summaryrefslogtreecommitdiff
path: root/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java')
-rw-r--r--qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java625
1 files changed, 602 insertions, 23 deletions
diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
index 5d23219336..220d2bc574 100644
--- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
+++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
@@ -28,22 +28,32 @@ import java.util.List;
import java.util.Map;
import org.apache.commons.configuration.ConfigurationException;
+import org.apache.qpid.server.model.AccessControlProvider;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.GroupProvider;
+import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.security.access.FileAccessControlProviderConstants;
import org.apache.qpid.server.security.acl.AbstractACLTestCase;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory;
import org.apache.qpid.server.security.auth.manager.PlainPasswordFileAuthenticationManagerFactory;
+import org.apache.qpid.server.security.group.FileGroupManagerFactory;
import org.apache.qpid.systest.rest.QpidRestTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.TestFileUtils;
+import org.apache.qpid.test.utils.TestSSLConstants;
+import org.codehaus.jackson.JsonGenerationException;
+import org.codehaus.jackson.map.JsonMappingException;
public class BrokerACLTest extends QpidRestTestCase
{
private static final String ALLOWED_USER = "user1";
private static final String DENIED_USER = "user2";
+ private String _secondaryAclFileContent = "";
@Override
protected void customizeConfiguration() throws ConfigurationException, IOException
@@ -57,10 +67,18 @@ public class BrokerACLTest extends QpidRestTestCase
"ACL DENY-LOG " + DENIED_USER + " CONFIGURE BROKER",
"ACL DENY-LOG ALL ALL");
+ _secondaryAclFileContent =
+ "ACL ALLOW-LOG ALL ACCESS MANAGEMENT\n" +
+ "ACL ALLOW-LOG " + ALLOWED_USER + " CONFIGURE BROKER\n" +
+ "ACL DENY-LOG " + DENIED_USER + " CONFIGURE BROKER\n" +
+ "ACL DENY-LOG ALL ALL";
+
getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT,
"httpBasicAuthenticationEnabled", true);
}
+ /* === AuthenticationProvider === */
+
public void testCreateAuthenticationProviderAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
@@ -168,6 +186,8 @@ public class BrokerACLTest extends QpidRestTestCase
provider.get(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH));
}
+ /* === VirtualHost === */
+
public void testCreateVirtualHostAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
@@ -218,6 +238,8 @@ public class BrokerACLTest extends QpidRestTestCase
assertVirtualHostExists(TEST2_VIRTUALHOST);
}
+ /* === Port === */
+
public void testCreatePortAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
@@ -249,8 +271,6 @@ public class BrokerACLTest extends QpidRestTestCase
String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
assertPortExists(portName);
- restartBrokerInManagementMode();
-
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "DELETE", null);
@@ -259,15 +279,14 @@ public class BrokerACLTest extends QpidRestTestCase
assertPortExists(portName);
}
- public void testDeletePortAllowed() throws Exception
+ // TODO: test disabled until allowing the deletion of active ports outside management mode
+ public void DISABLED_testDeletePortAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
assertPortExists(portName);
- restartBrokerInManagementMode();
-
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "DELETE", null);
@@ -276,7 +295,8 @@ public class BrokerACLTest extends QpidRestTestCase
assertPortDoesNotExist(portName);
}
- public void testSetPortAttributesAllowed() throws Exception
+ // TODO: test disabled until allowing the updating of active ports outside management mode
+ public void DISABLED_testSetPortAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
@@ -287,7 +307,6 @@ public class BrokerACLTest extends QpidRestTestCase
assertPortExists(portName);
- restartBrokerInManagementMode();
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(Port.NAME, portName);
@@ -311,8 +330,6 @@ public class BrokerACLTest extends QpidRestTestCase
assertPortExists(portName);
- restartBrokerInManagementMode();
-
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
@@ -327,48 +344,541 @@ public class BrokerACLTest extends QpidRestTestCase
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, port.get(Port.AUTHENTICATION_PROVIDER));
}
+ /* === KeyStore === */
+
+ public void testCreateKeyStoreAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String keyStoreName = getTestName();
+
+ assertKeyStoreExistence(keyStoreName, false);
+
+ int responseCode = createKeyStore(keyStoreName, "app1");
+ assertEquals("keyStore creation should be allowed", 201, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, true);
+ }
+
+ public void testCreateKeyStoreDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ String keyStoreName = getTestName();
+
+ assertKeyStoreExistence(keyStoreName, false);
+
+ int responseCode = createKeyStore(keyStoreName, "app1");
+ assertEquals("keyStore creation should be allowed", 403, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, false);
+ }
+
+ public void testDeleteKeyStoreDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String keyStoreName = getTestName();
+
+ assertKeyStoreExistence(keyStoreName, false);
+
+ int responseCode = createKeyStore(keyStoreName, "app1");
+ assertEquals("keyStore creation should be allowed", 201, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, true);
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/keystore/" + keyStoreName, "DELETE", null);
+ assertEquals("keystore deletion should be denied", 403, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, true);
+ }
+
+ public void testDeleteKeyStoreAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String keyStoreName = getTestName();
+
+ assertKeyStoreExistence(keyStoreName, false);
+
+ int responseCode = createKeyStore(keyStoreName, "app1");
+ assertEquals("keyStore creation should be allowed", 201, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, true);
+
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/keystore/" + keyStoreName, "DELETE", null);
+ assertEquals("keystore deletion should be allowed", 200, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, false);
+ }
+
+ public void testSetKeyStoreAttributesAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String keyStoreName = getTestName();
+ String initialCertAlias = "app1";
+ String updatedCertAlias = "app2";
+
+ assertKeyStoreExistence(keyStoreName, false);
+
+ int responseCode = createKeyStore(keyStoreName, initialCertAlias);
+ assertEquals("keyStore creation should be allowed", 201, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, true);
+ Map<String, Object> keyStore = getRestTestHelper().getJsonAsSingletonList("/rest/keystore/" + keyStoreName);
+ assertEquals("Unexpected certificateAlias attribute value", initialCertAlias, keyStore.get(KeyStore.CERTIFICATE_ALIAS));
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(KeyStore.NAME, keyStoreName);
+ attributes.put(KeyStore.CERTIFICATE_ALIAS, updatedCertAlias);
+ responseCode = getRestTestHelper().submitRequest("/rest/keystore/" + keyStoreName, "PUT", attributes);
+ assertEquals("Setting of keystore attributes should be allowed", 200, responseCode);
+
+ keyStore = getRestTestHelper().getJsonAsSingletonList("/rest/keystore/" + keyStoreName);
+ assertEquals("Unexpected certificateAlias attribute value", updatedCertAlias, keyStore.get(KeyStore.CERTIFICATE_ALIAS));
+ }
+
+ public void testSetKeyStoreAttributesDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String keyStoreName = getTestName();
+ String initialCertAlias = "app1";
+ String updatedCertAlias = "app2";
+
+ assertKeyStoreExistence(keyStoreName, false);
+
+ int responseCode = createKeyStore(keyStoreName, initialCertAlias);
+ assertEquals("keyStore creation should be allowed", 201, responseCode);
+
+ assertKeyStoreExistence(keyStoreName, true);
+ Map<String, Object> keyStore = getRestTestHelper().getJsonAsSingletonList("/rest/keystore/" + keyStoreName);
+ assertEquals("Unexpected certificateAlias attribute value", initialCertAlias, keyStore.get(KeyStore.CERTIFICATE_ALIAS));
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(KeyStore.NAME, keyStoreName);
+ attributes.put(KeyStore.CERTIFICATE_ALIAS, updatedCertAlias);
+ responseCode = getRestTestHelper().submitRequest("/rest/keystore/" + keyStoreName, "PUT", attributes);
+ assertEquals("Setting of keystore attributes should be denied", 403, responseCode);
+
+ keyStore = getRestTestHelper().getJsonAsSingletonList("/rest/keystore/" + keyStoreName);
+ assertEquals("Unexpected certificateAlias attribute value", initialCertAlias, keyStore.get(KeyStore.CERTIFICATE_ALIAS));
+ }
+
+ /* === TrustStore === */
+
+ public void testCreateTrustStoreAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String trustStoreName = getTestName();
+
+ assertTrustStoreExistence(trustStoreName, false);
+
+ int responseCode = createTrustStore(trustStoreName, false);
+ assertEquals("trustStore creation should be allowed", 201, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, true);
+ }
+
+ public void testCreateTrustStoreDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ String trustStoreName = getTestName();
+
+ assertTrustStoreExistence(trustStoreName, false);
+
+ int responseCode = createTrustStore(trustStoreName, false);
+ assertEquals("trustStore creation should be allowed", 403, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, false);
+ }
+
+ public void testDeleteTrustStoreDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String trustStoreName = getTestName();
+
+ assertTrustStoreExistence(trustStoreName, false);
+
+ int responseCode = createTrustStore(trustStoreName, false);
+ assertEquals("trustStore creation should be allowed", 201, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, true);
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/truststore/" + trustStoreName, "DELETE", null);
+ assertEquals("truststore deletion should be denied", 403, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, true);
+ }
+
+ public void testDeleteTrustStoreAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String trustStoreName = getTestName();
+
+ assertTrustStoreExistence(trustStoreName, false);
+
+ int responseCode = createTrustStore(trustStoreName, false);
+ assertEquals("trustStore creation should be allowed", 201, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, true);
+
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/truststore/" + trustStoreName, "DELETE", null);
+ assertEquals("truststore deletion should be allowed", 200, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, false);
+ }
+
+ public void testSetTrustStoreAttributesAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String trustStoreName = getTestName();
+ boolean initialPeersOnly = false;
+ boolean updatedPeersOnly = true;
+
+ assertTrustStoreExistence(trustStoreName, false);
+
+ int responseCode = createTrustStore(trustStoreName, initialPeersOnly);
+ assertEquals("trustStore creation should be allowed", 201, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, true);
+ Map<String, Object> trustStore = getRestTestHelper().getJsonAsSingletonList("/rest/truststore/" + trustStoreName);
+ assertEquals("Unexpected peersOnly attribute value", initialPeersOnly, trustStore.get(TrustStore.PEERS_ONLY));
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(TrustStore.NAME, trustStoreName);
+ attributes.put(TrustStore.PEERS_ONLY, updatedPeersOnly);
+ responseCode = getRestTestHelper().submitRequest("/rest/truststore/" + trustStoreName, "PUT", attributes);
+ assertEquals("Setting of truststore attributes should be allowed", 200, responseCode);
+
+ trustStore = getRestTestHelper().getJsonAsSingletonList("/rest/truststore/" + trustStoreName);
+ assertEquals("Unexpected peersOnly attribute value", updatedPeersOnly, trustStore.get(TrustStore.PEERS_ONLY));
+ }
+
+ public void testSetTrustStoreAttributesDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String trustStoreName = getTestName();
+ boolean initialPeersOnly = false;
+ boolean updatedPeersOnly = true;
+
+ assertTrustStoreExistence(trustStoreName, false);
+
+ int responseCode = createTrustStore(trustStoreName, initialPeersOnly);
+ assertEquals("trustStore creation should be allowed", 201, responseCode);
+
+ assertTrustStoreExistence(trustStoreName, true);
+ Map<String, Object> trustStore = getRestTestHelper().getJsonAsSingletonList("/rest/truststore/" + trustStoreName);
+ assertEquals("Unexpected peersOnly attribute value", initialPeersOnly, trustStore.get(TrustStore.PEERS_ONLY));
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(TrustStore.NAME, trustStoreName);
+ attributes.put(TrustStore.PEERS_ONLY, updatedPeersOnly);
+ responseCode = getRestTestHelper().submitRequest("/rest/truststore/" + trustStoreName, "PUT", attributes);
+ assertEquals("Setting of truststore attributes should be denied", 403, responseCode);
+
+ trustStore = getRestTestHelper().getJsonAsSingletonList("/rest/truststore/" + trustStoreName);
+ assertEquals("Unexpected peersOnly attribute value", initialPeersOnly, trustStore.get(TrustStore.PEERS_ONLY));
+ }
+
+ /* === Broker === */
+
public void testSetBrokerAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
- String defaultAuthenticationProvider = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
+ int initialAlertRepeatGap = 30000;
+ int updatedAlertRepeatGap = 29999;
+
Map<String, Object> brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker");
- assertEquals("Unexpected authentication provider", defaultAuthenticationProvider,
- brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
- restartBrokerInManagementMode();
+ assertEquals("Unexpected alert repeat gap", initialAlertRepeatGap,
+ brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP));
Map<String, Object> newAttributes = new HashMap<String, Object>();
- newAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, ANONYMOUS_AUTHENTICATION_PROVIDER);
+ newAttributes.put(Broker.QUEUE_ALERT_REPEAT_GAP, updatedAlertRepeatGap);
+
int responseCode = getRestTestHelper().submitRequest("/rest/broker", "PUT", newAttributes);
assertEquals("Setting of port attribites should be allowed", 200, responseCode);
brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker");
- assertEquals("Unexpected default authentication provider attribute value", ANONYMOUS_AUTHENTICATION_PROVIDER,
- brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
+ assertEquals("Unexpected default alert repeat gap", updatedAlertRepeatGap,
+ brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP));
}
public void testSetBrokerAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
- String defaultAuthenticationProvider = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
+ int initialAlertRepeatGap = 30000;
+ int updatedAlertRepeatGap = 29999;
Map<String, Object> brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker");
- assertEquals("Unexpected authentication provider", defaultAuthenticationProvider,
- brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
- restartBrokerInManagementMode();
+ assertEquals("Unexpected alert repeat gap", initialAlertRepeatGap,
+ brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP));
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> newAttributes = new HashMap<String, Object>();
- newAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, ANONYMOUS_AUTHENTICATION_PROVIDER);
+ newAttributes.put(Broker.QUEUE_ALERT_REPEAT_GAP, updatedAlertRepeatGap);
+
int responseCode = getRestTestHelper().submitRequest("/rest/broker", "PUT", newAttributes);
assertEquals("Setting of port attribites should be allowed", 403, responseCode);
brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker");
- assertEquals("Unexpected default authentication provider attribute value", defaultAuthenticationProvider,
- brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
+ assertEquals("Unexpected default alert repeat gap", initialAlertRepeatGap,
+ brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP));
+ }
+
+ /* === GroupProvider === */
+
+ public void testCreateGroupProviderAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String groupProviderName = getTestName();
+
+ assertGroupProviderExistence(groupProviderName, false);
+
+ int responseCode = createGroupProvider(groupProviderName);
+ assertEquals("Group provider creation should be allowed", 201, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, true);
}
+ public void testCreateGroupProviderDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ String groupProviderName = getTestName();
+
+ assertGroupProviderExistence(groupProviderName, false);
+
+ int responseCode = createGroupProvider(groupProviderName);
+ assertEquals("Group provider creation should be denied", 403, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, false);
+ }
+
+ public void testDeleteGroupProviderDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String groupProviderName = getTestName();
+
+ assertGroupProviderExistence(groupProviderName, false);
+
+ int responseCode = createGroupProvider(groupProviderName);
+ assertEquals("Group provider creation should be allowed", 201, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, true);
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/groupprovider/" + groupProviderName, "DELETE", null);
+ assertEquals("Group provider deletion should be denied", 403, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, true);
+ }
+
+ public void testDeleteGroupProviderAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String groupProviderName = getTestName();
+
+ assertGroupProviderExistence(groupProviderName, false);
+
+ int responseCode = createGroupProvider(groupProviderName);
+ assertEquals("Group provider creation should be allowed", 201, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, true);
+
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/groupprovider/" + groupProviderName, "DELETE", null);
+ assertEquals("Group provider deletion should be allowed", 200, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, false);
+ }
+
+ public void testSetGroupProviderAttributesAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String groupProviderName = getTestName();
+
+ assertGroupProviderExistence(groupProviderName, false);
+
+ int responseCode = createGroupProvider(groupProviderName);
+ assertEquals("Group provider creation should be allowed", 201, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, true);
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(GroupProvider.NAME, groupProviderName);
+ attributes.put(GroupProvider.TYPE, FileGroupManagerFactory.GROUP_FILE_PROVIDER_TYPE);
+ attributes.put(FileGroupManagerFactory.PATH, "/path/to/file");
+ responseCode = getRestTestHelper().submitRequest("/rest/groupprovider/" + groupProviderName, "PUT", attributes);
+ assertEquals("Setting of group provider attributes should be allowed but not supported", 409, responseCode);
+ }
+
+ public void testSetGroupProviderAttributesDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String groupProviderName = getTestName();
+
+ assertGroupProviderExistence(groupProviderName, false);
+
+ int responseCode = createGroupProvider(groupProviderName);
+ assertEquals("Group provider creation should be allowed", 201, responseCode);
+
+ assertGroupProviderExistence(groupProviderName, true);
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(GroupProvider.NAME, groupProviderName);
+ attributes.put(GroupProvider.TYPE, FileGroupManagerFactory.GROUP_FILE_PROVIDER_TYPE);
+ attributes.put(FileGroupManagerFactory.PATH, "/path/to/file");
+ responseCode = getRestTestHelper().submitRequest("/rest/groupprovider/" + groupProviderName, "PUT", attributes);
+ assertEquals("Setting of group provider attributes should be denied", 403, responseCode);
+ }
+
+ /* === AccessControlProvider === */
+
+ public void testCreateAccessControlProviderAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String accessControlProviderName = getTestName();
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+
+ int responseCode = createAccessControlProvider(accessControlProviderName);
+ assertEquals("Access control provider creation should be allowed", 201, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, true);
+ }
+
+ public void testCreateAccessControlProviderDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ String accessControlProviderName = getTestName();
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+
+ int responseCode = createAccessControlProvider(accessControlProviderName);
+ assertEquals("Access control provider creation should be denied", 403, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+ }
+
+ public void testDeleteAccessControlProviderDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String accessControlProviderName = getTestName();
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+
+ int responseCode = createAccessControlProvider(accessControlProviderName);
+ assertEquals("Access control provider creation should be allowed", 201, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, true);
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/accesscontrolprovider/" + accessControlProviderName, "DELETE", null);
+ assertEquals("Access control provider deletion should be denied", 403, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, true);
+ }
+
+ public void testDeleteAccessControlProviderAllowed() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String accessControlProviderName = getTestName();
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+
+ int responseCode = createAccessControlProvider(accessControlProviderName);
+ assertEquals("Access control provider creation should be allowed", 201, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, true);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/accesscontrolprovider/" + accessControlProviderName, "DELETE", null);
+ assertEquals("Access control provider deletion should be allowed", 200, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+ }
+
+ public void testSetAccessControlProviderAttributesAllowedButUnsupported() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String accessControlProviderName = getTestName();
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+
+ int responseCode = createAccessControlProvider(accessControlProviderName);
+ assertEquals("Access control provider creation should be allowed", 201, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, true);
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(GroupProvider.NAME, accessControlProviderName);
+ attributes.put(GroupProvider.TYPE, FileGroupManagerFactory.GROUP_FILE_PROVIDER_TYPE);
+ attributes.put(FileGroupManagerFactory.PATH, "/path/to/file");
+ responseCode = getRestTestHelper().submitRequest("/rest/accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
+ assertEquals("Setting of access control provider attributes should be allowed but not supported", 409, responseCode);
+ }
+
+ public void testSetAccessControlProviderAttributesDenied() throws Exception
+ {
+ getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+ String accessControlProviderName = getTestName();
+
+ assertAccessControlProviderExistence(accessControlProviderName, false);
+
+ int responseCode = createAccessControlProvider(accessControlProviderName);
+ assertEquals("Access control provider creation should be allowed", 201, responseCode);
+
+ assertAccessControlProviderExistence(accessControlProviderName, true);
+
+ getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(GroupProvider.NAME, accessControlProviderName);
+ attributes.put(GroupProvider.TYPE, FileGroupManagerFactory.GROUP_FILE_PROVIDER_TYPE);
+ attributes.put(FileGroupManagerFactory.PATH, "/path/to/file");
+ responseCode = getRestTestHelper().submitRequest("/rest/accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
+ assertEquals("Setting of access control provider attributes should be denied", 403, responseCode);
+ }
+
+ /* === Utility Methods === */
+
private int createPort(String portName) throws Exception
{
Map<String, Object> attributes = new HashMap<String, Object>();
@@ -395,6 +905,18 @@ public class BrokerACLTest extends QpidRestTestCase
assertEquals("Unexpected result", exists, !hosts.isEmpty());
}
+ private void assertKeyStoreExistence(String keyStoreName, boolean exists) throws Exception
+ {
+ List<Map<String, Object>> keyStores = getRestTestHelper().getJsonAsList("/rest/keystore/" + keyStoreName);
+ assertEquals("Unexpected result", exists, !keyStores.isEmpty());
+ }
+
+ private void assertTrustStoreExistence(String trustStoreName, boolean exists) throws Exception
+ {
+ List<Map<String, Object>> trustStores = getRestTestHelper().getJsonAsList("/rest/truststore/" + trustStoreName);
+ assertEquals("Unexpected result", exists, !trustStores.isEmpty());
+ }
+
private int createHost(String hostName) throws Exception
{
Map<String, Object> hostData = new HashMap<String, Object>();
@@ -452,4 +974,61 @@ public class BrokerACLTest extends QpidRestTestCase
assertEquals("Unexpected result", exists, !providers.isEmpty());
}
+ private int createKeyStore(String name, String certAlias) throws IOException, JsonGenerationException, JsonMappingException
+ {
+ Map<String, Object> keyStoreAttributes = new HashMap<String, Object>();
+ keyStoreAttributes.put(KeyStore.NAME, name);
+ keyStoreAttributes.put(KeyStore.PATH, TestSSLConstants.KEYSTORE);
+ keyStoreAttributes.put(KeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
+ keyStoreAttributes.put(KeyStore.CERTIFICATE_ALIAS, certAlias);
+
+ return getRestTestHelper().submitRequest("/rest/keystore/" + name, "PUT", keyStoreAttributes);
+ }
+
+ private int createTrustStore(String name, boolean peersOnly) throws IOException, JsonGenerationException, JsonMappingException
+ {
+ Map<String, Object> trustStoreAttributes = new HashMap<String, Object>();
+ trustStoreAttributes.put(TrustStore.NAME, name);
+ trustStoreAttributes.put(TrustStore.PATH, TestSSLConstants.KEYSTORE);
+ trustStoreAttributes.put(TrustStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
+ trustStoreAttributes.put(TrustStore.PEERS_ONLY, peersOnly);
+
+ return getRestTestHelper().submitRequest("/rest/truststore/" + name, "PUT", trustStoreAttributes);
+ }
+
+ private void assertGroupProviderExistence(String groupProviderName, boolean exists) throws Exception
+ {
+ String path = "/rest/groupprovider/" + groupProviderName;
+ List<Map<String, Object>> providers = getRestTestHelper().getJsonAsList(path);
+ assertEquals("Unexpected result", exists, !providers.isEmpty());
+ }
+
+ private int createGroupProvider(String groupProviderName) throws Exception
+ {
+ File file = TestFileUtils.createTempFile(this, ".groups");
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(GroupProvider.NAME, groupProviderName);
+ attributes.put(GroupProvider.TYPE, FileGroupManagerFactory.GROUP_FILE_PROVIDER_TYPE);
+ attributes.put(FileGroupManagerFactory.PATH, file.getAbsoluteFile());
+
+ return getRestTestHelper().submitRequest("/rest/groupprovider/" + groupProviderName, "PUT", attributes);
+ }
+
+ private void assertAccessControlProviderExistence(String accessControlProviderName, boolean exists) throws Exception
+ {
+ String path = "/rest/accesscontrolprovider/" + accessControlProviderName;
+ List<Map<String, Object>> providers = getRestTestHelper().getJsonAsList(path);
+ assertEquals("Unexpected result", exists, !providers.isEmpty());
+ }
+
+ private int createAccessControlProvider(String accessControlProviderName) throws Exception
+ {
+ File file = TestFileUtils.createTempFile(this, ".acl", _secondaryAclFileContent);
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(AccessControlProvider.NAME, accessControlProviderName);
+ attributes.put(AccessControlProvider.TYPE, FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE);
+ attributes.put(FileAccessControlProviderConstants.PATH, file.getAbsoluteFile());
+
+ return getRestTestHelper().submitRequest("/rest/accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
+ }
}
View Lorry Controller Status