git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright (c)) 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.security.client.test;
  24
  25 import java.util.List;
  26
  27 import javax.ws.rs.core.Response;
  28
  29 import org.testng.Assert;
  30 import org.testng.annotations.Test;
  31 import org.slf4j.Logger;
  32 import org.slf4j.LoggerFactory;
  33
  34 import org.collectionspace.services.account.AccountTenant;
  35 import org.collectionspace.services.account.AccountsCommon;
  36 import org.collectionspace.services.account.Status;
  37 import org.collectionspace.services.client.AccountClient;
  38 import org.collectionspace.services.client.AccountFactory;
  39 import org.collectionspace.services.client.CollectionObjectClient;
  40 import org.collectionspace.services.client.CollectionObjectFactory;
  41 import org.collectionspace.services.client.CollectionSpaceClient;
  42 import org.collectionspace.services.client.PoxPayloadOut;
  43 import org.collectionspace.services.client.test.BaseServiceTest;
  44 import org.collectionspace.services.collectionobject.CollectionobjectsCommon;
  45 import org.collectionspace.services.collectionobject.TitleGroup;
  46 import org.collectionspace.services.collectionobject.TitleGroupList;
  47 import org.collectionspace.services.jaxb.AbstractCommonList;
  48
  49 /**
  50  * AuthenticationServiceTest uses CollectionObject service to test
  51  * authentication
  52  *
  53  * $LastChangedRevision: 434 $ $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue,
  54  * 28 Jul 2009) $
  55  */
  56 public class AuthenticationServiceTest extends BaseServiceTest<AbstractCommonList> {
  57
  58     private final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  59     /** The known resource id. */
  60     private String barneyAccountId = null; //active
  61     private String georgeAccountId = null; //inactive
  62     /** The logger. */
  63     private final String CLASS_NAME = AuthenticationServiceTest.class.getName();
  64
  65     /* (non-Javadoc)
  66      * @see org.collectionspace.services.client.test.AbstractServiceTest#getServicePathComponent()
  67      */
  68     @Override
  69     protected String getServicePathComponent() {
  70         // no need to return anything but null since no auth resources are
  71         // accessed
  72         throw new UnsupportedOperationException();
  73     }
  74
  75         @Override
  76         protected String getServiceName() {
  77         // no need to return anything but null since no auth resources are
  78         // accessed
  79         throw new UnsupportedOperationException();
  80         }
  81
  82     /* (non-Javadoc)
  83      * @see org.collectionspace.services.client.test.BaseServiceTest#getClientInstance()
  84      */
  85     @Override
  86     protected CollectionSpaceClient getClientInstance() {
  87         return new AccountClient();
  88     }
  89
  90         @Override
  91         protected CollectionSpaceClient getClientInstance(String clientPropertiesFilename) {
  92         return new AccountClient(clientPropertiesFilename);
  93         }
  94
  95     /* (non-Javadoc)
  96      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
  97      */
  98     @Override
  99     protected AbstractCommonList getCommonList(Response response) {
 100         throw new UnsupportedOperationException(); //Since this test does not support lists, this method is not needed.
 101     }
 102
 103     @Test(dataProvider = "testName")
 104     public void createActiveAccount(String testName) throws Exception {
 105         // Perform setup, such as initializing the type of service request
 106         // (e.g. CREATE, DELETE), its valid and expected status codes, and
 107         // its associated HTTP method name (e.g. POST, DELETE).
 108         setupCreate();
 109
 110         AccountClient accountClient = new AccountClient();
 111         // This should not be needed - the auth is already set up
 112         //accountClient.setAuth(true, "test", true, "test", true);
 113
 114         // Submit the request to the service and store the response.
 115         AccountsCommon account =
 116                 createAccountInstance("barney", "barney08", "barney@dinoland.com",
 117                 accountClient.getTenantId(), false);
 118         Response res = accountClient.create(account);
 119         try {
 120                 int statusCode = res.getStatus();
 121
 122                 if (logger.isDebugEnabled()) {
 123                     logger.debug(testName + ": barney status = " + statusCode);
 124                 }
 125                 Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 126                         invalidStatusCodeMessage(testRequestType, statusCode));
 127                 Assert.assertEquals(statusCode, testExpectedStatusCode);
 128
 129                 // Store the ID returned from this create operation
 130                 // for additional tests below.
 131                 barneyAccountId = extractId(res);
 132                 if (logger.isDebugEnabled()) {
 133                     logger.debug(testName + ": barneyAccountId=" + barneyAccountId);
 134                 }
 135         } finally {
 136                 res.close();
 137         }
 138
 139     }
 140
 141     @Test(dataProvider = "testName")
 142     public void createInactiveAccount(String testName) throws Exception {
 143         // Perform setup.
 144         setupCreate();
 145
 146         AccountClient accountClient = new AccountClient();
 147         // This should not be needed - the auth is already set up
 148         //accountClient.setAuth(true, "test", true, "test", true);
 149
 150         // Submit the request to the service and store the response.
 151         AccountsCommon account =
 152                 createAccountInstance("george", "george08", "george@curiousland.com",
 153                 accountClient.getTenantId(), false);
 154         Response res = accountClient.create(account);
 155         try {
 156                 int statusCode = res.getStatus();
 157                 if (logger.isDebugEnabled()) {
 158                     logger.debug(testName + ": george status = " + statusCode);
 159                 }
 160                 Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 161                         invalidStatusCodeMessage(testRequestType, statusCode));
 162                 Assert.assertEquals(statusCode, testExpectedStatusCode);
 163
 164                 // Store the ID returned from this create operation
 165                 // for additional tests below.
 166                 georgeAccountId = extractId(res);
 167                 if (logger.isDebugEnabled()) {
 168                     logger.debug(testName + ": georgeAccountId=" + georgeAccountId);
 169                 }
 170         } finally {
 171                 res.close();
 172         }
 173
 174         //deactivate
 175         setupUpdate();
 176         account.setStatus(Status.INACTIVE);
 177         if (logger.isDebugEnabled()) {
 178             logger.debug(testName + ":updated object");
 179             logger.debug(objectAsXmlString(account,
 180                     AccountsCommon.class));
 181         }
 182
 183         // Submit the request to the service and store the response.
 184         Response res1 = accountClient.update(georgeAccountId, account);
 185         try {
 186                 int statusCode = res1.getStatus();
 187                 // Check the status code of the response: does it match the expected response(s)?
 188                 if (logger.isDebugEnabled()) {
 189                     logger.debug(testName + ": status = " + statusCode);
 190                 }
 191                 Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 192                         invalidStatusCodeMessage(testRequestType, statusCode));
 193                 Assert.assertEquals(statusCode, testExpectedStatusCode);
 194         } finally {
 195                 res1.close();
 196         }
 197     }
 198
 199
 200     /* (non-Javadoc)
 201      * @see org.collectionspace.services.client.test.AbstractServiceTest#create()
 202      */
 203     @Test(dataProvider = "testName",
 204                 dependsOnMethods = {"createActiveAccount"})
 205     public void create(String testName) {
 206         setupCreate();
 207
 208         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 209         collectionObjectClient.setAuth(true, "barney", true, "barney08", true);
 210         String identifier = createIdentifier();
 211         PoxPayloadOut multipart = createCollectionObjectInstance(
 212                 collectionObjectClient.getCommonPartName(), identifier);
 213         Response res = collectionObjectClient.create(multipart);
 214         try {
 215                 if (logger.isDebugEnabled()) {
 216                     logger.debug("create: status = " + res.getStatus());
 217                 }
 218                 //so it does not have any permissions out-of-the-box to create a
 219                 //collection object
 220                 Assert.assertEquals(res.getStatus(),
 221                         Response.Status.FORBIDDEN.getStatusCode(), "expected "
 222                         + Response.Status.FORBIDDEN.getStatusCode());
 223
 224                 // Store the ID returned from this create operation for additional tests
 225                 // below.
 226         } finally {
 227                 res.close();
 228         }
 229
 230     }
 231
 232     @Test(dataProvider = "testName",
 233                 dependsOnMethods = {"createActiveAccount"})
 234     public void createWithoutAuthn(String testName) {
 235         setupCreate();
 236
 237         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 238         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 239         String pass = collectionObjectClient.getProperty(collectionObjectClient.PASSWORD_PROPERTY);
 240         collectionObjectClient.setAuth(false, user, true, pass, true);
 241         String identifier = createIdentifier();
 242         PoxPayloadOut multipart = createCollectionObjectInstance(
 243                 collectionObjectClient.getCommonPartName(), identifier);
 244         Response res = collectionObjectClient.create(multipart);
 245         try {
 246                 if (logger.isDebugEnabled()) {
 247                     logger.debug("create: status = " + res.getStatus());
 248                 }
 249                 Assert.assertEquals(res.getStatus(),
 250                         Response.Status.UNAUTHORIZED.getStatusCode(), "expected "
 251                         + Response.Status.UNAUTHORIZED.getStatusCode());
 252         } finally {
 253                 res.close();
 254         }
 255     }
 256
 257     @Test(dataProvider = "testName",
 258                 dependsOnMethods = {"createInactiveAccount"})
 259     public void createWithInactiveAccount(String testName) {
 260         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 261         collectionObjectClient.setAuth(true, "george", true, "george08", true);
 262         String identifier = createIdentifier();
 263         PoxPayloadOut multipart = createCollectionObjectInstance(
 264                 collectionObjectClient.getCommonPartName(), identifier);
 265
 266         Response res = collectionObjectClient.create(multipart);
 267         try {
 268                 if (logger.isDebugEnabled()) {
 269                     logger.debug(testName + ": status = " + res.getStatus());
 270                 }
 271                 Assert.assertEquals(res.getStatus(),
 272                         Response.Status.FORBIDDEN.getStatusCode(), "expected "
 273                         + Response.Status.FORBIDDEN.getStatusCode());
 274         } finally {
 275                 res.close();
 276         }
 277     }
 278
 279     /**
 280      * Creates the collection object instance without password.
 281      */
 282     @Test(dataProvider = "testName",
 283                 dependsOnMethods = {"createActiveAccount"})
 284     public void createWithoutPassword(String testName) {
 285         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 286         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 287         collectionObjectClient.setAuth(true, user, true, "", false);
 288         String identifier = createIdentifier();
 289         PoxPayloadOut multipart = createCollectionObjectInstance(
 290                 collectionObjectClient.getCommonPartName(), identifier);
 291         Response res = collectionObjectClient.create(multipart);
 292         try {
 293                 if (logger.isDebugEnabled()) {
 294                     logger.debug(testName + ": status = " + res.getStatus());
 295                 }
 296                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 297         } finally {
 298                 res.close();
 299         }
 300     }
 301
 302     /**
 303      * Creates the collection object with unknown user
 304      */
 305     @Test(dataProvider = "testName",
 306                 dependsOnMethods = {"createActiveAccount"})
 307     public void createWithUnknownUser(String testName) {
 308         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 309         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 310         String identifier = createIdentifier();
 311         PoxPayloadOut multipart = createCollectionObjectInstance(
 312                 collectionObjectClient.getCommonPartName(), identifier);
 313         Response res = collectionObjectClient.create(multipart);
 314         try {
 315                 if (logger.isDebugEnabled()) {
 316                     logger.debug(testName + ": status = " + res.getStatus());
 317                 }
 318                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 319         } finally {
 320                 res.close();
 321         }
 322     }
 323
 324     /**
 325      * Creates the collection object instance with incorrect password.
 326      */
 327     @Test(dataProvider = "testName",
 328                 dependsOnMethods = {"createActiveAccount"})
 329     public void createWithIncorrectPassword(String testName) {
 330         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 331         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 332         collectionObjectClient.setAuth(true, user, true, "bar", true);
 333         String identifier = createIdentifier();
 334         PoxPayloadOut multipart = createCollectionObjectInstance(
 335                 collectionObjectClient.getCommonPartName(), identifier);
 336         Response res = collectionObjectClient.create(multipart);
 337         try {
 338                 if (logger.isDebugEnabled()) {
 339                     logger.debug(testName + ": status = " + res.getStatus());
 340                 }
 341                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 342         } finally {
 343                 res.close();
 344         }
 345     }
 346
 347     /**
 348      * Creates the collection object instance with incorrect user password.
 349      */
 350     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 351     public void createWithIncorrectUserPassword(String testName) {
 352         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 353         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 354         String identifier = createIdentifier();
 355         PoxPayloadOut multipart = createCollectionObjectInstance(
 356                 collectionObjectClient.getCommonPartName(), identifier);
 357         Response res = collectionObjectClient.create(multipart);
 358         try {
 359                 if (logger.isDebugEnabled()) {
 360                     logger.debug(testName + ": status = " + res.getStatus());
 361                 }
 362                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 363         } finally {
 364                 res.close();
 365         }
 366     }
 367
 368     /**
 369      * Creates the collection object instance with incorrect user password.
 370      */
 371     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 372     public void createWithoutTenant(String testName) {
 373         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 374         collectionObjectClient.setAuth(true, "babybop", true, "babybop09", true);
 375         String identifier = createIdentifier();
 376         PoxPayloadOut multipart = createCollectionObjectInstance(
 377                 collectionObjectClient.getCommonPartName(), identifier);
 378         Response res = collectionObjectClient.create(multipart);
 379         try {
 380                 if (logger.isDebugEnabled()) {
 381                     logger.debug(testName + ": status = " + res.getStatus());
 382                 }
 383                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 384         } finally {
 385                 res.close();
 386         }
 387     }
 388
 389     @Test(dataProvider = "testName",
 390                 dependsOnMethods = {"create", "createWithInactiveAccount"})
 391     public void deleteAccounts(String testName) throws Exception {
 392         // Perform setup.
 393         setupDelete();
 394         AccountClient accountClient = new AccountClient();
 395         // accountClient.setAuth(true, "test", true, "test", true);
 396         // Submit the request to the service and store the response.
 397
 398         Response res = accountClient.delete(barneyAccountId);
 399         int statusCode;
 400         try {
 401                 statusCode = res.getStatus();
 402             if (logger.isDebugEnabled()) {
 403                 logger.debug(testName + ": barney status = " + statusCode);
 404             }
 405             Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 406                     invalidStatusCodeMessage(testRequestType, statusCode));
 407         } finally {
 408                 res.close();
 409         }
 410
 411         res = accountClient.delete(georgeAccountId);
 412         try {
 413                 statusCode = res.getStatus();
 414                 if (logger.isDebugEnabled()) {
 415                     logger.debug(testName + ": george status = " + statusCode);
 416                 }
 417                 Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 418                         invalidStatusCodeMessage(testRequestType, statusCode));
 419         } finally {
 420                 res.close();
 421         }
 422     }
 423
 424     // ---------------------------------------------------------------
 425     // Utility methods used by tests above
 426     // ---------------------------------------------------------------
 427     /**
 428      * Creates the collection object instance.
 429      *
 430      * @param commonPartName the common part name
 431      * @param identifier the identifier
 432      *
 433      * @return the multipart output
 434      */
 435     private PoxPayloadOut createCollectionObjectInstance(
 436             String commonPartName, String identifier) {
 437         return createCollectionObjectInstance(commonPartName, "objectNumber-"
 438                 + identifier, "title-" + identifier);
 439     }
 440
 441     /**
 442      * Creates the collection object instance.
 443      *
 444      * @param commonPartName the common part name
 445      * @param objectNumber the object number
 446      * @param title the object title
 447      *
 448      * @return the multipart output
 449      */
 450     private PoxPayloadOut createCollectionObjectInstance(
 451             String commonPartName, String objectNumber, String title) {
 452         CollectionobjectsCommon collectionObject = new CollectionobjectsCommon();
 453
 454         collectionObject.setObjectNumber(objectNumber);
 455         TitleGroupList titleGroupList = new TitleGroupList();
 456         List<TitleGroup> titleGroups = titleGroupList.getTitleGroup();
 457         TitleGroup titleGroup = new TitleGroup();
 458         titleGroup.setTitle(title);
 459         titleGroups.add(titleGroup);
 460         collectionObject.setTitleGroupList(titleGroupList);
 461         PoxPayloadOut multipart =
 462                 CollectionObjectFactory.createCollectionObjectInstance(
 463                 commonPartName, collectionObject, null, null);
 464
 465         if (logger.isDebugEnabled()) {
 466             logger.debug("to be created, collectionobject common ",
 467                     collectionObject, CollectionobjectsCommon.class);
 468         }
 469         return multipart;
 470     }
 471
 472     private AccountsCommon createAccountInstance(String screenName,
 473             String passwd, String email, String tenantId, boolean invalidTenant) {
 474
 475         AccountsCommon account = AccountFactory.createAccountInstance(screenName,
 476                 screenName, passwd, email, tenantId,
 477                 true, invalidTenant, true, true);
 478
 479         List<AccountTenant> atl = account.getTenants();
 480
 481         //disable 2nd tenant till tenant identification is in effect
 482         //on the service side for 1-n user-tenants
 483 //        AccountsCommon.Tenant at2 = new AccountsCommon.Tenant();
 484 //        at2.setId(UUID.randomUUID().toString());
 485 //        at2.setName("collectionspace.org");
 486 //        atl.add(at2);
 487 //        account.setTenants(atl);
 488
 489         if (logger.isDebugEnabled()) {
 490             logger.debug("to be created, account common");
 491             logger.debug(objectAsXmlString(account,
 492                     AccountsCommon.class));
 493         }
 494         return account;
 495
 496     }
 497
 498         @Override
 499         protected Class<AbstractCommonList> getCommonListType() {
 500                 // TODO Auto-generated method stub
 501                 return null;
 502         }
 503 }