@Test
public void test() throws Exception {
// use admin
TestContext testContext = TestContainer.getInstance().getTestContext();
// user is created at security.xml
testContext.setUsername(NEXUS504_USER);
testContext.setPassword(TEST_USER_PASSWORD);
assertThat(UserCreationUtil.login(), hasStatusCode(403));
// add login privilege to role
testContext.useAdminForRequests();
RoleResource role = roleUtil.getRole(NEXUS504_ROLE);
role.addPrivilege("2" /* login */);
assertThat(
"Unable to add login privilege to role "
+ NEXUS504_ROLE
+ "\n"
+ RoleMessageUtil.update(role).getDescription(),
RoleMessageUtil.update(role),
isSuccess());
// try to login again
testContext.setUsername(NEXUS504_USER);
testContext.setPassword(TEST_USER_PASSWORD);
Status status2 = UserCreationUtil.login();
assertThat(status2, hasStatusCode(200));
}
@Test
public void createRoleTest() throws IOException {
RoleResource resource = new RoleResource();
resource.setDescription("Create Test Role");
resource.setName("CreateRole");
resource.setSessionTimeout(30);
resource.addPrivilege("1");
resource.addPrivilege("2");
this.messageUtil.createRole(resource);
}
@Test
public void listTest() throws IOException {
RoleResource resource = new RoleResource();
resource.setDescription("Create Test Role");
resource.setName("ListTestRole");
resource.setSessionTimeout(30);
resource.addPrivilege("1");
// create a role
this.messageUtil.createRole(resource);
// now that we have at least one element stored (more from other tests, most likely)
// NEED to work around a GET problem with the REST client
List<RoleResource> roles = this.messageUtil.getList();
getSecurityConfigUtil().verifyRolesComplete(roles);
}
@Test
@Category(SECURITY.class)
public void deletePriv() throws Exception {
RoleResource role = roleUtil.getRole(ROLE_ID);
Assert.assertNotNull(role);
MatcherAssert.assertThat(role.getPrivileges(), hasItems(PRIVS));
privUtil.assertExists(PRIVS);
// remove read
Assert.assertTrue(privUtil.delete(READ_PRIV_ID).getStatus().isSuccess());
role = roleUtil.getRole(ROLE_ID);
MatcherAssert.assertThat(role.getPrivileges(), not(hasItems(READ_PRIV_ID)));
MatcherAssert.assertThat(
role.getPrivileges(), hasItems(CREATE_PRIV_ID, UPDATE_PRIV_ID, DELETE_PRIV_ID));
// remove create
Assert.assertTrue(privUtil.delete(CREATE_PRIV_ID).getStatus().isSuccess());
role = roleUtil.getRole(ROLE_ID);
MatcherAssert.assertThat(role.getPrivileges(), not(hasItems(READ_PRIV_ID, CREATE_PRIV_ID)));
MatcherAssert.assertThat(role.getPrivileges(), hasItems(UPDATE_PRIV_ID, DELETE_PRIV_ID));
// remove update
Assert.assertTrue(privUtil.delete(UPDATE_PRIV_ID).getStatus().isSuccess());
role = roleUtil.getRole(ROLE_ID);
MatcherAssert.assertThat(
role.getPrivileges(), not(hasItems(READ_PRIV_ID, CREATE_PRIV_ID, UPDATE_PRIV_ID)));
MatcherAssert.assertThat(role.getPrivileges(), hasItems(DELETE_PRIV_ID));
// remove delete
Assert.assertTrue(privUtil.delete(DELETE_PRIV_ID).getStatus().isSuccess());
role = roleUtil.getRole(ROLE_ID);
MatcherAssert.assertThat(
role.getPrivileges(),
not(hasItems(READ_PRIV_ID, CREATE_PRIV_ID, UPDATE_PRIV_ID, DELETE_PRIV_ID)));
Assert.assertTrue(role.getPrivileges().isEmpty());
privUtil.assertNotExists(PRIVS);
}
@Test
public void deleteTest() throws IOException {
RoleResource resource = new RoleResource();
resource.setDescription("Delete Test Role");
resource.setName("deleteRole");
resource.setSessionTimeout(1);
resource.addPrivilege("7");
resource.addPrivilege("8");
RoleResource responseResource = this.messageUtil.createRole(resource);
// use the new ID
Response response = this.messageUtil.sendMessage(Method.DELETE, responseResource);
if (!response.getStatus().isSuccess()) {
Assert.fail("Could not delete Role: " + response.getStatus());
}
// TODO: check if deleted
Assert.assertNull(getSecurityConfigUtil().getCRole(responseResource.getId()));
}
public void readTest() throws IOException {
RoleResource resource = new RoleResource();
resource.setDescription("Read Test Role");
resource.setName("ReadRole");
resource.setSessionTimeout(31);
resource.addPrivilege("3");
resource.addPrivilege("4");
resource = this.messageUtil.createRole(resource);
// get the Resource object
RoleResource responseResource = this.messageUtil.getRole(resource.getId());
Assert.assertEquals(resource.getId(), responseResource.getId());
Assert.assertEquals(resource.getDescription(), responseResource.getDescription());
Assert.assertEquals(resource.getName(), responseResource.getName());
Assert.assertEquals(resource.getPrivileges(), responseResource.getPrivileges());
Assert.assertEquals(resource.getRoles(), responseResource.getRoles());
}
@Test
public void updateTest() throws IOException {
RoleResource resource = new RoleResource();
resource.setDescription("Update Test Role");
resource.setName("UpdateRole");
resource.setSessionTimeout(99999);
resource.addPrivilege("5");
resource.addPrivilege("4");
RoleResource responseResource = this.messageUtil.createRole(resource);
// update the Role
// TODO: add tests that changes the Id
resource.setId(responseResource.getId());
resource.setName("UpdateRole Again");
resource.setDescription("Update Test Role Again");
resource.getPrivileges().clear(); // clear the privs
resource.addPrivilege("6");
resource.setSessionTimeout(10);
Response response = this.messageUtil.sendMessage(Method.PUT, resource);
if (!response.getStatus().isSuccess()) {
Assert.fail("Could not update Role: " + response.getStatus());
}
// get the Resource object
responseResource = this.messageUtil.getResourceFromResponse(response);
Assert.assertEquals(resource.getId(), responseResource.getId());
Assert.assertEquals(resource.getDescription(), responseResource.getDescription());
Assert.assertEquals(resource.getName(), responseResource.getName());
Assert.assertEquals(resource.getSessionTimeout(), responseResource.getSessionTimeout());
Assert.assertEquals(resource.getPrivileges(), responseResource.getPrivileges());
Assert.assertEquals(resource.getRoles(), responseResource.getRoles());
getSecurityConfigUtil().verifyRole(resource);
}
