コード例 #1
0
  @Test
  public void test01AddCustomUserDataSource() throws Exception {
    log.trace(">test01AddCustomUserDataSource()");
    boolean ret = false;
    try {
      CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer();
      userdatasource.setClassPath(
          "org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource");
      userdatasource.setDescription("Used in Junit Test, Remove this one");
      userDataSourceSession.addUserDataSource(admin, "TESTDUMMYCUSTOM", userdatasource);
      ret = true;
    } catch (UserDataSourceExistsException pee) {
    }

    assertTrue("Creating Custom UserDataSource failed", ret);
    log.trace("<test01AddCustomUserDataSource()");
  }
コード例 #2
0
  @Test
  public void testIsAuthorizedToUserDataSource() throws Exception {
    final String rolename = "testIsAuthorizedToUserDataSource";
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new X500Principal("CN=" + rolename));
    TestX509CertificateAuthenticationToken adminNoAuth =
        (TestX509CertificateAuthenticationToken)
            simpleAuthenticationProvider.authenticate(new AuthenticationSubject(principals, null));

    final int caid = CertTools.getIssuerDN(admin.getCertificate()).hashCode();
    final String cN = CertTools.getPartFromDN(CertTools.getIssuerDN(admin.getCertificate()), "CN");
    RoleData role = roleManagementSessionRemote.create(internalAdmin, rolename);
    final String alias = "spacemonkeys";
    try {
      Collection<AccessUserAspectData> subjects = new ArrayList<AccessUserAspectData>();
      subjects.add(
          new AccessUserAspectData(
              rolename,
              caid,
              X500PrincipalAccessMatchValue.WITH_COMMONNAME,
              AccessMatchType.TYPE_EQUALCASE,
              cN));
      role = roleManagementSessionRemote.addSubjectsToRole(internalAdmin, role, subjects);
      Collection<AccessRuleData> accessRules = new ArrayList<AccessRuleData>();
      // Not authorized to user data sources
      accessRules.add(
          new AccessRuleData(
              rolename,
              AccessRulesConstants.REGULAR_EDITENDENTITYPROFILES,
              AccessRuleState.RULE_ACCEPT,
              true));
      role = roleManagementSessionRemote.addAccessRulesToRole(internalAdmin, role, accessRules);

      CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer();
      userdatasource.setClassPath(
          "org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource");
      userdatasource.setDescription("Used in Junit Test, Remove this one");

      // Test authorization to edit with an unauthorized admin
      try {
        userDataSourceSession.addUserDataSource(adminNoAuth, alias, userdatasource);
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }
      try {
        userDataSourceSession.changeUserDataSource(adminNoAuth, alias, userdatasource);
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }
      // Add so we can try to clone, remove and rename
      userDataSourceSession.addUserDataSource(internalAdmin, alias, userdatasource);
      try {
        userDataSourceSession.cloneUserDataSource(adminNoAuth, alias, "newmonkeys");
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source newmonkeys.", e.getMessage());
      }
      try {
        userDataSourceSession.removeUserDataSource(adminNoAuth, alias);
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }
      try {
        userDataSourceSession.renameUserDataSource(adminNoAuth, alias, "renamedmonkey");
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }

    } finally {
      userDataSourceSession.removeUserDataSource(internalAdmin, alias);
      roleManagementSessionRemote.remove(internalAdmin, rolename);
    }
  }