--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.authz.cass.hl;\r
+\r
+import static junit.framework.Assert.assertEquals;\r
+import static junit.framework.Assert.assertFalse;\r
+import static junit.framework.Assert.assertTrue;\r
+\r
+import java.security.Principal;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import org.junit.AfterClass;\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.onap.aaf.authz.env.AuthzTrans;\r
+import org.onap.aaf.authz.layer.Result;\r
+import org.onap.aaf.dao.aaf.cass.NsDAO;\r
+import org.onap.aaf.dao.aaf.cass.PermDAO;\r
+import org.onap.aaf.dao.aaf.cass.RoleDAO;\r
+import org.onap.aaf.dao.aaf.cass.UserRoleDAO;\r
+import org.onap.aaf.dao.aaf.cass.NsDAO.Data;\r
+import org.onap.aaf.dao.aaf.hl.Question;\r
+import org.onap.aaf.dao.aaf.hl.Question.Access;\r
+import org.onap.aaf.dao.aaf.test.AbsJUCass;\r
+\r
+import org.onap.aaf.inno.env.Env;\r
+import org.onap.aaf.inno.env.TimeTaken;\r
+\r
+public class JU_Question extends AbsJUCass {\r
+\r
+ private static final int EXPIRES_IN = 60000000;\r
+ private static final String COM_TEST_JU = "com.test.ju_question";\r
+ private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";\r
+ private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";\r
+ private static final String READ = "read";\r
+ private static final int NFR_1 = 80;\r
+ private static final int NFR_2 = 4000;\r
+ private static final int ROLE_LEVEL1 = 1000;\r
+ private static final int PERM_LEVEL1 = 1000;\r
+// private static final int PERM_LEVEL2 = 20;\r
+ private static Question q;\r
+ private static NsDAO.Data ndd;\r
+\r
+ @BeforeClass\r
+ public static void startupBeforeClass() throws Exception {\r
+ details=false;\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ q = new Question(trans,cluster,AUTHZ, false);\r
+ ndd = new NsDAO.Data();\r
+ ndd.name=COM_TEST_JU;\r
+ ndd.type=3; // app\r
+ ndd.parent="com.test";\r
+ ndd.description="Temporary Namespace for JU_Question";\r
+ q.nsDAO.create(trans, ndd);\r
+ }\r
+ \r
+ @AfterClass\r
+ public static void endAfterClass() throws Exception {\r
+ q.nsDAO.delete(trans, ndd,false);\r
+ }\r
+// @Test\r
+ public void mayUserRead_EmptyPerm() {\r
+ PermDAO.Data pdd = new PermDAO.Data();\r
+ Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);\r
+ assertFalse(result.isOK());\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_OnePermNotExist() {\r
+ Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);\r
+ assertFalse(result.isOK());\r
+ assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());\r
+ }\r
+ \r
+// @Test\r
+ public void mayUserRead_OnePermExistDenied() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ q.permDAO.create(trans,perm);\r
+ try {\r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("q.mayUser...", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
+ } finally {\r
+ tt.done();\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertFalse(result.isOK());\r
+ assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ }\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_OnePermOneRoleExistOK() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ RoleDAO.Data role = newRole(0,perm);\r
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
+ try {\r
+ q.permDAO.create(trans,perm);\r
+ q.roleDAO.create(trans,role);\r
+ q.userRoleDAO.create(trans,ur);\r
+ \r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("q.mayUser...", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
+ } finally {\r
+ tt.done();\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertTrue(result.isOK());\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ q.roleDAO.delete(trans, role, false);\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+ }\r
+\r
+// @Test\r
+ public void filter_OnePermOneRoleExistOK() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ RoleDAO.Data role = newRole(0,perm);\r
+ UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);\r
+ UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
+ try {\r
+ q.permDAO.create(trans,perm);\r
+ q.roleDAO.create(trans,role);\r
+ q.userRoleDAO.create(trans,ur1);\r
+ q.userRoleDAO.create(trans,ur2);\r
+ \r
+ Result<List<PermDAO.Data>> pres;\r
+ TimeTaken tt = trans.start("q.getPerms...", Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ trans.info().log("filter_OnePermOneRleExistOK",tt);\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertTrue(pres.isOK());\r
+ \r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ trans.info().log("filter_OnePermOneRleExistOK No Value",tt);\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertFalse(pres.isOKhasData());\r
+\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ q.roleDAO.delete(trans, role, false);\r
+ q.userRoleDAO.delete(trans, ur1, false);\r
+ q.userRoleDAO.delete(trans, ur2, false);\r
+ }\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_OnePermMultiRoleExistOK() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+ try {\r
+ q.permDAO.create(trans,perm);\r
+ for(int i=0;i<ROLE_LEVEL1;++i) {\r
+ RoleDAO.Data role = newRole(i,perm);\r
+ lrole.add(role);\r
+ q.roleDAO.create(trans,role);\r
+ \r
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);\r
+ lur.add(ur);\r
+ q.userRoleDAO.create(trans,ur);\r
+ }\r
+ \r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,ROLE_LEVEL1,"iterations");\r
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+ assertTrue(result.isOK());\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ for(RoleDAO.Data role : lrole) {\r
+ q.roleDAO.delete(trans, role, false);\r
+ }\r
+ for(UserRoleDAO.Data ur : lur) {\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+ }\r
+ }\r
+\r
+ @Test\r
+ public void mayUserRead_MultiPermOneRoleExistOK() {\r
+ RoleDAO.Data role = newRole(0);\r
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+ try {\r
+ for(int i=0;i<PERM_LEVEL1;++i) {\r
+ lperm.add(newPerm(i,i,READ,role));\r
+ }\r
+ q.roleDAO.create(trans, role);\r
+ q.userRoleDAO.create(trans, ur);\r
+ \r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,PERM_LEVEL1,"iterations");\r
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+ assertTrue(result.isOK());\r
+ } finally {\r
+ for(PermDAO.Data perm : lperm) {\r
+ q.permDAO.delete(trans, perm, false);\r
+ }\r
+ q.roleDAO.delete(trans, role, false);\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+ }\r
+\r
+//// @Test\r
+// public void mayUserRead_MultiPermMultiRoleExistOK() {\r
+// List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+// List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+// List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+//\r
+// try {\r
+// RoleDAO.Data role;\r
+// UserRoleDAO.Data ur;\r
+// for(int i=0;i<ROLE_LEVEL1;++i) {\r
+// lrole.add(role=newRole(i));\r
+// q.roleDAO.create(trans, role);\r
+// lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
+// q.userRoleDAO.create(trans, ur);\r
+// for(int j=0;j<PERM_LEVEL2;++j) {\r
+// lperm.add(newPerm(i,j,READ,role));\r
+// }\r
+// }\r
+// \r
+// Result<NsDAO.Data> result;\r
+// TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);\r
+// try {\r
+// result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);\r
+// } finally {\r
+// tt.done();\r
+// env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");\r
+// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+// }\r
+// assertTrue(result.isOK());\r
+// } finally {\r
+// for(PermDAO.Data perm : lperm) {\r
+// q.permDAO.delete(trans, perm, false);\r
+// }\r
+// for(RoleDAO.Data role : lrole) {\r
+// q.roleDAO.delete(trans, role, false);\r
+// }\r
+// for(UserRoleDAO.Data ur : lur) {\r
+// q.userRoleDAO.delete(trans, ur, false);\r
+// }\r
+// }\r
+// }\r
+\r
+ @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_10x10() {\r
+ env.info().log("Original Filter Method 10x10");\r
+ mayUserRead_MultiPermMultiRoleExist(10,10);\r
+ env.info().log("New Filter Method 10x10");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_20x10() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_100x10() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_100x20() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_1000x20() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);\r
+ }\r
+\r
+ private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {\r
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+ load(roleLevel, permLevel, lperm,lrole,lur);\r
+\r
+\r
+ Result<List<PermDAO.Data>> pres;\r
+ trans.setUser(new Principal() {\r
+ @Override\r
+ public String getName() {\r
+ return JU9999_JU_TEST_COM;\r
+ }\r
+ });\r
+\r
+ try {\r
+ TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);\r
+ try {\r
+ TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);\r
+ }\r
+ assertTrue(pres.isOK());\r
+ tt = trans.start(" q.mayUser", Env.SUB);\r
+ List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();\r
+ \r
+ try {\r
+ for(PermDAO.Data p : pres.value) {\r
+ Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);\r
+ if(r.isOK()) {\r
+ reduced.add(p);\r
+ }\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());\r
+ // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+ // assertFalse(result.isOK());\r
+ } finally {\r
+ group.done();\r
+ env.info().log(group," Original Validation Method (1st pass)");\r
+ }\r
+ \r
+\r
+ } finally {\r
+ unload(lperm, lrole, lur);\r
+ }\r
+ }\r
+\r
+ private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {\r
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+ load(roleLevel, permLevel, lperm,lrole,lur);\r
+\r
+ try {\r
+\r
+ Result<List<PermDAO.Data>> pres;\r
+ TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");\r
+// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+// assertTrue(pres.isOKhasData());\r
+\r
+ tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");\r
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+// assertTrue(pres.isOKhasData());\r
+\r
+ } finally {\r
+ unload(lperm, lrole, lur);\r
+ }\r
+ }\r
+\r
+\r
+ private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {\r
+ RoleDAO.Data role;\r
+ UserRoleDAO.Data ur;\r
+ PermDAO.Data perm;\r
+ \r
+ int onethirdR=roleLevel/3;\r
+ int twothirdR=onethirdR*2;\r
+ int onethirdP=permLevel/3;\r
+ int twothirdP=onethirdP*2;\r
+\r
+ for(int i=0;i<roleLevel;++i) {\r
+ lrole.add(role=newRole(i));\r
+ if(i<onethirdR) { // one has\r
+ lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ for(int j=0;j<onethirdP;++j) {\r
+ lperm.add(perm=newPerm(i,j,READ,role));\r
+ q.permDAO.create(trans, perm);\r
+ }\r
+ } else if(i<twothirdR) { // both have\r
+ lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ for(int j=onethirdP;j<twothirdP;++j) {\r
+ lperm.add(perm=newPerm(i,j,READ,role));\r
+ q.permDAO.create(trans, perm);\r
+ }\r
+ } else { // other has\r
+ lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ for(int j=twothirdP;j<permLevel;++j) {\r
+ lperm.add(perm=newPerm(i,j,READ,role));\r
+ q.permDAO.create(trans, perm);\r
+ }\r
+ }\r
+ q.roleDAO.create(trans, role);\r
+ }\r
+\r
+ }\r
+ \r
+ private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {\r
+ for(PermDAO.Data perm : lperm) {\r
+ q.permDAO.delete(trans, perm, false);\r
+ }\r
+ for(RoleDAO.Data role : lrole) {\r
+ q.roleDAO.delete(trans, role, false);\r
+ }\r
+ for(UserRoleDAO.Data ur : lur) {\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+\r
+ }\r
+ private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {\r
+ PermDAO.Data pdd = new PermDAO.Data();\r
+ pdd.ns=COM_TEST_JU;\r
+ pdd.type="myPerm"+permNum;\r
+ pdd.instance="myInstance"+instNum;\r
+ pdd.action=action;\r
+ for(RoleDAO.Data r : grant) {\r
+ pdd.roles(true).add(r.fullName());\r
+ r.perms(true).add(pdd.encode());\r
+ }\r
+ return pdd;\r
+ }\r
+\r
+ private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {\r
+ RoleDAO.Data rdd = new RoleDAO.Data();\r
+ rdd.ns = COM_TEST_JU+roleNum;\r
+ rdd.name = "myRole"+roleNum;\r
+ for(PermDAO.Data p : grant) {\r
+ rdd.perms(true).add(p.encode());\r
+ p.roles(true).add(rdd.fullName());\r
+ }\r
+ return rdd;\r
+ }\r
+\r
+ private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {\r
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();\r
+ urd.user=user;\r
+ urd.role(role);\r
+ urd.expires=new Date(System.currentTimeMillis()+offset);\r
+ return urd;\r
+ }\r
+\r
+\r
+}\r
Code Review / aaf / authz.git / blobdiff