/*
* Copyright 2010-2013 Ning, Inc.
*
* Ning licenses this file to you under the Apache License, version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/package com.ning.billing.util.security;
import javax.inject.Singleton;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.mockito.Mockito;
import org.skife.jdbi.v2.IDBI;
import org.testng.Assert;
import org.testng.annotations.Test;
import com.ning.billing.security.Permission;
import com.ning.billing.security.RequiresPermissions;
import com.ning.billing.util.UtilTestSuiteNoDB;
import com.ning.billing.util.glue.KillBillShiroAopModule;
import com.ning.billing.util.glue.KillBillShiroModule;
import com.ning.billing.util.glue.SecurityModule;
import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Stage;
import net.sf.ehcache.CacheManager;
publicclassTestPermissionAnnotationMethodInterceptorextendsUtilTestSuiteNoDB{
publicstaticinterfaceIAopTester{
@RequiresPermissions(Permission.PAYMENT_CAN_REFUND)
publicvoidcreateRefund();
}
publicstaticclassAopTesterImplimplementsIAopTester{
@OverridepublicvoidcreateRefund(){}
}
@SingletonpublicstaticclassAopTesterimplementsIAopTester{
@RequiresPermissions(Permission.PAYMENT_CAN_REFUND)
publicvoidcreateRefund(){}
}
@Test(groups = "fast")
publicvoidtestAOPForClass()throws Exception {
// Make sure it works as expected without any AOP magicfinal IAopTester simpleTester = new AopTester();
try {
simpleTester.createRefund();
} catch (Exception e) {
Assert.fail(e.getLocalizedMessage());
}
// Now, verify the interception works
configureShiro();
// Shutdown the cache manager to avoid duplicate exceptions
CacheManager.getInstance().shutdown();
final Injector injector = Guice.createInjector(Stage.PRODUCTION,
new KillBillShiroModule(),
new KillBillShiroAopModule(),
new SecurityModule(),
new AbstractModule() {
@Overrideprotectedvoidconfigure(){
bind(IDBI.class).toInstance(Mockito.mock(IDBI.class));
}
});
final AopTester aopedTester = injector.getInstance(AopTester.class);
verifyAopedTester(aopedTester);
}
@Test(groups = "fast")
publicvoidtestAOPForInterface()throws Exception {
// Make sure it works as expected without any AOP magicfinal IAopTester simpleTester = new AopTesterImpl();
try {
simpleTester.createRefund();
} catch (Exception e) {
Assert.fail(e.getLocalizedMessage());
}
// Now, verify the interception works
configureShiro();
// Shutdown the cache manager to avoid duplicate exceptions
CacheManager.getInstance().shutdown();
final Injector injector = Guice.createInjector(Stage.PRODUCTION,
new KillBillShiroModule(),
new KillBillShiroAopModule(),
new SecurityModule(),
new AbstractModule() {
@Overridepublicvoidconfigure(){
bind(IDBI.class).toInstance(Mockito.mock(IDBI.class));
bind(IAopTester.class).to(AopTesterImpl.class).asEagerSingleton();
}
});
final IAopTester aopedTester = injector.getInstance(IAopTester.class);
verifyAopedTester(aopedTester);
}
privatevoidverifyAopedTester(final IAopTester aopedTester){
// Anonymous user
logout();
try {
aopedTester.createRefund();
Assert.fail();
} catch (UnauthenticatedException e) {
// Good!
} catch (Exception e) {
Assert.fail(e.getLocalizedMessage());
}
// pierre can credit, but not refund
login("pierre");
try {
aopedTester.createRefund();
Assert.fail();
} catch (AuthorizationException e) {
// Good!
} catch (Exception e) {
Assert.fail(e.getLocalizedMessage());
}
// stephane can refund
login("stephane");
aopedTester.createRefund();
}
}