Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Major] Added persisting of sessions

This commit is contained in:
Robert von Burg 2015-10-16 13:16:27 +02:00
parent c6f531c08e
commit 5dc94514e1
16 changed files with 729 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/PrivilegeConfig.xml
View File

@ -5,6 +5,10 @@
<Parameters>
<!-- parameters for the container itself -->
<Parameter name="secretKey" value="5185F447-6317-4856-B40E-573919BA0A16" />
<Parameter name="secretSalt" value="00F6E88C-A64F-410A-8FCF-9CD340E340F7" />
<Parameter name="persistSessions" value="true" />
<Parameter name="persistSessionsPath" value="./target/${target}/sessions.dat" />
<Parameter name="autoPersistOnUserChangesData" value="true" />
<Parameter name="privilegeConflictResolution" value="STRICT" />
</Parameters>
@ -17,7 +21,7 @@
<PersistenceHandler class="ch.eitchnet.privilege.handler.XmlPersistenceHandler">
<Parameters>
<Parameter name="basePath" value="./target/testPrivilege" />
<Parameter name="basePath" value="./target/${target}" />
<Parameter name="modelXmlFile" value="PrivilegeModel.xml" />
</Parameters>
</PersistenceHandler>

2
config/PrivilegeConfigMerge.xml
View File

@ -17,7 +17,7 @@
<PersistenceHandler class="ch.eitchnet.privilege.handler.XmlPersistenceHandler">
<Parameters>
<Parameter name="basePath" value="./target/testPrivilege" />
<Parameter name="basePath" value="./target/${target}" />
<Parameter name="modelXmlFile" value="PrivilegeModelMerge.xml" />
</Parameters>
</PersistenceHandler>

239
src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -15,6 +15,11 @@
*/
package ch.eitchnet.privilege.handler;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
@ -31,6 +36,8 @@ import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -49,7 +56,11 @@ import ch.eitchnet.privilege.model.internal.PrivilegeImpl;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
import ch.eitchnet.privilege.xml.CertificateStubsDomWriter;
import ch.eitchnet.privilege.xml.CertificateStubsSaxReader;
import ch.eitchnet.privilege.xml.CertificateStubsSaxReader.CertificateStub;
import ch.eitchnet.utils.collections.Tuple;
import ch.eitchnet.utils.helper.AesCryptoHelper;
import ch.eitchnet.utils.helper.StringHelper;
/**
@ -107,6 +118,21 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
*/
private boolean autoPersistOnUserChangesData;
/**
* flag to define if sessions should be persisted
*/
private boolean persistSessions;
/**
* Path to sessions file for persistence
*/
private File persistSessionsPath;
/**
* Secret key
*/
private SecretKey secretKey;
private PrivilegeConflictResolution privilegeConflictResolution;
@Override
@ -159,6 +185,16 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
return policyDef;
}
@Override
public List<Certificate> getCertificates(Certificate certificate) {
// validate user actually has this type of privilege
PrivilegeContext prvCtx = getPrivilegeContext(certificate);
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ACTION, PRIVILEGE_ACTION_GET_CERTIFICATES));
return this.privilegeContextMap.values().stream().map(p -> p.getCertificate()).collect(Collectors.toList());
}
@Override
public List<RoleRep> getRoles(Certificate certificate) {
@ -958,8 +994,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
@Override
public Certificate authenticate(String username, byte[] password) {
// create certificate
Certificate certificate;
try {
// username must be at least 2 characters in length
if (username == null || username.length() < 2) {
@ -984,16 +1018,23 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String sessionId = UUID.randomUUID().toString();
// create a new certificate, with details of the user
certificate = new Certificate(sessionId, new Date(), username, user.getFirstname(), user.getLastname(),
authToken, user.getLocale(), userRoles, new HashMap<>(user.getProperties()));
Certificate certificate = new Certificate(sessionId, username, user.getFirstname(), user.getLastname(),
user.getUserState(), authToken, new Date(), user.getLocale(), userRoles,
new HashMap<>(user.getProperties()));
certificate.setLastAccess(new Date());
PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user);
this.privilegeContextMap.put(sessionId, privilegeContext);
persistSessions();
// log
DefaultPrivilegeHandler.logger
.info(MessageFormat.format("User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$
// return the certificate
return certificate;
} catch (RuntimeException e) {
String msg = "User {0} Failed to authenticate: {1}"; //$NON-NLS-1$
msg = MessageFormat.format(msg, username, e.getMessage());
@ -1002,9 +1043,88 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
} finally {
clearPassword(password);
}
}
// return the certificate
return certificate;
private boolean persistSessions() {
if (!this.persistSessions)
return false;
List<Certificate> sessions = this.privilegeContextMap.values().stream().map(p -> p.getCertificate())
.filter(c -> !c.getUserState().isSystem()).collect(Collectors.toList());
try (OutputStream outputStream = AesCryptoHelper.wrapEncrypt(this.secretKey,
new FileOutputStream(this.persistSessionsPath))) {
CertificateStubsDomWriter writer = new CertificateStubsDomWriter(sessions, outputStream);
writer.write();
outputStream.flush();
} catch (Exception e) {
throw new PrivilegeException("Failed to persist sessions!", e);
}
return true;
}
private boolean loadSessions() {
if (!this.persistSessions) {
logger.info("Persisteding of sessions not enabled, so not loading!.");
return false;
}
if (!this.persistSessionsPath.exists()) {
logger.info("No persisted sessions exist to be loaded.");
return false;
}
if (!this.persistSessionsPath.isFile())
throw new PrivilegeException(
"Sessions data file is not a file but exists at " + this.persistSessionsPath.getAbsolutePath());
List<CertificateStub> certificateStubs;
try (InputStream inputStream = AesCryptoHelper.wrapDecrypt(this.secretKey,
new FileInputStream(this.persistSessionsPath))) {
CertificateStubsSaxReader reader = new CertificateStubsSaxReader(inputStream);
certificateStubs = reader.read();
} catch (Exception e) {
throw new PrivilegeException("Failed to load sessions!", e);
}
if (certificateStubs.isEmpty()) {
logger.info("No persisted sessions exist to be loaded.");
return false;
}
for (CertificateStub certificateStub : certificateStubs) {
String username = certificateStub.getUsername();
String sessionId = certificateStub.getSessionId();
String authToken = certificateStub.getAuthToken();
User user = this.persistenceHandler.getUser(username);
if (user == null) {
logger.error("Ignoring session data for missing user " + username);
continue;
}
Set<String> userRoles = user.getRoles();
if (userRoles.isEmpty()) {
logger.error("Ignoring session data for user " + username + " which has not roles defined!");
continue;
}
// create a new certificate, with details of the user
Certificate certificate = new Certificate(sessionId, username, user.getFirstname(), user.getLastname(),
user.getUserState(), authToken, certificateStub.getLoginTime(), certificateStub.getLocale(),
userRoles, new HashMap<>(user.getProperties()));
certificate.setLastAccess(certificateStub.getLastAccess());
PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user);
this.privilegeContextMap.put(sessionId, privilegeContext);
}
logger.info("Loaded " + this.privilegeContextMap.size() + " sessions.");
return true;
}
/**
@ -1146,6 +1266,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// remove registration
PrivilegeContext privilegeContext = this.privilegeContextMap.remove(certificate.getSessionId());
// persist sessions
persistSessions();
// return true if object was really removed
boolean loggedOut = privilegeContext != null;
if (loggedOut)
@ -1236,6 +1359,16 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
return this.persistenceHandler.persist();
}
@Override
public boolean persistSessions(Certificate certificate) {
// validate who is doing this
PrivilegeContext prvCtx = getPrivilegeContext(certificate);
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ACTION, PRIVILEGE_ACTION_PERSIST_SESSIONS));
return persistSessions();
}
@Override
public boolean reload(Certificate certificate) {
@ -1273,8 +1406,29 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
this.encryptionHandler = encryptionHandler;
this.persistenceHandler = persistenceHandler;
handleAutoPersistOnUserDataChange(parameterMap);
handlePersistSessionsParam(parameterMap);
handleConflictResolutionParam(parameterMap);
handleSecretParams(parameterMap);
// validate policies on privileges of Roles
for (Role role : persistenceHandler.getAllRoles()) {
validatePolicies(role);
}
// validate privilege conflicts
validatePrivilegeConflicts();
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<String, PrivilegeContext>());
loadSessions();
this.initialized = true;
}
private void handleAutoPersistOnUserDataChange(Map<String, String> parameterMap) {
String autoPersistS = parameterMap.get(PARAM_AUTO_PERSIST_ON_USER_CHANGES_DATA);
if (autoPersistS == null || autoPersistS.equals(Boolean.FALSE.toString())) {
if (StringHelper.isEmpty(autoPersistS) || autoPersistS.equals(Boolean.FALSE.toString())) {
this.autoPersistOnUserChangesData = false;
} else if (autoPersistS.equals(Boolean.TRUE.toString())) {
this.autoPersistOnUserChangesData = true;
@ -1283,8 +1437,48 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String msg = "Parameter {0} has illegal value {1}. Overriding with {2}"; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_AUTO_PERSIST_ON_USER_CHANGES_DATA, autoPersistS, Boolean.FALSE);
logger.error(msg);
this.autoPersistOnUserChangesData = false;
}
}
private void handlePersistSessionsParam(Map<String, String> parameterMap) {
String persistSessionsS = parameterMap.get(PARAM_PERSIST_SESSIONS);
if (StringHelper.isEmpty(persistSessionsS) || persistSessionsS.equals(Boolean.FALSE.toString())) {
this.persistSessions = false;
} else if (persistSessionsS.equals(Boolean.TRUE.toString())) {
this.persistSessions = true;
String persistSessionsPathS = parameterMap.get(PARAM_PERSIST_SESSIONS_PATH);
if (StringHelper.isEmpty(persistSessionsPathS)) {
String msg = "Parameter {0} has illegal value {1}."; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPathS);
throw new PrivilegeException(msg);
}
File persistSessionsPath = new File(persistSessionsPathS);
if (!persistSessionsPath.getParentFile().isDirectory()) {
String msg = "Path for param {0} is invalid as parent does not exist or is not a directory. Value: {1}"; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPath.getAbsolutePath());
throw new PrivilegeException(msg);
}
if (persistSessionsPath.exists() && (!persistSessionsPath.isFile() || !persistSessionsPath.canWrite())) {
String msg = "Path for param {0} is invalid as file exists but is not a file or not writeable. Value: {1}"; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPath.getAbsolutePath());
throw new PrivilegeException(msg);
}
this.persistSessionsPath = persistSessionsPath;
logger.info("Enabling persistence of sessions."); //$NON-NLS-1$
} else {
String msg = "Parameter {0} has illegal value {1}. Overriding with {2}"; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS, persistSessionsS, Boolean.FALSE);
logger.error(msg);
this.persistSessions = false;
}
}
private void handleConflictResolutionParam(Map<String, String> parameterMap) {
String privilegeConflictResolutionS = parameterMap.get(PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
if (privilegeConflictResolutionS == null) {
this.privilegeConflictResolution = PrivilegeConflictResolution.STRICT;
@ -1301,17 +1495,28 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
}
logger.info("Privilege conflict resolution set to " + this.privilegeConflictResolution); //$NON-NLS-1$
}
// validate policies on privileges of Roles
for (Role role : persistenceHandler.getAllRoles()) {
validatePolicies(role);
private void handleSecretParams(Map<String, String> parameterMap) {
if (!this.persistSessions)
return;
String secretKeyS = parameterMap.get(PARAM_SECRET_KEY);
if (StringHelper.isEmpty(secretKeyS)) {
String msg = "Parameter {0} may not be empty if parameter {1} is enabled."; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_SECRET_KEY, PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
throw new PrivilegeException(msg);
}
// validate privilege conflicts
validatePrivilegeConflicts();
String secretSaltS = parameterMap.get(PARAM_SECRET_SALT);
if (StringHelper.isEmpty(secretSaltS)) {
String msg = "Parameter {0} may not be empty if parameter {1} is enabled."; //$NON-NLS-1$
msg = MessageFormat.format(msg, PARAM_SECRET_SALT, PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
throw new PrivilegeException(msg);
}
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<String, PrivilegeContext>());
this.initialized = true;
this.secretKey = AesCryptoHelper.buildSecret(secretKeyS.toCharArray(), secretSaltS.getBytes());
}
private void validatePrivilegeConflicts() {
@ -1502,8 +1707,10 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String sessionId = UUID.randomUUID().toString();
// create a new certificate, with details of the user
Certificate systemUserCertificate = new Certificate(sessionId, new Date(), systemUsername, user.getFirstname(),
user.getLastname(), authToken, user.getLocale(), user.getRoles(), new HashMap<>(user.getProperties()));
Certificate systemUserCertificate = new Certificate(sessionId, systemUsername, user.getFirstname(),
user.getLastname(), user.getUserState(), authToken, new Date(), user.getLocale(), user.getRoles(),
new HashMap<>(user.getProperties()));
systemUserCertificate.setLastAccess(new Date());
// create and save a new privilege context
PrivilegeContext privilegeContext = buildPrivilegeContext(systemUserCertificate, user);

56
src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java
View File

@ -55,6 +55,11 @@ public interface PrivilegeHandler {
* <code>allAllowed</code>
*/
public static final String PRIVILEGE_ACTION_PERSIST = "Persist";
/**
* For Privilege "PrivilegeAction" value required to be able to persist session if not exempted by
* <code>allAllowed</code>
*/
public static final String PRIVILEGE_ACTION_PERSIST_SESSIONS = "PersistSessions";
/**
* For Privilege "PrivilegeAction" value required to be able to reload changes if not exempted by
* <code>allAllowed</code>
@ -65,6 +70,14 @@ public interface PrivilegeHandler {
* <code>allAllowed</code>
*/
public static final String PRIVILEGE_ACTION_GET_POLICIES = "GetPolicies";
/**
* For Privilege "PrivilegeAction" value required to get a certificate if not <code>allAllowed</code>
*/
public static final String PRIVILEGE_ACTION_GET_CERTIFICATE = "GetCertificate";
/**
* For Privilege "PrivilegeAction" value required to get all certificates if not <code>allAllowed</code>
*/
public static final String PRIVILEGE_ACTION_GET_CERTIFICATES = "GetCertificates";
///
@ -131,11 +144,31 @@ public interface PrivilegeHandler {
///
/**
* configuration parameter to define a secret_key
*/
public static final String PARAM_SECRET_KEY = "secretKey"; //$NON-NLS-1$
/**
* configuration parameter to define a secret salt
*/
public static final String PARAM_SECRET_SALT = "secretSalt"; //$NON-NLS-1$
/**
* configuration parameter to define automatic persisting on password change
*/
public static final String PARAM_AUTO_PERSIST_ON_USER_CHANGES_DATA = "autoPersistOnUserChangesData"; //$NON-NLS-1$
/**
* configuration parameter to define if sessions should be persisted
*/
public static final String PARAM_PERSIST_SESSIONS = "persistSessions"; //$NON-NLS-1$
/**
* configuration parameter to define where sessions are to be persisted
*/
public static final String PARAM_PERSIST_SESSIONS_PATH = "persistSessionsPath"; //$NON-NLS-1$
/**
* configuration parameter to define {@link PrivilegeConflictResolution}
*/
@ -175,6 +208,16 @@ public interface PrivilegeHandler {
*/
public Map<String, String> getPolicyDefs(Certificate certificate);
/**
* Returns the list of {@link Certificate Certificates}
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
*
* @return the list of {@link Certificate Certificates}
*/
public List<Certificate> getCertificates(Certificate certificate);
/**
* Returns all {@link RoleRep RoleReps}
*
@ -607,6 +650,19 @@ public interface PrivilegeHandler {
*/
public boolean persist(Certificate certificate) throws AccessDeniedException;
/**
* Persists all currently active sessions
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
*
* @return true if changes were persisted, false if not (i.e. not enabled)
*
* @throws AccessDeniedException
* if the users of the given certificate does not have the privilege to perform this action
*/
public boolean persistSessions(Certificate certificate) throws AccessDeniedException;
/**
* Special method to perform work as a System user, meaning the given systemUsername corresponds to an account which
* has the state {@link UserState#SYSTEM} and this user must have privilege to perform the concrete implementation

8
src/main/java/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
View File

@ -104,8 +104,8 @@ public class XmlPersistenceHandler implements PersistenceHandler {
@Override
public void replaceUser(User user) {
if (!this.userMap.containsKey(user.getUsername()))
throw new IllegalStateException(MessageFormat.format(
"The user {0} can not be replaced as it does not exiset!", user.getUsername()));
throw new IllegalStateException(MessageFormat
.format("The user {0} can not be replaced as it does not exiset!", user.getUsername()));
this.userMap.put(user.getUsername(), user);
this.userMapDirty = true;
}
@ -121,8 +121,8 @@ public class XmlPersistenceHandler implements PersistenceHandler {
@Override
public void replaceRole(Role role) {
if (!this.roleMap.containsKey(role.getName()))
throw new IllegalStateException(MessageFormat.format(
"The role {0} can not be replaced as it does not exist!", role.getName()));
throw new IllegalStateException(
MessageFormat.format("The role {0} can not be replaced as it does not exist!", role.getName()));
this.roleMap.put(role.getName(), role);
this.roleMapDirty = true;
}

40
src/main/java/ch/eitchnet/privilege/helper/XmlConstants.java
View File

@ -48,6 +48,11 @@ public class XmlConstants {
*/
public static final String XML_ROOT_PRIVILEGE_USERS_AND_ROLES = "UsersAndRoles";
/**
* XML_ROOT_CERTIFICATES = "Certificates" :
*/
public static final String XML_ROOT_CERTIFICATES = "Certificates";
/**
* XML_HANDLER_PERSISTENCE = "PersistenceHandler" :
*/
@ -78,6 +83,16 @@ public class XmlConstants {
*/
public static final String XML_USERS = "Users";
/**
* XML_CERTIFICATE = "Certificate" :
*/
public static final String XML_CERTIFICATE = "Certificate";
/**
* XML_SESSION_DATA = "SessionData" :
*/
public static final String XML_SESSION_DATA = "SessionData";
/**
* XML_USER = "User"
*/
@ -153,6 +168,16 @@ public class XmlConstants {
*/
public static final String XML_ATTR_CLASS = "class";
/**
* XML_ATTR_LOGIN_TIME = "loginTime" :
*/
public static final String XML_ATTR_LOGIN_TIME = "loginTime";
/**
* XML_ATTR_LAST_ACCESS = "lastAccess" :
*/
public static final String XML_ATTR_LAST_ACCESS = "lastAccess";
/**
* XML_ATTR_NAME = "name" :
*/
@ -173,11 +198,26 @@ public class XmlConstants {
*/
public static final String XML_ATTR_USER_ID = "userId";
/**
* XML_ATTR_SESSION_ID = "sessionId" :
*/
public static final String XML_ATTR_SESSION_ID = "sessionId";
/**
* XML_ATTR_USERNAME = "username" :
*/
public static final String XML_ATTR_USERNAME = "username";
/**
* XML_ATTR_AUTH_TOKEN = "authToken" :
*/
public static final String XML_ATTR_AUTH_TOKEN = "authToken";
/**
* XML_ATTR_LOCALE = "locale" :
*/
public static final String XML_ATTR_LOCALE = "locale";
/**
* XML_ATTR_PASSWORD = "password" :
*/

32
src/main/java/ch/eitchnet/privilege/model/Certificate.java
View File

@ -18,7 +18,6 @@ package ch.eitchnet.privilege.model;
import java.io.Serializable;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@ -40,15 +39,15 @@ public final class Certificate implements Serializable {
private static final long serialVersionUID = 1L;
private final String sessionId;
private final Date loginTime;
private final String username;
private final String firstname;
private final String lastname;
private final UserState userState;
private final String authToken;
private final Date loginTime;
private final Set<String> userRoles;
private final Map<String, String> propertyMap;
private final Map<String, String> sessionDataMap;
private Locale locale;
private Date lastAccess;
@ -79,8 +78,8 @@ public final class Certificate implements Serializable {
* a {@link Map} containing string value pairs of properties for the logged in user. These properties can
* be edited and can be used for the user to change settings of this session
*/
public Certificate(String sessionId, Date loginTime, String username, String firstname, String lastname,
String authToken, Locale locale, Set<String> userRoles, Map<String, String> propertyMap) {
public Certificate(String sessionId, String username, String firstname, String lastname, UserState userState,
String authToken, Date loginTime, Locale locale, Set<String> userRoles, Map<String, String> propertyMap) {
// validate arguments are not null
if (StringHelper.isEmpty(sessionId)) {
@ -92,13 +91,17 @@ public final class Certificate implements Serializable {
if (StringHelper.isEmpty(authToken)) {
throw new PrivilegeException("authToken is null!"); //$NON-NLS-1$
}
if (userState == null) {
throw new PrivilegeException("userState is null!"); //$NON-NLS-1$
}
this.sessionId = sessionId;
this.loginTime = loginTime;
this.username = username;
this.firstname = firstname;
this.lastname = lastname;
this.userState = userState;
this.authToken = authToken;
this.loginTime = loginTime;
// if no locale is given, set default
if (locale == null)
@ -112,7 +115,6 @@ public final class Certificate implements Serializable {
this.propertyMap = Collections.unmodifiableMap(propertyMap);
this.userRoles = Collections.unmodifiableSet(userRoles);
this.sessionDataMap = new HashMap<>();
}
/**
@ -157,15 +159,6 @@ public final class Certificate implements Serializable {
return this.propertyMap.get(key);
}
/**
* Returns a mutable {@link Map} for storing session relevant data
*
* @return the sessionDataMap
*/
public Map<String, String> getSessionDataMap() {
return this.sessionDataMap;
}
/**
* @return the locale
*/
@ -209,6 +202,13 @@ public final class Certificate implements Serializable {
return this.lastname;
}
/**
* @return the userState
*/
public UserState getUserState() {
return userState;
}
/**
* @return the loginTime
*/

4
src/main/java/ch/eitchnet/privilege/model/UserState.java
View File

@ -53,4 +53,8 @@ public enum UserState {
* This is the System user state which is special and thus exempted from normal uses
*/
SYSTEM;
public boolean isSystem() {
return this == UserState.SYSTEM;
}
}

79
src/main/java/ch/eitchnet/privilege/xml/CertificateStubsDomWriter.java Normal file
View File

@ -0,0 +1,79 @@
/*
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.eitchnet.privilege.xml;
import java.io.OutputStream;
import java.util.List;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import ch.eitchnet.privilege.helper.XmlConstants;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.utils.helper.XmlHelper;
import ch.eitchnet.utils.iso8601.ISO8601FormatFactory;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
public class CertificateStubsDomWriter {
private List<Certificate> certificates;
private OutputStream outputStream;
public CertificateStubsDomWriter(List<Certificate> certificates, OutputStream outputStream) {
this.certificates = certificates;
this.outputStream = outputStream;
}
public void write() {
// create document root
Document doc = XmlHelper.createDocument();
Element rootElement = doc.createElement(XmlConstants.XML_ROOT_CERTIFICATES);
doc.appendChild(rootElement);
this.certificates.stream().sorted((c1, c2) -> c1.getSessionId().compareTo(c2.getSessionId())).forEach(cert -> {
// create the certificate element
Element certElement = doc.createElement(XmlConstants.XML_CERTIFICATE);
rootElement.appendChild(certElement);
// sessionId;
certElement.setAttribute(XmlConstants.XML_ATTR_SESSION_ID, cert.getSessionId());
// username;
certElement.setAttribute(XmlConstants.XML_ATTR_USERNAME, cert.getUsername());
// authToken;
certElement.setAttribute(XmlConstants.XML_ATTR_AUTH_TOKEN, cert.getAuthToken());
// locale;
certElement.setAttribute(XmlConstants.XML_ATTR_LOCALE, cert.getLocale().toString());
// loginTime;
certElement.setAttribute(XmlConstants.XML_ATTR_LOGIN_TIME,
ISO8601FormatFactory.getInstance().formatDate(cert.getLoginTime()));
// lastAccess;
certElement.setAttribute(XmlConstants.XML_ATTR_LAST_ACCESS,
ISO8601FormatFactory.getInstance().formatDate(cert.getLastAccess()));
});
// write the container file to disk
XmlHelper.writeDocument(doc, this.outputStream);
}
}

114
src/main/java/ch/eitchnet/privilege/xml/CertificateStubsSaxReader.java Normal file
View File

@ -0,0 +1,114 @@
/*
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.eitchnet.privilege.xml;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
import ch.eitchnet.privilege.base.PrivilegeException;
import ch.eitchnet.privilege.helper.XmlConstants;
import ch.eitchnet.utils.dbc.DBC;
import ch.eitchnet.utils.helper.XmlHelper;
import ch.eitchnet.utils.iso8601.ISO8601FormatFactory;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
public class CertificateStubsSaxReader extends DefaultHandler {
private InputStream inputStream;
private List<CertificateStub> stubs;
public CertificateStubsSaxReader(InputStream inputStream) {
this.inputStream = inputStream;
}
public List<CertificateStub> read() {
this.stubs = new ArrayList<>();
XmlHelper.parseDocument(this.inputStream, this);
return stubs;
}
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
switch (qName) {
case XmlConstants.XML_ROOT_CERTIFICATES:
break;
case XmlConstants.XML_CERTIFICATE:
CertificateStub stub = new CertificateStub();
stub.sessionId = attributes.getValue(XmlConstants.XML_ATTR_SESSION_ID);
stub.username = attributes.getValue(XmlConstants.XML_ATTR_USERNAME);
stub.authToken = attributes.getValue(XmlConstants.XML_ATTR_AUTH_TOKEN);
stub.locale = new Locale(attributes.getValue(XmlConstants.XML_ATTR_LOCALE));
stub.loginTime = ISO8601FormatFactory.getInstance()
.parseDate(attributes.getValue(XmlConstants.XML_ATTR_LOGIN_TIME));
stub.lastAccess = ISO8601FormatFactory.getInstance()
.parseDate(attributes.getValue(XmlConstants.XML_ATTR_LAST_ACCESS));
DBC.INTERIM.assertNotEmpty("sessionId missing on sessions data!", stub.sessionId);
DBC.INTERIM.assertNotEmpty("username missing on sessions data!", stub.username);
DBC.INTERIM.assertNotEmpty("authToken missing on sessions data!", stub.authToken);
this.stubs.add(stub);
break;
default:
throw new PrivilegeException("Unhandled tag " + qName);
}
}
public class CertificateStub {
private String sessionId;
private String username;
private String authToken;
private Locale locale;
private Date loginTime;
private Date lastAccess;
public String getSessionId() {
return sessionId;
}
public String getUsername() {
return username;
}
public String getAuthToken() {
return authToken;
}
public Locale getLocale() {
return locale;
}
public Date getLoginTime() {
return loginTime;
}
public Date getLastAccess() {
return lastAccess;
}
}
}

11
src/main/java/ch/eitchnet/privilege/xml/PrivilegeConfigSaxReader.java
View File

@ -32,8 +32,6 @@ import ch.eitchnet.privilege.model.internal.PrivilegeContainerModel;
*/
public class PrivilegeConfigSaxReader extends DefaultHandler {
// private static final Logger logger = LoggerFactory.getLogger(PrivilegeConfigSaxReader.class);
private Deque<ElementParser> buildersStack = new ArrayDeque<ElementParser>();
private PrivilegeContainerModel containerModel;
@ -109,7 +107,8 @@ public class PrivilegeConfigSaxReader extends DefaultHandler {
private String currentElement;
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
public void startElement(String uri, String localName, String qName, Attributes attributes)
throws SAXException {
if (qName.equals(XmlConstants.XML_CONTAINER)) {
this.currentElement = qName;
} else if (qName.equals(XmlConstants.XML_HANDLER_ENCRYPTION)) {
@ -147,7 +146,8 @@ public class PrivilegeConfigSaxReader extends DefaultHandler {
private Map<String, String> parameterMap = new HashMap<String, String>();
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
public void startElement(String uri, String localName, String qName, Attributes attributes)
throws SAXException {
if (qName.equals(XmlConstants.XML_PARAMETER)) {
String key = attributes.getValue(XmlConstants.XML_ATTR_NAME);
String value = attributes.getValue(XmlConstants.XML_ATTR_VALUE);
@ -168,7 +168,8 @@ public class PrivilegeConfigSaxReader extends DefaultHandler {
// <Policy name="DefaultPrivilege" class="ch.eitchnet.privilege.policy.DefaultPrivilege" />
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
public void startElement(String uri, String localName, String qName, Attributes attributes)
throws SAXException {
if (qName.equals(XmlConstants.XML_POLICY)) {
String policyName = attributes.getValue(XmlConstants.XML_ATTR_NAME);
String policyClassName = attributes.getValue(XmlConstants.XML_ATTR_CLASS);

112
src/test/java/ch/eitchnet/privilege/test/AbstractPrivilegeTest.java Normal file
View File

@ -0,0 +1,112 @@
package ch.eitchnet.privilege.test;
import static org.junit.Assert.assertTrue;
import java.io.File;
import java.nio.file.Files;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ch.eitchnet.privilege.base.PrivilegeException;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.helper.PrivilegeInitializationHelper;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.PrivilegeContext;
import ch.eitchnet.utils.helper.FileHelper;
public class AbstractPrivilegeTest {
protected static final Logger logger = LoggerFactory.getLogger(AbstractPrivilegeTest.class);
protected PrivilegeHandler privilegeHandler;
protected PrivilegeContext ctx;
protected void login(String username, byte[] password) {
Certificate certificate = privilegeHandler.authenticate(username, password);
assertTrue("Certificate is null!", certificate != null);
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
this.ctx = privilegeContext;
}
protected void logout() {
if (this.ctx != null) {
try {
PrivilegeContext privilegeContext = this.ctx;
this.ctx = null;
privilegeHandler.invalidateSession(privilegeContext.getCertificate());
} catch (PrivilegeException e) {
String msg = "There is no PrivilegeContext currently bound to the ThreadLocal!";
if (!e.getMessage().equals(msg))
throw e;
}
}
}
protected static void prepareConfigs(String dst, String configFilename, String modelFilename) {
try {
String pwd = System.getProperty("user.dir");
File configPath = new File(pwd, "config");
File privilegeConfigFile = new File(configPath, configFilename);
File privilegeModelFile = new File(configPath, modelFilename);
File targetPath = new File(pwd, "target/" + dst);
if (!targetPath.mkdirs())
throw new RuntimeException("Could not create parent " + targetPath);
File dstConfig = new File(targetPath, configFilename);
File dstModel = new File(targetPath, modelFilename);
// write config
String config = new String(Files.readAllBytes(privilegeConfigFile.toPath()), "UTF-8");
config = config.replace("${target}", dst);
Files.write(dstConfig.toPath(), config.getBytes("UTF-8"));
// copy model
Files.copy(privilegeModelFile.toPath(), dstModel.toPath());
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Initialization failed", e);
}
}
protected static void removeConfigs(String dst) {
try {
String pwd = System.getProperty("user.dir");
File targetPath = new File(pwd, "target");
targetPath = new File(targetPath, dst);
if (targetPath.exists() && !FileHelper.deleteFile(targetPath, true)) {
throw new RuntimeException(
"Tmp configuration still exists and can not be deleted at " + targetPath.getAbsolutePath());
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Initialization failed", e);
}
}
protected static File getPrivilegeConfigFile(String dst, String configFilename) {
try {
String pwd = System.getProperty("user.dir");
File targetPath = new File(pwd, "target");
targetPath = new File(targetPath, dst);
return new File(targetPath, configFilename);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Initialization failed", e);
}
}
protected void initialize(String dst, String configFilename) {
try {
File privilegeConfigFile = getPrivilegeConfigFile(dst, configFilename);
this.privilegeHandler = PrivilegeInitializationHelper.initializeFromXml(privilegeConfigFile);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Initialization failed", e);
}
}
}

47
src/test/java/ch/eitchnet/privilege/test/PersistSessionsTest.java Normal file
View File

@ -0,0 +1,47 @@
package ch.eitchnet.privilege.test;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.io.File;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
public class PersistSessionsTest extends AbstractPrivilegeTest {
@BeforeClass
public static void init() throws Exception {
removeConfigs(PersistSessionsTest.class.getSimpleName());
prepareConfigs(PersistSessionsTest.class.getSimpleName(), "PrivilegeConfig.xml", "PrivilegeModel.xml");
}
@AfterClass
public static void destroy() throws Exception {
removeConfigs(PersistSessionsTest.class.getSimpleName());
}
@Before
public void setup() throws Exception {
initialize(PersistSessionsTest.class.getSimpleName(), "PrivilegeConfig.xml");
}
@Test
public void shouldPersistAndReloadSessions() {
// assert no sessions file
File sessionsFile = new File("target/PersistSessionsTest/sessions.dat");
assertFalse("Sessions File should no yet exist", sessionsFile.exists());
// login and assert sessions file was written
login("admin", "admin".getBytes());
this.privilegeHandler.isCertificateValid(ctx.getCertificate());
assertTrue("Sessions File should have been created!", sessionsFile.isFile());
// re-initialize and assert still logged in
initialize(PersistSessionsTest.class.getSimpleName(), "PrivilegeConfig.xml");
this.privilegeHandler.isCertificateValid(ctx.getCertificate());
}
}

99
src/test/java/ch/eitchnet/privilege/test/PrivilegeConflictMergeTest.java
View File

@ -19,120 +19,33 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.io.File;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ch.eitchnet.privilege.base.PrivilegeException;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.helper.PrivilegeInitializationHelper;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.IPrivilege;
import ch.eitchnet.privilege.model.PrivilegeContext;
import ch.eitchnet.utils.helper.FileHelper;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
public class PrivilegeConflictMergeTest {
private static final Logger logger = LoggerFactory.getLogger(PrivilegeConflictMergeTest.class);
public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
@BeforeClass
public static void init() throws Exception {
try {
destroy();
// copy configuration to tmp
String pwd = System.getProperty("user.dir");
File origPrivilegeModelFile = new File(pwd + "/config/PrivilegeModelMerge.xml");
File tmpPrivilegeModelFile = new File(pwd + "/target/testPrivilege/PrivilegeModelMerge.xml");
if (tmpPrivilegeModelFile.exists() && !tmpPrivilegeModelFile.delete()) {
throw new RuntimeException("Tmp configuration still exists and can not be deleted at "
+ tmpPrivilegeModelFile.getAbsolutePath());
}
File parentFile = tmpPrivilegeModelFile.getParentFile();
if (!parentFile.exists()) {
if (!parentFile.mkdirs())
throw new RuntimeException("Could not create parent for tmp " + tmpPrivilegeModelFile);
}
if (!FileHelper.copy(origPrivilegeModelFile, tmpPrivilegeModelFile, true))
throw new RuntimeException("Failed to copy " + origPrivilegeModelFile + " to " + tmpPrivilegeModelFile);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Initialization failed: " + e.getLocalizedMessage(), e);
}
removeConfigs(PrivilegeConflictMergeTest.class.getSimpleName());
prepareConfigs(PrivilegeConflictMergeTest.class.getSimpleName(), "PrivilegeConfigMerge.xml",
"PrivilegeModelMerge.xml");
}
@AfterClass
public static void destroy() throws Exception {
// delete temporary file
String pwd = System.getProperty("user.dir");
File tmpPrivilegeModelFile = new File(pwd + "/target/testPrivilege/PrivilegeModelMerge.xml");
if (tmpPrivilegeModelFile.exists() && !tmpPrivilegeModelFile.delete()) {
throw new RuntimeException("Tmp configuration still exists and can not be deleted at "
+ tmpPrivilegeModelFile.getAbsolutePath());
}
// and temporary parent
File parentFile = tmpPrivilegeModelFile.getParentFile();
if (parentFile.exists() && !parentFile.delete()) {
throw new RuntimeException("Could not remove temporary parent for tmp " + tmpPrivilegeModelFile);
}
removeConfigs(PrivilegeConflictMergeTest.class.getSimpleName());
}
private PrivilegeHandler privilegeHandler;
private PrivilegeContext ctx;
@Before
public void setup() throws Exception {
try {
String pwd = System.getProperty("user.dir");
File privilegeConfigFile = new File(pwd + "/config/PrivilegeConfigMerge.xml");
// initialize privilege
privilegeHandler = PrivilegeInitializationHelper.initializeFromXml(privilegeConfigFile);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Setup failed: " + e.getLocalizedMessage(), e);
}
}
private void login(String username, byte[] password) {
Certificate certificate = privilegeHandler.authenticate(username, password);
assertTrue("Certificate is null!", certificate != null);
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
this.ctx = privilegeContext;
}
private void logout() {
if (this.ctx != null) {
try {
PrivilegeContext privilegeContext = this.ctx;
this.ctx = null;
privilegeHandler.invalidateSession(privilegeContext.getCertificate());
} catch (PrivilegeException e) {
String msg = "There is no PrivilegeContext currently bound to the ThreadLocal!";
if (!e.getMessage().equals(msg))
throw e;
}
}
initialize(PrivilegeConflictMergeTest.class.getSimpleName(), "PrivilegeConfigMerge.xml");
}
@Test

111
src/test/java/ch/eitchnet/privilege/test/PrivilegeTest.java
View File

@ -17,10 +17,8 @@ package ch.eitchnet.privilege.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.File;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
@ -42,10 +40,8 @@ import org.slf4j.LoggerFactory;
import ch.eitchnet.privilege.base.AccessDeniedException;
import ch.eitchnet.privilege.base.PrivilegeException;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.helper.PrivilegeInitializationHelper;
import ch.eitchnet.privilege.i18n.PrivilegeMessages;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.PrivilegeContext;
import ch.eitchnet.privilege.model.PrivilegeRep;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.RoleRep;
@ -55,7 +51,6 @@ import ch.eitchnet.privilege.test.model.TestRestrictable;
import ch.eitchnet.privilege.test.model.TestSystemUserAction;
import ch.eitchnet.privilege.test.model.TestSystemUserActionDeny;
import ch.eitchnet.utils.helper.ArraysHelper;
import ch.eitchnet.utils.helper.FileHelper;
/**
* JUnit for performing Privilege tests. This JUnit is by no means complete, but checks the bare minimum.br />
@ -65,7 +60,7 @@ import ch.eitchnet.utils.helper.FileHelper;
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@SuppressWarnings("nls")
public class PrivilegeTest {
public class PrivilegeTest extends AbstractPrivilegeTest {
private static final String ROLE_PRIVILEGE_ADMIN = "PrivilegeAdmin";
private static final String PRIVILEGE_USER_ACCESS = "UserAccessPrivilege";
@ -91,96 +86,20 @@ public class PrivilegeTest {
@Rule
public ExpectedException exception = ExpectedException.none();
private static PrivilegeHandler privilegeHandler;
private PrivilegeContext ctx;
@BeforeClass
public static void init() throws Exception {
try {
destroy();
// copy configuration to tmp
String pwd = System.getProperty("user.dir");
File origPrivilegeModelFile = new File(pwd + "/config/PrivilegeModel.xml");
File tmpPrivilegeModelFile = new File(pwd + "/target/testPrivilege/PrivilegeModel.xml");
if (tmpPrivilegeModelFile.exists() && !tmpPrivilegeModelFile.delete()) {
throw new RuntimeException("Tmp configuration still exists and can not be deleted at "
+ tmpPrivilegeModelFile.getAbsolutePath());
}
File parentFile = tmpPrivilegeModelFile.getParentFile();
if (!parentFile.exists()) {
if (!parentFile.mkdirs())
throw new RuntimeException("Could not create parent for tmp " + tmpPrivilegeModelFile);
}
if (!FileHelper.copy(origPrivilegeModelFile, tmpPrivilegeModelFile, true))
throw new RuntimeException("Failed to copy " + origPrivilegeModelFile + " to " + tmpPrivilegeModelFile);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Initialization failed: " + e.getLocalizedMessage(), e);
}
removeConfigs(PrivilegeTest.class.getSimpleName());
prepareConfigs(PrivilegeTest.class.getSimpleName(), "PrivilegeConfig.xml", "PrivilegeModel.xml");
}
@AfterClass
public static void destroy() throws Exception {
// delete temporary file
String pwd = System.getProperty("user.dir");
File tmpPrivilegeModelFile = new File(pwd + "/target/testPrivilege/PrivilegeModel.xml");
if (tmpPrivilegeModelFile.exists() && !tmpPrivilegeModelFile.delete()) {
throw new RuntimeException("Tmp configuration still exists and can not be deleted at "
+ tmpPrivilegeModelFile.getAbsolutePath());
}
// and temporary parent
File parentFile = tmpPrivilegeModelFile.getParentFile();
if (parentFile.exists() && !parentFile.delete()) {
throw new RuntimeException("Could not remove temporary parent for tmp " + tmpPrivilegeModelFile);
}
removeConfigs(PrivilegeTest.class.getSimpleName());
}
@Before
public void setup() throws Exception {
try {
String pwd = System.getProperty("user.dir");
File privilegeConfigFile = new File(pwd + "/config/PrivilegeConfig.xml");
// initialize privilege
privilegeHandler = PrivilegeInitializationHelper.initializeFromXml(privilegeConfigFile);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RuntimeException("Setup failed: " + e.getLocalizedMessage(), e);
}
}
private void login(String username, byte[] password) {
Certificate certificate = privilegeHandler.authenticate(username, password);
assertTrue("Certificate is null!", certificate != null);
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
this.ctx = privilegeContext;
}
private void logout() {
if (this.ctx != null) {
try {
PrivilegeContext privilegeContext = this.ctx;
this.ctx = null;
privilegeHandler.invalidateSession(privilegeContext.getCertificate());
} catch (PrivilegeException e) {
String msg = "There is no PrivilegeContext currently bound to the ThreadLocal!";
if (!e.getMessage().equals(msg))
throw e;
}
}
initialize(PrivilegeTest.class.getSimpleName(), "PrivilegeConfig.xml");
}
@Test
@ -258,8 +177,8 @@ public class PrivilegeTest {
@Test
public void testPerformSystemRestrictableFailPrivilege() throws Exception {
this.exception.expect(PrivilegeException.class);
this.exception
.expectMessage("User system_admin does not have the privilege ch.eitchnet.privilege.handler.SystemUserAction");
this.exception.expectMessage(
"User system_admin does not have the privilege ch.eitchnet.privilege.handler.SystemUserAction");
try {
// create the action to be performed as a system user
TestSystemUserActionDeny action = new TestSystemUserActionDeny();
@ -277,8 +196,8 @@ public class PrivilegeTest {
@Test
public void testPerformSystemRestrictableFailNoAdditionalPrivilege() throws Exception {
this.exception.expect(PrivilegeException.class);
this.exception
.expectMessage("User system_admin2 does not have the privilege ch.eitchnet.privilege.handler.SystemUserAction needed for Restrictable ch.eitchnet.privilege.test.model.TestSystemUserActionDeny");
this.exception.expectMessage(
"User system_admin2 does not have the privilege ch.eitchnet.privilege.handler.SystemUserAction needed for Restrictable ch.eitchnet.privilege.test.model.TestSystemUserActionDeny");
try {
// create the action to be performed as a system user
TestSystemUserActionDeny action = new TestSystemUserActionDeny();
@ -398,8 +317,8 @@ public class PrivilegeTest {
Certificate certificate = this.ctx.getCertificate();
UserRep selectorRep = new UserRep(null, null, null, null, null, new HashSet<>(
Arrays.asList("PrivilegeAdmin")), null, null);
UserRep selectorRep = new UserRep(null, null, null, null, null,
new HashSet<>(Arrays.asList("PrivilegeAdmin")), null, null);
List<UserRep> users = privilegeHandler.queryUsers(certificate, selectorRep);
assertEquals(1, users.size());
assertEquals(ADMIN, users.get(0).getUsername());
@ -590,8 +509,8 @@ public class PrivilegeTest {
PrivilegeRep passwordRep = new PrivilegeRep(PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD,
PRIVILEGE_USER_ACCESS, false, Collections.emptySet(), Collections.emptySet());
PrivilegeRep localeRep = new PrivilegeRep(PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE,
PRIVILEGE_USER_ACCESS, false, Collections.emptySet(), Collections.emptySet());
PrivilegeRep localeRep = new PrivilegeRep(PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE, PRIVILEGE_USER_ACCESS,
false, Collections.emptySet(), Collections.emptySet());
RoleRep roleRep = new RoleRep(ROLE_CHANGE_PW, Arrays.asList(passwordRep, localeRep));
@ -818,8 +737,8 @@ public class PrivilegeTest {
login(ADMIN, ArraysHelper.copyOf(PASS_ADMIN));
// let's add a new user bob
UserRep userRep = new UserRep(null, BOB, "Bob", "Newman", UserState.NEW, new HashSet<String>(
Arrays.asList(ROLE_MY)), null, new HashMap<String, String>());
UserRep userRep = new UserRep(null, BOB, "Bob", "Newman", UserState.NEW,
new HashSet<String>(Arrays.asList(ROLE_MY)), null, new HashMap<String, String>());
Certificate certificate = this.ctx.getCertificate();
privilegeHandler.addUser(certificate, userRep, null);
logger.info("Added user " + BOB);

2
src/test/java/ch/eitchnet/privilege/test/XmlTest.java
View File

@ -120,7 +120,7 @@ public class XmlTest {
assertNotNull(containerModel.getPersistenceHandlerClassName());
assertNotNull(containerModel.getPersistenceHandlerParameterMap());
assertEquals(2, containerModel.getParameterMap().size());
assertEquals(6, containerModel.getParameterMap().size());
assertEquals(3, containerModel.getPolicies().size());
assertEquals(1, containerModel.getEncryptionHandlerParameterMap().size());
assertEquals(2, containerModel.getPersistenceHandlerParameterMap().size());