diff --git a/src/main/java/caosdb/server/CaosAuthenticator.java b/src/main/java/caosdb/server/CaosAuthenticator.java
index f2f5ebc42f84857a00540b720328a7e4de585352..d07c047d1ec3c66da1064a331778c618a186d26a 100644
--- a/src/main/java/caosdb/server/CaosAuthenticator.java
+++ b/src/main/java/caosdb/server/CaosAuthenticator.java
@@ -22,9 +22,6 @@
*/
package caosdb.server;
-import caosdb.server.accessControl.AuthenticationUtils;
-import caosdb.server.resource.DefaultResource;
-import caosdb.server.utils.ServerMessages;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
@@ -35,6 +32,10 @@ import org.restlet.Response;
import org.restlet.security.Authenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import caosdb.server.accessControl.AnonymousAuthenticationToken;
+import caosdb.server.accessControl.AuthenticationUtils;
+import caosdb.server.resource.DefaultResource;
+import caosdb.server.utils.ServerMessages;
public class CaosAuthenticator extends Authenticator {
@@ -65,7 +66,7 @@ public class CaosAuthenticator extends Authenticator {
if (!subject.isAuthenticated()
&& CaosDBServer.getServerProperty(ServerProperties.KEY_AUTH_OPTIONAL)
.equalsIgnoreCase("TRUE")) {
- subject.login(AuthenticationUtils.ANONYMOUS_USER);
+ subject.login(AnonymousAuthenticationToken.getInstance());
}
} catch (AuthenticationException e) {
logger.info("LOGIN_FAILED", e);
diff --git a/src/main/java/caosdb/server/CaosDBServer.java b/src/main/java/caosdb/server/CaosDBServer.java
index da1cf4541ae9b7da944a0ea36698d088060f4e7c..f5495256640edf4e97169ed089a9cfb3b57dc849 100644
--- a/src/main/java/caosdb/server/CaosDBServer.java
+++ b/src/main/java/caosdb/server/CaosDBServer.java
@@ -19,50 +19,6 @@
*/
package caosdb.server;
-import caosdb.server.accessControl.AnonymousRealm;
-import caosdb.server.accessControl.AuthenticationUtils;
-import caosdb.server.accessControl.CaosDBAuthorizingRealm;
-import caosdb.server.accessControl.CaosDBDefaultRealm;
-import caosdb.server.accessControl.OneTimeAuthenticationToken;
-import caosdb.server.accessControl.SessionToken;
-import caosdb.server.accessControl.SessionTokenRealm;
-import caosdb.server.database.BackendTransaction;
-import caosdb.server.database.access.Access;
-import caosdb.server.database.backend.transaction.RetrieveDatatypes;
-import caosdb.server.database.misc.TransactionBenchmark;
-import caosdb.server.datatype.AbstractDatatype;
-import caosdb.server.entity.EntityInterface;
-import caosdb.server.entity.Role;
-import caosdb.server.entity.container.Container;
-import caosdb.server.logging.RequestErrorLogMessage;
-import caosdb.server.resource.AuthenticationResource;
-import caosdb.server.resource.DefaultResource;
-import caosdb.server.resource.EntityOwnerResource;
-import caosdb.server.resource.EntityPermissionsResource;
-import caosdb.server.resource.FileSystemResource;
-import caosdb.server.resource.InfoResource;
-import caosdb.server.resource.LogoutResource;
-import caosdb.server.resource.PermissionRulesResource;
-import caosdb.server.resource.RolesResource;
-import caosdb.server.resource.ScriptingResource;
-import caosdb.server.resource.ServerLogsResource;
-import caosdb.server.resource.ServerPropertiesResource;
-import caosdb.server.resource.SharedFileResource;
-import caosdb.server.resource.ThumbnailsResource;
-import caosdb.server.resource.UserResource;
-import caosdb.server.resource.UserRolesResource;
-import caosdb.server.resource.Webinterface;
-import caosdb.server.resource.WebinterfaceBuildNumber;
-import caosdb.server.resource.transaction.EntityNamesResource;
-import caosdb.server.resource.transaction.EntityResource;
-import caosdb.server.terminal.CaosDBTerminal;
-import caosdb.server.terminal.StatsPanel;
-import caosdb.server.terminal.SystemErrPanel;
-import caosdb.server.transaction.ChecksumUpdater;
-import caosdb.server.utils.FileUtils;
-import caosdb.server.utils.Initialization;
-import caosdb.server.utils.NullPrintStream;
-import caosdb.server.utils.Utils;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -110,6 +66,51 @@ import org.restlet.routing.Variable;
import org.restlet.util.Series;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import caosdb.server.accessControl.AnonymousAuthenticationToken;
+import caosdb.server.accessControl.AnonymousRealm;
+import caosdb.server.accessControl.AuthenticationUtils;
+import caosdb.server.accessControl.CaosDBAuthorizingRealm;
+import caosdb.server.accessControl.CaosDBDefaultRealm;
+import caosdb.server.accessControl.OneTimeAuthenticationToken;
+import caosdb.server.accessControl.SessionToken;
+import caosdb.server.accessControl.SessionTokenRealm;
+import caosdb.server.database.BackendTransaction;
+import caosdb.server.database.access.Access;
+import caosdb.server.database.backend.transaction.RetrieveDatatypes;
+import caosdb.server.database.misc.TransactionBenchmark;
+import caosdb.server.datatype.AbstractDatatype;
+import caosdb.server.entity.EntityInterface;
+import caosdb.server.entity.Role;
+import caosdb.server.entity.container.Container;
+import caosdb.server.logging.RequestErrorLogMessage;
+import caosdb.server.resource.AuthenticationResource;
+import caosdb.server.resource.DefaultResource;
+import caosdb.server.resource.EntityOwnerResource;
+import caosdb.server.resource.EntityPermissionsResource;
+import caosdb.server.resource.FileSystemResource;
+import caosdb.server.resource.InfoResource;
+import caosdb.server.resource.LogoutResource;
+import caosdb.server.resource.PermissionRulesResource;
+import caosdb.server.resource.RolesResource;
+import caosdb.server.resource.ScriptingResource;
+import caosdb.server.resource.ServerLogsResource;
+import caosdb.server.resource.ServerPropertiesResource;
+import caosdb.server.resource.SharedFileResource;
+import caosdb.server.resource.ThumbnailsResource;
+import caosdb.server.resource.UserResource;
+import caosdb.server.resource.UserRolesResource;
+import caosdb.server.resource.Webinterface;
+import caosdb.server.resource.WebinterfaceBuildNumber;
+import caosdb.server.resource.transaction.EntityNamesResource;
+import caosdb.server.resource.transaction.EntityResource;
+import caosdb.server.terminal.CaosDBTerminal;
+import caosdb.server.terminal.StatsPanel;
+import caosdb.server.terminal.SystemErrPanel;
+import caosdb.server.transaction.ChecksumUpdater;
+import caosdb.server.utils.FileUtils;
+import caosdb.server.utils.Initialization;
+import caosdb.server.utils.NullPrintStream;
+import caosdb.server.utils.Utils;
public class CaosDBServer extends Application {
@@ -574,7 +575,7 @@ public class CaosDBServer extends Application {
final Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()
- && subject.getPrincipal() != AuthenticationUtils.ANONYMOUS_USER.getPrincipal()) {
+ && subject.getPrincipal() != AnonymousAuthenticationToken.PRINCIPAL) {
final SessionToken sessionToken = SessionToken.generate(subject, null);
// set session token cookie (httpOnly, secure cookie which
diff --git a/src/main/java/caosdb/server/accessControl/AuthenticationUtils.java b/src/main/java/caosdb/server/accessControl/AuthenticationUtils.java
index d7ea7d210e2854ac1cebb4e2446bff21ffb5ed2a..252218bd99abce5dd0ef90a1b8ba19a548448e21 100644
--- a/src/main/java/caosdb/server/accessControl/AuthenticationUtils.java
+++ b/src/main/java/caosdb/server/accessControl/AuthenticationUtils.java
@@ -23,19 +23,17 @@
package caosdb.server.accessControl;
import static caosdb.server.utils.Utils.URLDecodeWithUTF8;
-
-import caosdb.server.CaosDBServer;
-import caosdb.server.ServerProperties;
-import caosdb.server.permissions.ResponsibleAgent;
-import caosdb.server.permissions.Role;
-import caosdb.server.utils.Utils;
import java.sql.Timestamp;
import java.util.Collection;
import java.util.LinkedList;
-import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.restlet.data.Cookie;
import org.restlet.data.CookieSetting;
+import caosdb.server.CaosDBServer;
+import caosdb.server.ServerProperties;
+import caosdb.server.permissions.ResponsibleAgent;
+import caosdb.server.permissions.Role;
+import caosdb.server.utils.Utils;
/**
* Useful static methods, mainly for parsing and serializing SessionTokens by the means of web
@@ -49,8 +47,13 @@ public class AuthenticationUtils {
public static final String SESSION_TOKEN_COOKIE = "SessionToken";
public static final String SESSION_TIMEOUT_COOKIE = "SessionTimeOut";
- public static final AuthenticationToken ANONYMOUS_USER =
- AnonymousAuthenticationToken.getInstance();
+ public static boolean isAnonymous(Subject user) {
+ return AnonymousAuthenticationToken.PRINCIPAL.equals(user.getPrincipal());
+ }
+
+ public static boolean isAnonymous(Principal principal) {
+ return AnonymousAuthenticationToken.PRINCIPAL.equals(principal);
+ }
/**
* Create a cookie for a {@link SelfValidatingAuthenticationToken}. Returns null if the parameter
@@ -140,7 +143,7 @@ public class AuthenticationUtils {
}
// TODO move
- public static boolean isResponsibleAgentExistent(final ResponsibleAgent agent) {
+ public static boolean isResponsibleAgentExistent(final ResponsibleAgent agent) {
// 1) check OWNER, OTHER
if (Role.OTHER_ROLE.equals(agent) || Role.OWNER_ROLE.equals(agent)) {
return true;
diff --git a/src/main/java/caosdb/server/accessControl/OneTimeAuthenticationToken.java b/src/main/java/caosdb/server/accessControl/OneTimeAuthenticationToken.java
index 3c4ddbca406204a517162eb694c4dc802a02b3cf..f0f57a1d4a82056155c683721b5f162bde177d42 100644
--- a/src/main/java/caosdb/server/accessControl/OneTimeAuthenticationToken.java
+++ b/src/main/java/caosdb/server/accessControl/OneTimeAuthenticationToken.java
@@ -22,12 +22,8 @@
*/
package caosdb.server.accessControl;
-import caosdb.server.CaosDBServer;
-import caosdb.server.ServerProperties;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.ObjectReader;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
@@ -49,6 +45,11 @@ import org.quartz.JobExecutionException;
import org.quartz.SchedulerException;
import org.quartz.Trigger;
import org.quartz.TriggerBuilder;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectReader;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import caosdb.server.CaosDBServer;
+import caosdb.server.ServerProperties;
class ConsumedInfo {
@@ -355,6 +356,8 @@ public class OneTimeAuthenticationToken extends SelfValidatingAuthenticationToke
public static void init() throws Exception {
try (FileInputStream f = new FileInputStream("conf/ext/authtoken.yaml")) {
init(f);
+ } catch (FileNotFoundException e) {
+ // TODO log and use default config
}
}
diff --git a/src/main/java/caosdb/server/accessControl/UserSources.java b/src/main/java/caosdb/server/accessControl/UserSources.java
index b684570748412fa3cc8bea64c94a110726badac0..55c36d44bfe87c3d3866d06192e5daa0cddd132b 100644
--- a/src/main/java/caosdb/server/accessControl/UserSources.java
+++ b/src/main/java/caosdb/server/accessControl/UserSources.java
@@ -22,12 +22,6 @@
*/
package caosdb.server.accessControl;
-import caosdb.server.CaosDBServer;
-import caosdb.server.ServerProperties;
-import caosdb.server.entity.Message;
-import caosdb.server.transaction.RetrieveRoleTransaction;
-import caosdb.server.transaction.RetrieveUserTransaction;
-import caosdb.server.utils.ServerMessages;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -39,6 +33,12 @@ import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.config.Ini;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import caosdb.server.CaosDBServer;
+import caosdb.server.ServerProperties;
+import caosdb.server.entity.Message;
+import caosdb.server.transaction.RetrieveRoleTransaction;
+import caosdb.server.transaction.RetrieveUserTransaction;
+import caosdb.server.utils.ServerMessages;
public class UserSources extends HashMap<String, UserSource> {
@@ -171,7 +171,7 @@ public class UserSources extends HashMap<String, UserSource> {
}
public static Set<String> resolve(final Principal principal) {
- if (principal == AuthenticationUtils.ANONYMOUS_USER.getPrincipal()) {
+ if (AuthenticationUtils.isAnonymous(principal)) {
// anymous has one role
Set<String> roles = new HashSet<>();
roles.add(ANONYMOUS_ROLE);
diff --git a/src/main/java/caosdb/server/permissions/EntityACL.java b/src/main/java/caosdb/server/permissions/EntityACL.java
index 34ef34351826facfa7d342d6c8b06e8d8c27cf74..208099c5c38003499d626bc1489e117ef56df8bf 100644
--- a/src/main/java/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/caosdb/server/permissions/EntityACL.java
@@ -24,12 +24,6 @@ package caosdb.server.permissions;
import static caosdb.server.permissions.Role.OTHER_ROLE;
import static caosdb.server.permissions.Role.OWNER_ROLE;
-
-import caosdb.server.CaosDBServer;
-import caosdb.server.ServerProperties;
-import caosdb.server.accessControl.AuthenticationUtils;
-import caosdb.server.accessControl.Principal;
-import caosdb.server.database.exceptions.TransactionException;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
@@ -47,6 +41,11 @@ import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.JDOMException;
import org.jdom2.input.SAXBuilder;
+import caosdb.server.CaosDBServer;
+import caosdb.server.ServerProperties;
+import caosdb.server.accessControl.AuthenticationUtils;
+import caosdb.server.accessControl.Principal;
+import caosdb.server.database.exceptions.TransactionException;
public class EntityACL {
@@ -92,7 +91,7 @@ public class EntityACL {
}
public static final EntityACL getOwnerACLFor(final Subject subject) {
- if (subject.getPrincipal() == AuthenticationUtils.ANONYMOUS_USER.getPrincipal()) {
+ if (AuthenticationUtils.isAnonymous(subject)) {
return new EntityACLFactory().create();
}
return getOwnerACLFor((Principal) subject.getPrincipal());
diff --git a/src/main/java/caosdb/server/transaction/Transaction.java b/src/main/java/caosdb/server/transaction/Transaction.java
index 28b8276e2b93699f2315fb754303194208bb37e5..a8f481efc87b7c47bfd492d893600b95f087e387 100644
--- a/src/main/java/caosdb/server/transaction/Transaction.java
+++ b/src/main/java/caosdb/server/transaction/Transaction.java
@@ -22,8 +22,10 @@
*/
package caosdb.server.transaction;
+import java.util.HashMap;
+import java.util.List;
+import org.apache.shiro.subject.Subject;
import caosdb.datetime.UTCDateTime;
-import caosdb.server.accessControl.AuthenticationUtils;
import caosdb.server.accessControl.Principal;
import caosdb.server.database.DatabaseMonitor;
import caosdb.server.database.access.Access;
@@ -45,9 +47,6 @@ import caosdb.server.jobs.core.PickUp;
import caosdb.server.utils.AbstractObservable;
import caosdb.server.utils.Info;
import caosdb.server.utils.Observer;
-import java.util.HashMap;
-import java.util.List;
-import org.apache.shiro.subject.Subject;
public abstract class Transaction<C extends TransactionContainer> extends AbstractObservable
implements TransactionInterface {
@@ -227,14 +226,8 @@ public abstract class Transaction<C extends TransactionContainer> extends Abstra
// TODO move to post-transaction job
private void writeHistory() throws TransactionException, Message {
if (logHistory()) {
- String realm =
- getTransactor().getPrincipal() == AuthenticationUtils.ANONYMOUS_USER.getPrincipal()
- ? ""
- : ((Principal) getTransactor().getPrincipal()).getRealm();
- String username =
- getTransactor().getPrincipal() == AuthenticationUtils.ANONYMOUS_USER.getPrincipal()
- ? "anonymous"
- : ((Principal) getTransactor().getPrincipal()).getUsername();
+ String realm = ((Principal) getTransactor().getPrincipal()).getRealm();
+ String username = ((Principal) getTransactor().getPrincipal()).getUsername();
execute(
new InsertTransactionHistory(
getContainer(), this.getClass().getSimpleName(), realm, username, getTimestamp()),
diff --git a/src/test/java/caosdb/server/permissions/EntityACLTest.java b/src/test/java/caosdb/server/permissions/EntityACLTest.java
index 13ebb6279546606c8e796672db09a7e99ffea588..a088a43a6a97a400703fcfdd59b1d10fbd6c8d1a 100644
--- a/src/test/java/caosdb/server/permissions/EntityACLTest.java
+++ b/src/test/java/caosdb/server/permissions/EntityACLTest.java
@@ -23,19 +23,25 @@
package caosdb.server.permissions;
import static org.junit.Assert.assertNotNull;
-
-import caosdb.server.CaosDBServer;
-import caosdb.server.resource.AbstractCaosDBServerResource;
-import caosdb.server.resource.AbstractCaosDBServerResource.XMLParser;
-import caosdb.server.utils.Utils;
+import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.util.BitSet;
import java.util.LinkedList;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
import org.jdom2.Element;
import org.jdom2.JDOMException;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
+import caosdb.server.CaosDBServer;
+import caosdb.server.accessControl.AnonymousAuthenticationToken;
+import caosdb.server.accessControl.AuthenticationUtils;
+import caosdb.server.accessControl.OneTimeAuthenticationToken;
+import caosdb.server.accessControl.OneTimeAuthenticationToken.Config;
+import caosdb.server.resource.AbstractCaosDBServerResource;
+import caosdb.server.resource.AbstractCaosDBServerResource.XMLParser;
+import caosdb.server.utils.Utils;
public class EntityACLTest {
@@ -50,6 +56,7 @@ public class EntityACLTest {
@BeforeClass
public static void init() throws IOException {
CaosDBServer.initServerProperties();
+ CaosDBServer.initShiro();
assertNotNull(EntityACL.GLOBAL_PERMISSIONS);
}
@@ -172,35 +179,35 @@ public class EntityACLTest {
Assert.assertEquals(convert(EntityACL.convert(EntityACL.OWNER_BITSET).get(1, 32)), 0);
}
- // @Test
- // public void testDeserialize() {
- // Assert.assertTrue(EntityACL.deserialize("{}") instanceof EntityACL);
- // Assert.assertTrue(EntityACL.deserialize("{tf:134}") instanceof
- // EntityACL);
- // Assert.assertTrue(EntityACL.deserialize("{tf:6343;bla:884}") instanceof
- // EntityACL);
- // Assert.assertTrue(EntityACL.deserialize("{tf:-2835;bla:884}") instanceof
- // EntityACL);
- // Assert.assertTrue(EntityACL.deserialize("{?OWNER?:526;tahsdh : -235;}")
- // instanceof EntityACL);
- // Assert.assertTrue(EntityACL.deserialize("{asdf:2345;}") instanceof
- // EntityACL);
- // Assert.assertTrue(raisesIllegalArguementException("{"));
- // Assert.assertTrue(raisesIllegalArguementException("}"));
- // Assert.assertTrue(raisesIllegalArguementException("{tf:}"));
- // Assert.assertTrue(raisesIllegalArguementException("{tf:;}"));
- // Assert.assertTrue(raisesIllegalArguementException("{:234}"));
- // Assert.assertTrue(raisesIllegalArguementException("{:234;}"));
- // Assert.assertTrue(raisesIllegalArguementException("{tf:tf;}"));
- // Assert.assertTrue(raisesIllegalArguementException("{tf: +5259;}"));
- // Assert.assertTrue(raisesIllegalArguementException("{tf;}"));
- // Assert.assertTrue(raisesIllegalArguementException("{tf:123223727356235782735235;}"));
- // }
-
- public boolean raisesIllegalArguementException(final String input) {
+ @Test
+ public void testDeserialize() {
+ Assert.assertTrue(EntityACL.deserialize("{}") instanceof EntityACL);
+ Assert.assertTrue(EntityACL.deserialize("{\"tf\":134}") instanceof
+ EntityACL);
+ Assert.assertTrue(EntityACL.deserialize("{\"tf\":6343,\"bla\":884}") instanceof
+ EntityACL);
+ Assert.assertTrue(EntityACL.deserialize("{\"tf\":-2835,\"bla\":884}") instanceof
+ EntityACL);
+ Assert.assertTrue(EntityACL.deserialize("{\"?OWNER?\":526,\"tahsdh \": -235}")
+ instanceof EntityACL);
+ Assert.assertTrue(EntityACL.deserialize("{\"asdf\":2345}") instanceof
+ EntityACL);
+ Assert.assertTrue(raisesIllegalStateException("{"));
+ Assert.assertTrue(raisesIllegalStateException("}"));
+ Assert.assertTrue(raisesIllegalStateException("{tf:}"));
+ Assert.assertTrue(raisesIllegalStateException("{tf:;}"));
+ Assert.assertTrue(raisesIllegalStateException("{:234}"));
+ Assert.assertTrue(raisesIllegalStateException("{:234;}"));
+ Assert.assertTrue(raisesIllegalStateException("{tf:tf;}"));
+ Assert.assertTrue(raisesIllegalStateException("{tf: +5259;}"));
+ Assert.assertTrue(raisesIllegalStateException("{tf;}"));
+ Assert.assertTrue(raisesIllegalStateException("{tf:123223727356235782735235;}"));
+ }
+
+ public boolean raisesIllegalStateException(final String input) {
try {
EntityACL.deserialize(input);
- } catch (final IllegalArgumentException e) {
+ } catch (final IllegalStateException e) {
return true;
}
return false;
@@ -211,135 +218,158 @@ public class EntityACLTest {
public Element stringToJdom(final String s) throws JDOMException, IOException {
return parser.parse(Utils.String2InputStream(s)).getRootElement();
}
+
+ @Test
+ public void testEntityACLForAnonymous() {
+ Subject anonymous = SecurityUtils.getSubject();
+ anonymous.login(AnonymousAuthenticationToken.getInstance());
+ assertTrue(AuthenticationUtils.isAnonymous(anonymous));
+ EntityACL acl =
+ EntityACL.getOwnerACLFor(anonymous);
+ assertNotNull(acl);
+ assertTrue(acl.getOwners().isEmpty());
+
+ }
- // @Test
- // public void testParseFromElement() throws JDOMException, IOException {
- // Assert.assertEquals("{}",
- // EntityACL.serialize(EntityACL.parseFromElement(stringToJdom("<ACL></ACL>"))));
- // Assert.assertEquals("{}", EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Grant></Grant></ACL>"))));
- // Assert.assertEquals("{}", EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Deny></Deny></ACL>"))));
- // Assert.assertEquals("{}", EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Grant role='bla'></Grant></ACL>"))));
- // Assert.assertEquals("{}", EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Deny role='bla'></Deny></ACL>"))));
- // Assert.assertEquals(
- // "{bla:2;}",
- // EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Grant role='bla'><Permission name='DELETE'
- // /></Grant></ACL>"))));
- // Assert.assertEquals(
- // "{bla:" + (Long.MIN_VALUE + 2) + ";}",
- // EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Deny role='bla'><Permission name='DELETE'
- // /></Deny></ACL>"))));
- // Assert.assertEquals(
- // "{bla:32;}",
- // EntityACL.serialize(EntityACL
- // .parseFromElement(stringToJdom("<ACL><Grant role='bla'><Permission name='RETRIEVE:ACL'
- // /></Grant></ACL>"))));
- // }
-
- // @Test
- // public void testFactory() {
- // final EntityACLFactory f = new EntityACLFactory();
- // f.grant("user1", "UPDATE:NAME");
- // Assert.assertTrue((f.create().isPermitted("user1",
- // EntityPermission.UPDATE_NAME)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.UPDATE_NAME)));
- // f.grant("user2", "DELETE");
- // Assert.assertFalse((f.create().isPermitted("user1",
- // EntityPermission.DELETE)));
- // Assert.assertTrue((f.create().isPermitted("user2",
- // EntityPermission.DELETE)));
- // f.deny("user2", 1);
- // f.deny("user1", 1);
- // Assert.assertFalse((f.create().isPermitted("user1",
- // EntityPermission.DELETE)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.DELETE)));
- // f.grant("user1", true, 1);
- // Assert.assertTrue((f.create().isPermitted("user1",
- // EntityPermission.DELETE)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.DELETE)));
- // f.deny("user2", true, 1);
- // Assert.assertTrue((f.create().isPermitted("user1",
- // EntityPermission.DELETE)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.DELETE)));
- // f.grant("user2", true, 1);
- // Assert.assertTrue((f.create().isPermitted("user1",
- // EntityPermission.DELETE)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.DELETE)));
- // f.deny("user1", true, 1);
- // Assert.assertFalse((f.create().isPermitted("user1",
- // EntityPermission.DELETE)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.DELETE)));
- // Assert.assertTrue((f.create().isPermitted("user1",
- // EntityPermission.UPDATE_NAME)));
- // Assert.assertFalse((f.create().isPermitted("user2",
- // EntityPermission.UPDATE_NAME)));
- // }
-
- // @Test
- // public void niceFactoryStuff() {
- // final EntityACLFactory f = new EntityACLFactory();
- // f.grant("user1", "*");
- // final EntityACL acl1 = f.create();
- // Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.EDIT_ACL));
- // Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.DELETE));
- // Assert.assertTrue(acl1.isPermitted("user1",
- // EntityPermission.RETRIEVE_ENTITY));
- // Assert.assertTrue(acl1.isPermitted("user1",
- // EntityPermission.UPDATE_DATA_TYPE));
- // Assert.assertTrue(acl1.isPermitted("user1",
- // EntityPermission.USE_AS_PROPERTY));
- //
- // f.grant("?OWNER?", "DELETE", "EDIT:ACL", "RETRIEVE:*", "UPDATE:*",
- // "USE:*");
- // f.grant("user2", "EDIT:ACL");
- // final EntityACL acl2 = f.create();
- // Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.EDIT_ACL));
- // Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.DELETE));
- // Assert.assertTrue(acl2.isPermitted("user2",
- // EntityPermission.RETRIEVE_ENTITY));
- // Assert.assertTrue(acl2.isPermitted("user2",
- // EntityPermission.UPDATE_DATA_TYPE));
- // Assert.assertTrue(acl2.isPermitted("user2",
- // EntityPermission.USE_AS_PROPERTY));
- //
- // }
-
- // @Test
- // public void testDeny() {
- // EntityACLFactory f = new EntityACLFactory();
- // f.deny("test", "DELETE");
- // Assert.assertFalse(f.create().isPermitted("test",
- // EntityPermission.DELETE));
- //
- // System.out.println(Utils.element2String(f.create().toElement()));
- //
- // System.out.println(Utils.element2String(EntityACL.GLOBAL_PERMISSIONS.toElement()));
- //
- // f.grant("test", "USE:*");
- // Assert.assertFalse(f.create().isPermitted("test",
- // EntityPermission.DELETE));
- //
- // System.out.println(Utils.element2String(f.create().toElement()));
- //
- // f = new EntityACLFactory();
- // f.grant(EntityACL.OTHER_ROLE, "RETRIEVE:*");
- // f.deny(EntityACL.OTHER_ROLE, "DELETE");
- // final EntityACL a = f.create();
- //
- // System.out.println(Utils.element2String(a.toElement()));
- //
- // System.out.println(Utils.element2String(EntityACL.deserialize(a.serialize()).toElement()));
- // }
+// @Test
+// public void testParseFromElement() throws JDOMException, IOException {
+// Assert.assertEquals("[]",
+// EntityACL.serialize(EntityACL.parseFromElement(stringToJdom("<ACL></ACL>"))));
+// Assert.assertEquals("[]", EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Grant></Grant></ACL>"))));
+// Assert.assertEquals("[]", EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Deny></Deny></ACL>"))));
+// Assert.assertEquals("[]", EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Grant role='bla'></Grant></ACL>"))));
+// Assert.assertEquals("[]", EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Deny role='bla'></Deny></ACL>"))));
+// Assert.assertEquals(
+// "{bla:2;}",
+// EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Grant role='bla'><Permission name='DELETE'/></Grant></ACL>"))));
+// Assert.assertEquals(
+// "{bla:" + (Long.MIN_VALUE + 2) + ";}",
+// EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Deny role='bla'><Permission name='DELETE' /></Deny></ACL>"))));
+// Assert.assertEquals(
+// "{bla:32;}",
+// EntityACL.serialize(EntityACL
+// .parseFromElement(stringToJdom("<ACL><Grant role='bla'><Permission name='RETRIEVE:ACL' /></Grant></ACL>"))));
+// }
+
+ @Test
+ public void testFactory() {
+ final EntityACLFactory f = new EntityACLFactory();
+
+ caosdb.server.permissions.Role role1 = caosdb.server.permissions.Role.create("role1");
+ Config config1 = new Config();
+ config1.setRoles(new String[] {role1.toString()});
+ OneTimeAuthenticationToken token1 = OneTimeAuthenticationToken.generate(config1);
+ Subject user1 = SecurityUtils.getSecurityManager().createSubject(null);
+ user1.login(token1);
+
+ caosdb.server.permissions.Role role2 = caosdb.server.permissions.Role.create("role2");
+ Config config2 = new Config();
+ config2.setRoles(new String[] {role2.toString()});
+ OneTimeAuthenticationToken token2 = OneTimeAuthenticationToken.generate(config2);
+ Subject user2 = SecurityUtils.getSecurityManager().createSubject(null);
+ user2.login(token2);
+
+ f.grant(role1, "UPDATE:NAME");
+ Assert.assertTrue((f.create().isPermitted(user1, EntityPermission.UPDATE_NAME)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.UPDATE_NAME)));
+ f.grant(role2, "DELETE");
+ Assert.assertFalse((f.create().isPermitted(user1,
+ EntityPermission.DELETE)));
+ Assert.assertTrue((f.create().isPermitted(user2,
+ EntityPermission.DELETE)));
+ f.deny(role2, 1);
+ f.deny(role1, 1);
+ Assert.assertFalse((f.create().isPermitted(user1,
+ EntityPermission.DELETE)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.DELETE)));
+ f.grant(role1, true, 1);
+ Assert.assertTrue((f.create().isPermitted(user1,
+ EntityPermission.DELETE)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.DELETE)));
+ f.deny(role2, true, 1);
+ Assert.assertTrue((f.create().isPermitted(user1,
+ EntityPermission.DELETE)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.DELETE)));
+ f.grant(role2, true, 1);
+ Assert.assertTrue((f.create().isPermitted(user1,
+ EntityPermission.DELETE)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.DELETE)));
+ f.deny(role1, true, 1);
+ Assert.assertFalse((f.create().isPermitted(user1,
+ EntityPermission.DELETE)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.DELETE)));
+ Assert.assertTrue((f.create().isPermitted(user1,
+ EntityPermission.UPDATE_NAME)));
+ Assert.assertFalse((f.create().isPermitted(user2,
+ EntityPermission.UPDATE_NAME)));
+ }
+
+// @Test
+// public void niceFactoryStuff() {
+// final EntityACLFactory f = new EntityACLFactory();
+// f.grant("user1", "*");
+// final EntityACL acl1 = f.create();
+// Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.EDIT_ACL));
+// Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.DELETE));
+// Assert.assertTrue(acl1.isPermitted("user1",
+// EntityPermission.RETRIEVE_ENTITY));
+// Assert.assertTrue(acl1.isPermitted("user1",
+// EntityPermission.UPDATE_DATA_TYPE));
+// Assert.assertTrue(acl1.isPermitted("user1",
+// EntityPermission.USE_AS_PROPERTY));
+//
+// f.grant("?OWNER?", "DELETE", "EDIT:ACL", "RETRIEVE:*", "UPDATE:*",
+// "USE:*");
+// f.grant("user2", "EDIT:ACL");
+// final EntityACL acl2 = f.create();
+// Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.EDIT_ACL));
+// Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.DELETE));
+// Assert.assertTrue(acl2.isPermitted("user2",
+// EntityPermission.RETRIEVE_ENTITY));
+// Assert.assertTrue(acl2.isPermitted("user2",
+// EntityPermission.UPDATE_DATA_TYPE));
+// Assert.assertTrue(acl2.isPermitted("user2",
+// EntityPermission.USE_AS_PROPERTY));
+//
+// }
+//
+// @Test
+// public void testDeny() {
+// EntityACLFactory f = new EntityACLFactory();
+// f.deny("test", "DELETE");
+// Assert.assertFalse(f.create().isPermitted("test",
+// EntityPermission.DELETE));
+//
+// System.out.println(Utils.element2String(f.create().toElement()));
+//
+// System.out.println(Utils.element2String(EntityACL.GLOBAL_PERMISSIONS.toElement()));
+//
+// f.grant("test", "USE:*");
+// Assert.assertFalse(f.create().isPermitted("test",
+// EntityPermission.DELETE));
+//
+// System.out.println(Utils.element2String(f.create().toElement()));
+//
+// f = new EntityACLFactory();
+// f.grant(EntityACL.OTHER_ROLE, "RETRIEVE:*");
+// f.deny(EntityACL.OTHER_ROLE, "DELETE");
+// final EntityACL a = f.create();
+//
+// System.out.println(Utils.element2String(a.toElement()));
+//
+// System.out.println(Utils.element2String(EntityACL.deserialize(a.serialize()).toElement()));
+// }
}
diff --git a/src/test/java/caosdb/server/resource/TestScriptingResource.java b/src/test/java/caosdb/server/resource/TestScriptingResource.java
index 67a64de84843ac790039bdedda9408009d45eb80..1a65947b06b5e3e8142ed79a23b336b5604a610d 100644
--- a/src/test/java/caosdb/server/resource/TestScriptingResource.java
+++ b/src/test/java/caosdb/server/resource/TestScriptingResource.java
@@ -23,25 +23,6 @@
package caosdb.server.resource;
import static org.junit.Assert.assertEquals;
-
-import caosdb.server.CaosDBServer;
-import caosdb.server.accessControl.AuthenticationUtils;
-import caosdb.server.accessControl.CredentialsValidator;
-import caosdb.server.accessControl.Principal;
-import caosdb.server.accessControl.Role;
-import caosdb.server.database.BackendTransaction;
-import caosdb.server.database.access.Access;
-import caosdb.server.database.backend.interfaces.RetrievePasswordValidatorImpl;
-import caosdb.server.database.backend.interfaces.RetrievePermissionRulesImpl;
-import caosdb.server.database.backend.interfaces.RetrieveRoleImpl;
-import caosdb.server.database.backend.interfaces.RetrieveUserImpl;
-import caosdb.server.database.exceptions.TransactionException;
-import caosdb.server.database.misc.TransactionBenchmark;
-import caosdb.server.database.proto.ProtoUser;
-import caosdb.server.entity.Message;
-import caosdb.server.permissions.PermissionRule;
-import caosdb.server.scripting.ScriptingPermissions;
-import caosdb.server.scripting.ServerSideScriptingCaller;
import java.io.IOException;
import java.util.Date;
import java.util.HashSet;
@@ -61,6 +42,24 @@ import org.restlet.data.Reference;
import org.restlet.data.Status;
import org.restlet.representation.Representation;
import org.restlet.representation.StringRepresentation;
+import caosdb.server.CaosDBServer;
+import caosdb.server.accessControl.AnonymousAuthenticationToken;
+import caosdb.server.accessControl.CredentialsValidator;
+import caosdb.server.accessControl.Principal;
+import caosdb.server.accessControl.Role;
+import caosdb.server.database.BackendTransaction;
+import caosdb.server.database.access.Access;
+import caosdb.server.database.backend.interfaces.RetrievePasswordValidatorImpl;
+import caosdb.server.database.backend.interfaces.RetrievePermissionRulesImpl;
+import caosdb.server.database.backend.interfaces.RetrieveRoleImpl;
+import caosdb.server.database.backend.interfaces.RetrieveUserImpl;
+import caosdb.server.database.exceptions.TransactionException;
+import caosdb.server.database.misc.TransactionBenchmark;
+import caosdb.server.database.proto.ProtoUser;
+import caosdb.server.entity.Message;
+import caosdb.server.permissions.PermissionRule;
+import caosdb.server.scripting.ScriptingPermissions;
+import caosdb.server.scripting.ServerSideScriptingCaller;
public class TestScriptingResource {
@@ -204,7 +203,7 @@ public class TestScriptingResource {
@Test
public void testAnonymousWithOutPermission() {
Subject user = SecurityUtils.getSubject();
- user.login(AuthenticationUtils.ANONYMOUS_USER);
+ user.login(AnonymousAuthenticationToken.getInstance());
Form form = new Form("call=anonymous_no_permission");
Representation entity = form.getWebRepresentation();
Request request = new Request(Method.POST, "../test", entity);
@@ -221,7 +220,7 @@ public class TestScriptingResource {
@Test
public void testAnonymousWithPermission() {
Subject user = SecurityUtils.getSubject();
- user.login(AuthenticationUtils.ANONYMOUS_USER);
+ user.login(AnonymousAuthenticationToken.getInstance());
Form form = new Form("call=anonymous_ok");
Representation entity = form.getWebRepresentation();
Request request = new Request(Method.POST, "../test", entity);
@@ -253,7 +252,7 @@ public class TestScriptingResource {
@Test
public void testHandleForm() throws Message, IOException {
Subject user = SecurityUtils.getSubject();
- user.login(AuthenticationUtils.ANONYMOUS_USER);
+ user.login(AnonymousAuthenticationToken.getInstance());
Form form = new Form("call=anonymous_ok");
assertEquals(0, resource.handleForm(form));
}