|
|
@ -23,18 +23,17 @@ import org.apache.commons.logging.Log;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
import org.mockito.Mockito;
|
|
|
|
import org.mockito.Mockito;
|
|
|
|
import org.testng.Assert;
|
|
|
|
import org.testng.Assert;
|
|
|
|
|
|
|
|
import org.testng.annotations.AfterClass;
|
|
|
|
import org.testng.annotations.BeforeClass;
|
|
|
|
import org.testng.annotations.BeforeClass;
|
|
|
|
import org.testng.annotations.Test;
|
|
|
|
import org.testng.annotations.Test;
|
|
|
|
import org.wso2.carbon.CarbonConstants;
|
|
|
|
import org.wso2.carbon.CarbonConstants;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
import org.wso2.carbon.device.mgt.common.Device;
|
|
|
|
import org.wso2.carbon.device.mgt.common.*;
|
|
|
|
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
|
|
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.DeviceNotFoundException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
|
|
|
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
|
|
|
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
|
|
|
|
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
|
|
|
|
import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
|
|
|
|
import org.wso2.carbon.device.mgt.common.permission.mgt.*;
|
|
|
|
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
|
|
|
import org.wso2.carbon.device.mgt.core.TestDeviceManagementService;
|
|
|
|
import org.wso2.carbon.device.mgt.core.TestDeviceManagementService;
|
|
|
|
import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest;
|
|
|
|
import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest;
|
|
|
|
import org.wso2.carbon.device.mgt.core.common.TestDataHolder;
|
|
|
|
import org.wso2.carbon.device.mgt.core.common.TestDataHolder;
|
|
|
@ -50,19 +49,21 @@ import org.wso2.carbon.registry.core.exceptions.RegistryException;
|
|
|
|
import org.wso2.carbon.registry.core.internal.RegistryDataHolder;
|
|
|
|
import org.wso2.carbon.registry.core.internal.RegistryDataHolder;
|
|
|
|
import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService;
|
|
|
|
import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService;
|
|
|
|
import org.wso2.carbon.registry.core.service.RegistryService;
|
|
|
|
import org.wso2.carbon.registry.core.service.RegistryService;
|
|
|
|
import org.wso2.carbon.user.api.*;
|
|
|
|
import org.wso2.carbon.user.api.UserStoreException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.user.api.UserStoreManager;
|
|
|
|
import org.wso2.carbon.user.api.Permission;
|
|
|
|
import org.wso2.carbon.user.api.Permission;
|
|
|
|
import org.wso2.carbon.user.core.service.RealmService;
|
|
|
|
import org.wso2.carbon.user.core.service.RealmService;
|
|
|
|
import org.wso2.carbon.user.core.tenant.JDBCTenantManager;
|
|
|
|
import org.wso2.carbon.user.core.tenant.JDBCTenantManager;
|
|
|
|
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
|
|
|
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
|
|
|
|
|
|
|
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.util.*;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
|
|
|
import java.util.Map;
|
|
|
|
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
|
|
|
|
|
|
|
public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest {
|
|
|
|
public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest {
|
|
|
|
private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class);
|
|
|
|
private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class);
|
|
|
|
private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService;
|
|
|
|
|
|
|
|
private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE";
|
|
|
|
private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE";
|
|
|
|
private static final int NO_OF_DEVICES = 5;
|
|
|
|
private static final int NO_OF_DEVICES = 5;
|
|
|
|
private static final String ADMIN_USER = "admin";
|
|
|
|
private static final String ADMIN_USER = "admin";
|
|
|
@ -81,6 +82,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
private static final String LAST_NAME = "lastName";
|
|
|
|
private static final String LAST_NAME = "lastName";
|
|
|
|
private static final String EMAIL = "email";
|
|
|
|
private static final String EMAIL = "email";
|
|
|
|
private static final String PASSWORD = "password";
|
|
|
|
private static final String PASSWORD = "password";
|
|
|
|
|
|
|
|
private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService;
|
|
|
|
private List<DeviceIdentifier> deviceIds = new ArrayList<>();
|
|
|
|
private List<DeviceIdentifier> deviceIds = new ArrayList<>();
|
|
|
|
private List<DeviceIdentifier> groupDeviceIds = new ArrayList<>();
|
|
|
|
private List<DeviceIdentifier> groupDeviceIds = new ArrayList<>();
|
|
|
|
private Map<String, String> defaultUserClaims;
|
|
|
|
private Map<String, String> defaultUserClaims;
|
|
|
@ -88,7 +90,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
@BeforeClass
|
|
|
|
@BeforeClass
|
|
|
|
public void init() throws Exception {
|
|
|
|
public void init() throws Exception {
|
|
|
|
DeviceConfigurationManager.getInstance().initConfig();
|
|
|
|
DeviceConfigurationManager.getInstance().initConfig();
|
|
|
|
log.info("Initializing");
|
|
|
|
log.info("Initializing test environment to test DeviceAccessAuthorization Class");
|
|
|
|
for (int i = 0; i < NO_OF_DEVICES; i++) {
|
|
|
|
for (int i = 0; i < NO_OF_DEVICES; i++) {
|
|
|
|
deviceIds.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE));
|
|
|
|
deviceIds.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE));
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -97,7 +99,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
DeviceManagementServiceComponent.notifyStartupListeners();
|
|
|
|
DeviceManagementServiceComponent.notifyStartupListeners();
|
|
|
|
DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService);
|
|
|
|
DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService);
|
|
|
|
DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService());
|
|
|
|
DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService());
|
|
|
|
DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl());
|
|
|
|
DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new
|
|
|
|
|
|
|
|
GroupManagementProviderServiceImpl());
|
|
|
|
DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null);
|
|
|
|
DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null);
|
|
|
|
deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE,
|
|
|
|
deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE,
|
|
|
|
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME));
|
|
|
|
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME));
|
|
|
@ -110,9 +113,13 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
throw new Exception("Incorrect device with ID - " + device.getDeviceIdentifier() + " returned!");
|
|
|
|
throw new Exception("Incorrect device with ID - " + device.getDeviceIdentifier() + " returned!");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS);
|
|
|
|
deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class,
|
|
|
|
|
|
|
|
Mockito.CALLS_REAL_METHODS);
|
|
|
|
defaultUserClaims = buildDefaultUserClaims(FIRST_NAME, LAST_NAME, EMAIL);
|
|
|
|
defaultUserClaims = buildDefaultUserClaims(FIRST_NAME, LAST_NAME, EMAIL);
|
|
|
|
initializeTestEnvironment();
|
|
|
|
initializeTestEnvironment();
|
|
|
|
|
|
|
|
//Starting tenant flow
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private RegistryService getRegistryService() throws RegistryException, UserStoreException {
|
|
|
|
private RegistryService getRegistryService() throws RegistryException, UserStoreException {
|
|
|
@ -122,7 +129,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
String connectionUrl = "jdbc:h2:./target/databasetest/CARBON_TEST";
|
|
|
|
String connectionUrl = "jdbc:h2:./target/databasetest/CARBON_TEST";
|
|
|
|
dataSource.setUrl(connectionUrl);
|
|
|
|
dataSource.setUrl(connectionUrl);
|
|
|
|
dataSource.setDriverClassName("org.h2.Driver");
|
|
|
|
dataSource.setDriverClassName("org.h2.Driver");
|
|
|
|
JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
|
|
|
|
JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource,
|
|
|
|
|
|
|
|
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
|
|
|
|
realmService.setTenantManager(jdbcTenantManager);
|
|
|
|
realmService.setTenantManager(jdbcTenantManager);
|
|
|
|
RegistryDataHolder.getInstance().setRealmService(realmService);
|
|
|
|
RegistryDataHolder.getInstance().setRealmService(realmService);
|
|
|
|
DeviceManagementDataHolder.getInstance().setRealmService(realmService);
|
|
|
|
DeviceManagementDataHolder.getInstance().setRealmService(realmService);
|
|
|
@ -132,16 +140,60 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
return context.getEmbeddedRegistryService();
|
|
|
|
return context.getEmbeddedRegistryService();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
private void initializeTestEnvironment() throws UserStoreException, GroupManagementException,
|
|
|
|
|
|
|
|
RoleDoesNotExistException, DeviceNotFoundException {
|
|
|
|
|
|
|
|
//creating UI permission
|
|
|
|
|
|
|
|
Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
|
|
|
|
|
|
|
|
Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
|
|
|
|
|
|
|
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService()
|
|
|
|
|
|
|
|
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
|
|
|
|
|
|
|
|
//Adding a non Admin User
|
|
|
|
|
|
|
|
userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null);
|
|
|
|
|
|
|
|
//Adding a normal user
|
|
|
|
|
|
|
|
userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null);
|
|
|
|
|
|
|
|
//Adding role with permission to Admin user
|
|
|
|
|
|
|
|
userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission});
|
|
|
|
|
|
|
|
//Adding role with permission to non Admin user
|
|
|
|
|
|
|
|
userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER},
|
|
|
|
|
|
|
|
new Permission[]{deviceViewPermission});
|
|
|
|
|
|
|
|
//Creating default group
|
|
|
|
|
|
|
|
GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance()
|
|
|
|
|
|
|
|
.getGroupManagementProviderService();
|
|
|
|
|
|
|
|
groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP);
|
|
|
|
|
|
|
|
int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId();
|
|
|
|
|
|
|
|
//Sharing group with admin and non admin roles
|
|
|
|
|
|
|
|
groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE,
|
|
|
|
|
|
|
|
NON_ADMIN_ROLE)));
|
|
|
|
|
|
|
|
//Adding first 2 devices to the group
|
|
|
|
|
|
|
|
groupDeviceIds.add(deviceIds.get(0));
|
|
|
|
|
|
|
|
groupDeviceIds.add(deviceIds.get(1));
|
|
|
|
|
|
|
|
groupManagementProviderService.addDevices(groupId, groupDeviceIds);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) {
|
|
|
|
|
|
|
|
Map<String, String> defaultUserClaims = new HashMap<>();
|
|
|
|
|
|
|
|
defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName);
|
|
|
|
|
|
|
|
defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName);
|
|
|
|
|
|
|
|
defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress);
|
|
|
|
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
|
|
|
|
log.debug("Default claim map is created for new user: " + defaultUserClaims.toString());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return defaultUserClaims;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//Admin User test cases
|
|
|
|
|
|
|
|
@Test(description = "Check authorization giving a device identifier and username")
|
|
|
|
public void userAuthDevIdUserName() throws Exception {
|
|
|
|
public void userAuthDevIdUserName() throws Exception {
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
|
|
|
|
for (DeviceIdentifier deviceId : deviceIds) {
|
|
|
|
for (DeviceIdentifier deviceId : deviceIds) {
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER),
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER),
|
|
|
|
"Device access authorization for admin user failed");
|
|
|
|
"Device access authorization for admin user failed");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization for multiple device identifiers and username")
|
|
|
|
public void userAuthDevIdUserNameResult() throws Exception {
|
|
|
|
public void userAuthDevIdUserNameResult() throws DeviceAccessAuthorizationException {
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
isUserAuthorized(deviceIds, ADMIN_USER);
|
|
|
|
isUserAuthorized(deviceIds, ADMIN_USER);
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5,
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5,
|
|
|
@ -150,70 +202,69 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
"Expected 0 un-authorized devices for admin user");
|
|
|
|
"Expected 0 un-authorized devices for admin user");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization by device identifier")
|
|
|
|
public void userAuthDevId() throws Exception {
|
|
|
|
public void userAuthDevId() throws Exception {
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
|
|
|
|
for (DeviceIdentifier deviceId : deviceIds) {
|
|
|
|
for (DeviceIdentifier deviceId : deviceIds) {
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId),
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId),
|
|
|
|
"Authorize user from device identifier failed");
|
|
|
|
"Authorize user from device identifier failed");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization by multiple device identifiers")
|
|
|
|
public void userAuthDevIdResult() throws Exception {
|
|
|
|
public void userAuthDevIdResult() throws Exception {
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.isUserAuthorized(deviceIds);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
|
|
|
|
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
|
|
|
|
isUserAuthorized(deviceIds);
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5,
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5,
|
|
|
|
"Expected 5 authorized devices for admin user");
|
|
|
|
"Expected 5 authorized devices for admin user");
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0,
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0,
|
|
|
|
"Expected 0 un-authorized devices for admin user");
|
|
|
|
"Expected 0 un-authorized devices for admin user");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Check current user is a device administrator")
|
|
|
|
public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
|
|
|
|
public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
PermissionManagementException {
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
|
|
|
|
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser(),
|
|
|
|
|
|
|
|
"Admin user failed to authorize as admin");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//Non admin user tests
|
|
|
|
|
|
|
|
@Test(description = "Check authorization by device identifier and permission Allowed test case")
|
|
|
|
|
|
|
|
public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
|
|
|
|
PermissionManagementException {
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION}),
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0),
|
|
|
|
"Non admin user with permissions attempt to access failed");
|
|
|
|
new String[]{NON_ADMIN_PERMISSION}), "Non admin user with permissions attempt to access failed");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Check authorization by device identifier and permission Not-allowed test case")
|
|
|
|
public void userAuthFalseDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
public void userAuthFalseDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
PermissionManagementException {
|
|
|
|
PermissionManagementException {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION}),
|
|
|
|
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3),
|
|
|
|
"Non admin user accessing not allowed device authorized");
|
|
|
|
new String[]{NON_ADMIN_PERMISSION}), "Non admin user accessing not allowed device authorized");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization by giving a device identifier, username and permission Allowed test case")
|
|
|
|
public void userAuthDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
public void userAuthDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
PermissionManagementException {
|
|
|
|
PermissionManagementException {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), NON_ADMIN_ALLOWED_USER,
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), NON_ADMIN_ALLOWED_USER,
|
|
|
|
new String[]{NON_ADMIN_PERMISSION}),"Non admin user with permissions attempt to access failed");
|
|
|
|
new String[]{NON_ADMIN_PERMISSION}), "Non admin user with permissions attempt to access failed");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization by giving a device identifier, username and permission Not-allowed test case")
|
|
|
|
public void userAuthFalseDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
public void userAuthFalseDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException,
|
|
|
|
PermissionManagementException {
|
|
|
|
PermissionManagementException {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), NON_ADMIN_ALLOWED_USER,
|
|
|
|
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), NON_ADMIN_ALLOWED_USER,
|
|
|
|
new String[]{NON_ADMIN_PERMISSION}),"Non admin user accessing not allowed device authorized");
|
|
|
|
new String[]{NON_ADMIN_PERMISSION}), "Non admin user accessing not allowed device authorized");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization by giving device identifiers and permission")
|
|
|
|
public void userAuthDevIdPermissionResult() throws DeviceAccessAuthorizationException {
|
|
|
|
public void userAuthDevIdPermissionResult() throws DeviceAccessAuthorizationException {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
isUserAuthorized(deviceIds, new String[]{NON_ADMIN_PERMISSION});
|
|
|
|
isUserAuthorized(deviceIds, new String[]{NON_ADMIN_PERMISSION});
|
|
|
@ -221,71 +272,79 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
|
|
|
|
"Non admin user authentication to 2 devices in a shared group failed");
|
|
|
|
"Non admin user authentication to 2 devices in a shared group failed");
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3,
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3,
|
|
|
|
"Non admin user authentication to 3 devices in a non-shared group failed");
|
|
|
|
"Non admin user authentication to 3 devices in a non-shared group failed");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization by giving device identifiers, username and permission")
|
|
|
|
public void userAuthDevIdUserNamePermissionResult() throws DeviceAccessAuthorizationException {
|
|
|
|
public void userAuthDevIdUserNamePermissionResult() throws DeviceAccessAuthorizationException {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION});
|
|
|
|
isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION});
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2);
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2,
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3);
|
|
|
|
"Non admin user authentication to 2 devices in a shared group failed");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3,
|
|
|
|
}
|
|
|
|
"Non admin user authentication to 3 devices in a non-shared group failed");
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
|
|
|
public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
|
|
|
|
|
|
|
|
Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser());
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test(description = "Authorization for device admin called by normal user")
|
|
|
|
public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException {
|
|
|
|
public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER);
|
|
|
|
Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser());
|
|
|
|
Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser(),"Normal user allowed as admin user");
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException,
|
|
|
|
//Check branches of isUserAuthorized
|
|
|
|
DeviceNotFoundException {
|
|
|
|
@Test(description = "Checking branch - user is device owner")
|
|
|
|
//creating UI permission
|
|
|
|
public void nonAdminDeviceOwner() throws DeviceAccessAuthorizationException, DeviceManagementException {
|
|
|
|
Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
|
|
|
|
|
|
|
|
Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
|
|
|
|
//Creating a temporary device
|
|
|
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService()
|
|
|
|
Device device = new Device();
|
|
|
|
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
|
|
|
|
EnrolmentInfo enrolmentInfo = new EnrolmentInfo(NON_ADMIN_ALLOWED_USER, EnrolmentInfo.OwnerShip.BYOD,null);
|
|
|
|
//Adding a non Admin User
|
|
|
|
device.setEnrolmentInfo(enrolmentInfo);
|
|
|
|
userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null);
|
|
|
|
device.setName("temp");
|
|
|
|
//Adding a normal user
|
|
|
|
device.setType(DEVICE_TYPE);
|
|
|
|
userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null);
|
|
|
|
device.setDeviceIdentifier("1234");
|
|
|
|
//Adding role with permission to Admin user
|
|
|
|
DeviceManagementDataHolder.getInstance().getDeviceManagementProvider().enrollDevice(device);
|
|
|
|
userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission});
|
|
|
|
|
|
|
|
//Adding role with permission to non Admin user
|
|
|
|
//temporary device identifier
|
|
|
|
userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER}, new Permission[]{deviceViewPermission});
|
|
|
|
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
|
|
|
//Creating default group
|
|
|
|
deviceIdentifier.setType(DEVICE_TYPE);
|
|
|
|
GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance()
|
|
|
|
deviceIdentifier.setId("1234");
|
|
|
|
.getGroupManagementProviderService();
|
|
|
|
|
|
|
|
groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP);
|
|
|
|
List<DeviceIdentifier> tempList = new ArrayList<>();
|
|
|
|
int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId();
|
|
|
|
tempList.add(deviceIdentifier);
|
|
|
|
//Sharing group with admin and non admin roles
|
|
|
|
|
|
|
|
groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE, NON_ADMIN_ROLE)));
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
//Adding first 2 devices to the group
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
groupDeviceIds.add(deviceIds.get(0));
|
|
|
|
isUserAuthorized(tempList, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION});
|
|
|
|
groupDeviceIds.add(deviceIds.get(1));
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 1,
|
|
|
|
groupManagementProviderService.addDevices(groupId, groupDeviceIds);
|
|
|
|
"Non admin device owner failed to access device");
|
|
|
|
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0,
|
|
|
|
|
|
|
|
"Non admin device owner failed to access device");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) {
|
|
|
|
@Test(description = "Check authorization without giving permissions")
|
|
|
|
Map<String, String> defaultUserClaims = new HashMap<>();
|
|
|
|
public void userAuthWithoutPermissions() throws DeviceAccessAuthorizationException {
|
|
|
|
defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName);
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress);
|
|
|
|
isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, null);
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 0,
|
|
|
|
log.debug("Default claim map is created for new user: " + defaultUserClaims.toString());
|
|
|
|
"Non admin user try authentication without permission failed");
|
|
|
|
}
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 5,
|
|
|
|
return defaultUserClaims;
|
|
|
|
"Non admin user try authentication without permission failed");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//check Exception cases
|
|
|
|
|
|
|
|
@Test(description = "check a null username in isUserAuthorized method")
|
|
|
|
|
|
|
|
public void callUserAuthWithoutUsername() throws DeviceAccessAuthorizationException {
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
|
|
|
|
|
|
|
|
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
|
|
|
|
|
|
|
|
isUserAuthorized(deviceIds, "", new String[]{NON_ADMIN_PERMISSION});
|
|
|
|
|
|
|
|
Assert.assertEquals(deviceAuthorizationResult,null,
|
|
|
|
|
|
|
|
"Not null result for empty username in isUserAuthorized method");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@AfterClass
|
|
|
|
|
|
|
|
public void clearAll() {
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|