git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright (c)) 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.security.client.test;
  24
  25 import java.util.List;
  26
  27 import javax.ws.rs.core.Response;
  28
  29 //import org.apache.commons.codec.binary.Base64;
  30 import org.jboss.resteasy.client.ClientResponse;
  31 import org.jboss.resteasy.plugins.providers.multipart.MultipartOutput;
  32
  33 import org.testng.Assert;
  34 import org.testng.annotations.Test;
  35
  36 import org.collectionspace.services.account.AccountTenant;
  37 import org.collectionspace.services.client.AccountClient;
  38 import org.collectionspace.services.account.AccountsCommon;
  39 import org.collectionspace.services.account.Status;
  40 import org.collectionspace.services.client.AccountFactory;
  41 import org.collectionspace.services.collectionobject.CollectionobjectsCommon;
  42 import org.collectionspace.services.client.CollectionObjectClient;
  43 import org.collectionspace.services.client.CollectionObjectFactory;
  44 import org.collectionspace.services.client.CollectionSpaceClient;
  45 import org.collectionspace.services.client.test.AbstractServiceTestImpl;
  46 import org.collectionspace.services.client.test.BaseServiceTest;
  47 import org.collectionspace.services.jaxb.AbstractCommonList;
  48
  49 import org.slf4j.Logger;
  50 import org.slf4j.LoggerFactory;
  51
  52 /**
  53  * AuthenticationServiceTest uses CollectionObject service to test
  54  * authentication
  55  *
  56  * $LastChangedRevision: 434 $ $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue,
  57  * 28 Jul 2009) $
  58  */
  59 public class AuthenticationServiceTest extends AbstractServiceTestImpl {
  60
  61     /** The known resource id. */
  62     private String knownResourceId = null;
  63     private String barneyAccountId = null; //active
  64     private String georgeAccountId = null; //inactive
  65     /** The logger. */
  66     final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  67
  68     /* (non-Javadoc)
  69      * @see org.collectionspace.services.client.test.AbstractServiceTest#getServicePathComponent()
  70      */
  71     @Override
  72     protected String getServicePathComponent() {
  73         // no need to return anything but null since no auth resources are
  74         // accessed
  75         return null;
  76     }
  77
  78     /* (non-Javadoc)
  79      * @see org.collectionspace.services.client.test.BaseServiceTest#getClientInstance()
  80      */
  81     @Override
  82     protected CollectionSpaceClient getClientInstance() {
  83         return new AccountClient();
  84     }
  85
  86     /* (non-Javadoc)
  87      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
  88      */
  89     @Override
  90     protected AbstractCommonList getAbstractCommonList(
  91             ClientResponse<AbstractCommonList> response) {
  92         throw new UnsupportedOperationException(); //Since this test does not support lists, this method is not needed.
  93     }
  94
  95     @Test(dataProvider = "testName")
  96     @Override
  97     public void readPaginatedList(String testName) throws Exception {
  98         // Test not supported.
  99     }
 100
 101     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 102     public void createActiveAccount(String testName) throws Exception {
 103         // Perform setup, such as initializing the type of service request
 104         // (e.g. CREATE, DELETE), its valid and expected status codes, and
 105         // its associated HTTP method name (e.g. POST, DELETE).
 106         setupCreate(testName);
 107         AccountClient accountClient = new AccountClient();
 108         accountClient.setAuth(true, "test", true, "test", true);
 109
 110         // Submit the request to the service and store the response.
 111         AccountsCommon account =
 112                 createAccountInstance("barney", "barney08", "barney@dinoland.com", false);
 113         ClientResponse<Response> res = accountClient.create(account);
 114         int statusCode = res.getStatus();
 115
 116         if (logger.isDebugEnabled()) {
 117             logger.debug(testName + ": barney status = " + statusCode);
 118         }
 119         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 120                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 121         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 122
 123         // Store the ID returned from this create operation
 124         // for additional tests below.
 125         barneyAccountId = extractId(res);
 126         if (logger.isDebugEnabled()) {
 127             logger.debug(testName + ": barneyAccountId=" + barneyAccountId);
 128         }
 129         res.releaseConnection();
 130
 131     }
 132
 133     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 134     public void createInactiveAccount(String testName) throws Exception {
 135         // Perform setup, such as initializing the type of service request
 136         // (e.g. CREATE, DELETE), its valid and expected status codes, and
 137         // its associated HTTP method name (e.g. POST, DELETE).
 138         setupCreate(testName);
 139         AccountClient accountClient = new AccountClient();
 140         accountClient.setAuth(true, "test", true, "test", true);
 141
 142         // Submit the request to the service and store the response.
 143         AccountsCommon account =
 144                 createAccountInstance("george", "george08", "george@curiousland.com", false);
 145         ClientResponse<Response> res = accountClient.create(account);
 146         int statusCode = res.getStatus();
 147
 148         if (logger.isDebugEnabled()) {
 149             logger.debug(testName + ": george status = " + statusCode);
 150         }
 151         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 152                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 153         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 154
 155         // Store the ID returned from this create operation
 156         // for additional tests below.
 157         georgeAccountId = extractId(res);
 158         if (logger.isDebugEnabled()) {
 159             logger.debug(testName + ": georgeAccountId=" + georgeAccountId);
 160         }
 161         res.releaseConnection();
 162         //deactivate
 163         setupUpdate(testName);
 164         account.setStatus(Status.INACTIVE);
 165         if (logger.isDebugEnabled()) {
 166             logger.debug(testName + ":updated object");
 167             logger.debug(objectAsXmlString(account,
 168                     AccountsCommon.class));
 169         }
 170
 171         // Submit the request to the service and store the response.
 172         ClientResponse<AccountsCommon> res1 = accountClient.update(georgeAccountId, account);
 173         statusCode = res1.getStatus();
 174         // Check the status code of the response: does it match the expected response(s)?
 175         if (logger.isDebugEnabled()) {
 176             logger.debug(testName + ": status = " + statusCode);
 177         }
 178         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 179                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 180         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 181         res1.releaseConnection();
 182     }
 183
 184
 185     /* (non-Javadoc)
 186      * @see org.collectionspace.services.client.test.AbstractServiceTest#create()
 187      */
 188     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 189     dependsOnMethods = {"createActiveAccount"})
 190     @Override
 191     public void create(String testName) {
 192         setupCreate(testName);
 193         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 194         collectionObjectClient.setAuth(true, "barney", true, "barney08", true);
 195         String identifier = BaseServiceTest.createIdentifier();
 196         MultipartOutput multipart = createCollectionObjectInstance(
 197                 collectionObjectClient.getCommonPartName(), identifier);
 198         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 199         if (logger.isDebugEnabled()) {
 200             logger.debug("create: status = " + res.getStatus());
 201         }
 202         //so it does not have any permissions out-of-the-box to create a
 203         //collection object
 204         Assert.assertEquals(res.getStatus(),
 205                 Response.Status.FORBIDDEN.getStatusCode(), "expected "
 206                 + Response.Status.FORBIDDEN.getStatusCode());
 207
 208         // Store the ID returned from this create operation for additional tests
 209         // below.
 210         res.releaseConnection();
 211
 212     }
 213
 214     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 215     dependsOnMethods = {"createActiveAccount"})
 216     public void createWithoutAuthn(String testName) {
 217         setupCreate(testName);
 218         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 219         collectionObjectClient.setAuth(false, "test", true, "test", true);
 220         String identifier = BaseServiceTest.createIdentifier();
 221         MultipartOutput multipart = createCollectionObjectInstance(
 222                 collectionObjectClient.getCommonPartName(), identifier);
 223         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 224         if (logger.isDebugEnabled()) {
 225             logger.debug("create: status = " + res.getStatus());
 226         }
 227         Assert.assertEquals(res.getStatus(),
 228                 Response.Status.UNAUTHORIZED.getStatusCode(), "expected "
 229                 + Response.Status.UNAUTHORIZED.getStatusCode());
 230         res.releaseConnection();
 231
 232     }
 233
 234     @Test(dataProvider = "testName", dependsOnMethods = {"createInactiveAccount"})
 235     public void createWithInactiveAccount(String testName) {
 236         banner(testName);
 237         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 238         collectionObjectClient.setAuth(true, "george", true, "george08", true);
 239         String identifier = BaseServiceTest.createIdentifier();
 240         MultipartOutput multipart = createCollectionObjectInstance(
 241                 collectionObjectClient.getCommonPartName(), identifier);
 242
 243         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 244         if (logger.isDebugEnabled()) {
 245             logger.debug(testName + ": status = " + res.getStatus());
 246         }
 247         Assert.assertEquals(res.getStatus(),
 248                 Response.Status.FORBIDDEN.getStatusCode(), "expected "
 249                 + Response.Status.FORBIDDEN.getStatusCode());
 250         res.releaseConnection();
 251     }
 252
 253     /**
 254      * Creates the collection object instance without password.
 255      */
 256     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 257     public void createWithoutPassword(String testName) {
 258         banner(testName);
 259         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 260         collectionObjectClient.setAuth(true, "test", true, "", false);
 261         String identifier = BaseServiceTest.createIdentifier();
 262         MultipartOutput multipart = createCollectionObjectInstance(
 263                 collectionObjectClient.getCommonPartName(), identifier);
 264         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 265         if (logger.isDebugEnabled()) {
 266             logger.debug(testName + ": status = " + res.getStatus());
 267         }
 268         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 269         res.releaseConnection();
 270     }
 271
 272     /**
 273      * Creates the collection object with unknown user
 274      */
 275     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 276     public void createWithUnknownUser(String testName) {
 277         banner(testName);
 278         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 279         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 280         String identifier = BaseServiceTest.createIdentifier();
 281         MultipartOutput multipart = createCollectionObjectInstance(
 282                 collectionObjectClient.getCommonPartName(), identifier);
 283         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 284         if (logger.isDebugEnabled()) {
 285             logger.debug(testName + ": status = " + res.getStatus());
 286         }
 287         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 288         res.releaseConnection();
 289     }
 290
 291     /**
 292      * Creates the collection object instance with incorrect password.
 293      */
 294     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 295     public void createWithIncorrectPassword(String testName) {
 296         banner(testName);
 297         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 298         collectionObjectClient.setAuth(true, "test", true, "bar", true);
 299         String identifier = BaseServiceTest.createIdentifier();
 300         MultipartOutput multipart = createCollectionObjectInstance(
 301                 collectionObjectClient.getCommonPartName(), identifier);
 302         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 303         if (logger.isDebugEnabled()) {
 304             logger.debug(testName + ": status = " + res.getStatus());
 305         }
 306         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 307         res.releaseConnection();
 308     }
 309
 310     /**
 311      * Creates the collection object instance with incorrect user password.
 312      */
 313     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 314     public void createWithIncorrectUserPassword(String testName) {
 315         banner(testName);
 316         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 317         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 318         String identifier = BaseServiceTest.createIdentifier();
 319         MultipartOutput multipart = createCollectionObjectInstance(
 320                 collectionObjectClient.getCommonPartName(), identifier);
 321         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 322         if (logger.isDebugEnabled()) {
 323             logger.debug(testName + ": status = "
 324                     + res.getStatus());
 325         }
 326         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 327         res.releaseConnection();
 328     }
 329
 330     /**
 331      * Creates the collection object instance with incorrect user password.
 332      */
 333     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 334     public void createWithoutTenant(String testName) {
 335         banner(testName);
 336         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 337         collectionObjectClient.setAuth(true, "babybop", true, "babybop09", true);
 338         String identifier = BaseServiceTest.createIdentifier();
 339         MultipartOutput multipart = createCollectionObjectInstance(
 340                 collectionObjectClient.getCommonPartName(), identifier);
 341         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 342         if (logger.isDebugEnabled()) {
 343             logger.debug(testName + ": status = "
 344                     + res.getStatus());
 345         }
 346         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 347         res.releaseConnection();
 348     }
 349
 350     /* (non-Javadoc)
 351      * @see org.collectionspace.services.client.test.AbstractServiceTest#delete()
 352      */
 353     @Override
 354     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 355     dependsOnMethods = {"create"})
 356     public void delete(String testName) {
 357         setupDelete(testName);
 358
 359     }
 360
 361     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 362     dependsOnMethods = {"create", "createWithInactiveAccount"})
 363     public void deleteAccounts(String testName) throws Exception {
 364
 365         // Perform setup.
 366         setupDelete(testName);
 367         AccountClient accountClient = new AccountClient();
 368         accountClient.setAuth(true, "test", true, "test", true);
 369         // Submit the request to the service and store the response.
 370         ClientResponse<Response> res = accountClient.delete(barneyAccountId);
 371         int statusCode = res.getStatus();
 372         if (logger.isDebugEnabled()) {
 373             logger.debug(testName + ": barney status = " + statusCode);
 374         }
 375         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 376                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 377
 378         res = accountClient.delete(georgeAccountId);
 379         statusCode = res.getStatus();
 380         if (logger.isDebugEnabled()) {
 381             logger.debug(testName + ": george status = " + statusCode);
 382         }
 383         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 384                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 385         res.releaseConnection();
 386     }
 387
 388     // ---------------------------------------------------------------
 389     // Utility methods used by tests above
 390     // ---------------------------------------------------------------
 391     /**
 392      * Creates the collection object instance.
 393      *
 394      * @param commonPartName the common part name
 395      * @param identifier the identifier
 396      *
 397      * @return the multipart output
 398      */
 399     private MultipartOutput createCollectionObjectInstance(
 400             String commonPartName, String identifier) {
 401         return createCollectionObjectInstance(commonPartName, "objectNumber-"
 402                 + identifier, "objectName-" + identifier);
 403     }
 404
 405     /**
 406      * Creates the collection object instance.
 407      *
 408      * @param commonPartName the common part name
 409      * @param objectNumber the object number
 410      * @param objectName the object name
 411      *
 412      * @return the multipart output
 413      */
 414     private MultipartOutput createCollectionObjectInstance(
 415             String commonPartName, String objectNumber, String objectName) {
 416         CollectionobjectsCommon collectionObject = new CollectionobjectsCommon();
 417
 418         collectionObject.setObjectNumber(objectNumber);
 419         collectionObject.setObjectName(objectName);
 420         MultipartOutput multipart =
 421                 CollectionObjectFactory.createCollectionObjectInstance(
 422                 commonPartName, collectionObject, null, null);
 423
 424         if (logger.isDebugEnabled()) {
 425             logger.debug("to be created, collectionobject common ",
 426                     collectionObject, CollectionobjectsCommon.class);
 427         }
 428         return multipart;
 429     }
 430
 431     private AccountsCommon createAccountInstance(String screenName,
 432             String passwd, String email, boolean invalidTenant) {
 433
 434         AccountsCommon account = AccountFactory.createAccountInstance(screenName,
 435                 screenName, passwd, email,
 436                 true, true, invalidTenant, true, true);
 437
 438         List<AccountTenant> atl = account.getTenants();
 439
 440         //disable 2nd tenant till tenant identification is in effect
 441         //on the service side for 1-n user-tenants
 442 //        AccountsCommon.Tenant at2 = new AccountsCommon.Tenant();
 443 //        at2.setId(UUID.randomUUID().toString());
 444 //        at2.setName("collectionspace.org");
 445 //        atl.add(at2);
 446 //        account.setTenants(atl);
 447
 448         if (logger.isDebugEnabled()) {
 449             logger.debug("to be created, account common");
 450             logger.debug(objectAsXmlString(account,
 451                     AccountsCommon.class));
 452         }
 453         return account;
 454
 455     }
 456
 457     /* (non-Javadoc)
 458      * @see org.collectionspace.services.client.test.AbstractServiceTest#createList()
 459      */
 460     @Override
 461     public void createList(String testName) throws Exception {
 462         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 463     }
 464
 465     /* (non-Javadoc)
 466      * @see org.collectionspace.services.client.test.AbstractServiceTest#createWithEmptyEntityBody()
 467      */
 468     @Override
 469     public void createWithEmptyEntityBody(String testName) throws Exception {
 470         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 471     }
 472
 473     /* (non-Javadoc)
 474      * @see org.collectionspace.services.client.test.AbstractServiceTest#createWithMalformedXml()
 475      */
 476     @Override
 477     public void createWithMalformedXml(String testName) throws Exception {
 478         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 479     }
 480
 481     /* (non-Javadoc)
 482      * @see org.collectionspace.services.client.test.AbstractServiceTest#createWithWrongXmlSchema()
 483      */
 484     @Override
 485     public void createWithWrongXmlSchema(String testName) throws Exception {
 486         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 487     }
 488
 489     /* (non-Javadoc)
 490      * @see org.collectionspace.services.client.test.AbstractServiceTest#read()
 491      */
 492     @Override
 493     public void read(String testName) throws Exception {
 494         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 495     }
 496
 497     /* (non-Javadoc)
 498      * @see org.collectionspace.services.client.test.AbstractServiceTest#readNonExistent()
 499      */
 500     @Override
 501     public void readNonExistent(String testName) throws Exception {
 502         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 503     }
 504
 505     /* (non-Javadoc)
 506      * @see org.collectionspace.services.client.test.AbstractServiceTest#readList()
 507      */
 508     @Override
 509     public void readList(String testName) throws Exception {
 510         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 511     }
 512
 513     /* (non-Javadoc)
 514      * @see org.collectionspace.services.client.test.AbstractServiceTest#update()
 515      */
 516     @Override
 517     public void update(String testName) throws Exception {
 518         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 519     }
 520
 521     /* (non-Javadoc)
 522      * @see org.collectionspace.services.client.test.AbstractServiceTest#updateWithEmptyEntityBody()
 523      */
 524     @Override
 525     public void updateWithEmptyEntityBody(String testName) throws Exception {
 526         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 527     }
 528
 529     /* (non-Javadoc)
 530      * @see org.collectionspace.services.client.test.AbstractServiceTest#updateWithMalformedXml()
 531      */
 532     @Override
 533     public void updateWithMalformedXml(String testName) throws Exception {
 534         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 535     }
 536
 537     /* (non-Javadoc)
 538      * @see org.collectionspace.services.client.test.AbstractServiceTest#updateWithWrongXmlSchema()
 539      */
 540     @Override
 541     public void updateWithWrongXmlSchema(String testName) throws Exception {
 542         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 543     }
 544
 545     /* (non-Javadoc)
 546      * @see org.collectionspace.services.client.test.AbstractServiceTest#updateNonExistent()
 547      */
 548     @Override
 549     public void updateNonExistent(String testName) throws Exception {
 550         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 551     }
 552
 553     /* (non-Javadoc)
 554      * @see org.collectionspace.services.client.test.AbstractServiceTest#deleteNonExistent()
 555      */
 556     @Override
 557     public void deleteNonExistent(String testName) throws Exception {
 558         //FIXME: Should this test really be empty?  If so, please comment accordingly.
 559     }
 560 }