plugins/org.eclipse.emf.cdo.tests/src/org/eclipse/emf/cdo/tests/bugzilla/Bugzilla_399487_Test.java - cdo/cdo - Git at Google

 /*
  * Copyright (c) 2013 Eike Stepper (Berlin, Germany) and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  *    Christian W. Damus (CEA LIST) - initial API and implementation
  */
 package org.eclipse.emf.cdo.tests.bugzilla;

 import org.eclipse.emf.cdo.eresource.CDOResource;
 import org.eclipse.emf.cdo.security.Access;
 import org.eclipse.emf.cdo.security.Group;
 import org.eclipse.emf.cdo.security.Permission;
 import org.eclipse.emf.cdo.security.Realm;
 import org.eclipse.emf.cdo.security.Role;
 import org.eclipse.emf.cdo.security.User;
 import org.eclipse.emf.cdo.server.security.ISecurityManager;
 import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
 import org.eclipse.emf.cdo.session.CDOSession;
 import org.eclipse.emf.cdo.tests.AbstractCDOTest;
 import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesAfter;
 import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesBefore;
 import org.eclipse.emf.cdo.tests.config.impl.RepositoryConfig;
 import org.eclipse.emf.cdo.tests.config.impl.SessionConfig;
 import org.eclipse.emf.cdo.transaction.CDOTransaction;
 import org.eclipse.emf.cdo.util.CommitException;
 import org.eclipse.emf.cdo.util.ValidationException;
 import org.eclipse.emf.cdo.view.CDOView;

 import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
 import org.eclipse.net4j.util.security.IPasswordCredentials;
 import org.eclipse.net4j.util.security.IPasswordCredentialsProvider;
 import org.eclipse.net4j.util.security.PasswordCredentials;

 import java.util.Iterator;

 /**
  * Bug 399487: [Security] Changes to the security realm should be verified before being applied
  *
  * @author Christian W. Damus (CEA LIST)
  */
 @CleanRepositoriesBefore(reason = "Security manager installed on repository")
 @CleanRepositoriesAfter(reason = "Security manager installed on repository")
 public class Bugzilla_399487_Test extends AbstractCDOTest
 {
   public void testCommitSafeChanges() throws Exception
   {
     CDOSession session = openSession();
     CDOTransaction transaction = session.openTransaction();

     Realm realm = getRealm(transaction);
     realm.getGroup("Users").getUsers().add(realm.addUser("cdamus", "12345678"));

     try
     {
       transaction.commit();
     }
     catch (CommitException ex)
     {
       fail("Commit rolled back: " + ex.getLocalizedMessage());
     }
   }

   public void testRemoveAdministratorAccess() throws Exception
   {
     CDOSession session = openSession();
     CDOTransaction transaction = session.openTransaction();

     Realm realm = getRealm(transaction);
     Role admin = realm.getRole("Administration");
     for (Iterator<Permission> permissions = admin.getPermissions().iterator(); permissions.hasNext();)
     {
       if (permissions.next().getAccess() == Access.WRITE)
       {
         permissions.remove();
       }
     }

     try
     {
       transaction.commit();
       fail("Should have thrown ValidationException");
     }
     catch (ValidationException ex)
     {
       // Success
     }
     catch (CommitException ex)
     {
       fail("Commit rolled back for wrong reason: " + ex.getLocalizedMessage());
     }
   }

   public void testGroupInheritanceCycle() throws Exception
   {
     CDOSession session = openSession();
     CDOTransaction transaction = session.openTransaction();

     Realm realm = getRealm(transaction);
     Group admins = realm.getGroup("Administrators");
     Group users = realm.getGroup("Users");
     admins.getInheritedGroups().add(users);
     users.getInheritedGroups().add(admins);

     try
     {
       transaction.commit();
       fail("Should have thrown ValidationException");
     }
     catch (ValidationException ex)
     {
       // Success
     }
     catch (CommitException ex)
     {
       fail("Commit rolled back for wrong reason: " + ex.getLocalizedMessage());
     }
   }

   @Override
   public void setUp() throws Exception
   {
     getTestProperties().put(SessionConfig.PROP_TEST_CREDENTIALS_PROVIDER, new IPasswordCredentialsProvider()
     {

       public boolean isInteractive()
       {
         return false;
       }

       public IPasswordCredentials getCredentials()
       {
         return new PasswordCredentials(User.ADMINISTRATOR, "0000");
       }
     });

     super.doSetUp();

     // Create the security manager and attach it to the repository
     ISecurityManager securityManager = SecurityManagerUtil.createSecurityManager("/security", getServerContainer());
     getTestProperties().put(RepositoryConfig.PROP_TEST_SECURITY_MANAGER, securityManager);
     getRepository();
     LifecycleUtil.waitForActive(securityManager, 10000L);
   }

   Realm getRealm(CDOView view)
   {
     CDOResource resource = view.getResource("/security");
     return (Realm)resource.getContents().get(0);
   }
 }
	/*
	* Copyright (c) 2013 Eike Stepper (Berlin, Germany) and others.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Christian W. Damus (CEA LIST) - initial API and implementation
	*/
	package org.eclipse.emf.cdo.tests.bugzilla;

	import org.eclipse.emf.cdo.eresource.CDOResource;
	import org.eclipse.emf.cdo.security.Access;
	import org.eclipse.emf.cdo.security.Group;
	import org.eclipse.emf.cdo.security.Permission;
	import org.eclipse.emf.cdo.security.Realm;
	import org.eclipse.emf.cdo.security.Role;
	import org.eclipse.emf.cdo.security.User;
	import org.eclipse.emf.cdo.server.security.ISecurityManager;
	import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
	import org.eclipse.emf.cdo.session.CDOSession;
	import org.eclipse.emf.cdo.tests.AbstractCDOTest;
	import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesAfter;
	import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesBefore;
	import org.eclipse.emf.cdo.tests.config.impl.RepositoryConfig;
	import org.eclipse.emf.cdo.tests.config.impl.SessionConfig;
	import org.eclipse.emf.cdo.transaction.CDOTransaction;
	import org.eclipse.emf.cdo.util.CommitException;
	import org.eclipse.emf.cdo.util.ValidationException;
	import org.eclipse.emf.cdo.view.CDOView;

	import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
	import org.eclipse.net4j.util.security.IPasswordCredentials;
	import org.eclipse.net4j.util.security.IPasswordCredentialsProvider;
	import org.eclipse.net4j.util.security.PasswordCredentials;

	import java.util.Iterator;

	/**
	* Bug 399487: [Security] Changes to the security realm should be verified before being applied
	*
	* @author Christian W. Damus (CEA LIST)
	*/
	@CleanRepositoriesBefore(reason = "Security manager installed on repository")
	@CleanRepositoriesAfter(reason = "Security manager installed on repository")
	public class Bugzilla_399487_Test extends AbstractCDOTest
	{
	public void testCommitSafeChanges() throws Exception
	{
	CDOSession session = openSession();
	CDOTransaction transaction = session.openTransaction();

	Realm realm = getRealm(transaction);
	realm.getGroup("Users").getUsers().add(realm.addUser("cdamus", "12345678"));

	try
	{
	transaction.commit();
	}
	catch (CommitException ex)
	{
	fail("Commit rolled back: " + ex.getLocalizedMessage());
	}
	}

	public void testRemoveAdministratorAccess() throws Exception
	{
	CDOSession session = openSession();
	CDOTransaction transaction = session.openTransaction();

	Realm realm = getRealm(transaction);
	Role admin = realm.getRole("Administration");
	for (Iterator<Permission> permissions = admin.getPermissions().iterator(); permissions.hasNext();)
	{
	if (permissions.next().getAccess() == Access.WRITE)
	{
	permissions.remove();
	}
	}

	try
	{
	transaction.commit();
	fail("Should have thrown ValidationException");
	}
	catch (ValidationException ex)
	{
	// Success
	}
	catch (CommitException ex)
	{
	fail("Commit rolled back for wrong reason: " + ex.getLocalizedMessage());
	}
	}

	public void testGroupInheritanceCycle() throws Exception
	{
	CDOSession session = openSession();
	CDOTransaction transaction = session.openTransaction();

	Realm realm = getRealm(transaction);
	Group admins = realm.getGroup("Administrators");
	Group users = realm.getGroup("Users");
	admins.getInheritedGroups().add(users);
	users.getInheritedGroups().add(admins);

	try
	{
	transaction.commit();
	fail("Should have thrown ValidationException");
	}
	catch (ValidationException ex)
	{
	// Success
	}
	catch (CommitException ex)
	{
	fail("Commit rolled back for wrong reason: " + ex.getLocalizedMessage());
	}
	}

	@Override
	public void setUp() throws Exception
	{
	getTestProperties().put(SessionConfig.PROP_TEST_CREDENTIALS_PROVIDER, new IPasswordCredentialsProvider()
	{

	public boolean isInteractive()
	{
	return false;
	}

	public IPasswordCredentials getCredentials()
	{
	return new PasswordCredentials(User.ADMINISTRATOR, "0000");
	}
	});

	super.doSetUp();

	// Create the security manager and attach it to the repository
	ISecurityManager securityManager = SecurityManagerUtil.createSecurityManager("/security", getServerContainer());
	getTestProperties().put(RepositoryConfig.PROP_TEST_SECURITY_MANAGER, securityManager);
	getRepository();
	LifecycleUtil.waitForActive(securityManager, 10000L);
	}

	Realm getRealm(CDOView view)
	{
	CDOResource resource = view.getResource("/security");
	return (Realm)resource.getContents().get(0);
	}
	}