1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
22 package org.onap.aaf.auth.cass.hl;
24 import static junit.framework.Assert.assertEquals;
25 import static junit.framework.Assert.assertFalse;
26 import static junit.framework.Assert.assertTrue;
28 import java.util.ArrayList;
29 import java.util.Date;
30 import java.util.List;
32 import org.junit.AfterClass;
33 import org.junit.BeforeClass;
34 import org.junit.Test;
35 import org.onap.aaf.auth.dao.cass.NsDAO;
36 import org.onap.aaf.auth.dao.cass.PermDAO;
37 import org.onap.aaf.auth.dao.cass.RoleDAO;
38 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
39 import org.onap.aaf.auth.dao.cass.NsDAO.Data;
40 import org.onap.aaf.auth.dao.hl.Question;
41 import org.onap.aaf.auth.dao.hl.Question.Access;
42 import org.onap.aaf.auth.env.AuthzTrans;
43 import org.onap.aaf.auth.layer.Result;
44 import org.onap.aaf.cadi.principal.TaggedPrincipal;
45 import org.onap.aaf.misc.env.Env;
46 import org.onap.aaf.misc.env.TimeTaken;
48 import com.att.dao.aaf.test.AbsJUCass;
50 public class JU_Question extends AbsJUCass {
52 private static final int EXPIRES_IN = 60000000;
53 private static final String COM_TEST_JU = "com.test.ju_question";
54 private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";
55 private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";
56 private static final String READ = "read";
57 private static final int NFR_1 = 80;
58 private static final int NFR_2 = 4000;
59 private static final int ROLE_LEVEL1 = 1000;
60 private static final int PERM_LEVEL1 = 1000;
61 // private static final int PERM_LEVEL2 = 20;
62 private static Question q;
63 private static NsDAO.Data ndd;
66 public static void startupBeforeClass() throws Exception {
68 AuthzTrans trans = env.newTransNoAvg();
69 q = new Question(trans,cluster,AUTHZ, false);
70 ndd = new NsDAO.Data();
73 ndd.parent="com.test";
74 ndd.description="Temporary Namespace for JU_Question";
75 q.nsDAO.create(trans, ndd);
79 public static void endAfterClass() throws Exception {
80 q.nsDAO.delete(trans, ndd,false);
83 public void mayUserRead_EmptyPerm() {
84 PermDAO.Data pdd = new PermDAO.Data();
85 Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);
86 assertFalse(result.isOK());
90 public void mayUserRead_OnePermNotExist() {
91 Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);
92 assertFalse(result.isOK());
93 assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
97 public void mayUserRead_OnePermExistDenied() {
98 PermDAO.Data perm = newPerm(0,0,READ);
99 q.permDAO.create(trans,perm);
101 Result<NsDAO.Data> result;
102 TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
104 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
107 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
109 assertFalse(result.isOK());
110 assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
112 q.permDAO.delete(trans, perm, false);
117 public void mayUserRead_OnePermOneRoleExistOK() {
118 PermDAO.Data perm = newPerm(0,0,READ);
119 RoleDAO.Data role = newRole(0,perm);
120 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
122 q.permDAO.create(trans,perm);
123 q.roleDAO.create(trans,role);
124 q.userRoleDAO.create(trans,ur);
126 Result<NsDAO.Data> result;
127 TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
129 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
132 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
134 assertTrue(result.isOK());
136 q.permDAO.delete(trans, perm, false);
137 q.roleDAO.delete(trans, role, false);
138 q.userRoleDAO.delete(trans, ur, false);
143 public void filter_OnePermOneRoleExistOK() {
144 PermDAO.Data perm = newPerm(0,0,READ);
145 RoleDAO.Data role = newRole(0,perm);
146 UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);
147 UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
149 q.permDAO.create(trans,perm);
150 q.roleDAO.create(trans,role);
151 q.userRoleDAO.create(trans,ur1);
152 q.userRoleDAO.create(trans,ur2);
154 Result<List<PermDAO.Data>> pres;
155 TimeTaken tt = trans.start("q.getPerms...", Env.SUB);
157 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);
160 trans.info().log("filter_OnePermOneRleExistOK",tt);
161 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
163 assertTrue(pres.isOK());
166 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
169 trans.info().log("filter_OnePermOneRleExistOK No Value",tt);
170 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
172 assertFalse(pres.isOKhasData());
175 q.permDAO.delete(trans, perm, false);
176 q.roleDAO.delete(trans, role, false);
177 q.userRoleDAO.delete(trans, ur1, false);
178 q.userRoleDAO.delete(trans, ur2, false);
183 public void mayUserRead_OnePermMultiRoleExistOK() {
184 PermDAO.Data perm = newPerm(0,0,READ);
185 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
186 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
188 q.permDAO.create(trans,perm);
189 for(int i=0;i<ROLE_LEVEL1;++i) {
190 RoleDAO.Data role = newRole(i,perm);
192 q.roleDAO.create(trans,role);
194 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);
196 q.userRoleDAO.create(trans,ur);
199 Result<NsDAO.Data> result;
200 TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);
202 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
205 env.info().log(tt,ROLE_LEVEL1,"iterations");
206 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
208 assertTrue(result.isOK());
210 q.permDAO.delete(trans, perm, false);
211 for(RoleDAO.Data role : lrole) {
212 q.roleDAO.delete(trans, role, false);
214 for(UserRoleDAO.Data ur : lur) {
215 q.userRoleDAO.delete(trans, ur, false);
221 public void mayUserRead_MultiPermOneRoleExistOK() {
222 RoleDAO.Data role = newRole(0);
223 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
224 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
226 for(int i=0;i<PERM_LEVEL1;++i) {
227 lperm.add(newPerm(i,i,READ,role));
229 q.roleDAO.create(trans, role);
230 q.userRoleDAO.create(trans, ur);
232 Result<NsDAO.Data> result;
233 TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);
235 result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);
238 env.info().log(tt,PERM_LEVEL1,"iterations");
239 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
241 assertTrue(result.isOK());
243 for(PermDAO.Data perm : lperm) {
244 q.permDAO.delete(trans, perm, false);
246 q.roleDAO.delete(trans, role, false);
247 q.userRoleDAO.delete(trans, ur, false);
252 // public void mayUserRead_MultiPermMultiRoleExistOK() {
253 // List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
254 // List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
255 // List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
258 // RoleDAO.Data role;
259 // UserRoleDAO.Data ur;
260 // for(int i=0;i<ROLE_LEVEL1;++i) {
261 // lrole.add(role=newRole(i));
262 // q.roleDAO.create(trans, role);
263 // lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
264 // q.userRoleDAO.create(trans, ur);
265 // for(int j=0;j<PERM_LEVEL2;++j) {
266 // lperm.add(newPerm(i,j,READ,role));
270 // Result<NsDAO.Data> result;
271 // TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);
273 // result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);
276 // env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");
277 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
279 // assertTrue(result.isOK());
281 // for(PermDAO.Data perm : lperm) {
282 // q.permDAO.delete(trans, perm, false);
284 // for(RoleDAO.Data role : lrole) {
285 // q.roleDAO.delete(trans, role, false);
287 // for(UserRoleDAO.Data ur : lur) {
288 // q.userRoleDAO.delete(trans, ur, false);
294 public void mayUserRead_MultiPermMultiRoleExist_10x10() {
295 env.info().log("Original Filter Method 10x10");
296 mayUserRead_MultiPermMultiRoleExist(10,10);
297 env.info().log("New Filter Method 10x10");
298 mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);
302 public void mayUserRead_MultiPermMultiRoleExist_20x10() {
303 env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");
304 mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);
308 public void mayUserRead_MultiPermMultiRoleExist_100x10() {
309 env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");
310 mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);
314 public void mayUserRead_MultiPermMultiRoleExist_100x20() {
315 env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");
316 mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);
320 public void mayUserRead_MultiPermMultiRoleExist_1000x20() {
321 env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");
322 mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);
325 private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {
326 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
327 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
328 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
329 load(roleLevel, permLevel, lperm,lrole,lur);
332 Result<List<PermDAO.Data>> pres;
333 trans.setUser(new TaggedPrincipal() {
335 public String getName() {
336 return JU9999_JU_TEST_COM;
340 public String tag() {
345 public String personalName() {
346 return JU9998_JU_TEST_COM;
351 TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);
353 TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);
355 pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);
358 env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);
360 assertTrue(pres.isOK());
361 tt = trans.start(" q.mayUser", Env.SUB);
362 List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();
365 for(PermDAO.Data p : pres.value) {
366 Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);
373 env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());
374 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
376 // assertFalse(result.isOK());
379 env.info().log(group," Original Validation Method (1st pass)");
384 unload(lperm, lrole, lur);
388 private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {
389 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
390 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
391 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
392 load(roleLevel, permLevel, lperm,lrole,lur);
396 Result<List<PermDAO.Data>> pres;
397 TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);
399 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
402 env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
403 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
405 // assertTrue(pres.isOKhasData());
407 tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);
409 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
412 env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
413 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
415 // assertTrue(pres.isOKhasData());
418 unload(lperm, lrole, lur);
423 private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
428 int onethirdR=roleLevel/3;
429 int twothirdR=onethirdR*2;
430 int onethirdP=permLevel/3;
431 int twothirdP=onethirdP*2;
433 for(int i=0;i<roleLevel;++i) {
434 lrole.add(role=newRole(i));
435 if(i<onethirdR) { // one has
436 lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
437 q.userRoleDAO.create(trans, ur);
438 for(int j=0;j<onethirdP;++j) {
439 lperm.add(perm=newPerm(i,j,READ,role));
440 q.permDAO.create(trans, perm);
442 } else if(i<twothirdR) { // both have
443 lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
444 q.userRoleDAO.create(trans, ur);
445 lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
446 q.userRoleDAO.create(trans, ur);
447 for(int j=onethirdP;j<twothirdP;++j) {
448 lperm.add(perm=newPerm(i,j,READ,role));
449 q.permDAO.create(trans, perm);
451 } else { // other has
452 lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
453 q.userRoleDAO.create(trans, ur);
454 for(int j=twothirdP;j<permLevel;++j) {
455 lperm.add(perm=newPerm(i,j,READ,role));
456 q.permDAO.create(trans, perm);
459 q.roleDAO.create(trans, role);
464 private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
465 for(PermDAO.Data perm : lperm) {
466 q.permDAO.delete(trans, perm, false);
468 for(RoleDAO.Data role : lrole) {
469 q.roleDAO.delete(trans, role, false);
471 for(UserRoleDAO.Data ur : lur) {
472 q.userRoleDAO.delete(trans, ur, false);
476 private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {
477 PermDAO.Data pdd = new PermDAO.Data();
479 pdd.type="myPerm"+permNum;
480 pdd.instance="myInstance"+instNum;
482 for(RoleDAO.Data r : grant) {
483 pdd.roles(true).add(r.fullName());
484 r.perms(true).add(pdd.encode());
489 private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {
490 RoleDAO.Data rdd = new RoleDAO.Data();
491 rdd.ns = COM_TEST_JU+roleNum;
492 rdd.name = "myRole"+roleNum;
493 for(PermDAO.Data p : grant) {
494 rdd.perms(true).add(p.encode());
495 p.roles(true).add(rdd.fullName());
500 private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {
501 UserRoleDAO.Data urd = new UserRoleDAO.Data();
504 urd.expires=new Date(System.currentTimeMillis()+offset);
Code Review / aaf / authz.git / blob