/**
* Tests that a deny rule expressed with an <b>External groupname</b> denies an operation
* performed by a thread running by a user who belongs to the same group.
*/
public void testExternalGroupMembershipDeniesOperation() {
SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user3", "extGroup1"));
final Result result =
_plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
assertEquals(Result.DENIED, result);
}
/**
* Tests that an allow rule expressed with an <b>ACL groupname</b> allows an operation performed
* by a thread running by a user who belongs to the same group..
*/
public void testAclGroupMembershipAllowsOperation() {
SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("member1"));
final Result result =
_plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
assertEquals(Result.ALLOWED, result);
}
/** Tests that the catch all deny denies the operation and logs with the logging actor. */
public void testCatchAllRuleDeniesUnrecognisedUsername() {
SecurityManager.setThreadSubject(
TestPrincipalUtils.createTestSubject("unknown", "unkgroup1", "unkgroup2"));
assertEquals("Expecting zero messages before test", 0, messageLogger.getLogMessages().size());
final Result result =
_plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
assertEquals(Result.DENIED, result);
assertEquals("Expecting one message before test", 1, messageLogger.getLogMessages().size());
assertTrue(
"Logged message does not contain expected string",
messageLogger.messageContains(0, "ACL-1002"));
}