1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.authz.cass.hl;
\r
25 import static junit.framework.Assert.assertEquals;
\r
26 import static junit.framework.Assert.assertFalse;
\r
27 import static junit.framework.Assert.assertTrue;
\r
29 import java.security.Principal;
\r
30 import java.util.ArrayList;
\r
31 import java.util.Date;
\r
32 import java.util.List;
\r
34 import org.junit.AfterClass;
\r
35 import org.junit.BeforeClass;
\r
36 import org.junit.Test;
\r
37 import org.onap.aaf.authz.env.AuthzTrans;
\r
38 import org.onap.aaf.authz.layer.Result;
\r
39 import org.onap.aaf.dao.aaf.cass.NsDAO;
\r
40 import org.onap.aaf.dao.aaf.cass.PermDAO;
\r
41 import org.onap.aaf.dao.aaf.cass.RoleDAO;
\r
42 import org.onap.aaf.dao.aaf.cass.UserRoleDAO;
\r
43 import org.onap.aaf.dao.aaf.cass.NsDAO.Data;
\r
44 import org.onap.aaf.dao.aaf.hl.Question;
\r
45 import org.onap.aaf.dao.aaf.hl.Question.Access;
\r
46 import org.onap.aaf.dao.aaf.test.AbsJUCass;
\r
48 import org.onap.aaf.inno.env.Env;
\r
49 import org.onap.aaf.inno.env.TimeTaken;
\r
51 public class JU_Question extends AbsJUCass {
\r
53 private static final int EXPIRES_IN = 60000000;
\r
54 private static final String COM_TEST_JU = "com.test.ju_question";
\r
55 private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";
\r
56 private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";
\r
57 private static final String READ = "read";
\r
58 private static final int NFR_1 = 80;
\r
59 private static final int NFR_2 = 4000;
\r
60 private static final int ROLE_LEVEL1 = 1000;
\r
61 private static final int PERM_LEVEL1 = 1000;
\r
62 // private static final int PERM_LEVEL2 = 20;
\r
63 private static Question q;
\r
64 private static NsDAO.Data ndd;
\r
67 public static void startupBeforeClass() throws Exception {
\r
69 AuthzTrans trans = env.newTransNoAvg();
\r
70 q = new Question(trans,cluster,AUTHZ, false);
\r
71 ndd = new NsDAO.Data();
\r
72 ndd.name=COM_TEST_JU;
\r
74 ndd.parent="com.test";
\r
75 ndd.description="Temporary Namespace for JU_Question";
\r
76 q.nsDAO.create(trans, ndd);
\r
80 public static void endAfterClass() throws Exception {
\r
81 q.nsDAO.delete(trans, ndd,false);
\r
84 public void mayUserRead_EmptyPerm() {
\r
85 PermDAO.Data pdd = new PermDAO.Data();
\r
86 Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);
\r
87 assertFalse(result.isOK());
\r
91 public void mayUserRead_OnePermNotExist() {
\r
92 Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);
\r
93 assertFalse(result.isOK());
\r
94 assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
\r
98 public void mayUserRead_OnePermExistDenied() {
\r
99 PermDAO.Data perm = newPerm(0,0,READ);
\r
100 q.permDAO.create(trans,perm);
\r
102 Result<NsDAO.Data> result;
\r
103 TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
\r
105 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
\r
108 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
110 assertFalse(result.isOK());
\r
111 assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
\r
113 q.permDAO.delete(trans, perm, false);
\r
118 public void mayUserRead_OnePermOneRoleExistOK() {
\r
119 PermDAO.Data perm = newPerm(0,0,READ);
\r
120 RoleDAO.Data role = newRole(0,perm);
\r
121 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
\r
123 q.permDAO.create(trans,perm);
\r
124 q.roleDAO.create(trans,role);
\r
125 q.userRoleDAO.create(trans,ur);
\r
127 Result<NsDAO.Data> result;
\r
128 TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
\r
130 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
\r
133 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
135 assertTrue(result.isOK());
\r
137 q.permDAO.delete(trans, perm, false);
\r
138 q.roleDAO.delete(trans, role, false);
\r
139 q.userRoleDAO.delete(trans, ur, false);
\r
144 public void filter_OnePermOneRoleExistOK() {
\r
145 PermDAO.Data perm = newPerm(0,0,READ);
\r
146 RoleDAO.Data role = newRole(0,perm);
\r
147 UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);
\r
148 UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
\r
150 q.permDAO.create(trans,perm);
\r
151 q.roleDAO.create(trans,role);
\r
152 q.userRoleDAO.create(trans,ur1);
\r
153 q.userRoleDAO.create(trans,ur2);
\r
155 Result<List<PermDAO.Data>> pres;
\r
156 TimeTaken tt = trans.start("q.getPerms...", Env.SUB);
\r
158 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);
\r
161 trans.info().log("filter_OnePermOneRleExistOK",tt);
\r
162 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
164 assertTrue(pres.isOK());
\r
167 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
\r
170 trans.info().log("filter_OnePermOneRleExistOK No Value",tt);
\r
171 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
173 assertFalse(pres.isOKhasData());
\r
176 q.permDAO.delete(trans, perm, false);
\r
177 q.roleDAO.delete(trans, role, false);
\r
178 q.userRoleDAO.delete(trans, ur1, false);
\r
179 q.userRoleDAO.delete(trans, ur2, false);
\r
184 public void mayUserRead_OnePermMultiRoleExistOK() {
\r
185 PermDAO.Data perm = newPerm(0,0,READ);
\r
186 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
187 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
189 q.permDAO.create(trans,perm);
\r
190 for(int i=0;i<ROLE_LEVEL1;++i) {
\r
191 RoleDAO.Data role = newRole(i,perm);
\r
193 q.roleDAO.create(trans,role);
\r
195 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);
\r
197 q.userRoleDAO.create(trans,ur);
\r
200 Result<NsDAO.Data> result;
\r
201 TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);
\r
203 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
\r
206 env.info().log(tt,ROLE_LEVEL1,"iterations");
\r
207 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
209 assertTrue(result.isOK());
\r
211 q.permDAO.delete(trans, perm, false);
\r
212 for(RoleDAO.Data role : lrole) {
\r
213 q.roleDAO.delete(trans, role, false);
\r
215 for(UserRoleDAO.Data ur : lur) {
\r
216 q.userRoleDAO.delete(trans, ur, false);
\r
222 public void mayUserRead_MultiPermOneRoleExistOK() {
\r
223 RoleDAO.Data role = newRole(0);
\r
224 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
\r
225 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
227 for(int i=0;i<PERM_LEVEL1;++i) {
\r
228 lperm.add(newPerm(i,i,READ,role));
\r
230 q.roleDAO.create(trans, role);
\r
231 q.userRoleDAO.create(trans, ur);
\r
233 Result<NsDAO.Data> result;
\r
234 TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);
\r
236 result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);
\r
239 env.info().log(tt,PERM_LEVEL1,"iterations");
\r
240 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
242 assertTrue(result.isOK());
\r
244 for(PermDAO.Data perm : lperm) {
\r
245 q.permDAO.delete(trans, perm, false);
\r
247 q.roleDAO.delete(trans, role, false);
\r
248 q.userRoleDAO.delete(trans, ur, false);
\r
253 // public void mayUserRead_MultiPermMultiRoleExistOK() {
\r
254 // List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
255 // List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
256 // List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
259 // RoleDAO.Data role;
\r
260 // UserRoleDAO.Data ur;
\r
261 // for(int i=0;i<ROLE_LEVEL1;++i) {
\r
262 // lrole.add(role=newRole(i));
\r
263 // q.roleDAO.create(trans, role);
\r
264 // lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
\r
265 // q.userRoleDAO.create(trans, ur);
\r
266 // for(int j=0;j<PERM_LEVEL2;++j) {
\r
267 // lperm.add(newPerm(i,j,READ,role));
\r
271 // Result<NsDAO.Data> result;
\r
272 // TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);
\r
274 // result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);
\r
277 // env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");
\r
278 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
280 // assertTrue(result.isOK());
\r
282 // for(PermDAO.Data perm : lperm) {
\r
283 // q.permDAO.delete(trans, perm, false);
\r
285 // for(RoleDAO.Data role : lrole) {
\r
286 // q.roleDAO.delete(trans, role, false);
\r
288 // for(UserRoleDAO.Data ur : lur) {
\r
289 // q.userRoleDAO.delete(trans, ur, false);
\r
295 public void mayUserRead_MultiPermMultiRoleExist_10x10() {
\r
296 env.info().log("Original Filter Method 10x10");
\r
297 mayUserRead_MultiPermMultiRoleExist(10,10);
\r
298 env.info().log("New Filter Method 10x10");
\r
299 mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);
\r
303 public void mayUserRead_MultiPermMultiRoleExist_20x10() {
\r
304 env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");
\r
305 mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);
\r
309 public void mayUserRead_MultiPermMultiRoleExist_100x10() {
\r
310 env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");
\r
311 mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);
\r
315 public void mayUserRead_MultiPermMultiRoleExist_100x20() {
\r
316 env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");
\r
317 mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);
\r
321 public void mayUserRead_MultiPermMultiRoleExist_1000x20() {
\r
322 env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");
\r
323 mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);
\r
326 private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {
\r
327 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
328 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
329 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
330 load(roleLevel, permLevel, lperm,lrole,lur);
\r
333 Result<List<PermDAO.Data>> pres;
\r
334 trans.setUser(new Principal() {
\r
336 public String getName() {
\r
337 return JU9999_JU_TEST_COM;
\r
342 TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);
\r
344 TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);
\r
346 pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);
\r
349 env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);
\r
351 assertTrue(pres.isOK());
\r
352 tt = trans.start(" q.mayUser", Env.SUB);
\r
353 List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();
\r
356 for(PermDAO.Data p : pres.value) {
\r
357 Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);
\r
364 env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());
\r
365 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
367 // assertFalse(result.isOK());
\r
370 env.info().log(group," Original Validation Method (1st pass)");
\r
375 unload(lperm, lrole, lur);
\r
379 private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {
\r
380 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
381 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
382 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
383 load(roleLevel, permLevel, lperm,lrole,lur);
\r
387 Result<List<PermDAO.Data>> pres;
\r
388 TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);
\r
390 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
\r
393 env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
\r
394 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
396 // assertTrue(pres.isOKhasData());
\r
398 tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);
\r
400 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
\r
403 env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
\r
404 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
406 // assertTrue(pres.isOKhasData());
\r
409 unload(lperm, lrole, lur);
\r
414 private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
\r
416 UserRoleDAO.Data ur;
\r
419 int onethirdR=roleLevel/3;
\r
420 int twothirdR=onethirdR*2;
\r
421 int onethirdP=permLevel/3;
\r
422 int twothirdP=onethirdP*2;
\r
424 for(int i=0;i<roleLevel;++i) {
\r
425 lrole.add(role=newRole(i));
\r
426 if(i<onethirdR) { // one has
\r
427 lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
\r
428 q.userRoleDAO.create(trans, ur);
\r
429 for(int j=0;j<onethirdP;++j) {
\r
430 lperm.add(perm=newPerm(i,j,READ,role));
\r
431 q.permDAO.create(trans, perm);
\r
433 } else if(i<twothirdR) { // both have
\r
434 lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
\r
435 q.userRoleDAO.create(trans, ur);
\r
436 lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
\r
437 q.userRoleDAO.create(trans, ur);
\r
438 for(int j=onethirdP;j<twothirdP;++j) {
\r
439 lperm.add(perm=newPerm(i,j,READ,role));
\r
440 q.permDAO.create(trans, perm);
\r
442 } else { // other has
\r
443 lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
\r
444 q.userRoleDAO.create(trans, ur);
\r
445 for(int j=twothirdP;j<permLevel;++j) {
\r
446 lperm.add(perm=newPerm(i,j,READ,role));
\r
447 q.permDAO.create(trans, perm);
\r
450 q.roleDAO.create(trans, role);
\r
455 private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
\r
456 for(PermDAO.Data perm : lperm) {
\r
457 q.permDAO.delete(trans, perm, false);
\r
459 for(RoleDAO.Data role : lrole) {
\r
460 q.roleDAO.delete(trans, role, false);
\r
462 for(UserRoleDAO.Data ur : lur) {
\r
463 q.userRoleDAO.delete(trans, ur, false);
\r
467 private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {
\r
468 PermDAO.Data pdd = new PermDAO.Data();
\r
469 pdd.ns=COM_TEST_JU;
\r
470 pdd.type="myPerm"+permNum;
\r
471 pdd.instance="myInstance"+instNum;
\r
473 for(RoleDAO.Data r : grant) {
\r
474 pdd.roles(true).add(r.fullName());
\r
475 r.perms(true).add(pdd.encode());
\r
480 private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {
\r
481 RoleDAO.Data rdd = new RoleDAO.Data();
\r
482 rdd.ns = COM_TEST_JU+roleNum;
\r
483 rdd.name = "myRole"+roleNum;
\r
484 for(PermDAO.Data p : grant) {
\r
485 rdd.perms(true).add(p.encode());
\r
486 p.roles(true).add(rdd.fullName());
\r
491 private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {
\r
492 UserRoleDAO.Data urd = new UserRoleDAO.Data();
\r
495 urd.expires=new Date(System.currentTimeMillis()+offset);
\r