Revision 6d3ee8c8
Added by Katja Luther over 12 years ago
cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityTest.java | ||
---|---|---|
6 | 6 |
|
7 | 7 |
|
8 | 8 |
import java.util.ArrayList; |
9 |
import java.util.Collection; |
|
9 | 10 |
import java.util.Iterator; |
10 | 11 |
import java.util.List; |
11 | 12 |
import java.util.Set; |
... | ... | |
27 | 28 |
import org.springframework.security.authentication.dao.ReflectionSaltSource; |
28 | 29 |
import org.springframework.security.authentication.encoding.Md5PasswordEncoder; |
29 | 30 |
import org.springframework.security.core.Authentication; |
31 |
import org.springframework.security.core.GrantedAuthority; |
|
30 | 32 |
import org.springframework.security.core.context.SecurityContext; |
31 | 33 |
import org.springframework.security.core.context.SecurityContextHolder; |
32 | 34 |
|
... | ... | |
95 | 97 |
|
96 | 98 |
private UsernamePasswordAuthenticationToken token; |
97 | 99 |
|
98 |
@Autowired |
|
99 |
protected BeanInitializer defaultBeanInitializer; |
|
100 |
|
|
100 |
|
|
101 | 101 |
@Before |
102 | 102 |
public void setUp(){ |
103 | 103 |
token = new UsernamePasswordAuthenticationToken("ben", "sPePhAz6"); |
... | ... | |
123 | 123 |
|
124 | 124 |
Taxon expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null); |
125 | 125 |
UUID uuid = taxonService.save(expectedTaxon); |
126 |
TaxonBase<?> actualTaxon = taxonService.find(uuid);
|
|
126 |
TaxonBase<?> actualTaxon = taxonService.load(uuid);
|
|
127 | 127 |
assertEquals(expectedTaxon, actualTaxon); |
128 | 128 |
|
129 | 129 |
token = new UsernamePasswordAuthenticationToken("taxonEditor", "test2"); |
... | ... | |
131 | 131 |
context = SecurityContextHolder.getContext(); |
132 | 132 |
context.setAuthentication(authentication); |
133 | 133 |
expectedTaxon = Taxon.NewInstance(BotanicalName.NewInstance(Rank.GENUS()), null); |
134 |
taxonService.save(actualTaxon); |
|
134 |
taxonService.saveOrUpdate(actualTaxon);
|
|
135 | 135 |
|
136 | 136 |
|
137 | 137 |
} |
... | ... | |
160 | 160 |
context.setAuthentication(authentication); |
161 | 161 |
Taxon expectedTaxon = Taxon.NewInstance(null, null); |
162 | 162 |
UUID uuid = taxonService.save(expectedTaxon); |
163 |
TaxonBase<?> actualTaxon = taxonService.find(uuid);
|
|
163 |
TaxonBase<?> actualTaxon = taxonService.load(uuid);
|
|
164 | 164 |
assertEquals(expectedTaxon, actualTaxon); |
165 | 165 |
|
166 | 166 |
actualTaxon.setName(BotanicalName.NewInstance(Rank.SPECIES())); |
... | ... | |
170 | 170 |
authentication = authenticationManager.authenticate(token); |
171 | 171 |
context = SecurityContextHolder.getContext(); |
172 | 172 |
context.setAuthentication(authentication); |
173 |
actualTaxon = taxonService.find(uuid);
|
|
173 |
actualTaxon = taxonService.load(uuid);
|
|
174 | 174 |
actualTaxon.setName(BotanicalName.NewInstance(Rank.GENUS())); |
175 | 175 |
taxonService.saveOrUpdate(actualTaxon); |
176 | 176 |
|
177 | 177 |
} |
178 | 178 |
|
179 |
@Test |
|
180 |
public void testDeleteTaxon(){ |
|
181 |
token = new UsernamePasswordAuthenticationToken("taxonomist", "test3"); |
|
182 |
authentication = authenticationManager.authenticate(token); |
|
183 |
SecurityContext context = SecurityContextHolder.getContext(); |
|
184 |
context.setAuthentication(authentication); |
|
185 |
Taxon actualTaxon = (Taxon)taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331")); |
|
186 |
|
|
187 |
taxonService.delete(actualTaxon); |
|
188 |
} |
|
189 | 179 |
|
190 | 180 |
|
191 |
@Test |
|
192 |
public void testSaveOrUpdateDescription(){ |
|
193 |
|
|
194 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test")); |
|
195 |
SecurityContext context = SecurityContextHolder.getContext(); |
|
196 |
context.setAuthentication(authentication); |
|
197 |
Taxon taxon = (Taxon) taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331")); |
|
198 |
|
|
199 |
Set<TaxonDescription> descriptions = taxon.getDescriptions(); |
|
200 |
|
|
201 |
Iterator<TaxonDescription> iterator = descriptions.iterator(); |
|
202 |
|
|
203 |
TaxonDescription description = iterator.next(); |
|
204 |
description = (TaxonDescription) descriptionService.find(description.getUuid()); |
|
205 |
|
|
206 |
TextData textData = new TextData(); |
|
207 |
textData.setFeature(Feature.ECOLOGY()); |
|
208 |
Media media = Media.NewInstance(); |
|
209 |
textData.addMedia(media); |
|
210 |
|
|
211 |
|
|
212 |
|
|
213 |
//descriptionService.saveDescriptionElement(textData); |
|
214 |
description.addElement(textData); |
|
215 |
|
|
216 |
descriptionService.saveOrUpdate(description); |
|
217 |
|
|
218 |
taxon = (Taxon) taxonService.find(UUID.fromString("7b8b5cb3-37ba-4dba-91ac-4c6ffd6ac331")); |
|
219 |
descriptions = taxon.getDescriptions(); |
|
220 |
|
|
221 |
iterator = descriptions.iterator(); |
|
222 |
|
|
223 |
description = iterator.next(); |
|
224 |
assertEquals(1, descriptions.size()); |
|
225 |
assertEquals(2,description.getElements().size()); |
|
226 |
|
|
227 |
|
|
228 |
|
|
229 |
} |
|
230 |
|
|
231 |
@Test |
|
232 |
public void testAllowOnlyAccessToPartOfTree(){ |
|
233 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4")); |
|
234 |
SecurityContext context = SecurityContextHolder.getContext(); |
|
235 |
context.setAuthentication(authentication); |
|
236 |
|
|
237 |
Taxon tribe = (Taxon)taxonService.find(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625")); |
|
238 |
Taxon taxon = (Taxon)taxonService.find(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783")); |
|
239 |
Iterator<TaxonNode> it = tribe.getTaxonNodes().iterator(); |
|
240 |
TaxonNode node = it.next(); |
|
241 |
|
|
242 |
CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator(); |
|
243 |
assertFalse(permissionEvaluator.hasPermission(authentication, node, "UPDATE")); |
|
244 |
node = node.getChildNodes().iterator().next(); |
|
245 |
System.err.println(node.getUuid()); |
|
246 |
assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE")); |
|
247 |
node = node.getChildNodes().iterator().next(); |
|
248 |
assertTrue(permissionEvaluator.hasPermission(authentication, node, "UPDATE")); |
|
249 |
TaxonDescription description = TaxonDescription.NewInstance(taxon); |
|
250 |
|
|
251 |
taxonNodeService.saveOrUpdate(node); |
|
252 |
assertFalse(permissionEvaluator.hasPermission(authentication, description, "UPDATE")); |
|
253 |
|
|
254 |
|
|
255 |
} |
|
256 |
|
|
257 | 181 |
@Test(expected=EvaluationFailedException.class) |
258 | 182 |
public void testCascadingInSpringSecurityAccesDenied(){ |
259 | 183 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4")); |
... | ... | |
263 | 187 |
|
264 | 188 |
Taxon taxon =(Taxon) taxonService.load(UUID.fromString("bc09aca6-06fd-4905-b1e7-cbf7cc65d783")); |
265 | 189 |
TaxonDescription description = TaxonDescription.NewInstance(taxon); |
190 |
description.setTitleCache("test"); |
|
266 | 191 |
assertFalse(permissionEvaluator.hasPermission(authentication, description, "UPDATE")); |
267 |
//during cascading the permissions are not evaluated |
|
268 |
|
|
192 |
System.err.println(permissionEvaluator.hasPermission(authentication, taxon, "UPDATE")); |
|
193 |
Collection<GrantedAuthority> authorities = authentication.getAuthorities(); |
|
194 |
for (GrantedAuthority authority: authorities){ |
|
195 |
System.err.println(authority.getAuthority()); |
|
196 |
} |
|
197 |
//during cascading the permissions are not evaluated, but with hibernate listener every database transaction can be interrupted, but how to manage it, |
|
198 |
//when someone has the rights to save descriptions, but not taxa (the editor always saves everything by saving the taxon) |
|
269 | 199 |
taxonService.saveOrUpdate(taxon); |
200 |
//descriptionService.saveOrUpdate(description); |
|
201 |
descriptionService.getSession().flush(); |
|
202 |
descriptionService.saveOrUpdate(description); |
|
270 | 203 |
|
271 | 204 |
|
272 | 205 |
|
... | ... | |
299 | 232 |
taxonService.saveOrUpdate(syn); |
300 | 233 |
|
301 | 234 |
} |
235 |
|
|
302 | 236 |
public static void main(String[] args){ |
303 | 237 |
Md5PasswordEncoder encoder =new Md5PasswordEncoder(); |
304 | 238 |
|
Also available in: Unified diff
Cascading problems for users having the rights to update taxa but not the explicit right for descriptions fixed