@Test public void test01AddCustomUserDataSource() throws Exception { log.trace(">test01AddCustomUserDataSource()"); boolean ret = false; try { CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer(); userdatasource.setClassPath( "org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource"); userdatasource.setDescription("Used in Junit Test, Remove this one"); userDataSourceSession.addUserDataSource(admin, "TESTDUMMYCUSTOM", userdatasource); ret = true; } catch (UserDataSourceExistsException pee) { } assertTrue("Creating Custom UserDataSource failed", ret); log.trace("<test01AddCustomUserDataSource()"); }
@Test public void testIsAuthorizedToUserDataSource() throws Exception { final String rolename = "testIsAuthorizedToUserDataSource"; Set<Principal> principals = new HashSet<Principal>(); principals.add(new X500Principal("CN=" + rolename)); TestX509CertificateAuthenticationToken adminNoAuth = (TestX509CertificateAuthenticationToken) simpleAuthenticationProvider.authenticate(new AuthenticationSubject(principals, null)); final int caid = CertTools.getIssuerDN(admin.getCertificate()).hashCode(); final String cN = CertTools.getPartFromDN(CertTools.getIssuerDN(admin.getCertificate()), "CN"); RoleData role = roleManagementSessionRemote.create(internalAdmin, rolename); final String alias = "spacemonkeys"; try { Collection<AccessUserAspectData> subjects = new ArrayList<AccessUserAspectData>(); subjects.add( new AccessUserAspectData( rolename, caid, X500PrincipalAccessMatchValue.WITH_COMMONNAME, AccessMatchType.TYPE_EQUALCASE, cN)); role = roleManagementSessionRemote.addSubjectsToRole(internalAdmin, role, subjects); Collection<AccessRuleData> accessRules = new ArrayList<AccessRuleData>(); // Not authorized to user data sources accessRules.add( new AccessRuleData( rolename, AccessRulesConstants.REGULAR_EDITENDENTITYPROFILES, AccessRuleState.RULE_ACCEPT, true)); role = roleManagementSessionRemote.addAccessRulesToRole(internalAdmin, role, accessRules); CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer(); userdatasource.setClassPath( "org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource"); userdatasource.setDescription("Used in Junit Test, Remove this one"); // Test authorization to edit with an unauthorized admin try { userDataSourceSession.addUserDataSource(adminNoAuth, alias, userdatasource); fail("admin should not have been authorized to edit user data source"); } catch (AuthorizationDeniedException e) { assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage()); } try { userDataSourceSession.changeUserDataSource(adminNoAuth, alias, userdatasource); fail("admin should not have been authorized to edit user data source"); } catch (AuthorizationDeniedException e) { assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage()); } // Add so we can try to clone, remove and rename userDataSourceSession.addUserDataSource(internalAdmin, alias, userdatasource); try { userDataSourceSession.cloneUserDataSource(adminNoAuth, alias, "newmonkeys"); fail("admin should not have been authorized to edit user data source"); } catch (AuthorizationDeniedException e) { assertEquals("Error, not authorized to user data source newmonkeys.", e.getMessage()); } try { userDataSourceSession.removeUserDataSource(adminNoAuth, alias); fail("admin should not have been authorized to edit user data source"); } catch (AuthorizationDeniedException e) { assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage()); } try { userDataSourceSession.renameUserDataSource(adminNoAuth, alias, "renamedmonkey"); fail("admin should not have been authorized to edit user data source"); } catch (AuthorizationDeniedException e) { assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage()); } } finally { userDataSourceSession.removeUserDataSource(internalAdmin, alias); roleManagementSessionRemote.remove(internalAdmin, rolename); } }