger
.error("Unexpected failure of evaluation.", e
);
668 // needed in case saveOrUpdate was interrupted by the RuntimeException
669 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
671 startNewTransaction();
673 Assert
.assertNull("evaluation must not fail since the user has ROLE_ADMIN, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
675 taxon
= (Taxon
) taxonService
.find(UUID_ACHERONTIA_STYX
);
676 Assert
.assertTrue("The change must be persisted", taxon
.isPublish() != lastIsPublish
);
681 * test with Taxonomist account which has the ROLE_PUBLISH
684 public final void testTaxonPublishAllow_ROLE_PUBLISH() {
686 SecurityContext context
= SecurityContextHolder
.getContext();
688 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
689 context
.setAuthentication(authentication
);
690 RuntimeException securityException
= null;
692 Taxon taxon
= (Taxon
) taxonService
.find(UUID_ACHERONTIA_STYX
);
694 boolean lastIsPublish
= taxon
.isPublish();
695 taxon
.setPublish(!lastIsPublish
);
697 taxonService
.saveOrUpdate(taxon
);
698 commitAndStartNewTransaction(null);
699 } catch (RuntimeException e
){
700 securityException
= findSecurityRuntimeException(e
);
701 logger
.error("Unexpected failure of evaluation.", e
);
703 // needed in case saveOrUpdate was interrupted by the RuntimeException
704 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
706 startNewTransaction();
708 Assert
.assertNull("evaluation must not fail since the user has ROLE_ADMIN, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
710 taxon
= (Taxon
) taxonService
.find(UUID_ACHERONTIA_STYX
);
711 Assert
.assertTrue("The change must be persisted", taxon
.isPublish() != lastIsPublish
);
715 * test with TaxonEditor account which has not the ROLE_PUBLISH
718 public final void testTaxonPublishDeny() {
720 SecurityContext context
= SecurityContextHolder
.getContext();
722 authentication
= authenticationManager
.authenticate(tokenForTaxonEditor
);
723 context
.setAuthentication(authentication
);
724 RuntimeException securityException
= null;
726 Taxon taxon
= (Taxon
) taxonService
.find(UUID_ACHERONTIA_STYX
);
728 boolean lastIsPublish
= taxon
.isPublish();
729 taxon
.setPublish(!lastIsPublish
);
731 taxonService
.saveOrUpdate(taxon
);
732 commitAndStartNewTransaction(null);
733 } catch (RuntimeException e
){
734 securityException
= findSecurityRuntimeException(e
);
735 logger
.debug("Expected failure of evaluation.", securityException
);
737 // needed in case saveOrUpdate was interrupted by the RuntimeException
738 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
740 startNewTransaction();
743 Assert
.assertNotNull("evaluation must fail since the user is not permitted", securityException
);
745 taxon
= (Taxon
) taxonService
.find(UUID_ACHERONTIA_STYX
);
746 Assert
.assertTrue("The taxon must be unchanged", taxon
.isPublish() == lastIsPublish
);
750 * test with admin account - should succeed
753 public final void testTaxonDeleteAllow_1() {
755 SecurityContext context
= SecurityContextHolder
.getContext();
757 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
758 context
.setAuthentication(authentication
);
759 RuntimeException securityException
= null;
761 TaxonBase
<?
> taxon
= taxonService
.load(UUID_LACTUCA
);
762 taxonService
.delete(taxon
);
763 commitAndStartNewTransaction(null);
765 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
767 taxon
= taxonService
.load(UUID_LACTUCA
);
768 Assert
.assertNull("The taxon must be deleted", taxon
);
772 * test with admin account - should succeed
775 public final void testTaxonDeleteAllow_2() {
777 SecurityContext context
= SecurityContextHolder
.getContext();
779 authentication
= authenticationManager
.authenticate(tokenForAdmin
);
780 context
.setAuthentication(authentication
);
781 RuntimeException securityException
= null;
783 Taxon taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
786 DeleteResult result
= taxonService
.deleteTaxon(taxon
.getUuid(), null, taxon
.getTaxonNodes().iterator().next().getClassification().getUuid());
787 /*} catch (DataChangeNoRollbackException e) {
793 commitAndStartNewTransaction(null);
794 } catch (RuntimeException e
){
795 securityException
= findSecurityRuntimeException(e
);
796 logger
.error("Unexpected failure of evaluation.", e
);
798 // needed in case saveOrUpdate was interrupted by the RuntimeException
799 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
801 startNewTransaction();
803 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
806 taxon
= (Taxon
)taxonService
.find(UUID_ACHERONTINII
);
807 Assert
.assertNull("The taxon must be deleted", taxon
);
812 * test with tokenForDescriptionEditor account - should fail
815 public final void testTaxonDeleteDeny() {
817 SecurityContext context
= SecurityContextHolder
.getContext();
818 // RuntimeException securityException = null;
820 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
821 context
.setAuthentication(authentication
);
823 Taxon taxon
= (Taxon
)taxonService
.load(UUID_LACTUCA
);
825 DeleteResult result
= taxonService
.deleteTaxon(taxon
.getUuid(), null, null);
829 }catch(PermissionDeniedException e
){
833 startNewTransaction();
836 //Assert.assertNotNull("evaluation must fail since the user is not permitted", securityException);
838 taxon
= (Taxon
)taxonService
.load(UUID_LACTUCA
);
840 Assert
.assertNotNull("The change must still exist", taxon
);
841 Assert
.assertNotNull("The name must still exist",taxon
.getName());
846 @Ignore //FIXME: adding taxa to a description must be protected at the side of the Description itself!!
847 // => protecting method TaxonDescription.setTaxon() ?
848 public void testAddDescriptionToTaxon(){
850 SecurityContext context
= SecurityContextHolder
.getContext();
851 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
852 context
.setAuthentication(authentication
);
854 RuntimeException securityException
= null;
856 Taxon taxon
= (Taxon
)taxonService
.load(ACHERONTIA_LACHESIS_UUID
);
858 TaxonDescription description
= TaxonDescription
.NewInstance(taxon
);
859 description
.setTitleCache("test", true);
861 descriptionService
.saveOrUpdate(description
);
862 commitAndStartNewTransaction(null);
863 } catch (RuntimeException e
){
864 securityException
= findSecurityRuntimeException(e
);
865 logger
.debug("Expected failure of evaluation.", securityException
);
867 // needed in case saveOrUpdate was interrupted by the RuntimeException
868 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
870 startNewTransaction();
874 * The user should not be granted to add the Description to a taxon
876 Assert
.assertNotNull("evaluation should fail since the user is not permitted to edit Taxa", securityException
);
877 taxon
= (Taxon
)taxonService
.load(ACHERONTIA_LACHESIS_UUID
);
878 assertTrue(taxon
.getDescriptions().contains(description
));
882 public void testMoveDescriptionElement(){
884 SecurityContext context
= SecurityContextHolder
.getContext();
885 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
886 context
.setAuthentication(authentication
);
888 RuntimeException securityException
= null;
890 Taxon t_acherontia_lachesis
= (Taxon
)taxonService
.load(ACHERONTIA_LACHESIS_UUID
);
891 Taxon t_acherontia_styx
= (Taxon
)taxonService
.load(UUID_ACHERONTIA_STYX
);
893 TaxonDescription description_acherontia_styx
= t_acherontia_styx
.getDescriptions().iterator().next();
894 TaxonDescription description_acherontia_lachesis
= t_acherontia_lachesis
.getDescriptions().iterator().next();
897 descriptionService
.moveDescriptionElementsToDescription(description_acherontia_styx
.getElements(), description_acherontia_lachesis
, false, true);
898 commitAndStartNewTransaction(null);
899 } catch (RuntimeException e
){
900 securityException
= findSecurityRuntimeException(e
);
901 logger
.debug("Unexpected failure of evaluation.", securityException
);
903 // needed in case saveOrUpdate was interrupted by the RuntimeException
904 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
906 startNewTransaction();
911 Assert
.assertNull("evaluation should not fail since the user has sufficient permissions", securityException
);
915 // @Ignore // FIXME https://dev.e-taxonomy.eu/redmine/issues/4081 : #4081 (TaxonNodeServiceImpl.makeTaxonNodeASynonymOfAnotherTaxonNode() requires TAXONNAME.[UPDATE])
917 public void testAcceptedTaxonToSynomym(){
919 SecurityContext context
= SecurityContextHolder
.getContext();
920 authentication
= authenticationManager
.authenticate(tokenForPartEditor
);
921 context
.setAuthentication(authentication
);
923 RuntimeException securityException
= null;
925 Taxon t_acherontia_lachesis
= (Taxon
)taxonService
.load(ACHERONTIA_LACHESIS_UUID
);
926 UUID name_acherontia_lachesis_uuid
= t_acherontia_lachesis
.getName().getUuid();
927 Taxon t_acherontia_styx
= (Taxon
)taxonService
.load(UUID_ACHERONTIA_STYX
);
928 int countSynsBefore
= t_acherontia_styx
.getSynonyms().size();
930 TaxonNode n_acherontia_lachesis
= t_acherontia_lachesis
.getTaxonNodes().iterator().next();
931 TaxonNode n_acherontia_styx
= t_acherontia_styx
.getTaxonNodes().iterator().next();
933 int numOfSynonymsBefore_styx
= t_acherontia_styx
.getSynonyms().size();
934 int numOfSynonymsBefore_lachesis
= t_acherontia_lachesis
.getSynonyms().size();
938 taxonNodeService
.makeTaxonNodeASynonymOfAnotherTaxonNode(n_acherontia_lachesis
, n_acherontia_styx
, SynonymType
.SYNONYM_OF(), null, null, true);
939 // synonymUuid = synonym.getUuid();
940 // taxonService.saveOrUpdate(synonym);
941 commitAndStartNewTransaction(null);
942 } catch (RuntimeException e
){
943 securityException
= findSecurityRuntimeException(e
);
944 logger
.error("Unexpected Exception ", e
);
945 Assert
.fail("Unexpected Exception: " + e
.getMessage());
947 // needed in case saveOrUpdate was interrupted by the RuntimeException
948 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
950 startNewTransaction();
955 Assert
.assertNull("evaluation should not fail since the user has sufficient permissions", securityException
);
957 // reload from db and check assertions
958 t_acherontia_styx
= (Taxon
)taxonService
.load(UUID_ACHERONTIA_STYX
);
959 Assert
.assertEquals(numOfSynonymsBefore_styx
+1 + numOfSynonymsBefore_lachesis
, t_acherontia_styx
.getSynonyms().size());
961 Assert
.assertNotNull(nameService
.load(name_acherontia_lachesis_uuid
) );
962 Assert
.assertNull("The old TaxonNode should no longer exist", taxonNodeService
.find(n_acherontia_lachesis
.getUuid()));
966 public void testCreateDescriptionWithElement(){
968 SecurityContext context
= SecurityContextHolder
.getContext();
969 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
970 context
.setAuthentication(authentication
);
972 TaxonDescription description
= null;
973 RuntimeException securityException
= null;
974 Taxon taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
975 Assert
.assertTrue("taxon must not yet have descriptions", taxon
.getDescriptions().size() == 0);
978 // 1) test for failure - description element but no feature
979 description
= TaxonDescription
.NewInstance(taxon
);
980 DescriptionElementBase textdataNoFeature
= TextData
.NewInstance();
981 description
.addElement(textdataNoFeature
);
983 assertTrue(permissionEvaluator
.hasPermission(authentication
, description
, "UPDATE"));
985 descriptionService
.saveOrUpdate(description
);
986 commitAndStartNewTransaction(null);
987 } catch (RuntimeException e
){
988 securityException
= findSecurityRuntimeException(e
);
989 logger
.error("RuntimeException caught");
990 logger
.debug("Expected failure of evaluation.", securityException
);
992 // needed in case saveOrUpdate was interrupted by the RuntimeException
993 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
995 startNewTransaction();
998 Assert
.assertNotNull("evaluation should fail", securityException
);
999 taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
1000 Set
<TaxonDescription
> descriptions
= taxon
.getDescriptions();
1001 assertTrue("taxon must not have any description", descriptions
.size() == 0);
1006 public void testCreateDescriptionWithElementDeny_1(){
1008 SecurityContext context
= SecurityContextHolder
.getContext();
1009 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
1010 context
.setAuthentication(authentication
);
1012 TaxonDescription description
= null;
1013 RuntimeException securityException
= null;
1014 Taxon taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
1015 Assert
.assertTrue("taxon must not yet have descriptions", taxon
.getDescriptions().size() == 0);
1017 // 2) test for failure - description element but not granted feature
1018 description
= TaxonDescription
.NewInstance(taxon
);
1019 DescriptionElementBase descriptionText
= TextData
.NewInstance(Feature
.DESCRIPTION());
1020 description
.addElement(descriptionText
);
1022 assertTrue(permissionEvaluator
.hasPermission(authentication
, description
, "UPDATE"));
1024 descriptionService
.saveOrUpdate(description
);
1025 commitAndStartNewTransaction(null);
1026 } catch (RuntimeException e
){
1027 securityException
= findSecurityRuntimeException(e
);
1028 logger
.debug("Expected failure of evaluation.", securityException
);
1030 // needed in case saveOrUpdate was interrupted by the RuntimeException
1031 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
1033 startNewTransaction();
1036 Assert
.assertNotNull("evaluation should fail", securityException
);
1037 taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
1038 Set
<TaxonDescription
> descriptions
= taxon
.getDescriptions();
1039 assertTrue("taxon must not have any description", descriptions
.size() == 0);
1044 public void testCreateDescriptionWithElementDeny_2(){
1046 SecurityContext context
= SecurityContextHolder
.getContext();
1047 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
1048 context
.setAuthentication(authentication
);
1050 TaxonDescription description
= null;
1051 RuntimeException securityException
= null;
1052 Taxon taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
1053 Assert
.assertTrue("taxon must not yet have descriptions", taxon
.getDescriptions().size() == 0);
1055 // 3) test for failure
1056 description
= TaxonDescription
.NewInstance(taxon
);
1057 DescriptionElementBase ecologyText
= TextData
.NewInstance(Feature
.ECOLOGY());
1058 description
.addElement(ecologyText
);
1060 assertTrue(permissionEvaluator
.hasPermission(authentication
, description
, "UPDATE"));
1062 descriptionService
.saveOrUpdate(description
);
1063 commitAndStartNewTransaction(null);
1064 } catch (RuntimeException e
){
1065 securityException
= findSecurityRuntimeException(e
);
1066 logger
.error("Unexpected failure of evaluation.", e
);
1068 // needed in case saveOrUpdate was interrupted by the RuntimeException
1069 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
1071 startNewTransaction();
1074 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
1075 taxon
= (Taxon
)taxonService
.load(UUID_ACHERONTINII
);
1076 Set
<TaxonDescription
> descriptions
= taxon
.getDescriptions();
1077 assertTrue("taxon must now have one description", descriptions
.size() == 1);
1078 assertTrue("description should have one description element", descriptions
.iterator().next().getElements().size() == 1);
1082 public void testSaveSynonymAllow(){
1084 SecurityContext context
= SecurityContextHolder
.getContext();
1085 RuntimeException securityException
= null;
1087 // 1) test for success
1088 authentication
= authenticationManager
.authenticate(tokenForTaxonomist
);
1089 context
.setAuthentication(authentication
);
1091 Synonym syn
= Synonym
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.SPECIES()), null);
1092 UUID synUuid
= UUID
.randomUUID();
1093 syn
.setUuid(synUuid
);
1095 taxonService
.saveOrUpdate(syn
);
1096 logger
.debug("will commit ...");
1097 commitAndStartNewTransaction(null);
1098 } catch (RuntimeException e
){
1099 securityException
= findSecurityRuntimeException(e
);
1100 logger
.error("Unexpected failure of evaluation.", e
);
1102 // needed in case saveOrUpdate was interrupted by the RuntimeException
1103 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
1105 startNewTransaction();
1107 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
1108 Assert
.assertNotNull("The new Synonym must be persited", taxonService
.find(synUuid
));
1112 public void testSaveSynonymDenial(){
1114 SecurityContext context
= SecurityContextHolder
.getContext();
1115 RuntimeException securityException
= null;
1116 // 2) test for denial
1117 authentication
= authenticationManager
.authenticate(tokenForDescriptionEditor
);
1118 context
.setAuthentication(authentication
);
1119 Synonym syn
= Synonym
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.SPECIES()), null);
1120 UUID synUuid
= syn
.getUuid();
1122 taxonService
.saveOrUpdate(syn
);
1123 logger
.debug("will commit ...");
1124 commitAndStartNewTransaction(null);
1125 } catch (RuntimeException e
){
1126 securityException
= findSecurityRuntimeException(e
);
1127 logger
.debug("Expected failure of evaluation: " + securityException
.getClass());
1129 // needed in case saveOrUpdate was interrupted by the RuntimeException
1130 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
1132 startNewTransaction();
1135 Assert
.assertNotNull("evaluation must fail since the user is not permitted", securityException
);
1136 Assert
.assertNull("The Synonym must not be persited", taxonService
.find(synUuid
));
1140 public void testEditPartOfClassificationAllow(){
1142 authentication
= authenticationManager
.authenticate(tokenForPartEditor
);
1143 SecurityContext context
= SecurityContextHolder
.getContext();
1144 context
.setAuthentication(authentication
);
1145 RuntimeException securityException
= null;
1146 classificationService
.load(UUID
.fromString("aeee7448-5298-4991-b724-8d5b75a0a7a9"));
1148 TaxonNode acherontia_node
= taxonNodeService
.load(ACHERONTIA_NODE_UUID
);
1149 long numOfChildNodes
= acherontia_node
.getChildNodes().size();
1150 TaxonNode acherontia_child_node
= acherontia_node
.addChildTaxon(Taxon
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.SPECIES()), null), null, null);
1153 taxonNodeService
.saveOrUpdate(acherontia_child_node
);
1154 commitAndStartNewTransaction(null);
1155 } catch (RuntimeException e
){
1156 securityException
= findSecurityRuntimeException(e
);
1157 logger
.error("Unexpected failure of evaluation.", securityException
);
1159 // needed in case saveOrUpdate was interrupted by the RuntimeException
1160 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
1162 startNewTransaction();
1165 acherontia_node
= taxonNodeService
.load(ACHERONTIA_NODE_UUID
);
1166 Assert
.assertNull("evaluation must not fail since the user is permitted, CAUSE :" + (securityException
!= null ? securityException
.getMessage() : ""), securityException
);
1167 Assert
.assertEquals("the acherontia_node must now have one more child node ", numOfChildNodes
+ 1 , acherontia_node
.getChildNodes().size());
1171 public void testEditPartOfClassificationDeny(){
1173 authentication
= authenticationManager
.authenticate(tokenForPartEditor
);
1174 SecurityContext context
= SecurityContextHolder
.getContext();
1175 context
.setAuthentication(authentication
);
1176 RuntimeException securityException
= null;
1179 TaxonNode acherontiini_node
= taxonNodeService
.load(ACHERONTIINI_NODE_UUID
);
1180 int numOfChildNodes
= acherontiini_node
.getCountChildren();
1181 acherontiini_node
.addChildTaxon(Taxon
.NewInstance(TaxonNameFactory
.NewBotanicalInstance(Rank
.GENUS()), null), null, null);
1184 logger
.debug("==============================");
1185 taxonNodeService
.saveOrUpdate(acherontiini_node
);
1186 commitAndStartNewTransaction(null);
1187 } catch (RuntimeException e
){
1188 securityException
= findSecurityRuntimeException(e
);
1189 logger
.debug("Expected failure of evaluation.", securityException
);
1191 // needed in case saveOrUpdate was interrupted by the RuntimeException
1192 // commitAndStartNewTransaction() would raise an UnexpectedRollbackException
1194 startNewTransaction();
1197 acherontiini_node
= taxonNodeService
.load(ACHERONTIINI_NODE_UUID
);
1198 Assert
.assertNotNull("evaluation must fail since the user is not permitted", securityException
);
1199 Assert
.assertEquals("the number of child nodes must be unchanged ", numOfChildNodes
, acherontiini_node
.getChildNodes().size());
1204 * @see eu.etaxonomy.cdm.test.integration.CdmIntegrationTest#createTestData()
1207 public void createTestDataSet() throws FileNotFoundException
{
1208 // TODO Auto-generated method stub