Repository: ambari Updated Branches: refs/heads/trunk e1584720b -> 7d45f1f71
http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java index e65786b..fdcfbce 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p/> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p/> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -45,9 +45,13 @@ import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.orm.entities.ViewEntity; import org.apache.ambari.server.orm.entities.ViewInstanceEntity; +import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; +import org.apache.ambari.server.security.TestAuthenticationFactory; import org.easymock.EasyMockSupport; import org.junit.Test; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import static org.easymock.EasyMock.anyObject; import static org.easymock.EasyMock.expect; @@ -59,74 +63,37 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { @Test(expected = SystemException.class) public void testCreateResources() throws Exception { - final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1")); + UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); resourceProvider.createResources(createNiceMock(Request.class)); } - @SuppressWarnings("serial") @Test - public void testGetResources() throws Exception { - final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); - final UserDAO userDAO = createNiceMock(UserDAO.class); - final GroupDAO groupDAO = createNiceMock(GroupDAO.class); - final ClusterDAO clusterDAO = createNiceMock(ClusterDAO.class); - final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); - final UserEntity userEntity = createNiceMock(UserEntity.class); - final PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); - final PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); - final PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class); - final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); - final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class); - final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); - - expect(userDAO.findLocalUserByName("user")).andReturn(userEntity).anyTimes(); - expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); - expect(userEntity.getMemberEntities()).andReturn(Collections.<MemberEntity> emptySet()).anyTimes(); - expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes(); - expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); - expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); - expect(principalTypeEntity.getName()).andReturn(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME).anyTimes(); - expect(principalEntity.getPrivileges()).andReturn(new HashSet<PrivilegeEntity>() { - { - add(privilegeEntity); - } - }).anyTimes(); - expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); - expect(userEntity.getUserName()).andReturn("user").anyTimes(); - expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes(); - expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); - expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name()); - - replayAll(); - - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); - - final Set<String> propertyIds = new HashSet<String>(); - propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); - //propertyIds.add(UserResourceProvider.USER_PASSWORD_PROPERTY_ID); - - final Predicate predicate = new PredicateBuilder().property(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID).equals("user").toPredicate(); - Request request = PropertyHelper.getReadRequest(propertyIds); - Set<Resource> resources = resourceProvider.getResources(request, predicate); + public void testGetResources_Administrator() throws Exception { + getResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "User1"); + } - Assert.assertEquals(1, resources.size()); - for (Resource resource : resources) { - String userName = (String) resource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); - Assert.assertEquals("user", userName); - } + @Test + public void testGetResources_NonAdministrator_Self() throws Exception { + getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1"); + } - verifyAll(); + @Test(expected = AuthorizationException.class) + public void testGetResources_NonAdministrator_Other() throws Exception { + getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User10"); } @Test(expected = SystemException.class) public void testUpdateResources() throws Exception { - final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1")); + UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); resourceProvider.updateResources(createNiceMock(Request.class), createNiceMock(Predicate.class)); } @Test(expected = SystemException.class) public void testDeleteResources() throws Exception { - final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1")); + UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); resourceProvider.deleteResources(createNiceMock(Predicate.class)); } @@ -344,4 +311,65 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { verifyAll(); } + + // @SuppressWarnings("serial") + private void getResourcesTest(Authentication authentication, String requestedUsername) throws Exception { + final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); + final UserDAO userDAO = createNiceMock(UserDAO.class); + final GroupDAO groupDAO = createNiceMock(GroupDAO.class); + final ClusterDAO clusterDAO = createNiceMock(ClusterDAO.class); + final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + final UserEntity userEntity = createNiceMock(UserEntity.class); + final PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); + final PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); + final PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class); + final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); + final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class); + final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); + + expect(userDAO.findLocalUserByName(requestedUsername)).andReturn(userEntity).anyTimes(); + expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); + expect(userEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes(); + expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes(); + expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); + expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); + expect(principalTypeEntity.getName()).andReturn(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME).anyTimes(); + expect(principalEntity.getPrivileges()).andReturn(new HashSet<PrivilegeEntity>() { + { + add(privilegeEntity); + } + }).anyTimes(); + expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); + expect(userEntity.getUserName()).andReturn(requestedUsername).anyTimes(); + expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes(); + expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); + expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name()); + + replayAll(); + + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); + + final Set<String> propertyIds = new HashSet<String>(); + propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); + + final Predicate predicate = new PredicateBuilder() + .property(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID) + .equals(requestedUsername) + .toPredicate(); + Request request = PropertyHelper.getReadRequest(propertyIds); + + // Set the authenticated user to a administrator + SecurityContextHolder.getContext().setAuthentication(authentication); + + Set<Resource> resources = resourceProvider.getResources(request, predicate); + + Assert.assertEquals(1, resources.size()); + for (Resource resource : resources) { + String userName = (String) resource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); + Assert.assertEquals(requestedUsername, userName); + } + + verifyAll(); + } + } http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java index 94f6fd7..4321485 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p/> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p/> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,8 +30,6 @@ import org.apache.ambari.server.controller.AbstractRootServiceResponseFactory; import org.apache.ambari.server.controller.AmbariManagementController; import org.apache.ambari.server.controller.AmbariManagementControllerImpl; import org.apache.ambari.server.controller.KerberosHelper; -import org.apache.ambari.server.controller.RequestStatusResponse; -import org.apache.ambari.server.controller.UserResponse; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; import org.apache.ambari.server.controller.spi.Resource; @@ -39,12 +37,11 @@ import org.apache.ambari.server.controller.spi.ResourceProvider; import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.orm.DBAccessor; -import org.apache.ambari.server.orm.entities.PermissionEntity; -import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.scheduler.ExecutionScheduler; -import org.apache.ambari.server.security.SecurityHelper; -import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority; +import org.apache.ambari.server.security.TestAuthenticationFactory; +import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.User; +import org.apache.ambari.server.security.authorization.UserType; import org.apache.ambari.server.security.authorization.Users; import org.apache.ambari.server.security.encryption.CredentialStoreService; import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl; @@ -59,487 +56,474 @@ import org.apache.ambari.server.state.ServiceFactory; import org.apache.ambari.server.state.configgroup.ConfigGroupFactory; import org.apache.ambari.server.state.scheduler.RequestExecutionFactory; import org.apache.ambari.server.state.stack.OsFamily; +import org.easymock.EasyMockSupport; +import org.junit.After; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; -import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.password.PasswordEncoder; import javax.persistence.EntityManager; -import java.util.Collection; +import java.util.Arrays; import java.util.Collections; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedHashSet; +import java.util.List; import java.util.Map; import java.util.Set; -import static org.easymock.EasyMock.createMock; -import static org.easymock.EasyMock.createNiceMock; -import static org.easymock.EasyMock.expect; -import static org.easymock.EasyMock.expectLastCall; -import static org.easymock.EasyMock.replay; -import static org.easymock.EasyMock.verify; +import static org.easymock.EasyMock.*; /** * UserResourceProvider tests. */ -public class UserResourceProviderTest { - @Test - public void testCreateResources() throws Exception { - Resource.Type type = Resource.Type.User; +public class UserResourceProviderTest extends EasyMockSupport { - AmbariManagementController managementController = createMock(AmbariManagementController.class); - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); + @Before + public void resetMocks() { + resetAll(); + } - managementController.createUsers(AbstractResourceProviderTest.Matcher.getUserRequestSet("User100")); + @After + public void clearAuthentication() { + SecurityContextHolder.getContext().setAuthentication(null); + } - // replay - replay(managementController, response); + @Test + public void testCreateResources_Administrator() throws Exception { + createResourcesTest(TestAuthenticationFactory.createAdministrator("admin")); + } - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + @Test(expected = AuthorizationException.class) + public void testCreateResources_NonAdministrator() throws Exception { + createResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1")); + } - // add the property map to a set for the request. add more maps for multiple creates - Set<Map<String, Object>> propertySet = new LinkedHashSet<Map<String, Object>>(); + @Test + public void testGetResources_Administrator() throws Exception { + getResourcesTest(TestAuthenticationFactory.createAdministrator("admin")); + } - Map<String, Object> properties = new LinkedHashMap<String, Object>(); + @Test + public void testGetResources_NonAdministrator() throws Exception { + getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1")); + } - // add properties to the request map - properties.put(UserResourceProvider.USER_USERNAME_PROPERTY_ID, "User100"); + @Test + public void testGetResource_Administrator_Self() throws Exception { + getResourceTest(TestAuthenticationFactory.createAdministrator("admin"), "admin"); + } - propertySet.add(properties); + @Test + public void testGetResource_Administrator_Other() throws Exception { + getResourceTest(TestAuthenticationFactory.createAdministrator("admin"), "User1"); + } - // create the request - Request request = PropertyHelper.getCreateRequest(propertySet, null); + @Test + public void testGetResource_NonAdministrator_Self() throws Exception { + getResourceTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1"); + } - provider.createResources(request); + @Test(expected = AuthorizationException.class) + public void testGetResource_NonAdministrator_Other() throws Exception { + getResourceTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User100"); + } - // verify - verify(managementController, response); + @Test + public void testUpdateResources_SetAdmin_Administrator_Self() throws Exception { + updateResources_SetAdmin(TestAuthenticationFactory.createAdministrator("admin"), "User100"); } @Test - public void testGetResources() throws Exception { - Resource.Type type = Resource.Type.User; + public void testUpdateResources_SetAdmin_Administrator_Other() throws Exception { + updateResources_SetAdmin(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - AmbariManagementController managementController = createMock(AmbariManagementController.class); + @Test(expected = AuthorizationException.class) + public void testUpdateResources_SetAdmin_NonAdministrator_Self() throws Exception { + updateResources_SetAdmin(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1"); + } - Set<UserResponse> allResponse = new HashSet<UserResponse>(); - allResponse.add(new UserResponse("User100", false, true, false)); + @Test(expected = AuthorizationException.class) + public void testUpdateResources_SetAdmin_NonAdministrator_Other() throws Exception { + updateResources_SetAdmin(TestAuthenticationFactory.createClusterAdministrator("User1"), "User100"); + } - // set expectations - expect(managementController.getUsers(AbstractResourceProviderTest.Matcher.getUserRequestSet("User100"))). - andReturn(allResponse).once(); + @Test + public void testUpdateResources_SetActive_Administrator_Self() throws Exception { + updateResources_SetActive(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - // replay - replay(managementController); + @Test + public void testUpdateResources_SetActive_Administrator_Other() throws Exception { + updateResources_SetActive(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + @Test(expected = AuthorizationException.class) + public void testUpdateResources_SetActive_NonAdministrator_Self() throws Exception { + updateResources_SetActive(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1"); + } - Set<String> propertyIds = new HashSet<String>(); + @Test(expected = AuthorizationException.class) + public void testUpdateResources_SetActive_NonAdministrator_Other() throws Exception { + updateResources_SetActive(TestAuthenticationFactory.createClusterAdministrator("User1"), "User100"); + } - propertyIds.add(UserResourceProvider.USER_USERNAME_PROPERTY_ID); - propertyIds.add(UserResourceProvider.USER_PASSWORD_PROPERTY_ID); + @Test + public void testUpdateResources_SetPassword_Administrator_Self() throws Exception { + updateResources_SetPassword(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - Predicate predicate = new PredicateBuilder().property(UserResourceProvider.USER_USERNAME_PROPERTY_ID). - equals("User100").toPredicate(); - Request request = PropertyHelper.getReadRequest(propertyIds); - Set<Resource> resources = provider.getResources(request, predicate); + @Test + public void testUpdateResources_SetPassword_Administrator_Other() throws Exception { + updateResources_SetPassword(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - Assert.assertEquals(1, resources.size()); - for (Resource resource : resources) { - String userName = (String) resource.getPropertyValue(UserResourceProvider.USER_USERNAME_PROPERTY_ID); - Assert.assertEquals("User100", userName); - } + @Test + public void testUpdateResources_SetPassword_NonAdministrator_Self() throws Exception { + updateResources_SetPassword(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1"); + } - // verify - verify(managementController); + @Test(expected = AuthorizationException.class) + public void testUpdateResources_SetPassword_NonAdministrator_Other() throws Exception { + updateResources_SetPassword(TestAuthenticationFactory.createClusterAdministrator("User1"), "User100"); } @Test - public void testUpdateResources_SetAdmin_AsAdminUser() throws Exception { - Resource.Type type = Resource.Type.User; - Injector injector = createInjector(); + public void testDeleteResource_Administrator_Self() throws Exception { + deleteResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - SecurityHelper securityHelper = injector.getInstance(SecurityHelper.class); - Users users = injector.getInstance(Users.class); - User user = createMock(User.class); - PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class); - PermissionEntity permissionEntity = createMock(PermissionEntity.class); + @Test + public void testDeleteResource_Administrator_Other() throws Exception { + deleteResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "User100"); + } - AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + @Test(expected = AuthorizationException.class) + public void testDeleteResource_NonAdministrator_Self() throws Exception { + deleteResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1"); + } - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); + @Test(expected = AuthorizationException.class) + public void testDeleteResource_NonAdministrator_Other() throws Exception { + deleteResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User100"); + } - Collection<? extends GrantedAuthority> currentAuthorities = Collections.singleton(new AmbariGrantedAuthority(privilegeEntity)); + private Injector createInjector() throws Exception { + return Guice.createInjector(new AbstractModule() { + @Override + protected void configure() { + bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class)); + bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); + bind(ActionDBAccessor.class).toInstance(createNiceMock(ActionDBAccessor.class)); + bind(ExecutionScheduler.class).toInstance(createNiceMock(ExecutionScheduler.class)); + bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class)); + bind(AmbariMetaInfo.class).toInstance(createMock(AmbariMetaInfo.class)); + bind(ActionManager.class).toInstance(createNiceMock(ActionManager.class)); + bind(RequestFactory.class).toInstance(createNiceMock(RequestFactory.class)); + bind(RequestExecutionFactory.class).toInstance(createNiceMock(RequestExecutionFactory.class)); + bind(StageFactory.class).toInstance(createNiceMock(StageFactory.class)); + bind(RoleGraphFactory.class).to(RoleGraphFactoryImpl.class); + bind(Clusters.class).toInstance(createNiceMock(Clusters.class)); + bind(AbstractRootServiceResponseFactory.class).toInstance(createNiceMock(AbstractRootServiceResponseFactory.class)); + bind(StackManagerFactory.class).toInstance(createNiceMock(StackManagerFactory.class)); + bind(ConfigFactory.class).toInstance(createNiceMock(ConfigFactory.class)); + bind(ConfigGroupFactory.class).toInstance(createNiceMock(ConfigGroupFactory.class)); + bind(ServiceFactory.class).toInstance(createNiceMock(ServiceFactory.class)); + bind(ServiceComponentFactory.class).toInstance(createNiceMock(ServiceComponentFactory.class)); + bind(ServiceComponentHostFactory.class).toInstance(createNiceMock(ServiceComponentHostFactory.class)); + bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class)); + bind(KerberosHelper.class).toInstance(createNiceMock(KerberosHelper.class)); + bind(Users.class).toInstance(createMock(Users.class)); + bind(AmbariManagementController.class).to(AmbariManagementControllerImpl.class); + bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class); + } + }); + } - // set expectations - expect(users.getAnyUser("User100")).andReturn(user).once(); - users.grantAdminPrivilege(1000); - expectLastCall().once(); + private void createResourcesTest(Authentication authentication) throws Exception { + Injector injector = createInjector(); - expect(user.getUserId()).andReturn(1000).once(); + Users users = injector.getInstance(Users.class); + users.createUser("User100", "password", (Boolean) null, null, false); + expectLastCall().atLeastOnce(); - expect(privilegeEntity.getPermission()).andReturn(permissionEntity).once(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION).once(); + // replay + replayAll(); - securityHelper.getCurrentAuthorities(); - expectLastCall().andReturn(currentAuthorities).once(); + SecurityContextHolder.getContext().setAuthentication(authentication); - // replay - replay(securityHelper, user, users, privilegeEntity, permissionEntity, response); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + + ResourceProvider provider = getResourceProvider(managementController); + + // add the property map to a set for the request. add more maps for multiple creates + Set<Map<String, Object>> propertySet = new LinkedHashSet<Map<String, Object>>(); - // add the property map to a set for the request. Map<String, Object> properties = new LinkedHashMap<String, Object>(); - properties.put(UserResourceProvider.USER_ADMIN_PROPERTY_ID, "true"); + // add properties to the request map + properties.put(UserResourceProvider.USER_USERNAME_PROPERTY_ID, "User100"); + properties.put(UserResourceProvider.USER_PASSWORD_PROPERTY_ID, "password"); + + propertySet.add(properties); // create the request - Request request = PropertyHelper.getUpdateRequest(properties, null); + Request request = PropertyHelper.getCreateRequest(propertySet, null); - Predicate predicate = new PredicateBuilder() - .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) - .equals("User100") - .toPredicate(); - provider.updateResources(request, predicate); + provider.createResources(request); // verify - verify(securityHelper, user, users, privilegeEntity, permissionEntity, response); + verifyAll(); } - @Test(expected = IllegalArgumentException.class) - public void testUpdateResources_SetAdmin_AsNonAdminUser() throws Exception { - Resource.Type type = Resource.Type.User; + private void getResourcesTest(Authentication authentication) throws Exception { Injector injector = createInjector(); - SecurityHelper securityHelper = injector.getInstance(SecurityHelper.class); Users users = injector.getInstance(Users.class); - User user = createMock(User.class); - AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + if ("admin".equals(authentication.getName())) { + List<User> allUsers = Arrays.asList( + createMockUser("User1"), + createMockUser("User10"), + createMockUser("User100"), + createMockUser("admin") + ); + expect(users.getAllUsers()).andReturn(allUsers).atLeastOnce(); + } else { + expect(users.getAnyUser("User1")).andReturn(createMockUser("User1")).atLeastOnce(); + } - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); + replayAll(); - // set expectations - expect(users.getAnyUser("User100")).andReturn(user).once(); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); - securityHelper.getCurrentAuthorities(); - expectLastCall().andReturn(Collections.emptyList()).once(); + SecurityContextHolder.getContext().setAuthentication(authentication); - // replay - replay(securityHelper, user, users, response); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + ResourceProvider provider = getResourceProvider(managementController); - // add the property map to a set for the request. - Map<String, Object> properties = new LinkedHashMap<String, Object>(); + Set<String> propertyIds = new HashSet<String>(); + propertyIds.add(UserResourceProvider.USER_USERNAME_PROPERTY_ID); + propertyIds.add(UserResourceProvider.USER_PASSWORD_PROPERTY_ID); - properties.put(UserResourceProvider.USER_ADMIN_PROPERTY_ID, "true"); + Request request = PropertyHelper.getReadRequest(propertyIds); - // create the request - Request request = PropertyHelper.getUpdateRequest(properties, null); + Set<Resource> resources = provider.getResources(request, null); - Predicate predicate = new PredicateBuilder() - .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) - .equals("User100") - .toPredicate(); - provider.updateResources(request, predicate); + if ("admin".equals(authentication.getName())) { + List<String> expectedList = Arrays.asList("User1", "User10", "User100", "admin"); + Assert.assertEquals(4, resources.size()); + for (Resource resource : resources) { + String userName = (String) resource.getPropertyValue(UserResourceProvider.USER_USERNAME_PROPERTY_ID); + Assert.assertTrue(expectedList.contains(userName)); + } + } else { + Assert.assertEquals(1, resources.size()); + for (Resource resource : resources) { + Assert.assertEquals("User1", resource.getPropertyValue(UserResourceProvider.USER_USERNAME_PROPERTY_ID)); + } + } - // verify - verify(securityHelper, user, users, response); + verifyAll(); } - @Test - public void testUpdateResources_SetActive_AsAdminUser() throws Exception { - Resource.Type type = Resource.Type.User; + private void getResourceTest(Authentication authentication, String requestedUsername) throws Exception { Injector injector = createInjector(); - SecurityHelper securityHelper = injector.getInstance(SecurityHelper.class); Users users = injector.getInstance(Users.class); - User user = createMock(User.class); - PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class); - PermissionEntity permissionEntity = createMock(PermissionEntity.class); - - AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); - - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); + expect(users.getAnyUser(requestedUsername)).andReturn(createMockUser(requestedUsername)).atLeastOnce(); - Collection<? extends GrantedAuthority> currentAuthorities = Collections.singleton(new AmbariGrantedAuthority(privilegeEntity)); + replayAll(); - // set expectations - expect(users.getAnyUser("User100")).andReturn(user).once(); - - users.setUserActive("User100", false); - expectLastCall().once(); - - expect(user.getUserName()).andReturn("User100").once(); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); - expect(privilegeEntity.getPermission()).andReturn(permissionEntity).once(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION).once(); + SecurityContextHolder.getContext().setAuthentication(authentication); - securityHelper.getCurrentAuthorities(); - expectLastCall().andReturn(currentAuthorities).once(); - - // replay - replay(securityHelper, user, users, privilegeEntity, permissionEntity, response); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + ResourceProvider provider = getResourceProvider(managementController); - // add the property map to a set for the request. - Map<String, Object> properties = new LinkedHashMap<String, Object>(); + Set<String> propertyIds = new HashSet<String>(); + propertyIds.add(UserResourceProvider.USER_USERNAME_PROPERTY_ID); + propertyIds.add(UserResourceProvider.USER_PASSWORD_PROPERTY_ID); - properties.put(UserResourceProvider.USER_ACTIVE_PROPERTY_ID, "false"); + Request request = PropertyHelper.getReadRequest(propertyIds); - // create the request - Request request = PropertyHelper.getUpdateRequest(properties, null); + Set<Resource> resources = provider.getResources(request, createPredicate(requestedUsername)); - Predicate predicate = new PredicateBuilder() - .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) - .equals("User100") - .toPredicate(); - provider.updateResources(request, predicate); + Assert.assertEquals(1, resources.size()); + for (Resource resource : resources) { + String userName = (String) resource.getPropertyValue(UserResourceProvider.USER_USERNAME_PROPERTY_ID); + Assert.assertEquals(requestedUsername, userName); + } - // verify - verify(securityHelper, user, users, privilegeEntity, permissionEntity, response); + verifyAll(); } - @Test(expected = IllegalArgumentException.class) - public void testUpdateResources_SetActive_AsNonActiveUser() throws Exception { - Resource.Type type = Resource.Type.User; + public void updateResources_SetAdmin(Authentication authentication, String requestedUsername) throws Exception { Injector injector = createInjector(); - SecurityHelper securityHelper = injector.getInstance(SecurityHelper.class); Users users = injector.getInstance(Users.class); - User user = createMock(User.class); + expect(users.getAnyUser(requestedUsername)).andReturn(createMockUser(requestedUsername)).once(); - AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + if ("admin".equals(authentication.getName())) { + users.grantAdminPrivilege(requestedUsername.hashCode()); + expectLastCall().once(); + } - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); + replayAll(); - // set expectations - expect(users.getAnyUser("User100")).andReturn(user).once(); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); - securityHelper.getCurrentAuthorities(); - expectLastCall().andReturn(Collections.emptyList()).once(); + SecurityContextHolder.getContext().setAuthentication(authentication); - // replay - replay(securityHelper, user, users, response); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + ResourceProvider provider = getResourceProvider(managementController); // add the property map to a set for the request. Map<String, Object> properties = new LinkedHashMap<String, Object>(); - - properties.put(UserResourceProvider.USER_ACTIVE_PROPERTY_ID, "false"); + properties.put(UserResourceProvider.USER_ADMIN_PROPERTY_ID, "true"); // create the request Request request = PropertyHelper.getUpdateRequest(properties, null); - Predicate predicate = new PredicateBuilder() - .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) - .equals("User100") - .toPredicate(); - provider.updateResources(request, predicate); + provider.updateResources(request, createPredicate(requestedUsername)); - // verify - verify(securityHelper, user, users, response); + verifyAll(); } - @Test - public void testUpdateResources_SetPassword_AsAdminUser() throws Exception { - Resource.Type type = Resource.Type.User; + public void updateResources_SetActive(Authentication authentication, String requestedUsername) throws Exception { Injector injector = createInjector(); - SecurityHelper securityHelper = injector.getInstance(SecurityHelper.class); Users users = injector.getInstance(Users.class); - User user = createMock(User.class); - PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class); - PermissionEntity permissionEntity = createMock(PermissionEntity.class); - - AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + expect(users.getAnyUser(requestedUsername)).andReturn(createMockUser(requestedUsername)).once(); - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); - - Collection<? extends GrantedAuthority> currentAuthorities = Collections.singleton(new AmbariGrantedAuthority(privilegeEntity)); - - // set expectations - expect(users.getAnyUser("User100")).andReturn(user).once(); - - users.modifyPassword("User100", "old_password", "password"); - expectLastCall().once(); + if ("admin".equals(authentication.getName())) { + users.setUserActive(requestedUsername, true); + expectLastCall().once(); + } - expect(user.getUserName()).andReturn("User100").once(); + replayAll(); - expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION).anyTimes(); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); - securityHelper.getCurrentAuthorities(); - expectLastCall().andReturn(currentAuthorities).anyTimes(); + SecurityContextHolder.getContext().setAuthentication(authentication); - // replay - replay(securityHelper, user, users, privilegeEntity, permissionEntity, response); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + ResourceProvider provider = getResourceProvider(managementController); // add the property map to a set for the request. Map<String, Object> properties = new LinkedHashMap<String, Object>(); + properties.put(UserResourceProvider.USER_ACTIVE_PROPERTY_ID, "true"); - properties.put(UserResourceProvider.USER_PASSWORD_PROPERTY_ID, "password"); - properties.put(UserResourceProvider.USER_OLD_PASSWORD_PROPERTY_ID, "old_password"); - - // create the request Request request = PropertyHelper.getUpdateRequest(properties, null); - Predicate predicate = new PredicateBuilder() - .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) - .equals("User100") - .toPredicate(); - provider.updateResources(request, predicate); + provider.updateResources(request, createPredicate(requestedUsername)); - // verify - verify(securityHelper, user, users, privilegeEntity, permissionEntity, response); + verifyAll(); } - @Test - public void testUpdateResources_SetPassword_AsNonActiveUser() throws Exception { - Resource.Type type = Resource.Type.User; + public void updateResources_SetPassword(Authentication authentication, String requestedUsername) throws Exception { Injector injector = createInjector(); - SecurityHelper securityHelper = injector.getInstance(SecurityHelper.class); Users users = injector.getInstance(Users.class); - User user = createMock(User.class); - - AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); - - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); - - // set expectations - expect(users.getAnyUser("User100")).andReturn(user).once(); - - users.modifyPassword("User100", "old_password", "password"); + expect(users.getAnyUser(requestedUsername)).andReturn(createMockUser(requestedUsername)).once(); + users.modifyPassword(requestedUsername, "old_password", "new_password"); expectLastCall().once(); - expect(user.getUserName()).andReturn("User100").once(); + replayAll(); - securityHelper.getCurrentAuthorities(); - expectLastCall().andReturn(Collections.emptyList()).anyTimes(); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); - // replay - replay(securityHelper, user, users, response); + SecurityContextHolder.getContext().setAuthentication(authentication); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + + ResourceProvider provider = getResourceProvider(managementController); // add the property map to a set for the request. Map<String, Object> properties = new LinkedHashMap<String, Object>(); - - properties.put(UserResourceProvider.USER_PASSWORD_PROPERTY_ID, "password"); properties.put(UserResourceProvider.USER_OLD_PASSWORD_PROPERTY_ID, "old_password"); + properties.put(UserResourceProvider.USER_PASSWORD_PROPERTY_ID, "new_password"); // create the request Request request = PropertyHelper.getUpdateRequest(properties, null); - Predicate predicate = new PredicateBuilder() - .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) - .equals("User100") - .toPredicate(); - provider.updateResources(request, predicate); + provider.updateResources(request, createPredicate(requestedUsername)); - // verify - verify(securityHelper, user, users, response); + verifyAll(); } - @Test - public void testDeleteResources() throws Exception { - Resource.Type type = Resource.Type.User; + private void deleteResourcesTest(Authentication authentication, String requestedUsername) throws Exception { + Injector injector = createInjector(); - AmbariManagementController managementController = createMock(AmbariManagementController.class); - RequestStatusResponse response = createNiceMock(RequestStatusResponse.class); + User user = createMockUser(requestedUsername); - // set expectations - managementController.deleteUsers(AbstractResourceProviderTest.Matcher.getUserRequestSet("User100")); + Users users = injector.getInstance(Users.class); + expect(users.getAnyUser(requestedUsername)).andReturn(user).atLeastOnce(); + users.removeUser(user); + expectLastCall().atLeastOnce(); // replay - replay(managementController, response); + replayAll(); - ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( - type, - PropertyHelper.getPropertyIds(type), - PropertyHelper.getKeyPropertyIds(type), - managementController); + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + ambariMetaInfo.init(); + + SecurityContextHolder.getContext().setAuthentication(authentication); - Predicate predicate = new PredicateBuilder().property(UserResourceProvider.USER_USERNAME_PROPERTY_ID). - equals("User100").toPredicate(); - provider.deleteResources(predicate); + AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); + + ResourceProvider provider = getResourceProvider(managementController); + + provider.deleteResources(createPredicate(requestedUsername)); // verify - verify(managementController, response); + verifyAll(); } - private Injector createInjector() { - return Guice.createInjector(new AbstractModule() { - @Override - protected void configure() { - bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class)); - bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); - bind(ActionDBAccessor.class).toInstance(createNiceMock(ActionDBAccessor.class)); - bind(ExecutionScheduler.class).toInstance(createNiceMock(ExecutionScheduler.class)); - bind(SecurityHelper.class).toInstance(createMock(SecurityHelper.class)); - bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class)); - bind(AmbariMetaInfo.class).toInstance(createMock(AmbariMetaInfo.class)); - bind(ActionManager.class).toInstance(createNiceMock(ActionManager.class)); - bind(RequestFactory.class).toInstance(createNiceMock(RequestFactory.class)); - bind(RequestExecutionFactory.class).toInstance(createNiceMock(RequestExecutionFactory.class)); - bind(StageFactory.class).toInstance(createNiceMock(StageFactory.class)); - bind(RoleGraphFactory.class).to(RoleGraphFactoryImpl.class); - bind(Clusters.class).toInstance(createNiceMock(Clusters.class)); - bind(AbstractRootServiceResponseFactory.class).toInstance(createNiceMock(AbstractRootServiceResponseFactory.class)); - bind(StackManagerFactory.class).toInstance(createNiceMock(StackManagerFactory.class)); - bind(ConfigFactory.class).toInstance(createNiceMock(ConfigFactory.class)); - bind(ConfigGroupFactory.class).toInstance(createNiceMock(ConfigGroupFactory.class)); - bind(ServiceFactory.class).toInstance(createNiceMock(ServiceFactory.class)); - bind(ServiceComponentFactory.class).toInstance(createNiceMock(ServiceComponentFactory.class)); - bind(ServiceComponentHostFactory.class).toInstance(createNiceMock(ServiceComponentHostFactory.class)); - bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class)); - bind(KerberosHelper.class).toInstance(createNiceMock(KerberosHelper.class)); - bind(Users.class).toInstance(createMock(Users.class)); - bind(AmbariManagementController.class).to(AmbariManagementControllerImpl.class); - bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class); - } - }); + private Predicate createPredicate(String requestedUsername) { + return new PredicateBuilder() + .property(UserResourceProvider.USER_USERNAME_PROPERTY_ID) + .equals(requestedUsername) + .toPredicate(); + } + + private User createMockUser(String username) { + User user = createMock(User.class); + expect(user.getUserId()).andReturn(username.hashCode()).anyTimes(); + expect(user.getUserName()).andReturn(username).anyTimes(); + expect(user.getUserType()).andReturn(UserType.LOCAL).anyTimes(); + expect(user.isLdapUser()).andReturn(false).anyTimes(); + expect(user.isActive()).andReturn(true).anyTimes(); + expect(user.isAdmin()).andReturn(false).anyTimes(); + expect(user.getGroups()).andReturn(Collections.<String>emptyList()).anyTimes(); + + return user; + } + + private ResourceProvider getResourceProvider(AmbariManagementController managementController) { + return AbstractControllerResourceProvider.getResourceProvider( + Resource.Type.User, + PropertyHelper.getPropertyIds(Resource.Type.User), + PropertyHelper.getKeyPropertyIds(Resource.Type.User), + managementController); } -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java index 8400efd..d85b37b 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java @@ -42,6 +42,7 @@ import org.apache.ambari.server.orm.entities.ViewEntityTest; import org.apache.ambari.server.orm.entities.ViewInstanceEntity; import org.apache.ambari.server.orm.entities.ViewInstanceEntityTest; import org.apache.ambari.server.security.SecurityHelper; +import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.view.ViewInstanceHandlerList; import org.apache.ambari.server.view.ViewRegistry; import org.apache.ambari.server.view.ViewRegistryTest; @@ -50,6 +51,7 @@ import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.springframework.security.core.context.SecurityContextHolder; import java.util.Collections; import java.util.LinkedList; @@ -149,6 +151,8 @@ public class ViewPrivilegeResourceProviderTest { replay(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, privilegeEntity, resourceEntity, userEntity, principalEntity, permissionEntity, principalTypeEntity); + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin")); + PrivilegeResourceProvider provider = new ViewPrivilegeResourceProvider(); Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null); http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java new file mode 100644 index 0000000..634d840 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java @@ -0,0 +1,164 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.security; + +import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.PrivilegeEntity; +import org.apache.ambari.server.orm.entities.ResourceEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; +import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority; +import org.apache.ambari.server.security.authorization.ResourceType; +import org.apache.ambari.server.security.authorization.RoleAuthorization; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +public class TestAuthenticationFactory { + public static Authentication createAdministrator(String name) { + return new TestAuthorization(name, Collections.singleton(createAdministratorGrantedAuthority())); + } + + public static Authentication createClusterAdministrator(String name) { + return new TestAuthorization(name, Collections.singleton(createClusterAdministratorGrantedAuthority())); + } + + private static GrantedAuthority createAdministratorGrantedAuthority() { + return new AmbariGrantedAuthority(createAdministratorPrivilegeEntity()); + } + + private static GrantedAuthority createClusterAdministratorGrantedAuthority() { + return new AmbariGrantedAuthority(createClusterAdministratorPrivilegeEntity()); + } + + private static PrivilegeEntity createAdministratorPrivilegeEntity() { + PrivilegeEntity privilegeEntity = new PrivilegeEntity(); + privilegeEntity.setResource(createAmbariResourceEntity()); + privilegeEntity.setPermission(createAdministratorPermission()); + return privilegeEntity; + } + + private static PrivilegeEntity createClusterAdministratorPrivilegeEntity() { + PrivilegeEntity privilegeEntity = new PrivilegeEntity(); + privilegeEntity.setResource(createClusterResourceEntity()); + privilegeEntity.setPermission(createClusterAdministratorPermission()); + return privilegeEntity; + } + + private static PermissionEntity createAdministratorPermission() { + PermissionEntity permissionEntity = new PermissionEntity(); + permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI)); + + Collection<RoleAuthorizationEntity> authorizations = new ArrayList<RoleAuthorizationEntity>(); + for (RoleAuthorization roleAuthorization : RoleAuthorization.values()) { + authorizations.add(createRoleAuthorizationEntity(roleAuthorization)); + } + + permissionEntity.setAuthorizations(authorizations); + + return permissionEntity; + } + + private static PermissionEntity createClusterAdministratorPermission() { + PermissionEntity permissionEntity = new PermissionEntity(); + permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setAuthorizations(Arrays.asList( + createRoleAuthorizationEntity(RoleAuthorization.CLUSTER_VIEW_ALERTS), + createRoleAuthorizationEntity(RoleAuthorization.CLUSTER_TOGGLE_ALERTS))); + + return permissionEntity; + } + + private static ResourceEntity createAmbariResourceEntity() { + ResourceEntity resourceEntity = new ResourceEntity(); + resourceEntity.setId(null); + resourceEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI)); + return resourceEntity; + } + + private static ResourceEntity createClusterResourceEntity() { + ResourceEntity resourceEntity = new ResourceEntity(); + resourceEntity.setId(2L); + resourceEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + return resourceEntity; + } + + private static ResourceTypeEntity createResourceTypeEntity(ResourceType resourceType) { + ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity(); + resourceTypeEntity.setId(resourceType.getId()); + resourceTypeEntity.setName(resourceType.name()); + return resourceTypeEntity; + } + + private static RoleAuthorizationEntity createRoleAuthorizationEntity(RoleAuthorization authorization) { + RoleAuthorizationEntity roleAuthorizationEntity = new RoleAuthorizationEntity(); + roleAuthorizationEntity.setAuthorizationId(authorization.getId()); + roleAuthorizationEntity.setAuthorizationName(authorization.name()); + return roleAuthorizationEntity; + } + + private static class TestAuthorization implements Authentication { + private final String name; + private final Collection<? extends GrantedAuthority> authorities; + + private TestAuthorization(String name, Collection<? extends GrantedAuthority> authorities) { + this.name = name; + this.authorities = authorities; + } + + @Override + public Collection<? extends GrantedAuthority> getAuthorities() { + return authorities; + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getDetails() { + return null; + } + + @Override + public Object getPrincipal() { + return null; + } + + @Override + public boolean isAuthenticated() { + return true; + } + + @Override + public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { + + } + + @Override + public String getName() { + return name; + } + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java index 2efab89..d4b7d5a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java @@ -43,9 +43,11 @@ import junit.framework.Assert; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ViewInstanceEntity.ViewInstanceVersionDTO; +import org.apache.ambari.server.security.authorization.internal.InternalAuthenticationToken; import org.apache.ambari.server.view.ViewRegistry; import org.easymock.EasyMock; import org.easymock.IAnswer; +import org.junit.BeforeClass; import org.junit.Test; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -58,6 +60,13 @@ import com.google.common.collect.Table.Cell; import org.springframework.security.core.context.SecurityContextHolder; public class AmbariAuthorizationFilterTest { + @BeforeClass + public static void setupAuthentication() { + // Set authenticated user so that authorization checks will pass + InternalAuthenticationToken authenticationToken = new InternalAuthenticationToken("admin"); + authenticationToken.setAuthenticated(true); + SecurityContextHolder.getContext().setAuthentication(authenticationToken); + } @Test public void testDoFilter_postPersist_hasOperatePermission() throws Exception { @@ -184,7 +193,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/any/other/URL", "GET", true); urlTests.put("/any/other/URL", "POST", true); - performGeneralDoFilterTest("admin", new int[] {PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("admin", new int[]{PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION}, urlTests, false); } @Test @@ -210,14 +219,14 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "POST", false); urlTests.put("/api/v1/users/user1", "GET", true); urlTests.put("/api/v1/users/user1", "POST", true); - urlTests.put("/api/v1/users/user2", "GET", false); - urlTests.put("/api/v1/users/user2", "POST", false); + urlTests.put("/api/v1/users/user2", "GET", true); + urlTests.put("/api/v1/users/user2", "POST", true); urlTests.put("/api/v1/groups", "GET", false); urlTests.put("/api/v1/ldap_sync_events", "GET", false); urlTests.put("/any/other/URL", "GET", true); urlTests.put("/any/other/URL", "POST", false); - performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_USER_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("user1", new int[]{PermissionEntity.CLUSTER_USER_PERMISSION}, urlTests, false); } @Test @@ -243,8 +252,8 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "POST", false); urlTests.put("/api/v1/users/user1", "GET", true); urlTests.put("/api/v1/users/user1", "POST", true); - urlTests.put("/api/v1/users/user2", "GET", false); - urlTests.put("/api/v1/users/user2", "POST", false); + urlTests.put("/api/v1/users/user2", "GET", true); + urlTests.put("/api/v1/users/user2", "POST", true); urlTests.put("/api/v1/groups", "GET", false); urlTests.put("/api/v1/ldap_sync_events", "GET", false); urlTests.put("/any/other/URL", "GET", true); @@ -276,8 +285,8 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "POST", false); urlTests.put("/api/v1/users/user1", "GET", true); urlTests.put("/api/v1/users/user1", "POST", true); - urlTests.put("/api/v1/users/user2", "GET", false); - urlTests.put("/api/v1/users/user2", "POST", false); + urlTests.put("/api/v1/users/user2", "GET", true); + urlTests.put("/api/v1/users/user2", "POST", true); urlTests.put("/api/v1/groups", "GET", false); urlTests.put("/api/v1/ldap_sync_events", "GET", false); urlTests.put("/any/other/URL", "GET", true); @@ -307,8 +316,8 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false); urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false); urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "POST", false); - urlTests.put("/api/v1/users/user1", "GET", false); - urlTests.put("/api/v1/users/user1", "POST", false); + urlTests.put("/api/v1/users/user1", "GET", true); + urlTests.put("/api/v1/users/user1", "POST", true); urlTests.put("/api/v1/users/user2", "GET", true); urlTests.put("/api/v1/users/user2", "POST", true); urlTests.put("/any/other/URL", "GET", true); @@ -437,54 +446,6 @@ public class AmbariAuthorizationFilterTest { } @Test - public void testParseUserName() throws Exception { - final String[] pathesToTest = { - "/api/v1/users/user", - "/api/v1/users/user?fields=*", - "/api/v22/users/user?fields=*" - }; - for (String contextPath: pathesToTest) { - final String username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("user", username); - } - } - - @Test - public void testParseUserNameSpecial() throws Exception { - String contextPath = "/api/v1/users/user%3F"; - String username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("user?", username); - - contextPath = "/api/v1/users/a%20b"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("a b", username); - - contextPath = "/api/v1/users/a%2Bb"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("a+b", username); - - contextPath = "/api/v1/users/a%21"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("a!", username); - - contextPath = "/api/v1/users/a%3D"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("a=", username); - - contextPath = "/api/v1/users/a%2Fb"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("a/b", username); - - contextPath = "/api/v1/users/a%23"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("a#", username); - - contextPath = "/api/v1/users/%3F%3F"; - username = AmbariAuthorizationFilter.parseUserName(contextPath); - Assert.assertEquals("??", username); - } - - @Test public void testParseViewContextPath() throws Exception { final String[] pathesToTest = { AmbariAuthorizationFilter.VIEWS_CONTEXT_PATH_PREFIX + "MY_VIEW/1.0.0/INSTANCE1",