1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.authz.cass.hl;
\r
26 import static junit.framework.Assert.assertEquals;
\r
27 import static junit.framework.Assert.assertFalse;
\r
28 import static junit.framework.Assert.assertTrue;
\r
30 import java.security.Principal;
\r
31 import java.util.ArrayList;
\r
32 import java.util.Date;
\r
33 import java.util.List;
\r
35 import org.junit.AfterClass;
\r
36 import org.junit.BeforeClass;
\r
37 import org.junit.Test;
\r
39 import com.att.authz.env.AuthzTrans;
\r
40 import com.att.authz.layer.Result;
\r
41 import com.att.dao.aaf.cass.NsDAO;
\r
42 import com.att.dao.aaf.cass.NsDAO.Data;
\r
43 import com.att.dao.aaf.cass.PermDAO;
\r
44 import com.att.dao.aaf.cass.RoleDAO;
\r
45 import com.att.dao.aaf.cass.UserRoleDAO;
\r
46 import com.att.dao.aaf.hl.Question;
\r
47 import com.att.dao.aaf.hl.Question.Access;
\r
48 import com.att.dao.aaf.test.AbsJUCass;
\r
49 import com.att.inno.env.Env;
\r
50 import com.att.inno.env.TimeTaken;
\r
52 public class JU_Question extends AbsJUCass {
\r
54 private static final int EXPIRES_IN = 60000000;
\r
55 private static final String COM_TEST_JU = "com.test.ju_question";
\r
56 private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";
\r
57 private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";
\r
58 private static final String READ = "read";
\r
59 private static final int NFR_1 = 80;
\r
60 private static final int NFR_2 = 4000;
\r
61 private static final int ROLE_LEVEL1 = 1000;
\r
62 private static final int PERM_LEVEL1 = 1000;
\r
63 // private static final int PERM_LEVEL2 = 20;
\r
64 private static Question q;
\r
65 private static NsDAO.Data ndd;
\r
68 public static void startupBeforeClass() throws Exception {
\r
70 AuthzTrans trans = env.newTransNoAvg();
\r
71 q = new Question(trans,cluster,AUTHZ, false);
\r
72 ndd = new NsDAO.Data();
\r
73 ndd.name=COM_TEST_JU;
\r
75 ndd.parent="com.test";
\r
76 ndd.description="Temporary Namespace for JU_Question";
\r
77 q.nsDAO.create(trans, ndd);
\r
81 public static void endAfterClass() throws Exception {
\r
82 q.nsDAO.delete(trans, ndd,false);
\r
85 public void mayUserRead_EmptyPerm() {
\r
86 PermDAO.Data pdd = new PermDAO.Data();
\r
87 Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);
\r
88 assertFalse(result.isOK());
\r
92 public void mayUserRead_OnePermNotExist() {
\r
93 Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);
\r
94 assertFalse(result.isOK());
\r
95 assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
\r
99 public void mayUserRead_OnePermExistDenied() {
\r
100 PermDAO.Data perm = newPerm(0,0,READ);
\r
101 q.permDAO.create(trans,perm);
\r
103 Result<NsDAO.Data> result;
\r
104 TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
\r
106 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
\r
109 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
111 assertFalse(result.isOK());
\r
112 assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
\r
114 q.permDAO.delete(trans, perm, false);
\r
119 public void mayUserRead_OnePermOneRoleExistOK() {
\r
120 PermDAO.Data perm = newPerm(0,0,READ);
\r
121 RoleDAO.Data role = newRole(0,perm);
\r
122 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
\r
124 q.permDAO.create(trans,perm);
\r
125 q.roleDAO.create(trans,role);
\r
126 q.userRoleDAO.create(trans,ur);
\r
128 Result<NsDAO.Data> result;
\r
129 TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
\r
131 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
\r
134 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
136 assertTrue(result.isOK());
\r
138 q.permDAO.delete(trans, perm, false);
\r
139 q.roleDAO.delete(trans, role, false);
\r
140 q.userRoleDAO.delete(trans, ur, false);
\r
145 public void filter_OnePermOneRoleExistOK() {
\r
146 PermDAO.Data perm = newPerm(0,0,READ);
\r
147 RoleDAO.Data role = newRole(0,perm);
\r
148 UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);
\r
149 UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
\r
151 q.permDAO.create(trans,perm);
\r
152 q.roleDAO.create(trans,role);
\r
153 q.userRoleDAO.create(trans,ur1);
\r
154 q.userRoleDAO.create(trans,ur2);
\r
156 Result<List<PermDAO.Data>> pres;
\r
157 TimeTaken tt = trans.start("q.getPerms...", Env.SUB);
\r
159 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);
\r
162 trans.info().log("filter_OnePermOneRleExistOK",tt);
\r
163 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
165 assertTrue(pres.isOK());
\r
168 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
\r
171 trans.info().log("filter_OnePermOneRleExistOK No Value",tt);
\r
172 assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
\r
174 assertFalse(pres.isOKhasData());
\r
177 q.permDAO.delete(trans, perm, false);
\r
178 q.roleDAO.delete(trans, role, false);
\r
179 q.userRoleDAO.delete(trans, ur1, false);
\r
180 q.userRoleDAO.delete(trans, ur2, false);
\r
185 public void mayUserRead_OnePermMultiRoleExistOK() {
\r
186 PermDAO.Data perm = newPerm(0,0,READ);
\r
187 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
188 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
190 q.permDAO.create(trans,perm);
\r
191 for(int i=0;i<ROLE_LEVEL1;++i) {
\r
192 RoleDAO.Data role = newRole(i,perm);
\r
194 q.roleDAO.create(trans,role);
\r
196 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);
\r
198 q.userRoleDAO.create(trans,ur);
\r
201 Result<NsDAO.Data> result;
\r
202 TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);
\r
204 result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
\r
207 env.info().log(tt,ROLE_LEVEL1,"iterations");
\r
208 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
210 assertTrue(result.isOK());
\r
212 q.permDAO.delete(trans, perm, false);
\r
213 for(RoleDAO.Data role : lrole) {
\r
214 q.roleDAO.delete(trans, role, false);
\r
216 for(UserRoleDAO.Data ur : lur) {
\r
217 q.userRoleDAO.delete(trans, ur, false);
\r
223 public void mayUserRead_MultiPermOneRoleExistOK() {
\r
224 RoleDAO.Data role = newRole(0);
\r
225 UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
\r
226 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
228 for(int i=0;i<PERM_LEVEL1;++i) {
\r
229 lperm.add(newPerm(i,i,READ,role));
\r
231 q.roleDAO.create(trans, role);
\r
232 q.userRoleDAO.create(trans, ur);
\r
234 Result<NsDAO.Data> result;
\r
235 TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);
\r
237 result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);
\r
240 env.info().log(tt,PERM_LEVEL1,"iterations");
\r
241 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
243 assertTrue(result.isOK());
\r
245 for(PermDAO.Data perm : lperm) {
\r
246 q.permDAO.delete(trans, perm, false);
\r
248 q.roleDAO.delete(trans, role, false);
\r
249 q.userRoleDAO.delete(trans, ur, false);
\r
254 // public void mayUserRead_MultiPermMultiRoleExistOK() {
\r
255 // List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
256 // List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
257 // List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
260 // RoleDAO.Data role;
\r
261 // UserRoleDAO.Data ur;
\r
262 // for(int i=0;i<ROLE_LEVEL1;++i) {
\r
263 // lrole.add(role=newRole(i));
\r
264 // q.roleDAO.create(trans, role);
\r
265 // lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
\r
266 // q.userRoleDAO.create(trans, ur);
\r
267 // for(int j=0;j<PERM_LEVEL2;++j) {
\r
268 // lperm.add(newPerm(i,j,READ,role));
\r
272 // Result<NsDAO.Data> result;
\r
273 // TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);
\r
275 // result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);
\r
278 // env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");
\r
279 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
281 // assertTrue(result.isOK());
\r
283 // for(PermDAO.Data perm : lperm) {
\r
284 // q.permDAO.delete(trans, perm, false);
\r
286 // for(RoleDAO.Data role : lrole) {
\r
287 // q.roleDAO.delete(trans, role, false);
\r
289 // for(UserRoleDAO.Data ur : lur) {
\r
290 // q.userRoleDAO.delete(trans, ur, false);
\r
296 public void mayUserRead_MultiPermMultiRoleExist_10x10() {
\r
297 env.info().log("Original Filter Method 10x10");
\r
298 mayUserRead_MultiPermMultiRoleExist(10,10);
\r
299 env.info().log("New Filter Method 10x10");
\r
300 mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);
\r
304 public void mayUserRead_MultiPermMultiRoleExist_20x10() {
\r
305 env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");
\r
306 mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);
\r
310 public void mayUserRead_MultiPermMultiRoleExist_100x10() {
\r
311 env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");
\r
312 mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);
\r
316 public void mayUserRead_MultiPermMultiRoleExist_100x20() {
\r
317 env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");
\r
318 mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);
\r
322 public void mayUserRead_MultiPermMultiRoleExist_1000x20() {
\r
323 env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");
\r
324 mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);
\r
327 private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {
\r
328 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
329 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
330 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
331 load(roleLevel, permLevel, lperm,lrole,lur);
\r
334 Result<List<PermDAO.Data>> pres;
\r
335 trans.setUser(new Principal() {
\r
337 public String getName() {
\r
338 return JU9999_JU_TEST_COM;
\r
343 TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);
\r
345 TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);
\r
347 pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);
\r
350 env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);
\r
352 assertTrue(pres.isOK());
\r
353 tt = trans.start(" q.mayUser", Env.SUB);
\r
354 List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();
\r
357 for(PermDAO.Data p : pres.value) {
\r
358 Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);
\r
365 env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());
\r
366 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
368 // assertFalse(result.isOK());
\r
371 env.info().log(group," Original Validation Method (1st pass)");
\r
376 unload(lperm, lrole, lur);
\r
380 private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {
\r
381 List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
\r
382 List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
\r
383 List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
\r
384 load(roleLevel, permLevel, lperm,lrole,lur);
\r
388 Result<List<PermDAO.Data>> pres;
\r
389 TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);
\r
391 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
\r
394 env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
\r
395 // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
397 // assertTrue(pres.isOKhasData());
\r
399 tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);
\r
401 pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
\r
404 env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
\r
405 assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
\r
407 // assertTrue(pres.isOKhasData());
\r
410 unload(lperm, lrole, lur);
\r
415 private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
\r
417 UserRoleDAO.Data ur;
\r
420 int onethirdR=roleLevel/3;
\r
421 int twothirdR=onethirdR*2;
\r
422 int onethirdP=permLevel/3;
\r
423 int twothirdP=onethirdP*2;
\r
425 for(int i=0;i<roleLevel;++i) {
\r
426 lrole.add(role=newRole(i));
\r
427 if(i<onethirdR) { // one has
\r
428 lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
\r
429 q.userRoleDAO.create(trans, ur);
\r
430 for(int j=0;j<onethirdP;++j) {
\r
431 lperm.add(perm=newPerm(i,j,READ,role));
\r
432 q.permDAO.create(trans, perm);
\r
434 } else if(i<twothirdR) { // both have
\r
435 lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
\r
436 q.userRoleDAO.create(trans, ur);
\r
437 lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
\r
438 q.userRoleDAO.create(trans, ur);
\r
439 for(int j=onethirdP;j<twothirdP;++j) {
\r
440 lperm.add(perm=newPerm(i,j,READ,role));
\r
441 q.permDAO.create(trans, perm);
\r
443 } else { // other has
\r
444 lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
\r
445 q.userRoleDAO.create(trans, ur);
\r
446 for(int j=twothirdP;j<permLevel;++j) {
\r
447 lperm.add(perm=newPerm(i,j,READ,role));
\r
448 q.permDAO.create(trans, perm);
\r
451 q.roleDAO.create(trans, role);
\r
456 private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
\r
457 for(PermDAO.Data perm : lperm) {
\r
458 q.permDAO.delete(trans, perm, false);
\r
460 for(RoleDAO.Data role : lrole) {
\r
461 q.roleDAO.delete(trans, role, false);
\r
463 for(UserRoleDAO.Data ur : lur) {
\r
464 q.userRoleDAO.delete(trans, ur, false);
\r
468 private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {
\r
469 PermDAO.Data pdd = new PermDAO.Data();
\r
470 pdd.ns=COM_TEST_JU;
\r
471 pdd.type="myPerm"+permNum;
\r
472 pdd.instance="myInstance"+instNum;
\r
474 for(RoleDAO.Data r : grant) {
\r
475 pdd.roles(true).add(r.fullName());
\r
476 r.perms(true).add(pdd.encode());
\r
481 private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {
\r
482 RoleDAO.Data rdd = new RoleDAO.Data();
\r
483 rdd.ns = COM_TEST_JU+roleNum;
\r
484 rdd.name = "myRole"+roleNum;
\r
485 for(PermDAO.Data p : grant) {
\r
486 rdd.perms(true).add(p.encode());
\r
487 p.roles(true).add(rdd.fullName());
\r
492 private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {
\r
493 UserRoleDAO.Data urd = new UserRoleDAO.Data();
\r
496 urd.expires=new Date(System.currentTimeMillis()+offset);
\r
Code Review / aaf / authz.git / blob