diff options
| author | Aidan Skinner <aidan@apache.org> | 2009-01-20 11:06:37 +0000 |
|---|---|---|
| committer | Aidan Skinner <aidan@apache.org> | 2009-01-20 11:06:37 +0000 |
| commit | bd1a4199a986f882e1aadc212be929b3d4484b1b (patch) | |
| tree | b0f34ae0991bf4680b016055ac1049486a68ba51 | |
| parent | fa8a974d200ede27bd28953de1f2dafbf7b4fa5b (diff) | |
| download | qpid-python-bd1a4199a986f882e1aadc212be929b3d4484b1b.tar.gz | |
QPID-1600: Add tests for PrincipalPermissions, document arguments to authorise and grant.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@735993 13f79535-47bb-0310-9956-ffa450edef68
2 files changed, 176 insertions, 0 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java index 23073e0613..dd207dc001 100755 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java @@ -60,6 +60,22 @@ public class PrincipalPermissions _permissions = new ConcurrentHashMap(); } + /** + * + * @param permission the type of permission to check + * + * @param parameters vararg depending on what permission was passed in + * ACCESS: none + * BIND: none + * CONSUME: AMQShortString queueName, Boolean temporary, Boolean ownQueueOnly + * CREATE: Boolean temporary, AMQShortString queueName, AMQShortString exchangeName, AMQShortString routingKey + * or + * AMQShortString exchangeName, AMQShortString Class + * DELETE: none + * PUBLISH: Exchange exchange, AMQShortString routingKey + * PURGE: none + * UNBIND: none + */ public void grant(Permission permission, Object... parameters) { switch (permission) @@ -306,6 +322,20 @@ public class PrincipalPermissions } + /** + * + * @param permission the type of permission to check + * + * @param parameters vararg depending on what permission was passed in + * ACCESS: none + * BIND: QueueBindBody bindmethod, Exchange exchange, AMQQueue queue, AMQShortString routingKey + * CONSUME: AMQQueue queue + * CREATE: QueueDeclareBody obj || ExchangeDeclareBody obj + * DELETE: none + * PUBLISH: Exchange exchange, AMQShortString routingKey + * PURGE: none + * UNBIND: none + */ public boolean authorise(Permission permission, Object... parameters) { diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java new file mode 100644 index 0000000000..7927339491 --- /dev/null +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java @@ -0,0 +1,146 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.qpid.server.security.access; + +import junit.framework.TestCase; + +import org.apache.qpid.framing.AMQShortString; +import org.apache.qpid.framing.FieldTable; +import org.apache.qpid.framing.amqp_0_9.ExchangeDeclareBodyImpl; +import org.apache.qpid.framing.amqp_0_9.QueueDeclareBodyImpl; +import org.apache.qpid.framing.amqp_8_0.QueueBindBodyImpl; +import org.apache.qpid.server.exchange.DirectExchange; +import org.apache.qpid.server.queue.AMQQueue; +import org.apache.qpid.server.queue.AMQQueueFactory; +import org.apache.qpid.server.store.SkeletonMessageStore; +import org.apache.qpid.server.virtualhost.VirtualHost; + +public class PrincipalPermissionsTest extends TestCase +{ + + private String _user = "user"; + private PrincipalPermissions _perms; + + // Common things that are passed to frame constructors + private AMQShortString _queueName = new AMQShortString(this.getClass().getName()+"queue"); + private AMQShortString _exchangeName = new AMQShortString("amq.direct"); + private AMQShortString _routingKey = new AMQShortString(this.getClass().getName()+"route"); + private int _ticket = 1; + private FieldTable _arguments = null; + private boolean _nowait = false; + private boolean _passive = false; + private boolean _durable = false; + private boolean _exclusive = false; + private boolean _autoDelete = false; + private AMQShortString _exchangeType = new AMQShortString("direct"); + private boolean _internal = false; + + private DirectExchange _exchange = new DirectExchange(); + private VirtualHost _virtualHost; + private AMQShortString _owner = new AMQShortString(this.getClass().getName()+"owner"); + private AMQQueue _queue; + private Boolean _temporary = false; + + @Override + public void setUp() + { + _perms = new PrincipalPermissions(_user); + try + { + _virtualHost = new VirtualHost("localhost", new SkeletonMessageStore()); + _queue = AMQQueueFactory.createAMQQueueImpl(_queueName, false, _owner , false, _virtualHost, _arguments); + } + catch (Exception e) + { + fail(e.getMessage()); + } + } + + public void testPrincipalPermissions() + { + assertNotNull(_perms); + assertTrue(_perms.authorise(Permission.ACCESS, (Object[]) null)); + } + + // FIXME: test has been disabled since the permissions assume that the user has tried to create + // the queue first. QPID-1597 + public void disableTestBind() throws Exception + { + QueueBindBodyImpl bind = new QueueBindBodyImpl(_ticket, _queueName, _exchangeName, _routingKey, _nowait, _arguments); + Object[] args = new Object[]{bind, _exchange, _queue, _routingKey}; + + assertFalse(_perms.authorise(Permission.BIND, args)); + _perms.grant(Permission.BIND, (Object[]) null); + assertTrue(_perms.authorise(Permission.BIND, args)); + } + + public void testQueueCreate() + { + Object[] grantArgs = new Object[]{_temporary , _queueName, _exchangeName, _routingKey}; + + + QueueDeclareBodyImpl queueDeclare = new QueueDeclareBodyImpl( + _ticket, _queueName, _passive, _durable, _exclusive, _autoDelete, _nowait, _arguments); + Object[] authArgs = new Object[]{queueDeclare}; + + assertFalse(_perms.authorise(Permission.CREATE, authArgs)); + _perms.grant(Permission.CREATE, grantArgs); + assertTrue(_perms.authorise(Permission.CREATE, authArgs)); + } + + + // FIXME disabled, this fails due to grant putting the grant into the wrong map QPID-1598 + public void disableTestExchangeCreate() + { + ExchangeDeclareBodyImpl exchangeDeclare = + new ExchangeDeclareBodyImpl(_ticket, _exchangeName, _exchangeType, _passive, _durable, + _autoDelete, _internal, _nowait, _arguments); + Object[] authArgs = new Object[]{exchangeDeclare}; + Object[] grantArgs = new Object[]{_exchangeName, _exchangeType}; + + assertFalse(_perms.authorise(Permission.CREATE, authArgs)); + _perms.grant(Permission.CREATE, grantArgs); + assertTrue(_perms.authorise(Permission.CREATE, authArgs)); + } + + public void testConsume() + { + Object[] authArgs = new Object[]{_queue}; + Object[] grantArgs = new Object[]{_queueName, _temporary, _temporary}; + + /* FIXME: This throws a null pointer exception QPID-1599 + * assertFalse(_perms.authorise(Permission.CONSUME, authArgs)); + */ + _perms.grant(Permission.CONSUME, grantArgs); + assertTrue(_perms.authorise(Permission.CONSUME, authArgs)); + } + + public void testPublish() + { + Object[] authArgs = new Object[]{_exchange, _routingKey}; + + assertFalse(_perms.authorise(Permission.PUBLISH, authArgs)); + _perms.grant(Permission.PUBLISH, authArgs); + assertTrue(_perms.authorise(Permission.PUBLISH, authArgs)); + } + +} |