示例#1
0
  /**
   * Tests that a deny rule expressed with an <b>External groupname</b> denies an operation
   * performed by a thread running by a user who belongs to the same group.
   */
  public void testExternalGroupMembershipDeniesOperation() {
    SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user3", "extGroup1"));

    final Result result =
        _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
    assertEquals(Result.DENIED, result);
  }
示例#2
0
  /**
   * Tests that an allow rule expressed with an <b>ACL groupname</b> allows an operation performed
   * by a thread running by a user who belongs to the same group..
   */
  public void testAclGroupMembershipAllowsOperation() {
    SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("member1"));

    final Result result =
        _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
    assertEquals(Result.ALLOWED, result);
  }
示例#3
0
  /** Tests that the catch all deny denies the operation and logs with the logging actor. */
  public void testCatchAllRuleDeniesUnrecognisedUsername() {
    SecurityManager.setThreadSubject(
        TestPrincipalUtils.createTestSubject("unknown", "unkgroup1", "unkgroup2"));

    assertEquals("Expecting zero messages before test", 0, messageLogger.getLogMessages().size());
    final Result result =
        _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
    assertEquals(Result.DENIED, result);

    assertEquals("Expecting one message before test", 1, messageLogger.getLogMessages().size());
    assertTrue(
        "Logged message does not contain expected string",
        messageLogger.messageContains(0, "ACL-1002"));
  }