+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.authz.cass.hl;\r
-\r
-import static junit.framework.Assert.assertEquals;\r
-import static junit.framework.Assert.assertFalse;\r
-import static junit.framework.Assert.assertTrue;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.List;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.BeforeClass;\r
-import org.junit.Test;\r
-\r
-import com.att.authz.env.AuthzTrans;\r
-import com.att.authz.layer.Result;\r
-import com.att.dao.aaf.cass.NsDAO;\r
-import com.att.dao.aaf.cass.NsDAO.Data;\r
-import com.att.dao.aaf.cass.PermDAO;\r
-import com.att.dao.aaf.cass.RoleDAO;\r
-import com.att.dao.aaf.cass.UserRoleDAO;\r
-import com.att.dao.aaf.hl.Question;\r
-import com.att.dao.aaf.hl.Question.Access;\r
-import com.att.dao.aaf.test.AbsJUCass;\r
-import com.att.inno.env.Env;\r
-import com.att.inno.env.TimeTaken;\r
-\r
-public class JU_Question extends AbsJUCass {\r
-\r
- private static final int EXPIRES_IN = 60000000;\r
- private static final String COM_TEST_JU = "com.test.ju_question";\r
- private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";\r
- private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";\r
- private static final String READ = "read";\r
- private static final int NFR_1 = 80;\r
- private static final int NFR_2 = 4000;\r
- private static final int ROLE_LEVEL1 = 1000;\r
- private static final int PERM_LEVEL1 = 1000;\r
-// private static final int PERM_LEVEL2 = 20;\r
- private static Question q;\r
- private static NsDAO.Data ndd;\r
-\r
- @BeforeClass\r
- public static void startupBeforeClass() throws Exception {\r
- details=false;\r
- AuthzTrans trans = env.newTransNoAvg();\r
- q = new Question(trans,cluster,AUTHZ, false);\r
- ndd = new NsDAO.Data();\r
- ndd.name=COM_TEST_JU;\r
- ndd.type=3; // app\r
- ndd.parent="com.test";\r
- ndd.description="Temporary Namespace for JU_Question";\r
- q.nsDAO.create(trans, ndd);\r
- }\r
- \r
- @AfterClass\r
- public static void endAfterClass() throws Exception {\r
- q.nsDAO.delete(trans, ndd,false);\r
- }\r
-// @Test\r
- public void mayUserRead_EmptyPerm() {\r
- PermDAO.Data pdd = new PermDAO.Data();\r
- Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);\r
- assertFalse(result.isOK());\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_OnePermNotExist() {\r
- Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);\r
- assertFalse(result.isOK());\r
- assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());\r
- }\r
- \r
-// @Test\r
- public void mayUserRead_OnePermExistDenied() {\r
- PermDAO.Data perm = newPerm(0,0,READ);\r
- q.permDAO.create(trans,perm);\r
- try {\r
- Result<NsDAO.Data> result;\r
- TimeTaken tt = trans.start("q.mayUser...", Env.SUB);\r
- try {\r
- result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
- } finally {\r
- tt.done();\r
- assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
- }\r
- assertFalse(result.isOK());\r
- assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());\r
- } finally {\r
- q.permDAO.delete(trans, perm, false);\r
- }\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_OnePermOneRoleExistOK() {\r
- PermDAO.Data perm = newPerm(0,0,READ);\r
- RoleDAO.Data role = newRole(0,perm);\r
- UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
- try {\r
- q.permDAO.create(trans,perm);\r
- q.roleDAO.create(trans,role);\r
- q.userRoleDAO.create(trans,ur);\r
- \r
- Result<NsDAO.Data> result;\r
- TimeTaken tt = trans.start("q.mayUser...", Env.SUB);\r
- try {\r
- result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
- } finally {\r
- tt.done();\r
- assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
- }\r
- assertTrue(result.isOK());\r
- } finally {\r
- q.permDAO.delete(trans, perm, false);\r
- q.roleDAO.delete(trans, role, false);\r
- q.userRoleDAO.delete(trans, ur, false);\r
- }\r
- }\r
-\r
-// @Test\r
- public void filter_OnePermOneRoleExistOK() {\r
- PermDAO.Data perm = newPerm(0,0,READ);\r
- RoleDAO.Data role = newRole(0,perm);\r
- UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);\r
- UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
- try {\r
- q.permDAO.create(trans,perm);\r
- q.roleDAO.create(trans,role);\r
- q.userRoleDAO.create(trans,ur1);\r
- q.userRoleDAO.create(trans,ur2);\r
- \r
- Result<List<PermDAO.Data>> pres;\r
- TimeTaken tt = trans.start("q.getPerms...", Env.SUB);\r
- try {\r
- pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);\r
- } finally {\r
- tt.done();\r
- trans.info().log("filter_OnePermOneRleExistOK",tt);\r
- assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
- }\r
- assertTrue(pres.isOK());\r
- \r
- try {\r
- pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
- } finally {\r
- tt.done();\r
- trans.info().log("filter_OnePermOneRleExistOK No Value",tt);\r
- assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
- }\r
- assertFalse(pres.isOKhasData());\r
-\r
- } finally {\r
- q.permDAO.delete(trans, perm, false);\r
- q.roleDAO.delete(trans, role, false);\r
- q.userRoleDAO.delete(trans, ur1, false);\r
- q.userRoleDAO.delete(trans, ur2, false);\r
- }\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_OnePermMultiRoleExistOK() {\r
- PermDAO.Data perm = newPerm(0,0,READ);\r
- List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
- List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
- try {\r
- q.permDAO.create(trans,perm);\r
- for(int i=0;i<ROLE_LEVEL1;++i) {\r
- RoleDAO.Data role = newRole(i,perm);\r
- lrole.add(role);\r
- q.roleDAO.create(trans,role);\r
- \r
- UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);\r
- lur.add(ur);\r
- q.userRoleDAO.create(trans,ur);\r
- }\r
- \r
- Result<NsDAO.Data> result;\r
- TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);\r
- try {\r
- result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
- } finally {\r
- tt.done();\r
- env.info().log(tt,ROLE_LEVEL1,"iterations");\r
- assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
- }\r
- assertTrue(result.isOK());\r
- } finally {\r
- q.permDAO.delete(trans, perm, false);\r
- for(RoleDAO.Data role : lrole) {\r
- q.roleDAO.delete(trans, role, false);\r
- }\r
- for(UserRoleDAO.Data ur : lur) {\r
- q.userRoleDAO.delete(trans, ur, false);\r
- }\r
- }\r
- }\r
-\r
- @Test\r
- public void mayUserRead_MultiPermOneRoleExistOK() {\r
- RoleDAO.Data role = newRole(0);\r
- UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
- List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
- try {\r
- for(int i=0;i<PERM_LEVEL1;++i) {\r
- lperm.add(newPerm(i,i,READ,role));\r
- }\r
- q.roleDAO.create(trans, role);\r
- q.userRoleDAO.create(trans, ur);\r
- \r
- Result<NsDAO.Data> result;\r
- TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);\r
- try {\r
- result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);\r
- } finally {\r
- tt.done();\r
- env.info().log(tt,PERM_LEVEL1,"iterations");\r
- assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
- }\r
- assertTrue(result.isOK());\r
- } finally {\r
- for(PermDAO.Data perm : lperm) {\r
- q.permDAO.delete(trans, perm, false);\r
- }\r
- q.roleDAO.delete(trans, role, false);\r
- q.userRoleDAO.delete(trans, ur, false);\r
- }\r
- }\r
-\r
-//// @Test\r
-// public void mayUserRead_MultiPermMultiRoleExistOK() {\r
-// List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
-// List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
-// List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
-//\r
-// try {\r
-// RoleDAO.Data role;\r
-// UserRoleDAO.Data ur;\r
-// for(int i=0;i<ROLE_LEVEL1;++i) {\r
-// lrole.add(role=newRole(i));\r
-// q.roleDAO.create(trans, role);\r
-// lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
-// q.userRoleDAO.create(trans, ur);\r
-// for(int j=0;j<PERM_LEVEL2;++j) {\r
-// lperm.add(newPerm(i,j,READ,role));\r
-// }\r
-// }\r
-// \r
-// Result<NsDAO.Data> result;\r
-// TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);\r
-// try {\r
-// result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);\r
-// } finally {\r
-// tt.done();\r
-// env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");\r
-// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
-// }\r
-// assertTrue(result.isOK());\r
-// } finally {\r
-// for(PermDAO.Data perm : lperm) {\r
-// q.permDAO.delete(trans, perm, false);\r
-// }\r
-// for(RoleDAO.Data role : lrole) {\r
-// q.roleDAO.delete(trans, role, false);\r
-// }\r
-// for(UserRoleDAO.Data ur : lur) {\r
-// q.userRoleDAO.delete(trans, ur, false);\r
-// }\r
-// }\r
-// }\r
-\r
- @Test\r
- public void mayUserRead_MultiPermMultiRoleExist_10x10() {\r
- env.info().log("Original Filter Method 10x10");\r
- mayUserRead_MultiPermMultiRoleExist(10,10);\r
- env.info().log("New Filter Method 10x10");\r
- mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_MultiPermMultiRoleExist_20x10() {\r
- env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");\r
- mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_MultiPermMultiRoleExist_100x10() {\r
- env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");\r
- mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_MultiPermMultiRoleExist_100x20() {\r
- env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");\r
- mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);\r
- }\r
-\r
-// @Test\r
- public void mayUserRead_MultiPermMultiRoleExist_1000x20() {\r
- env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");\r
- mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);\r
- }\r
-\r
- private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {\r
- List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
- List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
- List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
- load(roleLevel, permLevel, lperm,lrole,lur);\r
-\r
-\r
- Result<List<PermDAO.Data>> pres;\r
- trans.setUser(new Principal() {\r
- @Override\r
- public String getName() {\r
- return JU9999_JU_TEST_COM;\r
- }\r
- });\r
-\r
- try {\r
- TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);\r
- try {\r
- TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);\r
- try {\r
- pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);\r
- } finally {\r
- tt.done();\r
- env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);\r
- }\r
- assertTrue(pres.isOK());\r
- tt = trans.start(" q.mayUser", Env.SUB);\r
- List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();\r
- \r
- try {\r
- for(PermDAO.Data p : pres.value) {\r
- Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);\r
- if(r.isOK()) {\r
- reduced.add(p);\r
- }\r
- }\r
- } finally {\r
- tt.done();\r
- env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());\r
- // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
- }\r
- // assertFalse(result.isOK());\r
- } finally {\r
- group.done();\r
- env.info().log(group," Original Validation Method (1st pass)");\r
- }\r
- \r
-\r
- } finally {\r
- unload(lperm, lrole, lur);\r
- }\r
- }\r
-\r
- private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {\r
- List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
- List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
- List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
- load(roleLevel, permLevel, lperm,lrole,lur);\r
-\r
- try {\r
-\r
- Result<List<PermDAO.Data>> pres;\r
- TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);\r
- try {\r
- pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
- } finally {\r
- tt.done();\r
- env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");\r
-// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
- }\r
-// assertTrue(pres.isOKhasData());\r
-\r
- tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);\r
- try {\r
- pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
- } finally {\r
- tt.done();\r
- env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");\r
- assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
- }\r
-// assertTrue(pres.isOKhasData());\r
-\r
- } finally {\r
- unload(lperm, lrole, lur);\r
- }\r
- }\r
-\r
-\r
- private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {\r
- RoleDAO.Data role;\r
- UserRoleDAO.Data ur;\r
- PermDAO.Data perm;\r
- \r
- int onethirdR=roleLevel/3;\r
- int twothirdR=onethirdR*2;\r
- int onethirdP=permLevel/3;\r
- int twothirdP=onethirdP*2;\r
-\r
- for(int i=0;i<roleLevel;++i) {\r
- lrole.add(role=newRole(i));\r
- if(i<onethirdR) { // one has\r
- lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));\r
- q.userRoleDAO.create(trans, ur);\r
- for(int j=0;j<onethirdP;++j) {\r
- lperm.add(perm=newPerm(i,j,READ,role));\r
- q.permDAO.create(trans, perm);\r
- }\r
- } else if(i<twothirdR) { // both have\r
- lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));\r
- q.userRoleDAO.create(trans, ur);\r
- lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
- q.userRoleDAO.create(trans, ur);\r
- for(int j=onethirdP;j<twothirdP;++j) {\r
- lperm.add(perm=newPerm(i,j,READ,role));\r
- q.permDAO.create(trans, perm);\r
- }\r
- } else { // other has\r
- lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
- q.userRoleDAO.create(trans, ur);\r
- for(int j=twothirdP;j<permLevel;++j) {\r
- lperm.add(perm=newPerm(i,j,READ,role));\r
- q.permDAO.create(trans, perm);\r
- }\r
- }\r
- q.roleDAO.create(trans, role);\r
- }\r
-\r
- }\r
- \r
- private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {\r
- for(PermDAO.Data perm : lperm) {\r
- q.permDAO.delete(trans, perm, false);\r
- }\r
- for(RoleDAO.Data role : lrole) {\r
- q.roleDAO.delete(trans, role, false);\r
- }\r
- for(UserRoleDAO.Data ur : lur) {\r
- q.userRoleDAO.delete(trans, ur, false);\r
- }\r
-\r
- }\r
- private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {\r
- PermDAO.Data pdd = new PermDAO.Data();\r
- pdd.ns=COM_TEST_JU;\r
- pdd.type="myPerm"+permNum;\r
- pdd.instance="myInstance"+instNum;\r
- pdd.action=action;\r
- for(RoleDAO.Data r : grant) {\r
- pdd.roles(true).add(r.fullName());\r
- r.perms(true).add(pdd.encode());\r
- }\r
- return pdd;\r
- }\r
-\r
- private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {\r
- RoleDAO.Data rdd = new RoleDAO.Data();\r
- rdd.ns = COM_TEST_JU+roleNum;\r
- rdd.name = "myRole"+roleNum;\r
- for(PermDAO.Data p : grant) {\r
- rdd.perms(true).add(p.encode());\r
- p.roles(true).add(rdd.fullName());\r
- }\r
- return rdd;\r
- }\r
-\r
- private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {\r
- UserRoleDAO.Data urd = new UserRoleDAO.Data();\r
- urd.user=user;\r
- urd.role(role);\r
- urd.expires=new Date(System.currentTimeMillis()+offset);\r
- return urd;\r
- }\r
-\r
-\r
-}\r
Code Review / aaf / authz.git / blobdiff