Merge pull request picketlink#500 from pedroigor/master

pedroigor · pedroigor · commit c91ccf1b9c71 · 2015-12-16T19:48:42.000-02:00
[PLINK-726] - Wrong resourceClass value in result list entries in listing permissions by identity type.
diff --git a/modules/base/impl/src/test/java/org/picketlink/http/test/SecurityInitializer.java b/modules/base/impl/src/test/java/org/picketlink/http/test/SecurityInitializer.java
@@ -24,6 +24,7 @@
 import org.picketlink.idm.RelationshipManager;
 import org.picketlink.idm.credential.Digest;
 import org.picketlink.idm.credential.Password;
+import org.picketlink.idm.model.IdentityType;
 import org.picketlink.idm.model.Partition;
 import org.picketlink.idm.model.basic.Grant;
 import org.picketlink.idm.model.basic.Group;
@@ -106,6 +107,11 @@ private void configureDefaultPartition() {
 
         // add an user as a member of a group
         addMember(defaultUser, administratorGroup);
+
+        // user must inherit roles from group Administrators, in this case role Administrator
+        Role administratorRole = addRole("Administrator", realm, this.partitionManager);
+
+        grantRole(administratorGroup, administratorRole);
     }
 
     public void addPartition(Partition partition) {
@@ -185,10 +191,10 @@ public Group addGroup(String groupName, Partition partition, PartitionManager pa
         return group;
     }
 
-    public void grantRole(User user, Role role) {
+    public void grantRole(IdentityType assignee, Role role) {
         RelationshipManager relationshipManager = getRelationshipManager();
 
-        relationshipManager.add(new Grant(user, role));
+        relationshipManager.add(new Grant(assignee, role));
     }
 
     /**
diff --git a/modules/base/impl/src/test/java/org/picketlink/http/test/authorization/RoleBasedAuthorizationTestCase.java b/modules/base/impl/src/test/java/org/picketlink/http/test/authorization/RoleBasedAuthorizationTestCase.java
@@ -79,13 +79,25 @@ public void testOnlyManagers() throws Exception {
 
         this.securityFilter.doFilter(this.request, this.response, this.filterChain);
 
-        doAnswer(new Answer() {
-            @Override
-            public Object answer(InvocationOnMock invocation) throws Throwable {
-                assertEquals("/onlyManagerRole", picketLinkRequest.get().getServletPath());
-                return null;
-            }
-        }).when(this.filterChain).doFilter(this.request, this.response);
+        verify(this.filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+    }
+
+    @Test
+    public void testOnlyAdministrator() throws Exception {
+        when(this.request.getServletPath()).thenReturn("/formProtectedUri/" + FormAuthenticationConfiguration.DEFAULT_AUTHENTICATION_URI);
+        when(this.request.getParameter(FormAuthenticationScheme.J_USERNAME)).thenReturn("picketlink");
+        when(this.request.getParameter(FormAuthenticationScheme.J_PASSWORD)).thenReturn("picketlink");
+
+        this.securityFilter.doFilter(this.request, this.response, this.filterChain);
+        verify(this.filterChain, times(0)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+        verify(this.response).sendRedirect(CONTEXT_PATH);
+
+        when(this.request.getServletPath()).thenReturn("/admin/manage");
+        reset(this.response);
+
+        this.securityFilter.doFilter(this.request, this.response, this.filterChain);
+
+        verify(this.filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
     }
 
     @Test
@@ -120,7 +132,10 @@ public void configureHttpSecurity(@Observes SecurityConfigurationEvent event) {
                 .role("Manager")
                 .forPath("/onlyCustomerRole")
                 .authorizeWith()
-                .role("Customer");
+                .role("Customer")
+                .forPath("/admin/*")
+                .authorizeWith()
+                .role("Administrator");
         }
     }
 }
diff --git a/modules/idm/impl/src/main/java/org/picketlink/idm/jpa/internal/JPAIdentityStore.java b/modules/idm/impl/src/main/java/org/picketlink/idm/jpa/internal/JPAIdentityStore.java
@@ -1736,15 +1736,17 @@ public List<Permission> listPermissions(IdentityContext ctx, IdentityPermission
                         owner, resourceClass, resourceIdentifier));
                 }
 
-                if (resourceClass == null) {
+                Class<?> actualResourceClass = resourceClass;
+
+                if (actualResourceClass == null) {
                     try {
-                        resourceClass = classForName((String) resourceClassProperty.getValue(result));
+                        actualResourceClass = classForName((String) resourceClassProperty.getValue(result));
                     } catch (ClassNotFoundException e) {
                         throw new IdentityManagementException("Could not load type.", e);
                     }
                 }
 
-                PermissionOperationSet opSet = new PermissionOperationSet(result, resourceClass, mapper);
+                PermissionOperationSet opSet = new PermissionOperationSet(result, actualResourceClass, mapper);
                 String operation = query.getOperation();
                 Set<String> operationsToreturn;
 
@@ -1760,7 +1762,7 @@ public List<Permission> listPermissions(IdentityContext ctx, IdentityPermission
                             if (resource != null) {
                                 perms.add(new IdentityPermission(resource, ownerIdentityType, op));
                             } else {
-                                perms.add(new IdentityPermission(resourceClass, (Serializable) resourceIdentifierProperty
+                                perms.add(new IdentityPermission(actualResourceClass, (Serializable) resourceIdentifierProperty
                                     .getValue(result), ownerIdentityType, op));
                             }
                         }
diff --git a/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/PermissionTestCase.java b/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/PermissionTestCase.java
@@ -35,7 +35,9 @@
 import org.picketlink.test.idm.AbstractPartitionManagerTestCase;
 import org.picketlink.test.idm.Configuration;
 import org.picketlink.test.idm.permission.entity.AllowedOperationTypeEntity;
-import org.picketlink.test.idm.permission.entity.ProtectedEntity;
+import org.picketlink.test.idm.permission.entity.EntityB;
+import org.picketlink.test.idm.permission.entity.EntityA;
+import org.picketlink.test.idm.permission.entity.EntityC;
 import org.picketlink.test.idm.testers.FileStoreConfigurationTester;
 import org.picketlink.test.idm.testers.IdentityConfigurationTester;
 import org.picketlink.test.idm.testers.JPAPermissionStoreConfigurationTester;
@@ -330,12 +332,12 @@ public void testRevokeClassBasedPermission() {
 
     @Test
     public void testGrantAndRevokeEntityBasedPermission() {
-        ProtectedEntity entity = new ProtectedEntity();
+        EntityA entity = new EntityA();
 
         entity.setId(1l);
         entity.setName("Confidential");
 
-        ProtectedEntity entity2 = new ProtectedEntity();
+        EntityA entity2 = new EntityA();
 
         entity2.setId(2l);
         entity2.setName("Confidential");
@@ -345,20 +347,20 @@ public void testGrantAndRevokeEntityBasedPermission() {
 
         permissionManager.grantPermission(bob, entity, "load");
 
-        assertTrue(hasPermission(bob, permissionManager.listPermissions(ProtectedEntity.class, entity.getId())));
-        assertFalse(hasPermission(bob, permissionManager.listPermissions(ProtectedEntity.class, entity2.getId(), "load")));
+        assertTrue(hasPermission(bob, permissionManager.listPermissions(EntityA.class, entity.getId())));
+        assertFalse(hasPermission(bob, permissionManager.listPermissions(EntityA.class, entity2.getId(), "load")));
 
         permissionManager.revokePermission(bob, entity, "load");
         permissionManager.grantPermission(bob, entity2, "load");
 
-        assertFalse(hasPermission(bob, permissionManager.listPermissions(ProtectedEntity.class, entity.getId(), "load")));
-        List<Permission> permissions = permissionManager.listPermissions(ProtectedEntity.class, entity2.getId(), "load");
+        assertFalse(hasPermission(bob, permissionManager.listPermissions(EntityA.class, entity.getId(), "load")));
+        List<Permission> permissions = permissionManager.listPermissions(EntityA.class, entity2.getId(), "load");
 
         assertTrue(hasPermission(bob, permissions));
 
         Permission permission = permissions.get(0);
 
-        assertEquals(ProtectedEntity.class, permission.getResourceClass());
+        assertEquals(EntityA.class, permission.getResourceClass());
         assertEquals(entity2.getId().toString(), permission.getResourceIdentifier());
         assertEquals("load", permission.getOperation());
 
@@ -372,6 +374,64 @@ public void testGrantAndRevokeEntityBasedPermission() {
         assertEquals("load", permission.getOperation());
     }
 
+    @Test
+    @Configuration(exclude = {FileStoreConfigurationTester.class, LDAPUserGroupJPARoleConfigurationTester.class})
+    public void testListDifferentEntityPermissions() {
+        User bob = createUser("bob");
+        EntityA entityA = new EntityA();
+
+        entityA.setId(1l);
+        entityA.setName("Entity A");
+
+        EntityB entityB = new EntityB();
+
+        entityB.setId(1l);
+        entityB.setName("Entity B");
+
+        EntityC entityC = new EntityC();
+
+        entityC.setId(1l);
+        entityC.setName("Entity C");
+
+        PermissionManager permissionManager = getPermissionManager();
+
+        permissionManager.grantPermission(bob, entityA, "load");
+        permissionManager.grantPermission(bob, entityB, "create");
+
+        List<Permission> permissionsA = permissionManager.listPermissions(EntityA.class, entityA.getId());
+
+        assertEquals(1, permissionsA.size());
+        assertEquals(EntityA.class, permissionsA.get(0).getResourceClass());
+
+        assertTrue(hasPermission(bob, permissionsA));
+
+        List<Permission> permissionsB = permissionManager.listPermissions(EntityB.class, entityB.getId());
+
+        assertEquals(1, permissionsB.size());
+        assertEquals(EntityB.class, permissionsB.get(0).getResourceClass());
+
+        assertTrue(hasPermission(bob, permissionsB));
+
+        List<Permission> permissions = permissionManager.listPermissions(bob);
+
+        assertEquals(2, permissions.size());
+
+        permissionManager.grantPermission(bob, entityC, "write");
+
+        List<Permission> permissionsC = permissionManager.listPermissions(EntityC.class, entityC.getId());
+
+        assertEquals(1, permissionsC.size());
+        assertEquals(EntityC.class, permissionsC.get(0).getResourceClass());
+
+        assertEquals(1, permissionManager.listPermissions(EntityA.class, "load"));
+        assertEquals(1, permissionManager.listPermissions(EntityB.class, "create"));
+        assertEquals(1, permissionManager.listPermissions(EntityC.class, "write"));
+
+        assertTrue(permissionManager.listPermissions(EntityA.class, "create").isEmpty());
+        assertTrue(permissionManager.listPermissions(EntityB.class, "write").isEmpty());
+        assertTrue(permissionManager.listPermissions(EntityC.class, "load").isEmpty());
+    }
+
     @Test
     public void testGrantAndRevokeMultipleUsers() {
         User bob = createUser("bob");
@@ -411,7 +471,7 @@ public void testPermissionStorePartitioningByResourceType() {
 
         assertTrue(hasPermission(bob, permissionManager.listPermissions("fileA.txt", "read")));
 
-        ProtectedEntity entity = new ProtectedEntity();
+        EntityA entity = new EntityA();
 
         entity.setName("Confidential");
 
diff --git a/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/EntityA.java b/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/EntityA.java
@@ -30,7 +30,7 @@
  * @author Pedro Igor
  */
 @Entity
-public class ProtectedEntity {
+public class EntityA {
 
     @Id
     @GeneratedValue
diff --git a/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/EntityB.java b/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/EntityB.java
@@ -0,0 +1,70 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.idm.permission.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+
+/**
+ * @author Pedro Igor
+ */
+@Entity
+public class EntityB {
+
+    @Id
+    @GeneratedValue
+    private Long id;
+
+    @Column
+    private String name;
+
+    public Long getId() {
+        return this.id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return this.name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || this.getClass() != o.getClass()) return false;
+        EntityB that = (EntityB) o;
+        return this.id.equals(that.id);
+    }
+
+    @Override
+    public int hashCode() {
+        return this.id.hashCode();
+    }
+}
diff --git a/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/EntityC.java b/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/EntityC.java
@@ -0,0 +1,70 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.idm.permission.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+
+/**
+ * @author Pedro Igor
+ */
+@Entity
+public class EntityC {
+
+    @Id
+    @GeneratedValue
+    private Long id;
+
+    @Column
+    private String name;
+
+    public Long getId() {
+        return this.id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return this.name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || this.getClass() != o.getClass()) return false;
+        EntityC that = (EntityC) o;
+        return this.id.equals(that.id);
+    }
+
+    @Override
+    public int hashCode() {
+        return this.id.hashCode();
+    }
+}
diff --git a/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/TypedPermissionTypeEntity.java b/modules/idm/tests/src/test/java/org/picketlink/test/idm/permission/entity/TypedPermissionTypeEntity.java
@@ -35,7 +35,7 @@
  * @author Pedro Igor
  */
 @Entity
-@PermissionManaged(resourceClasses = ProtectedEntity.class)
+@PermissionManaged(resourceClasses = EntityA.class)
 public class TypedPermissionTypeEntity {
 
     @Id
diff --git a/modules/idm/tests/src/test/resources/META-INF/persistence.xml b/modules/idm/tests/src/test/resources/META-INF/persistence.xml

Original file line number	Diff line number	Diff line change
`@@ -1736,15 +1736,17 @@ public List<Permission> listPermissions(IdentityContext ctx, IdentityPermission`
`1736`	`1736`	`owner, resourceClass, resourceIdentifier));`
`1737`	`1737`	`}`
`1738`	`1738`
`1739`		`- if (resourceClass == null) {`
	`1739`	`+ Class<?> actualResourceClass = resourceClass;`
	`1740`	`+`
	`1741`	`+ if (actualResourceClass == null) {`
`1740`	`1742`	`try {`
`1741`		`- resourceClass = classForName((String) resourceClassProperty.getValue(result));`
	`1743`	`+ actualResourceClass = classForName((String) resourceClassProperty.getValue(result));`
`1742`	`1744`	`} catch (ClassNotFoundException e) {`
`1743`	`1745`	`throw new IdentityManagementException("Could not load type.", e);`
`1744`	`1746`	`}`
`1745`	`1747`	`}`
`1746`	`1748`
`1747`		`- PermissionOperationSet opSet = new PermissionOperationSet(result, resourceClass, mapper);`
	`1749`	`+ PermissionOperationSet opSet = new PermissionOperationSet(result, actualResourceClass, mapper);`
`1748`	`1750`	`String operation = query.getOperation();`
`1749`	`1751`	`Set<String> operationsToreturn;`
`1750`	`1752`
`@@ -1760,7 +1762,7 @@ public List<Permission> listPermissions(IdentityContext ctx, IdentityPermission`
`1760`	`1762`	`if (resource != null) {`
`1761`	`1763`	`perms.add(new IdentityPermission(resource, ownerIdentityType, op));`
`1762`	`1764`	`} else {`
`1763`		`- perms.add(new IdentityPermission(resourceClass, (Serializable) resourceIdentifierProperty`
	`1765`	`+ perms.add(new IdentityPermission(actualResourceClass, (Serializable) resourceIdentifierProperty`
`1764`	`1766`	`.getValue(result), ownerIdentityType, op));`
`1765`	`1767`	`}`
`1766`	`1768`	`}`