1 files changed, 154 insertions, 48 deletions

diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/management/AMQUserManagementMBeanTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/management/AMQUserManagementMBeanTest.java
index f3ee2707b0..a6c17e042e 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/management/AMQUserManagementMBeanTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/management/AMQUserManagementMBeanTest.java
@@ -21,26 +21,22 @@
 
 package org.apache.qpid.server.management;
 
+import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.File;
+import java.io.FileReader;
 import java.io.FileWriter;
 import java.io.IOException;
 
-import javax.management.openmbean.CompositeData;
-import javax.management.openmbean.TabularData;
-
-
-import org.apache.commons.lang.NotImplementedException;
-import org.apache.qpid.management.common.mbeans.UserManagement;
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
 import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean;
 
 import org.apache.qpid.server.util.InternalBrokerBaseCase;
 
-/** 
- * 
- * Tests the AMQUserManagementMBean and its interaction with the PrincipalDatabase.
- *
+/* Note: The main purpose is to test the jmx access rights file manipulation 
+ * within AMQUserManagementMBean. The Principal Databases are tested by their own tests, 
+ * this test just exercises their usage in AMQUserManagementMBean. 
  */
 public class AMQUserManagementMBeanTest extends InternalBrokerBaseCase
 {
@@ -48,6 +44,7 @@ public class AMQUserManagementMBeanTest extends InternalBrokerBaseCase
     private AMQUserManagementMBean _amqumMBean;
     
     private File _passwordFile;
+    private File _accessFile;
 
     private static final String TEST_USERNAME = "testuser";
     private static final String TEST_PASSWORD = "password";
@@ -60,6 +57,7 @@ public class AMQUserManagementMBeanTest extends InternalBrokerBaseCase
         _database = new PlainPasswordFilePrincipalDatabase();
         _amqumMBean = new AMQUserManagementMBean();
         loadFreshTestPasswordFile();
+        loadFreshTestAccessFile();
     }
 
     @Override
@@ -67,67 +65,142 @@ public class AMQUserManagementMBeanTest extends InternalBrokerBaseCase
     {
         //clean up test password/access files
         File _oldPasswordFile = new File(_passwordFile.getAbsolutePath() + ".old");
+        File _oldAccessFile = new File(_accessFile.getAbsolutePath() + ".old");
         _oldPasswordFile.delete();
+        _oldAccessFile.delete();
         _passwordFile.delete();
+        _accessFile.delete();
 
         super.tearDown();
     }
 
     public void testDeleteUser()
     {
-        assertEquals("Unexpected number of users before test", 1,_amqumMBean.viewUsers().size());
-        assertTrue("Delete should return true to flag successful delete", _amqumMBean.deleteUser(TEST_USERNAME));
-        assertEquals("Unexpected number of users after test", 0,_amqumMBean.viewUsers().size());
-    }
-
-    public void testDeleteUserWhereUserDoesNotExist()
-    {
-        assertEquals("Unexpected number of users before test", 1,_amqumMBean.viewUsers().size());
-        assertFalse("Delete should return false to flag unsuccessful delete", _amqumMBean.deleteUser("made.up.username"));
-        assertEquals("Unexpected number of users after test", 1,_amqumMBean.viewUsers().size());
+        loadFreshTestPasswordFile();
+        loadFreshTestAccessFile();
 
+        //try deleting a non existant user
+        assertFalse(_amqumMBean.deleteUser("made.up.username"));
+        
+        assertTrue(_amqumMBean.deleteUser(TEST_USERNAME));
     }
     
-    public void testCreateUser()
+    public void testDeleteUserIsSavedToAccessFile()
     {
-        assertEquals("Unexpected number of users before test", 1,_amqumMBean.viewUsers().size());
-        assertTrue("Create should return true to flag successful create", _amqumMBean.createUser("newuser", "mypass"));
-        assertEquals("Unexpected number of users before test", 2,_amqumMBean.viewUsers().size());
-    }
+        loadFreshTestPasswordFile();
+        loadFreshTestAccessFile();
 
-    public void testCreateUserWhereUserAlreadyExists()
-    {
-        assertEquals("Unexpected number of users before test", 1,_amqumMBean.viewUsers().size());
-        assertFalse("Create should return false to flag unsuccessful create", _amqumMBean.createUser(TEST_USERNAME, "mypass"));
-        assertEquals("Unexpected number of users before test", 1,_amqumMBean.viewUsers().size());
+        assertTrue(_amqumMBean.deleteUser(TEST_USERNAME));
+
+        //check the access rights were actually deleted from the file
+        try{
+            BufferedReader reader = new BufferedReader(new FileReader(_accessFile));
+
+            //check the 'generated by' comment line is present
+            assertTrue("File has no content", reader.ready());
+            assertTrue("'Generated by' comment line was missing",reader.readLine().contains("Generated by " +
+                                                      "AMQUserManagementMBean Console : Last edited by user:"));
+
+            //there should also be a modified date/time comment line
+            assertTrue("File has no modified date/time comment line", reader.ready());
+            assertTrue("Modification date/time comment line was missing",reader.readLine().startsWith("#"));
+            
+            //the access file should not contain any further data now as we just deleted the only user
+            assertFalse("User access data was present when it should have been deleted", reader.ready());
+        }
+        catch (IOException e)
+        {
+            fail("Unable to valdate file contents due to:" + e.getMessage());
+        }
+        
     }
 
-    public void testSetPassword()
+    public void testSetRights()
     {
-        assertTrue("Set password should return true to flag successful change", _amqumMBean.setPassword(TEST_USERNAME, "newpassword"));
+        loadFreshTestPasswordFile();
+        loadFreshTestAccessFile();
+        
+        assertFalse(_amqumMBean.setRights("made.up.username", true, false, false));
+        
+        assertTrue(_amqumMBean.setRights(TEST_USERNAME, true, false, false));
+        assertTrue(_amqumMBean.setRights(TEST_USERNAME, false, true, false));
+        assertTrue(_amqumMBean.setRights(TEST_USERNAME, false, false, true));
     }
     
-    public void testSetPasswordWhereUserDoesNotExist()
+    public void testSetRightsIsSavedToAccessFile()
     {
-        assertFalse("Set password should return false to flag successful change", _amqumMBean.setPassword("made.up.username", "newpassword"));
+        loadFreshTestPasswordFile();
+        loadFreshTestAccessFile();
+        
+        assertTrue(_amqumMBean.setRights(TEST_USERNAME, false, false, true));
+        
+        //check the access rights were actually updated in the file
+        try{
+            BufferedReader reader = new BufferedReader(new FileReader(_accessFile));
+
+            //check the 'generated by' comment line is present
+            assertTrue("File has no content", reader.ready());
+            assertTrue("'Generated by' comment line was missing",reader.readLine().contains("Generated by " +
+                                                      "AMQUserManagementMBean Console : Last edited by user:"));
+
+            //there should also be a modified date/time comment line
+            assertTrue("File has no modified date/time comment line", reader.ready());
+            assertTrue("Modification date/time comment line was missing",reader.readLine().startsWith("#"));
+            
+            //the access file should not contain any further data now as we just deleted the only user
+            assertTrue("User access data was not updated in the access file", 
+                    reader.readLine().equals(TEST_USERNAME + "=" + MBeanInvocationHandlerImpl.ADMIN));
+            
+            //the access file should not contain any further data now as we just deleted the only user
+            assertFalse("Additional user access data was present when there should be no more", reader.ready());
+        }
+        catch (IOException e)
+        {
+            fail("Unable to valdate file contents due to:" + e.getMessage());
+        }
     }
 
-    public void testViewUsers()
+    public void testSetAccessFileWithMissingFile()
     {
-        TabularData userList = _amqumMBean.viewUsers();
+        try
+        {
+            _amqumMBean.setAccessFile("made.up.filename");
+        }
+        catch (IOException e)
+        {
+            fail("Should not have been an IOE." + e.getMessage());
+        }
+        catch (ConfigurationException e)
+        {
+            assertTrue(e.getMessage(), e.getMessage().endsWith("does not exist"));
+        }
+    }
 
-        assertNotNull(userList);
-        assertEquals("Unexpected number of users in user list", 1, userList.size());
-        assertTrue(userList.containsKey(new Object[]{TEST_USERNAME}));
-        
-        // Check the deprecated read, write and admin items continue to exist but return false.
-        CompositeData userRec = userList.get(new Object[]{TEST_USERNAME});
-        assertTrue(userRec.containsKey(UserManagement.RIGHTS_READ_ONLY));
-        assertEquals(false, userRec.get(UserManagement.RIGHTS_READ_ONLY));
-        assertEquals(false, userRec.get(UserManagement.RIGHTS_READ_WRITE));
-        assertTrue(userRec.containsKey(UserManagement.RIGHTS_READ_WRITE));
-        assertTrue(userRec.containsKey(UserManagement.RIGHTS_ADMIN));
-        assertEquals(false, userRec.get(UserManagement.RIGHTS_ADMIN));
+    public void testSetAccessFileWithReadOnlyFile()
+    {
+        File testFile = null;
+        try
+        {
+            testFile = File.createTempFile(this.getClass().getName(),".access.readonly");
+            BufferedWriter passwordWriter = new BufferedWriter(new FileWriter(testFile, false));
+            passwordWriter.write(TEST_USERNAME + ":" + TEST_PASSWORD);
+            passwordWriter.newLine();
+            passwordWriter.flush();
+            passwordWriter.close();
+
+            testFile.setReadOnly();
+            _amqumMBean.setAccessFile(testFile.getPath());
+        }
+        catch (IOException e)
+        {
+            fail("Access file was not created." + e.getMessage());
+        }
+        catch (ConfigurationException e)
+        {
+            fail("There should not have been a configuration exception." + e.getMessage());
+        }
+
+        testFile.delete();
     }
 
     // ============================ Utility methods =========================
@@ -154,4 +227,37 @@ public class AMQUserManagementMBeanTest extends InternalBrokerBaseCase
             fail("Unable to create test password file: " + e.getMessage());
         }
     }
+
+    private void loadFreshTestAccessFile()
+    {
+        try
+        {
+            if(_accessFile == null)
+            {
+                _accessFile = File.createTempFile(this.getClass().getName(),".access");
+            }
+            
+            BufferedWriter accessWriter = new BufferedWriter(new FileWriter(_accessFile,false));
+            accessWriter.write("#Last Updated By comment");
+            accessWriter.newLine();
+            accessWriter.write("#Date/time comment");
+            accessWriter.newLine();
+            accessWriter.write(TEST_USERNAME + "=" + MBeanInvocationHandlerImpl.READONLY);
+            accessWriter.newLine();
+            accessWriter.flush();
+            accessWriter.close();
+        }
+        catch (IOException e)
+        {
+            fail("Unable to create test access file: " + e.getMessage());
+        }
+
+        try{
+            _amqumMBean.setAccessFile(_accessFile.toString());
+        }
+        catch (Exception e)
+        {
+            fail("Unable to set access file: " + e.getMessage());
+        }
+    }
 }