git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright (c)) 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.security.client.test;
  24
  25 import java.util.List;
  26 import javax.ws.rs.core.Response;
  27 import org.jboss.resteasy.client.ClientResponse;
  28
  29 import org.testng.Assert;
  30 import org.testng.annotations.Test;
  31 import org.slf4j.Logger;
  32 import org.slf4j.LoggerFactory;
  33
  34 import org.collectionspace.services.account.AccountTenant;
  35 import org.collectionspace.services.account.AccountsCommon;
  36 import org.collectionspace.services.account.Status;
  37 import org.collectionspace.services.client.AccountClient;
  38 import org.collectionspace.services.client.AccountFactory;
  39 import org.collectionspace.services.client.CollectionObjectClient;
  40 import org.collectionspace.services.client.CollectionObjectFactory;
  41 import org.collectionspace.services.client.CollectionSpaceClient;
  42 import org.collectionspace.services.client.PoxPayloadOut;
  43 import org.collectionspace.services.client.test.BaseServiceTest;
  44 import org.collectionspace.services.collectionobject.CollectionobjectsCommon;
  45 import org.collectionspace.services.collectionobject.TitleGroup;
  46 import org.collectionspace.services.collectionobject.TitleGroupList;
  47 import org.collectionspace.services.jaxb.AbstractCommonList;
  48
  49 /**
  50  * AuthenticationServiceTest uses CollectionObject service to test
  51  * authentication
  52  *
  53  * $LastChangedRevision: 434 $ $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue,
  54  * 28 Jul 2009) $
  55  */
  56 public class AuthenticationServiceTest extends BaseServiceTest<AbstractCommonList> {
  57
  58     private final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  59     /** The known resource id. */
  60     private String barneyAccountId = null; //active
  61     private String georgeAccountId = null; //inactive
  62     /** The logger. */
  63     private final String CLASS_NAME = AuthenticationServiceTest.class.getName();
  64
  65     /* (non-Javadoc)
  66      * @see org.collectionspace.services.client.test.AbstractServiceTest#getServicePathComponent()
  67      */
  68     @Override
  69     protected String getServicePathComponent() {
  70         // no need to return anything but null since no auth resources are
  71         // accessed
  72         throw new UnsupportedOperationException();
  73     }
  74
  75         @Override
  76         protected String getServiceName() {
  77         // no need to return anything but null since no auth resources are
  78         // accessed
  79         throw new UnsupportedOperationException();
  80         }
  81
  82     /* (non-Javadoc)
  83      * @see org.collectionspace.services.client.test.BaseServiceTest#getClientInstance()
  84      */
  85     @Override
  86     protected CollectionSpaceClient getClientInstance() {
  87         return new AccountClient();
  88     }
  89
  90     /* (non-Javadoc)
  91      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
  92      */
  93     @Override
  94     protected AbstractCommonList getCommonList(
  95             ClientResponse<AbstractCommonList> response) {
  96         throw new UnsupportedOperationException(); //Since this test does not support lists, this method is not needed.
  97     }
  98
  99     @Test(dataProvider = "testName")
 100     public void createActiveAccount(String testName) throws Exception {
 101         // Perform setup, such as initializing the type of service request
 102         // (e.g. CREATE, DELETE), its valid and expected status codes, and
 103         // its associated HTTP method name (e.g. POST, DELETE).
 104         setupCreate();
 105
 106         AccountClient accountClient = new AccountClient();
 107         // This should not be needed - the auth is already set up
 108         //accountClient.setAuth(true, "test", true, "test", true);
 109
 110         // Submit the request to the service and store the response.
 111         AccountsCommon account =
 112                 createAccountInstance("barney", "barney08", "barney@dinoland.com",
 113                 accountClient.getTenantId(), false);
 114         ClientResponse<Response> res = accountClient.create(account);
 115         int statusCode = res.getStatus();
 116
 117         if (logger.isDebugEnabled()) {
 118             logger.debug(testName + ": barney status = " + statusCode);
 119         }
 120         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 121                 invalidStatusCodeMessage(testRequestType, statusCode));
 122         Assert.assertEquals(statusCode, testExpectedStatusCode);
 123
 124         // Store the ID returned from this create operation
 125         // for additional tests below.
 126         barneyAccountId = extractId(res);
 127         if (logger.isDebugEnabled()) {
 128             logger.debug(testName + ": barneyAccountId=" + barneyAccountId);
 129         }
 130         res.releaseConnection();
 131
 132     }
 133
 134     @Test(dataProvider = "testName")
 135     public void createInactiveAccount(String testName) throws Exception {
 136         // Perform setup.
 137         setupCreate();
 138
 139         AccountClient accountClient = new AccountClient();
 140         // This should not be needed - the auth is already set up
 141         //accountClient.setAuth(true, "test", true, "test", true);
 142
 143         // Submit the request to the service and store the response.
 144         AccountsCommon account =
 145                 createAccountInstance("george", "george08", "george@curiousland.com",
 146                 accountClient.getTenantId(), false);
 147         ClientResponse<Response> res = accountClient.create(account);
 148         int statusCode = res.getStatus();
 149
 150         if (logger.isDebugEnabled()) {
 151             logger.debug(testName + ": george status = " + statusCode);
 152         }
 153         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 154                 invalidStatusCodeMessage(testRequestType, statusCode));
 155         Assert.assertEquals(statusCode, testExpectedStatusCode);
 156
 157         // Store the ID returned from this create operation
 158         // for additional tests below.
 159         georgeAccountId = extractId(res);
 160         if (logger.isDebugEnabled()) {
 161             logger.debug(testName + ": georgeAccountId=" + georgeAccountId);
 162         }
 163         res.releaseConnection();
 164         //deactivate
 165         setupUpdate();
 166         account.setStatus(Status.INACTIVE);
 167         if (logger.isDebugEnabled()) {
 168             logger.debug(testName + ":updated object");
 169             logger.debug(objectAsXmlString(account,
 170                     AccountsCommon.class));
 171         }
 172
 173         // Submit the request to the service and store the response.
 174         ClientResponse<AccountsCommon> res1 = accountClient.update(georgeAccountId, account);
 175         statusCode = res1.getStatus();
 176         // Check the status code of the response: does it match the expected response(s)?
 177         if (logger.isDebugEnabled()) {
 178             logger.debug(testName + ": status = " + statusCode);
 179         }
 180         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 181                 invalidStatusCodeMessage(testRequestType, statusCode));
 182         Assert.assertEquals(statusCode, testExpectedStatusCode);
 183         res1.releaseConnection();
 184     }
 185
 186
 187     /* (non-Javadoc)
 188      * @see org.collectionspace.services.client.test.AbstractServiceTest#create()
 189      */
 190     @Test(dataProvider = "testName",
 191                 dependsOnMethods = {"createActiveAccount"})
 192     public void create(String testName) {
 193         setupCreate();
 194
 195         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 196         collectionObjectClient.setAuth(true, "barney", true, "barney08", true);
 197         String identifier = createIdentifier();
 198         PoxPayloadOut multipart = createCollectionObjectInstance(
 199                 collectionObjectClient.getCommonPartName(), identifier);
 200         Response res = collectionObjectClient.create(multipart);
 201         try {
 202                 if (logger.isDebugEnabled()) {
 203                     logger.debug("create: status = " + res.getStatus());
 204                 }
 205                 //so it does not have any permissions out-of-the-box to create a
 206                 //collection object
 207                 Assert.assertEquals(res.getStatus(),
 208                         Response.Status.FORBIDDEN.getStatusCode(), "expected "
 209                         + Response.Status.FORBIDDEN.getStatusCode());
 210
 211                 // Store the ID returned from this create operation for additional tests
 212                 // below.
 213         } finally {
 214                 res.close();
 215         }
 216
 217     }
 218
 219     @Test(dataProvider = "testName",
 220                 dependsOnMethods = {"createActiveAccount"})
 221     public void createWithoutAuthn(String testName) {
 222         setupCreate();
 223
 224         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 225         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 226         String pass = collectionObjectClient.getProperty(collectionObjectClient.PASSWORD_PROPERTY);
 227         collectionObjectClient.setAuth(false, user, true, pass, true);
 228         String identifier = createIdentifier();
 229         PoxPayloadOut multipart = createCollectionObjectInstance(
 230                 collectionObjectClient.getCommonPartName(), identifier);
 231         Response res = collectionObjectClient.create(multipart);
 232         try {
 233                 if (logger.isDebugEnabled()) {
 234                     logger.debug("create: status = " + res.getStatus());
 235                 }
 236                 Assert.assertEquals(res.getStatus(),
 237                         Response.Status.UNAUTHORIZED.getStatusCode(), "expected "
 238                         + Response.Status.UNAUTHORIZED.getStatusCode());
 239         } finally {
 240                 res.close();
 241         }
 242     }
 243
 244     @Test(dataProvider = "testName",
 245                 dependsOnMethods = {"createInactiveAccount"})
 246     public void createWithInactiveAccount(String testName) {
 247         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 248         collectionObjectClient.setAuth(true, "george", true, "george08", true);
 249         String identifier = createIdentifier();
 250         PoxPayloadOut multipart = createCollectionObjectInstance(
 251                 collectionObjectClient.getCommonPartName(), identifier);
 252
 253         Response res = collectionObjectClient.create(multipart);
 254         try {
 255                 if (logger.isDebugEnabled()) {
 256                     logger.debug(testName + ": status = " + res.getStatus());
 257                 }
 258                 Assert.assertEquals(res.getStatus(),
 259                         Response.Status.FORBIDDEN.getStatusCode(), "expected "
 260                         + Response.Status.FORBIDDEN.getStatusCode());
 261         } finally {
 262                 res.close();
 263         }
 264     }
 265
 266     /**
 267      * Creates the collection object instance without password.
 268      */
 269     @Test(dataProvider = "testName",
 270                 dependsOnMethods = {"createActiveAccount"})
 271     public void createWithoutPassword(String testName) {
 272         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 273         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 274         collectionObjectClient.setAuth(true, user, true, "", false);
 275         String identifier = createIdentifier();
 276         PoxPayloadOut multipart = createCollectionObjectInstance(
 277                 collectionObjectClient.getCommonPartName(), identifier);
 278         Response res = collectionObjectClient.create(multipart);
 279         try {
 280                 if (logger.isDebugEnabled()) {
 281                     logger.debug(testName + ": status = " + res.getStatus());
 282                 }
 283                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 284         } finally {
 285                 res.close();
 286         }
 287     }
 288
 289     /**
 290      * Creates the collection object with unknown user
 291      */
 292     @Test(dataProvider = "testName",
 293                 dependsOnMethods = {"createActiveAccount"})
 294     public void createWithUnknownUser(String testName) {
 295         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 296         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 297         String identifier = createIdentifier();
 298         PoxPayloadOut multipart = createCollectionObjectInstance(
 299                 collectionObjectClient.getCommonPartName(), identifier);
 300         Response res = collectionObjectClient.create(multipart);
 301         try {
 302                 if (logger.isDebugEnabled()) {
 303                     logger.debug(testName + ": status = " + res.getStatus());
 304                 }
 305                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 306         } finally {
 307                 res.close();
 308         }
 309     }
 310
 311     /**
 312      * Creates the collection object instance with incorrect password.
 313      */
 314     @Test(dataProvider = "testName",
 315                 dependsOnMethods = {"createActiveAccount"})
 316     public void createWithIncorrectPassword(String testName) {
 317         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 318         String user = collectionObjectClient.getProperty(collectionObjectClient.USER_PROPERTY);
 319         collectionObjectClient.setAuth(true, user, true, "bar", true);
 320         String identifier = createIdentifier();
 321         PoxPayloadOut multipart = createCollectionObjectInstance(
 322                 collectionObjectClient.getCommonPartName(), identifier);
 323         Response res = collectionObjectClient.create(multipart);
 324         try {
 325                 if (logger.isDebugEnabled()) {
 326                     logger.debug(testName + ": status = " + res.getStatus());
 327                 }
 328                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 329         } finally {
 330                 res.close();
 331         }
 332     }
 333
 334     /**
 335      * Creates the collection object instance with incorrect user password.
 336      */
 337     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 338     public void createWithIncorrectUserPassword(String testName) {
 339         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 340         collectionObjectClient.setAuth(true, "foo", true, "bar", true);
 341         String identifier = createIdentifier();
 342         PoxPayloadOut multipart = createCollectionObjectInstance(
 343                 collectionObjectClient.getCommonPartName(), identifier);
 344         Response res = collectionObjectClient.create(multipart);
 345         try {
 346                 if (logger.isDebugEnabled()) {
 347                     logger.debug(testName + ": status = " + res.getStatus());
 348                 }
 349                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 350         } finally {
 351                 res.close();
 352         }
 353     }
 354
 355     /**
 356      * Creates the collection object instance with incorrect user password.
 357      */
 358     @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"})
 359     public void createWithoutTenant(String testName) {
 360         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 361         collectionObjectClient.setAuth(true, "babybop", true, "babybop09", true);
 362         String identifier = createIdentifier();
 363         PoxPayloadOut multipart = createCollectionObjectInstance(
 364                 collectionObjectClient.getCommonPartName(), identifier);
 365         Response res = collectionObjectClient.create(multipart);
 366         try {
 367                 if (logger.isDebugEnabled()) {
 368                     logger.debug(testName + ": status = " + res.getStatus());
 369                 }
 370                 Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 371         } finally {
 372                 res.close();
 373         }
 374     }
 375
 376     @Test(dataProvider = "testName",
 377                 dependsOnMethods = {"create", "createWithInactiveAccount"})
 378     public void deleteAccounts(String testName) throws Exception {
 379         // Perform setup.
 380         setupDelete();
 381         AccountClient accountClient = new AccountClient();
 382         // accountClient.setAuth(true, "test", true, "test", true);
 383         // Submit the request to the service and store the response.
 384         ClientResponse<Response> res = accountClient.delete(barneyAccountId);
 385         int statusCode = res.getStatus();
 386         if (logger.isDebugEnabled()) {
 387             logger.debug(testName + ": barney status = " + statusCode);
 388         }
 389         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 390                 invalidStatusCodeMessage(testRequestType, statusCode));
 391
 392         res = accountClient.delete(georgeAccountId);
 393         statusCode = res.getStatus();
 394         if (logger.isDebugEnabled()) {
 395             logger.debug(testName + ": george status = " + statusCode);
 396         }
 397         Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
 398                 invalidStatusCodeMessage(testRequestType, statusCode));
 399         res.releaseConnection();
 400     }
 401
 402     // ---------------------------------------------------------------
 403     // Utility methods used by tests above
 404     // ---------------------------------------------------------------
 405     /**
 406      * Creates the collection object instance.
 407      *
 408      * @param commonPartName the common part name
 409      * @param identifier the identifier
 410      *
 411      * @return the multipart output
 412      */
 413     private PoxPayloadOut createCollectionObjectInstance(
 414             String commonPartName, String identifier) {
 415         return createCollectionObjectInstance(commonPartName, "objectNumber-"
 416                 + identifier, "title-" + identifier);
 417     }
 418
 419     /**
 420      * Creates the collection object instance.
 421      *
 422      * @param commonPartName the common part name
 423      * @param objectNumber the object number
 424      * @param title the object title
 425      *
 426      * @return the multipart output
 427      */
 428     private PoxPayloadOut createCollectionObjectInstance(
 429             String commonPartName, String objectNumber, String title) {
 430         CollectionobjectsCommon collectionObject = new CollectionobjectsCommon();
 431
 432         collectionObject.setObjectNumber(objectNumber);
 433         TitleGroupList titleGroupList = new TitleGroupList();
 434         List<TitleGroup> titleGroups = titleGroupList.getTitleGroup();
 435         TitleGroup titleGroup = new TitleGroup();
 436         titleGroup.setTitle(title);
 437         titleGroups.add(titleGroup);
 438         collectionObject.setTitleGroupList(titleGroupList);
 439         PoxPayloadOut multipart =
 440                 CollectionObjectFactory.createCollectionObjectInstance(
 441                 commonPartName, collectionObject, null, null);
 442
 443         if (logger.isDebugEnabled()) {
 444             logger.debug("to be created, collectionobject common ",
 445                     collectionObject, CollectionobjectsCommon.class);
 446         }
 447         return multipart;
 448     }
 449
 450     private AccountsCommon createAccountInstance(String screenName,
 451             String passwd, String email, String tenantId, boolean invalidTenant) {
 452
 453         AccountsCommon account = AccountFactory.createAccountInstance(screenName,
 454                 screenName, passwd, email, tenantId,
 455                 true, invalidTenant, true, true);
 456
 457         List<AccountTenant> atl = account.getTenants();
 458
 459         //disable 2nd tenant till tenant identification is in effect
 460         //on the service side for 1-n user-tenants
 461 //        AccountsCommon.Tenant at2 = new AccountsCommon.Tenant();
 462 //        at2.setId(UUID.randomUUID().toString());
 463 //        at2.setName("collectionspace.org");
 464 //        atl.add(at2);
 465 //        account.setTenants(atl);
 466
 467         if (logger.isDebugEnabled()) {
 468             logger.debug("to be created, account common");
 469             logger.debug(objectAsXmlString(account,
 470                     AccountsCommon.class));
 471         }
 472         return account;
 473
 474     }
 475
 476         @Override
 477         protected Class<AbstractCommonList> getCommonListType() {
 478                 // TODO Auto-generated method stub
 479                 return null;
 480         }
 481 }