Source Code of org.sonatype.security.realms.simple.SimpleRealmTest

/*
 * Sonatype Nexus (TM) Open Source Version
 * Copyright (c) 2007-2014 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
 *
 * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
 * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
 *
 * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
 * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
 * Eclipse Foundation. All other trademarks are the property of their respective owners.
 */
package org.sonatype.security.realms.simple;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

import org.sonatype.security.SecuritySystem;
import org.sonatype.security.authentication.AuthenticationException;
import org.sonatype.security.realms.AbstractRealmWithSecuritySystemTest;
import org.sonatype.security.realms.tools.ConfigurationManager;

import org.apache.commons.io.IOUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.junit.Assert;
import org.junit.Test;

public class SimpleRealmTest
    extends AbstractRealmWithSecuritySystemTest
{
  private final File confdir;

  public SimpleRealmTest() {
    this.confdir = new File("target/app-conf");
  }

  @Override
  protected File getConfDir() {
    return confdir;
  }

  @Override
  protected void setUp()
      throws Exception
  {
    super.setUp();
    getConfDir().mkdirs();
    // copy the tests nexus.xml and security.xml to the correct location
    copyTestConfigToPlace();
    // restart security
    lookup(ConfigurationManager.class, "legacydefault").clearCache();
    lookup(SecuritySystem.class).start();
  }

  private void copyTestConfigToPlace()
      throws IOException
  {
    ClassLoader ccl = Thread.currentThread().getContextClassLoader();
    try (InputStream nexusConf = ccl.getResourceAsStream("nexus.xml");
         InputStream security = ccl.getResourceAsStream("security.xml");
         InputStream securityConf = ccl.getResourceAsStream("security-configuration.xml");

         OutputStream nexusOut = new FileOutputStream(new File(confdir, "nexus.xml"));
         OutputStream securityOut = new FileOutputStream(new File(confdir, "security.xml"));
         OutputStream securityConfOut = new FileOutputStream(new File(confdir, "security-configuration.xml"))) {

      IOUtils.copy(nexusConf, nexusOut);
      IOUtils.copy(security, securityOut);
      IOUtils.copy(securityConf, securityConfOut);
    }
  }

  // Realm Tests

  /**
   * Test authentication with a valid user and password.
   */
  @Test
  public void testValidAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("admin-simple", "admin123");
    AuthenticationInfo authInfo = plexusSecurity.authenticate(token);

    // check
    Assert.assertNotNull(authInfo);
  }

  /**
   * Test authentication with a valid user and invalid password.
   */
  @Test
  public void testInvalidPasswordAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("admin-simple", "INVALID");

    try {
      plexusSecurity.authenticate(token);
    }
    catch (AuthenticationException e) {
      // expected
    }
  }

  /**
   * Test authentication with a invalid user and password.
   */
  @Test
  public void testInvalidUserAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("INVALID", "INVALID");

    try {
      plexusSecurity.authenticate(token);
    }
    catch (AuthenticationException e) {
      // expected
    }
  }

  //

  /**
   * Test authorization using the NexusMethodAuthorizingRealm. <BR/>
   * Take a look a the security.xml in src/test/resources this maps the users in the UserStore to nexus
   * roles/privileges
   */
  @Test
  public void testPrivileges()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);

    PrincipalCollection principal = new SimplePrincipalCollection("admin-simple", new SimpleRealm().getName());

    // test one of the privleges that the admin user has Repositories - (create,read)
    Assert.assertTrue(plexusSecurity.isPermitted(principal, "nexus:repositories:create"));
  }

  /**
   * Tests a valid privilege for an invalid user
   */
  @Test
  public void testPrivilegesInvalidUser()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);

    PrincipalCollection principal = new SimplePrincipalCollection("INVALID", SecuritySystem.class.getSimpleName());

    // test one of the privleges
    Assert.assertFalse(plexusSecurity.isPermitted(principal, "nexus:repositories:create"));// Repositories -
    // (create,read)

  }
}