git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright (c)) 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.security.client.test;
  24
  25 import java.util.List;
  26 import javax.ws.rs.core.Response;
  27 import org.jboss.resteasy.client.ClientResponse;
  28
  29 import org.testng.Assert;
  30 import org.testng.annotations.Test;
  31 import org.slf4j.Logger;
  32 import org.slf4j.LoggerFactory;
  33
  34 import org.collectionspace.services.account.AccountTenant;
  35 import org.collectionspace.services.account.AccountsCommon;
  36 import org.collectionspace.services.account.Status;
  37 import org.collectionspace.services.client.AccountClient;
  38 import org.collectionspace.services.client.AccountFactory;
  39 import org.collectionspace.services.client.CollectionObjectClient;
  40 import org.collectionspace.services.client.CollectionObjectFactory;
  41 import org.collectionspace.services.client.CollectionSpaceClient;
  42 import org.collectionspace.services.client.PoxPayloadOut;
  43 import org.collectionspace.services.client.test.BaseServiceTest;
  44 import org.collectionspace.services.collectionobject.CollectionobjectsCommon;
  45 import org.collectionspace.services.collectionobject.TitleGroup;
  46 import org.collectionspace.services.collectionobject.TitleGroupList;
  47 import org.collectionspace.services.jaxb.AbstractCommonList;
  48
  49 /**
  50  * AuthenticationServiceTest uses CollectionObject service to test
  51  * authentication
  52  *
  53  * $LastChangedRevision: 434 $ $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue,
  54  * 28 Jul 2009) $
  55  */
  56 public class AuthenticationServiceTest extends BaseServiceTest<AbstractCommonList> {
  57
  58     private final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  59     /** The known resource id. */
  60     private String barneyAccountId = null; //active
  61     private String georgeAccountId = null; //inactive
  62     /** The logger. */
  63     private final String CLASS_NAME = AuthenticationServiceTest.class.getName();
  64
  65     /* (non-Javadoc)
  66      * @see org.collectionspace.services.client.test.AbstractServiceTest#getServicePathComponent()
  67      */
  68     @Override
  69     protected String getServicePathComponent() {
  70         // no need to return anything but null since no auth resources are
  71         // accessed
  72         throw new UnsupportedOperationException();
  73     }
  74
  75         @Override
  76         protected String getServiceName() {
  77         // no need to return anything but null since no auth resources are
  78         // accessed
  79         throw new UnsupportedOperationException();
  80         }
  81
  82     /* (non-Javadoc)
  83      * @see org.collectionspace.services.client.test.BaseServiceTest#getClientInstance()
  84      */
  85     @Override
  86     protected CollectionSpaceClient getClientInstance() {
  87         return new AccountClient();
  88     }
  89
  90     /* (non-Javadoc)
  91      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
  92      */
  93     @Override
  94     protected AbstractCommonList getCommonList(Response response) {
  95         throw new UnsupportedOperationException(); //Since this test does not support lists, this method is not needed.
  96     }
  97
  98     @Test(dataProvider = "testName")
  99     public void createActiveAccount(String testName) throws Exception {
 100         // Perform setup, such as initializing the type of service request
 101         // (e.g. CREATE, DELETE), its valid and expected status codes, and
 102         // its associated HTTP method name (e.g. POST, DELETE).
 103         setupCreate();
 104
 105         AccountClient accountClient = new AccountClient();
 106         // This should not be needed - the auth is already set up
 107         //accountClient.setAuth(true, "test", true, "test", true);
 108
 109         // Submit the request to the service and store the response.
 110         AccountsCommon account =
 111                 createAccountInstance("barney", "barney08", "barney@dinoland.com",
 112                 accountClient.getTenantId(), false);
 113         ClientResponse<Response> res = accountClient.create(account);
 114         try {
 115                 int statusCode = res.getStatus();
 116
 117                 if (logger.isDebugEnabled()) {
 118                     logger.debug(testName + ": barney status = " + statusCode);
 119                 }
 120                 Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 121                         invalidStatusCodeMessage(testRequestType, statusCode));
 122                 Assert.assertEquals(statusCode, testExpectedStatusCode);
 123
 124                 // Store the ID returned from this create operation
 125                 // for additional tests below.
 126                 barneyAccountId = extractId(res);
 127                 if (logger.isDebugEnabled()) {
 128                     logger.debug(testName + ": barneyAccountId=" + barneyAccountId);
 129                 }
 130         } finally {
 131                 res.close();
 132         }
 133
 134     }
 135
 136     @Test(dataProvider = "testName")
 137     public void createInactiveAccount(String testName) throws Exception {
 138         // Perform setup.
 139         setupCreate();
 140
 141         AccountClient accountClient = new AccountClient();
 142         // This should not be needed - the auth is already set up
 143         //accountClient.setAuth(true, "test", true, "test", true);
 144
 145         // Submit the request to the service and store the response.
 146         AccountsCommon account =
 147                 createAccountInstance("george", "george08", "george@curiousland.com",
 148                 accountClient.getTenantId(), false);
 149         ClientResponse<Response> res = accountClient.create(account);
 150         int statusCode = res.getStatus();
 151
 152         if (logger.isDebugEnabled()) {
 153             logger.debug(testName + ": george status = " + statusCode);
 154         }
 155         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 156                 invalidStatusCodeMessage(testRequestType, statusCode));
 157         Assert.assertEquals(statusCode, testExpectedStatusCode);
 158
 159         // Store the ID returned from this create operation
 160         // for additional tests below.
 161         georgeAccountId = extractId(res);
 162         if (logger.isDebugEnabled()) {
 163             logger.debug(testName + ": georgeAccountId=" + georgeAccountId);
 164         }
 165         res.releaseConnection();
 166         //deactivate
 167         setupUpdate();
 168         account.setStatus(Status.INACTIVE);
 169         if (logger.isDebugEnabled()) {
 170             logger.debug(testName + ":updated object");
 171             logger.debug(objectAsXmlString(account,
 172                     AccountsCommon.class));
 173         }
 174
 175         // Submit the request to the service and store the response.
 176         ClientResponse<AccountsCommon> res1 = accountClient.update(georgeAccountId, account);
 177         statusCode = res1.getStatus();
 178         // Check the status code of the response: does it match the expected response(s)?
 179         if (logger.isDebugEnabled()) {
 180             logger.debug(testName + ": status = " + statusCode);
 181         }
 182         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 183                 invalidStatusCodeMessage(testRequestType, statusCode));
 184         Assert.assertEquals(statusCode, testExpectedStatusCode);
 185         res1.releaseConnection();
 186     }
 187
 188
 189     /* (non-Javadoc)
 190      * @see org.collectionspace.services.client.test.AbstractServiceTest#create()
 191      */
 192     @Test(dataProvider = "testName",
 193                 dependsOnMethods = {"createActiveAccount"})
 194     public void create(String testName) {
 195         setupCreate();
 196
 197         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 198         collectionObjectClient.setAuth(true, "barney", true, "barney08", true);
 199         String identifier = createIdentifier();
 200         PoxPayloadOut multipart = createCollectionObjectInstance(
 201                 collectionObjectClient.getCommonPartName(), identifier);
 202         Response res = collectionObjectClient.create(multipart);
 203         try {
 204                 if (logger.isDebugEnabled()) {
 205                     logger.debug("create: status = " + res.getStatus());
 206                 }
 207                 //so it does not have any permissions out-of-the-box to create a
 208                 //collection object
 209                 Assert.assertEquals(res.getStatus(),
 210                         Response.Status.FORBIDDEN.getStatusCode(), "expected "
 211                         + Response.Status.FORBIDDEN.getStatusCode());
 212
 213                 // Store the ID returned from this create operation for additional tests
 214                 // below.
 215         } finally {
 216                 res.close();
 217         }
 218
 219     }
 220
 221     @Test(dataProvider = "testName",
 222                 dependsOnMethods = {"createActiveAccount"})
 223     public void createWithoutAuthn(String testName) {
 224         setupCreate();
 225
 226         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 227         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 228         String pass = collectionObjectClient.getProperty(collectionObjectClient.PASSWORD_PROPERTY);
 229         collectionObjectClient.setAuth(false, user, true, pass, true);
 230         String identifier = createIdentifier();
 231         PoxPayloadOut multipart = createCollectionObjectInstance(
 232                 collectionObjectClient.getCommonPartName(), identifier);
 233         Response res = collectionObjectClient.create(multipart);
 234         try {
 235                 if (logger.isDebugEnabled()) {
 236                     logger.debug("create: status = " + res.getStatus());
 237                 }
 238                 Assert.assertEquals(res.getStatus(),
 239                         Response.Status.UNAUTHORIZED.getStatusCode(), "expected "
 240                         + Response.Status.UNAUTHORIZED.getStatusCode());
 241         } finally {
 242                 res.close();
 243         }
 244     }
 245
 246     @Test(dataProvider = "testName",
 247                 dependsOnMethods = {"createInactiveAccount"})
 248     public void createWithInactiveAccount(String testName) {
 249         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 250         collectionObjectClient.setAuth(true, "george", true, "george08", true);
 251         String identifier = createIdentifier();
 252         PoxPayloadOut multipart = createCollectionObjectInstance(
 253                 collectionObjectClient.getCommonPartName(), identifier);
 254
 255         Response res = collectionObjectClient.create(multipart);
 256         try {
 257                 if (logger.isDebugEnabled()) {
 258                     logger.debug(testName + ": status = " + res.getStatus());
 259                 }
 260                 Assert.assertEquals(res.getStatus(),
 261                         Response.Status.FORBIDDEN.getStatusCode(), "expected "
 262                         + Response.Status.FORBIDDEN.getStatusCode());
 263         } finally {
 264                 res.close();
 265         }
 266     }
 267
 268     /**
 269      * Creates the collection object instance without password.
 270      */
 271     @Test(dataProvider = "testName",
 272                 dependsOnMethods = {"createActiveAccount"})
 273     public void createWithoutPassword(String testName) {
 274         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 275         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 276         collectionObjectClient.setAuth(true, user, true, "", false);
 277         String identifier = createIdentifier();
 278         PoxPayloadOut multipart = createCollectionObjectInstance(
 279                 collectionObjectClient.getCommonPartName(), identifier);
 280         Response res = collectionObjectClient.create(multipart);
 281         try {
 282                 if (logger.isDebugEnabled()) {
 283                     logger.debug(testName + ": status = " + res.getStatus());
 284                 }
 285                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 286         } finally {
 287                 res.close();
 288         }
 289     }
 290
 291     /**
 292      * Creates the collection object with unknown user
 293      */
 294     @Test(dataProvider = "testName",
 295                 dependsOnMethods = {"createActiveAccount"})
 296     public void createWithUnknownUser(String testName) {
 297         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 298         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 299         String identifier = createIdentifier();
 300         PoxPayloadOut multipart = createCollectionObjectInstance(
 301                 collectionObjectClient.getCommonPartName(), identifier);
 302         Response res = collectionObjectClient.create(multipart);
 303         try {
 304                 if (logger.isDebugEnabled()) {
 305                     logger.debug(testName + ": status = " + res.getStatus());
 306                 }
 307                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 308         } finally {
 309                 res.close();
 310         }
 311     }
 312
 313     /**
 314      * Creates the collection object instance with incorrect password.
 315      */
 316     @Test(dataProvider = "testName",
 317                 dependsOnMethods = {"createActiveAccount"})
 318     public void createWithIncorrectPassword(String testName) {
 319         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 320         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 321         collectionObjectClient.setAuth(true, user, true, "bar", true);
 322         String identifier = createIdentifier();
 323         PoxPayloadOut multipart = createCollectionObjectInstance(
 324                 collectionObjectClient.getCommonPartName(), identifier);
 325         Response res = collectionObjectClient.create(multipart);
 326         try {
 327                 if (logger.isDebugEnabled()) {
 328                     logger.debug(testName + ": status = " + res.getStatus());
 329                 }
 330                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 331         } finally {
 332                 res.close();
 333         }
 334     }
 335
 336     /**
 337      * Creates the collection object instance with incorrect user password.
 338      */
 339     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 340     public void createWithIncorrectUserPassword(String testName) {
 341         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 342         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 343         String identifier = createIdentifier();
 344         PoxPayloadOut multipart = createCollectionObjectInstance(
 345                 collectionObjectClient.getCommonPartName(), identifier);
 346         Response res = collectionObjectClient.create(multipart);
 347         try {
 348                 if (logger.isDebugEnabled()) {
 349                     logger.debug(testName + ": status = " + res.getStatus());
 350                 }
 351                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 352         } finally {
 353                 res.close();
 354         }
 355     }
 356
 357     /**
 358      * Creates the collection object instance with incorrect user password.
 359      */
 360     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 361     public void createWithoutTenant(String testName) {
 362         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 363         collectionObjectClient.setAuth(true, "babybop", true, "babybop09", true);
 364         String identifier = createIdentifier();
 365         PoxPayloadOut multipart = createCollectionObjectInstance(
 366                 collectionObjectClient.getCommonPartName(), identifier);
 367         Response res = collectionObjectClient.create(multipart);
 368         try {
 369                 if (logger.isDebugEnabled()) {
 370                     logger.debug(testName + ": status = " + res.getStatus());
 371                 }
 372                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 373         } finally {
 374                 res.close();
 375         }
 376     }
 377
 378     @Test(dataProvider = "testName",
 379                 dependsOnMethods = {"create", "createWithInactiveAccount"})
 380     public void deleteAccounts(String testName) throws Exception {
 381         // Perform setup.
 382         setupDelete();
 383         AccountClient accountClient = new AccountClient();
 384         // accountClient.setAuth(true, "test", true, "test", true);
 385         // Submit the request to the service and store the response.
 386
 387         Response res = accountClient.delete(barneyAccountId);
 388         int statusCode;
 389         try {
 390                 statusCode = res.getStatus();
 391             if (logger.isDebugEnabled()) {
 392                 logger.debug(testName + ": barney status = " + statusCode);
 393             }
 394             Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 395                     invalidStatusCodeMessage(testRequestType, statusCode));
 396         } finally {
 397                 res.close();
 398         }
 399
 400         res = accountClient.delete(georgeAccountId);
 401         try {
 402                 statusCode = res.getStatus();
 403                 if (logger.isDebugEnabled()) {
 404                     logger.debug(testName + ": george status = " + statusCode);
 405                 }
 406                 Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 407                         invalidStatusCodeMessage(testRequestType, statusCode));
 408         } finally {
 409                 res.close();
 410         }
 411     }
 412
 413     // ---------------------------------------------------------------
 414     // Utility methods used by tests above
 415     // ---------------------------------------------------------------
 416     /**
 417      * Creates the collection object instance.
 418      *
 419      * @param commonPartName the common part name
 420      * @param identifier the identifier
 421      *
 422      * @return the multipart output
 423      */
 424     private PoxPayloadOut createCollectionObjectInstance(
 425             String commonPartName, String identifier) {
 426         return createCollectionObjectInstance(commonPartName, "objectNumber-"
 427                 + identifier, "title-" + identifier);
 428     }
 429
 430     /**
 431      * Creates the collection object instance.
 432      *
 433      * @param commonPartName the common part name
 434      * @param objectNumber the object number
 435      * @param title the object title
 436      *
 437      * @return the multipart output
 438      */
 439     private PoxPayloadOut createCollectionObjectInstance(
 440             String commonPartName, String objectNumber, String title) {
 441         CollectionobjectsCommon collectionObject = new CollectionobjectsCommon();
 442
 443         collectionObject.setObjectNumber(objectNumber);
 444         TitleGroupList titleGroupList = new TitleGroupList();
 445         List<TitleGroup> titleGroups = titleGroupList.getTitleGroup();
 446         TitleGroup titleGroup = new TitleGroup();
 447         titleGroup.setTitle(title);
 448         titleGroups.add(titleGroup);
 449         collectionObject.setTitleGroupList(titleGroupList);
 450         PoxPayloadOut multipart =
 451                 CollectionObjectFactory.createCollectionObjectInstance(
 452                 commonPartName, collectionObject, null, null);
 453
 454         if (logger.isDebugEnabled()) {
 455             logger.debug("to be created, collectionobject common ",
 456                     collectionObject, CollectionobjectsCommon.class);
 457         }
 458         return multipart;
 459     }
 460
 461     private AccountsCommon createAccountInstance(String screenName,
 462             String passwd, String email, String tenantId, boolean invalidTenant) {
 463
 464         AccountsCommon account = AccountFactory.createAccountInstance(screenName,
 465                 screenName, passwd, email, tenantId,
 466                 true, invalidTenant, true, true);
 467
 468         List<AccountTenant> atl = account.getTenants();
 469
 470         //disable 2nd tenant till tenant identification is in effect
 471         //on the service side for 1-n user-tenants
 472 //        AccountsCommon.Tenant at2 = new AccountsCommon.Tenant();
 473 //        at2.setId(UUID.randomUUID().toString());
 474 //        at2.setName("collectionspace.org");
 475 //        atl.add(at2);
 476 //        account.setTenants(atl);
 477
 478         if (logger.isDebugEnabled()) {
 479             logger.debug("to be created, account common");
 480             logger.debug(objectAsXmlString(account,
 481                     AccountsCommon.class));
 482         }
 483         return account;
 484
 485     }
 486
 487         @Override
 488         protected Class<AbstractCommonList> getCommonListType() {
 489                 // TODO Auto-generated method stub
 490                 return null;
 491         }
 492 }