@Test
public void test01AddCustomUserDataSource() throws Exception {
log.trace(">test01AddCustomUserDataSource()");
boolean ret = false;
try {
CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer();
userdatasource.setClassPath(
"org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource");
userdatasource.setDescription("Used in Junit Test, Remove this one");
userDataSourceSession.addUserDataSource(admin, "TESTDUMMYCUSTOM", userdatasource);
ret = true;
} catch (UserDataSourceExistsException pee) {
}
assertTrue("Creating Custom UserDataSource failed", ret);
log.trace("<test01AddCustomUserDataSource()");
}
@Test
public void testIsAuthorizedToUserDataSource() throws Exception {
final String rolename = "testIsAuthorizedToUserDataSource";
Set<Principal> principals = new HashSet<Principal>();
principals.add(new X500Principal("CN=" + rolename));
TestX509CertificateAuthenticationToken adminNoAuth =
(TestX509CertificateAuthenticationToken)
simpleAuthenticationProvider.authenticate(new AuthenticationSubject(principals, null));
final int caid = CertTools.getIssuerDN(admin.getCertificate()).hashCode();
final String cN = CertTools.getPartFromDN(CertTools.getIssuerDN(admin.getCertificate()), "CN");
RoleData role = roleManagementSessionRemote.create(internalAdmin, rolename);
final String alias = "spacemonkeys";
try {
Collection<AccessUserAspectData> subjects = new ArrayList<AccessUserAspectData>();
subjects.add(
new AccessUserAspectData(
rolename,
caid,
X500PrincipalAccessMatchValue.WITH_COMMONNAME,
AccessMatchType.TYPE_EQUALCASE,
cN));
role = roleManagementSessionRemote.addSubjectsToRole(internalAdmin, role, subjects);
Collection<AccessRuleData> accessRules = new ArrayList<AccessRuleData>();
// Not authorized to user data sources
accessRules.add(
new AccessRuleData(
rolename,
AccessRulesConstants.REGULAR_EDITENDENTITYPROFILES,
AccessRuleState.RULE_ACCEPT,
true));
role = roleManagementSessionRemote.addAccessRulesToRole(internalAdmin, role, accessRules);
CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer();
userdatasource.setClassPath(
"org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource");
userdatasource.setDescription("Used in Junit Test, Remove this one");
// Test authorization to edit with an unauthorized admin
try {
userDataSourceSession.addUserDataSource(adminNoAuth, alias, userdatasource);
fail("admin should not have been authorized to edit user data source");
} catch (AuthorizationDeniedException e) {
assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
}
try {
userDataSourceSession.changeUserDataSource(adminNoAuth, alias, userdatasource);
fail("admin should not have been authorized to edit user data source");
} catch (AuthorizationDeniedException e) {
assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
}
// Add so we can try to clone, remove and rename
userDataSourceSession.addUserDataSource(internalAdmin, alias, userdatasource);
try {
userDataSourceSession.cloneUserDataSource(adminNoAuth, alias, "newmonkeys");
fail("admin should not have been authorized to edit user data source");
} catch (AuthorizationDeniedException e) {
assertEquals("Error, not authorized to user data source newmonkeys.", e.getMessage());
}
try {
userDataSourceSession.removeUserDataSource(adminNoAuth, alias);
fail("admin should not have been authorized to edit user data source");
} catch (AuthorizationDeniedException e) {
assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
}
try {
userDataSourceSession.renameUserDataSource(adminNoAuth, alias, "renamedmonkey");
fail("admin should not have been authorized to edit user data source");
} catch (AuthorizationDeniedException e) {
assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
}
} finally {
userDataSourceSession.removeUserDataSource(internalAdmin, alias);
roleManagementSessionRemote.remove(internalAdmin, rolename);
}
}