\r
\r
@RunWith(UnitilsJUnit4TestClassRunner.class)\r
-@Transactional(TransactionMode.DISABLED)\r
-@SpringApplicationContext({"/eu/etaxonomy/cdm/applicationContext-securityTest.xml"})\r
@DataSet\r
public class SecurityTest extends CdmTransactionalIntegrationTestWithSecurity{\r
private static final Logger logger = Logger.getLogger(TaxonServiceImplTest.class);\r
*/\r
@SpringBeanByType\r
PlatformTransactionManager transactionManager;\r
- \r
- @SpringBeanByType\r
- private ITaxonService taxonService;\r
-\r
- @SpringBeanByType\r
- private ITaxonNodeService taxonNodeService;\r
- \r
- @SpringBeanByType\r
- private IDescriptionService descriptionService;\r
- \r
- @SpringBeanByType\r
- private IUserService userService;\r
- \r
- \r
- @TestDataSource\r
- protected DataSource dataSource;\r
- \r
- private Authentication authentication;\r
- \r
- @SpringBeanByType\r
- private AuthenticationManager authenticationManager;\r
- \r
- \r
- \r
- private UsernamePasswordAuthenticationToken token;\r
- \r
- \r
- @Before\r
- public void setUp(){\r
- token = new UsernamePasswordAuthenticationToken("ben", "sPePhAz6");\r
- }\r
- \r
- \r
- /**\r
- * Test method for {@link eu.etaxonomy.cdm.api.service.TaxonServiceImpl#saveTaxon(eu.etaxonomy.cdm.model.taxon.TaxonBase)}.\r
- */\r
- @Test\r
- public final void testSaveTaxon() {\r
- /*\r
- Md5PasswordEncoder encoder =new Md5PasswordEncoder();\r
- ReflectionSaltSource saltSource = new ReflectionSaltSource();\r
- saltSource.setUserPropertyToUse("getUsername");\r
- User user = User.NewInstance("partEditor", "test4");\r
- System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user)));\r
- \r
- */\r
- authentication = authenticationManager.authenticate(token);\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- \r
- Taxon expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
- UUID uuid = taxonService.save(expectedTaxon);\r
- //taxonService.getSession().flush();\r
- TaxonBase<?> actualTaxon = taxonService.load(uuid);\r
- assertEquals(expectedTaxon, actualTaxon);\r
- \r
- token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2");\r
- authentication = authenticationManager.authenticate(token);\r
- context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null);\r
- taxonService.saveOrUpdate(actualTaxon);\r
- \r
- \r
- }\r
- @Test\r
- public void testUpdateUser(){\r
- \r
- authentication = authenticationManager.authenticate(token);\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- String username = "standardUser";\r
- String password = "pw";\r
- User user = User.NewInstance(username, password);\r
- \r
- userService.createUser(user);\r
- user.setEmailAddress("test@bgbm.org");\r
- \r
- userService.updateUser(user);\r
- userService.update(user);\r
- userService.saveOrUpdate(user);\r
- }\r
- \r
- @Test\r
- public final void testSaveOrUpdateTaxon() {\r
- authentication = authenticationManager.authenticate(token);\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- Taxon expectedTaxon = Taxon.NewInstance(null, null);\r
- UUID uuid = taxonService.save(expectedTaxon);\r
- TaxonBase<?> actualTaxon = taxonService.load(uuid);\r
- assertEquals(expectedTaxon, actualTaxon);\r
- \r
- actualTaxon.setName(BotanicalName.NewInstance(Rank.SPECIES()));\r
- taxonService.saveOrUpdate(actualTaxon);\r
- \r
- token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2");\r
- authentication = authenticationManager.authenticate(token);\r
- context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- actualTaxon = taxonService.load(uuid);\r
- \r
- actualTaxon.setDoubtful(true);\r
- taxonService.saveOrUpdate(actualTaxon);\r
- \r
- }\r
- \r
- \r
- \r
- @Test\r
- public void testCascadingInSpringSecurityAccesDenied(){\r
- /*authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- */\r
- \r
- authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("taxonEditor", "test2"));\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator();\r
- \r
- Taxon taxon =(Taxon) taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));\r
- taxon.setDoubtful(false);\r
- assertTrue(permissionEvaluator.hasPermission(authentication, taxon, "UPDATE"));\r
- taxonService.save(taxon);\r
- taxon = null;\r
- commitAndStartNewTransaction(null);\r
- \r
- //during cascading the permissions are not evaluated, but with hibernate listener every database transaction can be interrupted, but how to manage it, \r
- //when someone has the rights to save descriptions, but not taxa (the editor always saves everything by saving the taxon)\r
- //taxonService.saveOrUpdate(taxon);\r
- \r
- \r
- authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));\r
- context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- \r
- //taxonService.saveOrUpdate(taxon);\r
- \r
- taxon =(Taxon) taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783")); \r
- \r
- TaxonDescription description = TaxonDescription.NewInstance(taxon);\r
- description.setTitleCache("test");\r
- descriptionService.saveOrUpdate(description);\r
- commitAndStartNewTransaction(null);\r
- taxon = (Taxon)taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));\r
- assertTrue(taxon.getDescriptions().contains(description));\r
- \r
- \r
- \r
- }\r
- \r
- @Test\r
- public void testCascadingInSpring(){\r
- authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- \r
- Taxon taxon = (Taxon)taxonService.load(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));\r
- TaxonDescription description = TaxonDescription.NewInstance(taxon);\r
- description.addElement(Distribution.NewInstance());\r
- CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator();\r
- assertTrue(permissionEvaluator.hasPermission(authentication, description, "UPDATE"));\r
- \r
- descriptionService.saveOrUpdate(description);\r
- \r
- taxon = (Taxon)taxonService.load(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));\r
- Set<TaxonDescription> descriptions = taxon.getDescriptions();\r
- assertTrue(descriptions.contains(description));\r
- \r
- \r
- }\r
- \r
- @Test\r
- public void testSaveSynonym(){\r
- authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("taxonomist", "test4"));\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- \r
- Synonym syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
- taxonService.saveOrUpdate(syn);\r
- \r
- }\r
- \r
- @Test(expected= EvaluationFailedException.class)\r
- public void testEditPartOfClassification(){\r
- \r
- \r
- authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));\r
- SecurityContext context = SecurityContextHolder.getContext();\r
- context.setAuthentication(authentication);\r
- \r
- TaxonNode node = taxonNodeService.load(UUID.fromString("20c8f083-5870-4cbd-bf56-c5b2b98ab6a7"));\r
- \r
- node = node.addChildTaxon(Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null), null, null, null);\r
- taxonNodeService.saveOrUpdate(node);\r
- \r
- node = taxonNodeService.load(UUID.fromString("cecfa77f-f26a-4476-9d87-a8d993cb55d9"));\r
- node = node.addChildTaxon(Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null), null, null, null);\r
- taxonNodeService.saveOrUpdate(node);\r
- \r
- }\r
- \r
- public static void main(String[] args){\r
- Md5PasswordEncoder encoder =new Md5PasswordEncoder();\r
- \r
- ReflectionSaltSource saltSource = new ReflectionSaltSource();\r
- saltSource.setUserPropertyToUse("getUsername");\r
- User user = User.NewInstance("taxonomist", "test4");\r
- System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user)));\r
- }\r
- \r
- \r
- \r
- \r
+\r
+ @SpringBeanByType\r
+ private ITaxonService taxonService;\r
+\r
+ @SpringBeanByType\r
+ private ITaxonNodeService taxonNodeService;\r
+\r
+ @SpringBeanByType\r
+ private IDescriptionService descriptionService;\r
+\r
+ @SpringBeanByType\r
+ private IUserService userService;\r
+\r
+\r
+ @TestDataSource\r
+ protected DataSource dataSource;\r
+\r
+ private Authentication authentication;\r
+\r
+ @SpringBeanByType\r
+ private AuthenticationManager authenticationManager;\r
+\r
+\r
+\r
+ private UsernamePasswordAuthenticationToken token;\r
+\r
+\r
+ @Before\r
+ public void setUp(){\r
+ token = new UsernamePasswordAuthenticationToken("ben", "sPePhAz6");\r
+ }\r
+\r
+\r
+ /**\r
+ * Test method for {@link eu.etaxonomy.cdm.api.service.TaxonServiceImpl#saveTaxon(eu.etaxonomy.cdm.model.taxon.TaxonBase)}.\r
+ */\r
+ @Test\r
+ public final void testSaveTaxon() {\r
+ /*\r
+ Md5PasswordEncoder encoder =new Md5PasswordEncoder();\r
+ ReflectionSaltSource saltSource = new ReflectionSaltSource();\r
+ saltSource.setUserPropertyToUse("getUsername");\r
+ User user = User.NewInstance("partEditor", "test4");\r
+ System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user)));\r
+\r
+ */\r
+ authentication = authenticationManager.authenticate(token);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ Taxon expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
+ UUID uuid = taxonService.save(expectedTaxon);\r
+ //taxonService.getSession().flush();\r
+ TaxonBase<?> actualTaxon = taxonService.load(uuid);\r
+ assertEquals(expectedTaxon, actualTaxon);\r
+\r
+ token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2");\r
+ authentication = authenticationManager.authenticate(token);\r
+ context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null);\r
+ taxonService.saveOrUpdate(actualTaxon);\r
+\r
+\r
+ }\r
+ @Test\r
+ public void testUpdateUser(){\r
+\r
+ authentication = authenticationManager.authenticate(token);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ String username = "standardUser";\r
+ String password = "pw";\r
+ User user = User.NewInstance(username, password);\r
+\r
+ userService.createUser(user);\r
+ user.setEmailAddress("test@bgbm.org");\r
+\r
+ userService.updateUser(user);\r
+ userService.update(user);\r
+ userService.saveOrUpdate(user);\r
+ }\r
+\r
+ @Test\r
+ public final void testSaveOrUpdateTaxon() {\r
+ authentication = authenticationManager.authenticate(token);\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ Taxon expectedTaxon = Taxon.NewInstance(null, null);\r
+ UUID uuid = taxonService.save(expectedTaxon);\r
+ TaxonBase<?> actualTaxon = taxonService.load(uuid);\r
+ assertEquals(expectedTaxon, actualTaxon);\r
+\r
+ actualTaxon.setName(BotanicalName.NewInstance(Rank.SPECIES()));\r
+ taxonService.saveOrUpdate(actualTaxon);\r
+\r
+ token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2");\r
+ authentication = authenticationManager.authenticate(token);\r
+ context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ actualTaxon = taxonService.load(uuid);\r
+\r
+ actualTaxon.setDoubtful(true);\r
+ taxonService.saveOrUpdate(actualTaxon);\r
+\r
+ }\r
+\r
+\r
+\r
+ @Test\r
+ public void testCascadingInSpringSecurityAccesDenied(){\r
+ /*authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ */\r
+\r
+ authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("taxonEditor", "test2"));\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+ CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator();\r
+\r
+ Taxon taxon =(Taxon) taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));\r
+ taxon.setDoubtful(false);\r
+ assertTrue(permissionEvaluator.hasPermission(authentication, taxon, "UPDATE"));\r
+ taxonService.save(taxon);\r
+ taxon = null;\r
+ commitAndStartNewTransaction(null);\r
+\r
+ //during cascading the permissions are not evaluated, but with hibernate listener every database transaction can be interrupted, but how to manage it,\r
+ //when someone has the rights to save descriptions, but not taxa (the editor always saves everything by saving the taxon)\r
+ //taxonService.saveOrUpdate(taxon);\r
+\r
+\r
+ authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));\r
+ context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ //taxonService.saveOrUpdate(taxon);\r
+\r
+ taxon =(Taxon) taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));\r
+\r
+ TaxonDescription description = TaxonDescription.NewInstance(taxon);\r
+ description.setTitleCache("test");\r
+ descriptionService.saveOrUpdate(description);\r
+ commitAndStartNewTransaction(null);\r
+ taxon = (Taxon)taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783"));\r
+ assertTrue(taxon.getDescriptions().contains(description));\r
+\r
+\r
+\r
+ }\r
+\r
+ @Test\r
+ public void testCascadingInSpring(){\r
+ authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ Taxon taxon = (Taxon)taxonService.load(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));\r
+ TaxonDescription description = TaxonDescription.NewInstance(taxon);\r
+ description.addElement(Distribution.NewInstance());\r
+ CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator();\r
+ assertTrue(permissionEvaluator.hasPermission(authentication, description, "UPDATE"));\r
+\r
+ descriptionService.saveOrUpdate(description);\r
+\r
+ taxon = (Taxon)taxonService.load(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));\r
+ Set<TaxonDescription> descriptions = taxon.getDescriptions();\r
+ assertTrue(descriptions.contains(description));\r
+\r
+\r
+ }\r
+\r
+ @Test\r
+ public void testSaveSynonym(){\r
+ authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("taxonomist", "test4"));\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ Synonym syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null);\r
+ taxonService.saveOrUpdate(syn);\r
+\r
+ }\r
+\r
+ @Test(expected= EvaluationFailedException.class)\r
+ public void testEditPartOfClassification(){\r
+\r
+\r
+ authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));\r
+ SecurityContext context = SecurityContextHolder.getContext();\r
+ context.setAuthentication(authentication);\r
+\r
+ TaxonNode node = taxonNodeService.load(UUID.fromString("20c8f083-5870-4cbd-bf56-c5b2b98ab6a7"));\r
+\r
+ node = node.addChildTaxon(Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null), null, null, null);\r
+ taxonNodeService.saveOrUpdate(node);\r
+\r
+ node = taxonNodeService.load(UUID.fromString("cecfa77f-f26a-4476-9d87-a8d993cb55d9"));\r
+ node = node.addChildTaxon(Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null), null, null, null);\r
+ taxonNodeService.saveOrUpdate(node);\r
+\r
+ }\r
+\r
+ public static void main(String[] args){\r
+ Md5PasswordEncoder encoder =new Md5PasswordEncoder();\r
+\r
+ ReflectionSaltSource saltSource = new ReflectionSaltSource();\r
+ saltSource.setUserPropertyToUse("getUsername");\r
+ User user = User.NewInstance("taxonomist", "test4");\r
+ System.err.println(encoder.encodePassword("test4", saltSource.getSalt(user)));\r
+ }\r
+\r
+\r
+\r
+\r
}\r