Home -> Security -> CAS -> HEAD -> Clover -> Org -> Globus -> Cas -> Impl -> Service

Clover coverage report - CAS Unit Tests Coverage timestamp: Mon Jul 4 2005 18:13:17 CDT Overview   Package   File     FRAMES   NO FRAMES   file stats: LOC: 1,184   Methods: 27 NCLOC: 971   Classes: 2
Source file	Conditionals	Statements	Methods	TOTAL
TestAssertionGeneration.java	0%	0%	0%	0%

1		/*
2		* Portions of this file Copyright 1999-2005 University of Chicago
3		* Portions of this file Copyright 1999-2005 The University of Southern California.
4		*
5		* This file or a portion of this file is licensed under the
6		* terms of the Globus Toolkit Public License, found at
7		* http://www.globus.org/toolkit/download/license.html.
8		* If you redistribute this file, with or without
9		* modifications, you must include this notice in the file.
10		*/
11		package org.globus.cas.impl.service;
12
13		import junit.framework.Test;
14		import junit.framework.TestCase;
15		import junit.framework.TestSuite;
16
17		import org.w3c.dom.Element;
18		import org.apache.axis.message.MessageElement;
19
20		import org.globus.cas.types.SAMLAuthzQueryType;
21		import org.globus.cas.types.ServiceTypeData;
22		import org.globus.cas.types.UserGroupData;
23		import org.globus.cas.types.PolicyData;
24		import org.globus.cas.types.UserData;
25		import org.globus.cas.types.ObjectData;
26		import org.globus.cas.types.NamespaceData;
27		import org.globus.cas.types.ObjectGroupData;
28		import org.globus.cas.types.GetAssertionParam;
29		import org.globus.cas.types.ArrayOfSAMLAuthzQueryType;
30
31		import org.globus.cas.impl.databaseAccess.ObjectDataHandler;
32		import org.globus.cas.impl.databaseAccess.UserDataHandler;
33		import org.globus.cas.impl.databaseAccess.ObjectGroupDataHandler;
34		import org.globus.cas.impl.databaseAccess.UserGroupDataHandler;
35		import org.globus.cas.impl.databaseAccess.ServiceTypeDataHandler;
36		import org.globus.cas.impl.databaseAccess.ServiceTypeActionHandler;
37		import org.globus.cas.impl.databaseAccess.PolicyDataHandler;
38		import org.globus.cas.impl.databaseAccess.NamespaceDataHandler;
39
40		import org.globus.cas.faults.NoPermissionFault;
41
42		import org.globus.cas.impl.CasConstants;
43
44		import org.globus.cas.CASPortType;
45		import org.globus.wsrf.impl.security.SecurityMessageElement;
46
47		import org.opensaml.SAMLAction;
48		import org.opensaml.SAMLSubject;
49		import org.opensaml.SAMLAssertion;
50		import org.opensaml.SAMLAuthorizationDecisionQuery;
51		import org.opensaml.SAMLAuthorizationDecisionStatement;
52
53		import java.io.FileInputStream;
54
55		import java.util.Properties;
56		import java.util.Iterator;
57		import java.util.Date;
58		import java.util.Calendar;
59		import java.util.Vector;
60
61		import org.apache.commons.logging.Log;
62		import org.apache.commons.logging.LogFactory;
63
64		public class TestAssertionGeneration extends TestCase {
65
66		static Log logger =
67		LogFactory.getLog(TestAssertionGeneration.class.getName());
68
69		static CASPortType casPort = null;
70
71		int maxAssertionLifetime = 24 * 60 * 60;
72		String objId = null;
73		String enrollAnchor = null;
74		String enrollUser = null;
75		String enrollNs = null;
76		String enrollObject = null;
77		String enrollService = null;
78		String createObjGp = null;
79		String createUserGp = null;
80		String createServiceActionGp = null;
81		String addGroupEntry = null;
82		String query = null;
83		SAMLSubject samlSubject = null;
84		Vector confMethods = null;
85
86	0	public TestAssertionGeneration(String name){
87	0	super(name);
88		}
89
90	0	public static Test suite() {
91	0	return new TestSuite(TestAssertionGeneration.class);
92		}
93
94	0	public static void
95		setParams(CASPortType casPort_) {
96	0	casPort = casPort_;
97		}
98
99	0	public void testAssertionGeneration() throws Exception {
100	0	initialSetup();
101	0	emptyAssertionsTest();
102	0	PopulateDB.addExternalObjects();
103	0	secondUserTest();
104	0	scenarioOneTest();
105	0	scenarioTwoTest();
106	0	scenarioThreeTest();
107	0	scenarioFourTest();
108	0	PopulateDB.scenarioFour(false);
109	0	PopulateDB.scenarioThree(false);
110	0	PopulateDB.scenarioTwo(false);
111	0	PopulateDB.scenarioOne(false);
112	0	PopulateDB.removeExternalObjects();
113		}
114
115		// Direct database minipulation to set up the db for testing
116	0	private void initialSetup() throws Exception {
117
118	0	String propFileName = System.getProperty("casTestProperties");
119	0	Properties prop = new Properties();
120	0	prop.load(new FileInputStream(propFileName));
121	0	String subjectName = prop.getProperty("user1SubjectDN");
122	0	String tempLifetime = prop.getProperty("maxAssertionLifetime");
123	0	if ((tempLifetime != null) && (!(tempLifetime.trim().equals("")))) {
124	0	maxAssertionLifetime = Integer.parseInt(tempLifetime);
125		} else {
126	0	logger.warn("Server's maximum lifetime value not set, "
127		+ "using default value. Test might fail");
128		}
129		// Construct subject
130	0	confMethods = new Vector(1);
131	0	confMethods.add(CasConstants.X509_CONFIRMATION_METHOD);
132	0	samlSubject = new SAMLSubject(subjectName,
133		TestConstants.defTrustNickDN,
134		CasConstants.X509_FORMAT,
135		confMethods, null, null);
136
137	0	objId =
138		Integer.toString(ObjectDataHandler.getObjectId(
139		CasConstants.OBJECT_SELF,
140		CasConstants.NAMESPACE_SELF));
141	0	enrollAnchor =
142		Integer.toString(ServiceTypeActionHandler.getServiceActionId(
143		CasConstants.SERVICETYPE_CAS,
144		CasConstants.ACTION_ENROLL_ANCHOR));
145	0	enrollUser =
146		Integer.toString(
147		ServiceTypeActionHandler.getServiceActionId(
148		CasConstants.SERVICETYPE_CAS,
149		CasConstants.ACTION_ENROLL_USER));
150	0	enrollNs = Integer.toString(
151		ServiceTypeActionHandler.getServiceActionId(
152		CasConstants.SERVICETYPE_CAS,
153		CasConstants.ACTION_ENROLL_NAMESPACE));
154	0	enrollObject = Integer.toString(
155		ServiceTypeActionHandler.getServiceActionId(
156		CasConstants.SERVICETYPE_CAS,
157		CasConstants.ACTION_ENROLL_OBJECT));
158	0	enrollService = Integer.toString(
159		ServiceTypeActionHandler.getServiceActionId(
160		CasConstants.SERVICETYPE_CAS,
161		CasConstants.ACTION_CREATE_SERVICE_TYPE));
162	0	createObjGp = Integer.toString(
163		ServiceTypeActionHandler.getServiceActionId(
164		CasConstants.SERVICETYPE_CAS,
165		CasConstants.ACTION_CREATE_OBJECT_GROUP));
166	0	createUserGp = Integer.toString(
167		ServiceTypeActionHandler.getServiceActionId(
168		CasConstants.SERVICETYPE_CAS,
169		CasConstants.ACTION_CREATE_USER_GROUP));
170	0	createServiceActionGp =
171		Integer.toString(
172		ServiceTypeActionHandler.getServiceActionId(
173		CasConstants.SERVICETYPE_CAS,
174		CasConstants.ACTION_CREATE_SERVICEACTION_GROUP));
175	0	addGroupEntry =
176		Integer.toString(ServiceTypeActionHandler.getServiceActionId(
177		CasConstants.SERVICETYPE_CAS,
178		CasConstants.ACTION_ADD_GROUP_ENTRY));
179
180	0	query =
181		Integer.toString(ServiceTypeActionHandler.getServiceActionId(
182		CasConstants.SERVICETYPE_CAS,
183		CasConstants.ACTION_QUERY));
184		}
185
186	0	private GetAssertionParam getAssertion(ArrayOfSAMLAuthzQueryType query,
187		int lifetime) {
188	0	GetAssertionParam getAssertion = new GetAssertionParam();
189	0	getAssertion.setLifetime(lifetime);
190	0	getAssertion.setSamlAuthzQuery(query);
191	0	return getAssertion;
192		}
193
194		// test null id returned when there are no valid policies
195		// test permissions to get assertion for another user
196	0	public void emptyAssertionsTest() throws Exception {
197
198	0	logger.debug("empty assertion test");
199	0	SAMLAuthorizationDecisionQuery samlAuthQuery =
200		constructMaxQuery(samlSubject);
201	0	SAMLAuthzQueryType samlQuery = new SAMLAuthzQueryType();
202	0	samlQuery.set_any(new MessageElement[] {
203		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
204	0	SAMLAuthzQueryType[] samlQueries = new SAMLAuthzQueryType[1];
205	0	samlQueries[0] = samlQuery;
206	0	ArrayOfSAMLAuthzQueryType arrayOfSamlAuthz =
207		new ArrayOfSAMLAuthzQueryType(samlQueries);
208	0	org.globus.cas.types.SAMLAssertion samlAssertion =
209		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
210	0	assertTrue(samlAssertion == null);
211
212		// resource - for CAS it would be name of obejct
213	0	String objectName = "casNamespace|casServer";
214
215		// Collection of actions to query on
216	0	Vector actions = new Vector();
217		// Conststruct an action
218	0	SAMLAction samlAction = new SAMLAction("cas", "nonExistant");
219	0	actions.add(samlAction);
220
221	0	samlAuthQuery =
222		new SAMLAuthorizationDecisionQuery(samlSubject, objectName,
223		actions, null);
224
225	0	samlQueries[0] = samlQuery;
226	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
227	0	samlAssertion =
228		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,100));
229	0	assertTrue(samlAssertion == null);
230
231	0	logger.debug("empty assertion test done");
232		}
233
234	0	public void secondUserTest() throws Exception {
235
236		// Add another user
237	0	String secondUserNick = "secondUser";
238	0	String secondUserDN = "dummy DN";
239	0	UserData userData = new UserData();
240	0	userData.setNickname(secondUserNick);
241	0	userData.setSubjectName(secondUserDN);
242	0	userData.setTrustAnchorName(TestConstants.defTrustNick);
243	0	UserDataHandler.storeObject(userData);
244
245		// Add to user group with name userGroup1
246	0	UserGroupDataHandler.addGroupMember("userGroup1", secondUserNick);
247
248		// add policy for external object
249	0	PolicyData policyData = new PolicyData();
250	0	policyData.setUserGroupName("userGroup1");
251	0	policyData.setActionSpec(PopulateDB.serviceGp1);
252	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTIONGP_SPEC);
253	0	policyData.setObjectSpec(PopulateDB.objGp2);
254	0	policyData.setObjectSpecDesc(CasConstants.OBJECTGP_SPEC);
255	0	String secondUserPolicy = PolicyDataHandler.storeObject(policyData);
256
257		// Try to get assertion for this user, shld fail
258	0	SAMLSubject secondUserSubject =
259		new SAMLSubject(secondUserDN, TestConstants.defTrustNickDN,
260		CasConstants.X509_FORMAT, confMethods, null, null);
261
262		// Second user's query
263	0	SAMLAuthorizationDecisionQuery secondAuthQuery =
264		constructMaxQuery(secondUserSubject);
265	0	SAMLAuthzQueryType secondSAMLQuery = new SAMLAuthzQueryType();
266	0	secondSAMLQuery.set_any(new MessageElement[] {
267		new SecurityMessageElement((Element)secondAuthQuery.toDOM())});
268
269		// First user's query
270	0	SAMLAuthorizationDecisionQuery samlAuthQuery =
271		constructMaxQuery(samlSubject);
272	0	SAMLAuthzQueryType samlQuery = new SAMLAuthzQueryType();
273	0	samlQuery.set_any(new MessageElement[] {
274		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
275
276	0	SAMLAuthzQueryType[] samlQueries = new SAMLAuthzQueryType[2];
277	0	samlQueries[0] = secondSAMLQuery;
278	0	samlQueries[1] = samlQuery;
279	0	ArrayOfSAMLAuthzQueryType arrayOfSamlAuthz =
280		new ArrayOfSAMLAuthzQueryType(samlQueries);
281
282		// Self + second user
283	0	boolean exp = false;
284	0	try {
285	0	org.globus.cas.types.SAMLAssertion assertion =
286		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,
287		100));
288		} catch (NoPermissionFault npf) {
289	0	exp = true;
290		}
291	0	assertTrue(exp);
292
293	0	samlQueries = new SAMLAuthzQueryType[1];
294	0	samlQuery.set_any(new MessageElement[] {
295		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
296	0	samlQueries[0] = secondSAMLQuery;
297	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
298
299		// Second user query
300	0	exp = false;
301	0	try {
302	0	org.globus.cas.types.SAMLAssertion assertion =
303		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,
304		100));
305		} catch (NoPermissionFault npf) {
306	0	exp = true;
307		}
308	0	assertTrue(exp);
309
310		// store permission`
311	0	policyData = new PolicyData();
312	0	policyData.setUserGroupName(TestConstants.defUserGp);
313	0	policyData.setObjectSpec(objId);
314	0	policyData.setObjectSpecDesc(CasConstants.OBJECT_SPEC);
315	0	policyData.setActionSpec(query);
316	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTION_SPEC);
317	0	String casQueryPolicy = PolicyDataHandler.storeObject(policyData);
318
319		// Get assertion
320	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
321	0	org.globus.cas.types.SAMLAssertion assertion =
322		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
323	0	Iterator stmts = validateAssertion(assertion);
324	0	SAMLAuthorizationDecisionStatement decisionStmt =
325		(SAMLAuthorizationDecisionStatement)stmts.next();
326	0	assertTrue(!stmts.hasNext());
327	0	assertTrue(decisionStmt!= null);
328	0	assertTrue(decisionStmt.getSubject() != null);
329	0	assertTrue(decisionStmt.getSubject().getName().equals(
330		secondUserSubject.getName()));
331	0	String resource = decisionStmt.getResource();
332	0	assertTrue(resource.indexOf(CasConstants.OBJECT_SELF) == -1);
333	0	int actCnt = 0;
334	0	Iterator actions = decisionStmt.getActions();
335	0	while (actions.hasNext()) {
336	0	SAMLAction samlAction = (SAMLAction)actions.next();
337	0	assertTrue(samlAction.getData().equals("read"));
338	0	String actionNs = samlAction.getNamespace();
339	0	assertTrue((actionNs.equals(PopulateDB.serviceType1))||
340		(actionNs.equals(PopulateDB.serviceType2)));
341	0	actCnt++;
342		}
343	0	assertTrue(actCnt == 2);
344
345
346		// remove policy
347	0	PolicyDataHandler.deleteObject(casQueryPolicy);
348
349		// Remove second user policy
350	0	PolicyDataHandler.deleteObject(secondUserPolicy);
351		// remove membership
352	0	UserGroupDataHandler.removeGroupMember("userGroup1", secondUserNick);
353	0	UserDataHandler.deleteObject(secondUserNick);
354		}
355
356
357	0	public void scenarioOneTest() throws Exception {
358
359	0	logger.debug("test one");
360	0	PopulateDB.scenarioOne(true);
361		// Max query = one resoruce - sample1, two actions
362	0	SAMLAuthorizationDecisionQuery samlAuthQuery =
363		constructMaxQuery(samlSubject);
364	0	SAMLAuthzQueryType[] samlQueries = new SAMLAuthzQueryType[1];
365	0	SAMLAuthzQueryType samlQuery = new SAMLAuthzQueryType();
366	0	samlQuery.set_any(new MessageElement[] {
367		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
368	0	samlQueries[0] = samlQuery;
369	0	ArrayOfSAMLAuthzQueryType arrayOfSamlAuthz =
370		new ArrayOfSAMLAuthzQueryType(samlQueries);
371	0	org.globus.cas.types.SAMLAssertion assertion =
372		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
373	0	Iterator stmts = validateAssertion(assertion);
374		// Verify one stsmt, two actions = read
375	0	scenarioOneVerify((SAMLAuthorizationDecisionStatement)stmts.next(),
376		samlAuthQuery.getResource());
377		// Ensure only one stmt was generated
378	0	assertTrue(!stmts.hasNext());
379
380		// one resource, two actions
381	0	samlAuthQuery = constructScenarioOneQuery ();
382	0	samlQuery.set_any(new MessageElement[] {
383		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
384	0	samlQueries[0] = samlQuery;
385	0	logger.debug("Scenario one - test 3");
386	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
387	0	assertion =
388		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,100));
389	0	assertTrue(assertion != null);
390	0	logger.debug("Assertion is " + assertion);
391	0	MessageElement[] msgElement = assertion.get_any();
392	0	SAMLAssertion samlAssertion =
393		new SAMLAssertion(msgElement[0].getAsDOM());
394	0	samlAssertion.verify(false);
395	0	stmts = samlAssertion.getStatements();
396		// Verify one stsmt, two actions = read
397	0	scenarioOneVerify((SAMLAuthorizationDecisionStatement)stmts.next(),
398		samlAuthQuery.getResource());
399		// Ensure only one stmt was generated
400	0	assertTrue(!stmts.hasNext());
401
402		// Assertion lifetime verification
403	0	Date notBefore = samlAssertion.getNotBefore();
404	0	Date notOnOrAfter = samlAssertion.getNotOnOrAfter();
405	0	Calendar calNotBefore = Calendar.getInstance();
406	0	calNotBefore.setTime(notBefore);
407		// add requested life time
408	0	calNotBefore.add(Calendar.SECOND, 100);
409	0	Calendar calNotAfter = Calendar.getInstance();
410	0	calNotAfter.setTime(notOnOrAfter);
411		// differnece shld be exacly requested life time,
412		// since less than service life time
413	0	assertTrue(calNotBefore.equals(calNotAfter));
414
415		// Test assertion lifetime.
416		// request greater than max time
417	0	int requestLifetime = maxAssertionLifetime + 100;
418	0	samlAuthQuery = constructMaxQuery(samlSubject);
419	0	samlQuery.set_any(new MessageElement[] {
420		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
421	0	samlQueries[0] = samlQuery;
422	0	logger.debug("Scenario one - test 4");
423	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
424	0	assertion =
425		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,
426		requestLifetime));
427	0	logger.debug("Assertion is " + assertion);
428	0	assertTrue(assertion != null);
429	0	MessageElement[] msgElement1 = assertion.get_any();
430	0	SAMLAssertion samlAssertion1 =
431		new SAMLAssertion(msgElement1[0].getAsDOM());
432	0	samlAssertion1.verify(false);
433	0	calNotBefore.setTime(samlAssertion1.getNotBefore());
434	0	calNotAfter.setTime(samlAssertion1.getNotOnOrAfter());
435	0	assertTrue(notBefore.before(notOnOrAfter));
436		// since request was greater than max, it is set to max
437	0	calNotBefore.add(Calendar.SECOND, maxAssertionLifetime);
438	0	assertTrue(calNotBefore.equals(calNotAfter));
439
440		// request less than maximum assertion lifetime
441	0	requestLifetime = maxAssertionLifetime - 100;
442	0	logger.debug("Scenario one - test 5");
443	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
444	0	assertion =
445		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,
446		requestLifetime));
447	0	logger.debug("Assertion is " + assertion);
448	0	assertTrue(assertion != null);
449	0	MessageElement[] msgElement2 = assertion.get_any();
450	0	SAMLAssertion samlAssertion2 =
451		new SAMLAssertion(msgElement2[0].getAsDOM());
452	0	samlAssertion2.verify(false);
453	0	calNotBefore.setTime(samlAssertion2.getNotBefore());
454	0	calNotAfter.setTime(samlAssertion2.getNotOnOrAfter());
455	0	assertTrue(notBefore.before(notOnOrAfter));
456		// since request was greater than max, it is set to max
457	0	calNotBefore.add(Calendar.SECOND, requestLifetime);
458	0	assertTrue(calNotBefore.equals(calNotAfter));
459		}
460
461		// one resource, two actions
462	0	public SAMLAuthorizationDecisionQuery constructScenarioOneQuery()
463		throws Exception {
464
465		// resource
466	0	String resource = PopulateDB.nsNick + "|" + "ftp://sample1.org";
467		// Collection of actions to query on
468	0	Vector actions = new Vector();
469		// Conststruct an action
470		// true
471	0	SAMLAction samlAction = new SAMLAction(PopulateDB.serviceType1, "read");
472	0	actions.add(samlAction);
473		// true
474	0	samlAction = new SAMLAction(PopulateDB.serviceType2, "read");
475	0	actions.add(samlAction);
476		// false
477	0	samlAction = new SAMLAction(PopulateDB.serviceType2, "write");
478	0	actions.add(samlAction);
479
480	0	return new SAMLAuthorizationDecisionQuery(samlSubject, resource,
481		actions, null);
482		}
483
484		// one stmt with two actions
485	0	public void scenarioOneVerify(SAMLAuthorizationDecisionStatement
486		samlAuthzDecisionStmt, String resource)
487		throws Exception {
488
489	0	assertTrue(samlAuthzDecisionStmt!=null);
490	0	String retResource = samlAuthzDecisionStmt.getResource();
491	0	logger.debug("RETResource " + retResource + " resource " + resource);
492	0	assertTrue(retResource != null);
493	0	assertTrue(resource.indexOf(CasConstants.OBJECT_SELF) == -1);
494	0	assertTrue(samlAuthzDecisionStmt.getSubject() != null);
495	0	Iterator actionIter = samlAuthzDecisionStmt.getActions();
496	0	assertTrue(actionIter != null);
497	0	int actionCnt = 0;
498	0	while (actionIter.hasNext()) {
499	0	SAMLAction retAction = (SAMLAction)actionIter.next();
500	0	assertTrue(retAction.getData().equals("read"));
501	0	assertTrue((retAction.getNamespace().equals(
502		PopulateDB.serviceType1))
503		|| (retAction.getNamespace().equals(
504		PopulateDB.serviceType2)));
505	0	actionCnt++;
506		}
507	0	logger.debug("Action count is " + actionCnt);
508	0	assertTrue(actionCnt == 2);
509		}
510
511	0	public void scenarioTwoTest() throws Exception {
512
513	0	logger.debug("scenario two");
514	0	PopulateDB.scenarioTwo(true);
515		// Max query - 2 resources, sampel1 (2 actions), sample3 (2 action)
516	0	SAMLAuthorizationDecisionQuery samlAuthQuery =
517		constructMaxQuery(samlSubject);
518	0	SAMLAuthzQueryType[] samlQueries = new SAMLAuthzQueryType[1];
519	0	SAMLAuthzQueryType samlQuery = new SAMLAuthzQueryType();
520	0	samlQuery.set_any(new MessageElement[] {
521		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
522	0	samlQueries[0] = samlQuery;
523	0	logger.debug("Scenario two - test 1");
524	0	ArrayOfSAMLAuthzQueryType arrayOfSamlAuthz =
525		new ArrayOfSAMLAuthzQueryType(samlQueries);
526	0	org.globus.cas.types.SAMLAssertion assertion =
527		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
528	0	Iterator smts = validateAssertion(assertion);
529	0	validateScenarioTwoMaxResult(smts);
530
531		// sample3, file/read, dir/write, file/exec, only file/read is returned
532	0	samlAuthQuery = constructScenarioTwoQuery();
533	0	samlQuery.set_any(new MessageElement[] {
534		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
535		// Array of queries (scenario one query is also added)
536		// sample1 file/read,dir/read
537	0	samlQueries = new SAMLAuthzQueryType[2];
538	0	samlQueries[0] = samlQuery;
539	0	SAMLAuthorizationDecisionQuery samlAuthQuery1
540		= constructScenarioOneQuery();
541	0	samlQueries[1] = new SAMLAuthzQueryType();
542	0	samlQueries[1].set_any(new MessageElement[] {
543		new SecurityMessageElement((Element)samlAuthQuery1.toDOM())});
544	0	logger.debug("Scenario two - test 2");
545	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
546	0	assertion =
547		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
548	0	logger.debug("Assertion is " + assertion);
549	0	assertTrue(assertion != null);
550	0	MessageElement[] msgElement = assertion.get_any();
551	0	SAMLAssertion samlAssertion =
552		new SAMLAssertion(msgElement[0].getAsDOM());
553	0	samlAssertion.verify(false);
554	0	Iterator stmts = samlAssertion.getStatements();
555	0	assertTrue(stmts.hasNext());
556	0	SAMLAuthorizationDecisionStatement samlStmt
557		= (SAMLAuthorizationDecisionStatement)stmts.next();
558	0	scenarioTwoVerify(samlStmt, samlAuthQuery.getResource());
559		// Second stmt
560	0	assertTrue(stmts.hasNext());
561	0	samlStmt = (SAMLAuthorizationDecisionStatement)stmts.next();
562	0	scenarioOneVerify(samlStmt, samlAuthQuery1.getResource());
563		// Ensure only two stmts was generated
564	0	assertTrue(!stmts.hasNext());
565		}
566
567	0	private void validateScenarioTwoMaxResult(Iterator stmts) {
568	0	assertTrue(stmts != null);
569	0	int stmtCount=0;
570	0	int sampleTrue = 0;
571	0	int oldSample = 0;
572	0	while (stmts.hasNext()) {
573	0	stmtCount++;
574	0	logger.debug("stmts " + stmtCount );
575	0	SAMLAuthorizationDecisionStatement samlAuthzDecisionStmt
576		= (SAMLAuthorizationDecisionStatement)stmts.next();
577	0	logger.debug("stmt " + samlAuthzDecisionStmt.toString());
578	0	assertTrue(samlAuthzDecisionStmt.getDecision().equals(
579		CasConstants.SAML_DECISION));
580	0	logger.debug("permit true");
581	0	String resource = samlAuthzDecisionStmt.getResource();
582	0	assertTrue(resource.indexOf(CasConstants.OBJECT_SELF) == -1);
583	0	logger.debug("resource true");
584	0	if (resource.equals(PopulateDB.nsNick + "|"
585		+ "ftp://sample1.org")) {
586	0	sampleTrue = 1;
587	0	} else if (resource.equals(PopulateDB.nsNick + "|"
588		+ "ftp://sample3.org")) {
589	0	sampleTrue = 2;
590		}
591	0	assertTrue(sampleTrue != 0);
592	0	if (oldSample == 0) {
593	0	oldSample = sampleTrue;
594		} else {
595	0	assertTrue(oldSample != sampleTrue);
596		}
597	0	Iterator actions = samlAuthzDecisionStmt.getActions();
598	0	assertTrue(actions != null);
599	0	int actCnt = 0;
600	0	while (actions.hasNext()) {
601	0	SAMLAction samlAction = (SAMLAction)actions.next();
602	0	assertTrue(samlAction.getData().equals("read"));
603	0	String actionNs = samlAction.getNamespace();
604	0	assertTrue((actionNs.equals(PopulateDB.serviceType1))||
605		(actionNs.equals(PopulateDB.serviceType2)));
606	0	actCnt++;
607		}
608	0	assertTrue(actCnt == 2);
609	0	SAMLSubject subject = samlAuthzDecisionStmt.getSubject();
610	0	assertTrue(subject != null);
611		}
612	0	logger.debug("stmt done " + stmtCount);
613	0	assertTrue(stmtCount == 2);
614		}
615
616		// one resource, one action
617	0	private SAMLAuthorizationDecisionQuery constructScenarioTwoQuery()
618		throws Exception {
619		// resource
620	0	String resource = PopulateDB.nsNick + "|" + "ftp://sample3.org";
621		// Collection of actions to query on
622	0	Vector actions = new Vector();
623		// Conststruct an action
624		// true
625	0	SAMLAction samlAction = new SAMLAction(PopulateDB.serviceType1, "read");
626	0	actions.add(samlAction);
627		// false
628	0	samlAction = new SAMLAction(PopulateDB.serviceType2, "write");
629	0	actions.add(samlAction);
630		// false
631	0	samlAction = new SAMLAction(PopulateDB.serviceType1, "execute");
632	0	return new SAMLAuthorizationDecisionQuery(samlSubject, resource,
633		actions, null);
634		}
635
636		// one stmt, one action
637	0	private void scenarioTwoVerify(SAMLAuthorizationDecisionStatement
638		samlAuthzDecisionStmt, String resource)
639		throws Exception {
640
641	0	assertTrue(samlAuthzDecisionStmt!=null);
642	0	String retResource = samlAuthzDecisionStmt.getResource();
643	0	logger.debug("retResource " + retResource + " resource " + resource);
644	0	assertTrue(retResource.equals(resource));
645	0	assertTrue(samlAuthzDecisionStmt.getSubject() != null);
646	0	Iterator actionIter = samlAuthzDecisionStmt.getActions();
647	0	assertTrue(actionIter != null);
648	0	int actionCnt = 0;
649	0	while (actionIter.hasNext()) {
650	0	SAMLAction retAction = (SAMLAction)actionIter.next();
651	0	logger.debug(retAction.getData() + " " + retAction.getNamespace());
652	0	assertTrue(retAction.getData().equals("read"));
653	0	assertTrue(retAction.getNamespace().equals(
654		PopulateDB.serviceType1));
655	0	actionCnt++;
656		}
657	0	logger.debug("Action count " + actionCnt);
658	0	assertTrue(actionCnt == 1);
659		}
660
661	0	public void scenarioThreeTest() throws Exception {
662	0	logger.debug("scenario three");
663	0	PopulateDB.scenarioThree(true);
664	0	SAMLAuthorizationDecisionQuery samlAuthQuery =
665		constructMaxQuery(samlSubject);
666	0	SAMLAuthzQueryType[] samlQueries = new SAMLAuthzQueryType[1];
667	0	SAMLAuthzQueryType samlQuery = new SAMLAuthzQueryType();
668	0	samlQuery.set_any(new MessageElement[] {
669		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
670	0	samlQueries[0] = samlQuery;
671	0	logger.debug("Scenario three - test 1");
672	0	ArrayOfSAMLAuthzQueryType arrayOfSamlAuthz =
673		new ArrayOfSAMLAuthzQueryType(samlQueries);
674	0	org.globus.cas.types.SAMLAssertion assertion =
675		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
676	0	Iterator smts = validateAssertion(assertion);
677	0	validateScenarioMaxResult(smts, false);
678
679		// resource
680	0	String resource = PopulateDB.nsNick + "|" + "ftp://sample3.org";
681		// Collection of actions to query on
682	0	Vector actions = new Vector();
683		// Conststruct an action
684		// true
685	0	SAMLAction samlAction = new SAMLAction(PopulateDB.serviceType1,
686		"execute");
687	0	actions.add(samlAction);
688		// false
689	0	samlAction = new SAMLAction(PopulateDB.serviceType2, "write");
690	0	actions.add(samlAction);
691
692	0	samlAuthQuery = new SAMLAuthorizationDecisionQuery(samlSubject,
693		resource,
694		actions, null);
695	0	samlQuery = new SAMLAuthzQueryType();
696	0	samlQuery.set_any(new MessageElement[] {
697		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
698	0	samlQueries = new SAMLAuthzQueryType[1];
699	0	samlQueries[0] = samlQuery;
700	0	samlQuery.set_any(new MessageElement[] {
701		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
702	0	logger.debug("Scenario three - test 2");
703	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
704	0	assertion =
705		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,100));
706	0	logger.debug("Assertion is " + assertion);
707		// wrong resource
708	0	assertTrue(assertion == null);
709	0	resource = PopulateDB.nsNick + "|" + "ftp://sample1.org";
710	0	samlAuthQuery =
711		new SAMLAuthorizationDecisionQuery(samlSubject, resource,
712		actions, null);
713	0	samlQueries = new SAMLAuthzQueryType[3];
714	0	SAMLAuthzQueryType samlQuery0 = new SAMLAuthzQueryType();
715	0	samlQuery0.set_any(new MessageElement[] {
716		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
717	0	samlQueries[0] = samlQuery0;
718	0	logger.debug("samlAuth " + samlAuthQuery.getResource());
719	0	SAMLAuthorizationDecisionQuery samlAuthQuery1
720		= constructScenarioOneQuery ();
721	0	SAMLAuthzQueryType samlQuery1 = new SAMLAuthzQueryType();
722	0	samlQuery1.set_any(new MessageElement[] {
723		new SecurityMessageElement((Element)samlAuthQuery1.toDOM())});
724	0	samlQueries[1] = samlQuery1;
725	0	logger.debug("samlAuth1 " + samlAuthQuery1.getResource());
726	0	SAMLAuthorizationDecisionQuery samlAuthQuery2
727		= constructScenarioTwoQuery ();
728	0	SAMLAuthzQueryType samlQuery2 = new SAMLAuthzQueryType();
729	0	samlQuery2.set_any(new MessageElement[] {
730		new SecurityMessageElement((Element)samlAuthQuery2.toDOM())});
731	0	samlQueries[2] = samlQuery2;
732	0	logger.debug("samlAuth2 " + samlAuthQuery2.getResource());
733	0	logger.debug("Scenario three - test 3");
734	0	arrayOfSamlAuthz = new ArrayOfSAMLAuthzQueryType(samlQueries);
735	0	assertion =
736		casPort.getAssertion(getAssertion(arrayOfSamlAuthz,100));
737	0	logger.debug("Assertion is " + assertion);
738		// In this case three stmts will be gen per resource,
739		// since there are threee queries.
740	0	assertTrue(assertion != null);
741	0	MessageElement[] msgElement = assertion.get_any();
742	0	SAMLAssertion samlAssertion =
743		new SAMLAssertion(msgElement[0].getAsDOM());
744	0	logger.debug("Assertion " + samlAssertion.toString());
745	0	Iterator stmts = samlAssertion.getStatements();
746	0	assertTrue(stmts != null);
747	0	assertTrue(stmts.hasNext());
748	0	SAMLAuthorizationDecisionStatement samlAuthzDecisionStmt
749		= (SAMLAuthorizationDecisionStatement)stmts.next();
750	0	assertTrue(samlAuthzDecisionStmt!=null);
751	0	String retResource = samlAuthzDecisionStmt.getResource();
752	0	logger.debug("Returned resource " + retResource);
753	0	scenarioThreeVerify(samlAuthzDecisionStmt);
754	0	assertTrue(stmts.hasNext());
755	0	samlAuthzDecisionStmt
756		= (SAMLAuthorizationDecisionStatement)stmts.next();
757	0	scenarioOneVerify(samlAuthzDecisionStmt,
758		samlAuthQuery1.getResource());
759	0	assertTrue(stmts.hasNext());
760	0	samlAuthzDecisionStmt
761		= (SAMLAuthorizationDecisionStatement)stmts.next();
762	0	scenarioTwoVerify(samlAuthzDecisionStmt,
763		samlAuthQuery2.getResource());
764
765		}
766
767		// if testFour is false, then scenario three or else scenario four
768	0	private void validateScenarioMaxResult(Iterator stmts,
769		boolean testFour) {
770	0	assertTrue(stmts != null);
771	0	int stmtCount=0;
772	0	int sampleTrue = 0;
773	0	int oldSample = 0;
774
775	0	while (stmts.hasNext()) {
776	0	stmtCount++;
777	0	logger.debug("stmts " + stmtCount );
778	0	SAMLAuthorizationDecisionStatement samlAuthzDecisionStmt
779		= (SAMLAuthorizationDecisionStatement)stmts.next();
780	0	logger.debug("stmt " + samlAuthzDecisionStmt.toString());
781	0	assertTrue(samlAuthzDecisionStmt.getDecision().equals(
782		CasConstants.SAML_DECISION));
783	0	logger.debug("permit true");
784	0	String resource = samlAuthzDecisionStmt.getResource();
785	0	assertTrue(resource.indexOf(CasConstants.OBJECT_SELF) == -1);
786	0	logger.debug("resource true");
787
788	0	if (resource.equals(PopulateDB.nsNick + "|"
789		+ "ftp://sample1.org")) {
790	0	sampleTrue = 1;
791	0	} else if (resource.equals(PopulateDB.nsNick + "|"
792		+ "ftp://sample2.org")) {
793	0	sampleTrue = 2;
794	0	} else if (resource.equals(PopulateDB.nsNick + "|"
795		+ "ftp://sample3.org")) {
796	0	sampleTrue = 3;
797		}
798	0	assertTrue(sampleTrue != 0);
799	0	assertTrue(oldSample != sampleTrue);
800	0	oldSample = sampleTrue;
801	0	Iterator actions = samlAuthzDecisionStmt.getActions();
802	0	if ((sampleTrue == 1) || (sampleTrue == 2)) {
803	0	int actCnt = 0;
804	0	while (actions.hasNext()) {
805	0	SAMLAction samlAction = (SAMLAction)actions.next();
806	0	String actionNs = samlAction.getNamespace();
807	0	boolean opt1 = (samlAction.getData().equals("read")) &&
808		((actionNs.equals(PopulateDB.serviceType1))||
809		(actionNs.equals(PopulateDB.serviceType2)));
810	0	boolean opt2 = (samlAction.getData().equals("execute")) &&
811		(actionNs.equals(PopulateDB.serviceType1));
812	0	boolean opt3 = (samlAction.getData().equals("random")) &&
813		(actionNs.equals(PopulateDB.serviceType3));
814	0	if (testFour) {
815	0	assertTrue(((sampleTrue == 1) &&
816		(opt1 || opt2 || opt3))
817		|| ((sampleTrue == 2) && (opt1 || opt2)));
818		} else {
819	0	assertTrue(opt1 || opt2);
820		}
821	0	actCnt++;
822		}
823	0	if ((testFour) && (sampleTrue == 1))
824	0	assertTrue(actCnt == 4);
825		else
826	0	assertTrue(actCnt == 3);
827	0	} else if (sampleTrue == 3) {
828	0	int actCnt = 0;
829	0	while (actions.hasNext()) {
830	0	SAMLAction samlAction = (SAMLAction)actions.next();
831	0	assertTrue(samlAction.getData().equals("read"));
832	0	String actionNs = samlAction.getNamespace();
833	0	assertTrue((actionNs.equals(PopulateDB.serviceType1))||
834		(actionNs.equals(PopulateDB.serviceType2)));
835	0	actCnt++;
836		}
837	0	assertTrue(actCnt == 2);
838		}
839	0	SAMLSubject subject = samlAuthzDecisionStmt.getSubject();
840	0	assertTrue(subject != null);
841		}
842	0	logger.debug("stmt done " + stmtCount);
843	0	assertTrue(stmtCount == 3);
844		}
845
846	0	private void scenarioThreeVerify(SAMLAuthorizationDecisionStatement stmt)
847		throws Exception {
848
849	0	assertTrue(stmt.getSubject() != null);
850	0	Iterator actionIter = stmt.getActions();
851	0	assertTrue(actionIter != null);
852	0	int actionCnt = 0;
853	0	while (actionIter.hasNext()) {
854	0	SAMLAction retAction = (SAMLAction)actionIter.next();
855	0	boolean opt1 = retAction.getData().equals("execute") &&
856		retAction.getNamespace().equals(PopulateDB.serviceType1);
857	0	assertTrue(opt1);
858	0	actionCnt++;
859		}
860	0	logger.debug("action cnt " + actionCnt);
861	0	assertTrue(actionCnt == 1);
862		}
863
864	0	public void scenarioFourTest() throws Exception {
865	0	logger.debug("scenario four");
866	0	PopulateDB.scenarioFour(true);
867	0	SAMLAuthorizationDecisionQuery samlAuthQuery =
868		constructMaxQuery(samlSubject);
869	0	SAMLAuthzQueryType[] samlQueries = new SAMLAuthzQueryType[1];
870	0	SAMLAuthzQueryType samlQuery = new SAMLAuthzQueryType();
871	0	samlQuery.set_any(new MessageElement[] {
872		new SecurityMessageElement((Element)samlAuthQuery.toDOM())});
873	0	samlQueries[0] = samlQuery;
874	0	logger.debug("Scenario four - test 1");
875	0	ArrayOfSAMLAuthzQueryType arrayOfSamlAuthz =
876		new ArrayOfSAMLAuthzQueryType(samlQueries);
877	0	org.globus.cas.types.SAMLAssertion assertion =
878		casPort.getAssertion(getAssertion(arrayOfSamlAuthz, 100));
879	0	Iterator stmts = validateAssertion(assertion);
880	0	validateScenarioMaxResult(stmts, true);
881		}
882
883	0	public Iterator
884		validateAssertion(org.globus.cas.types.SAMLAssertion
885		assertion) throws Exception {
886
887	0	assertTrue(assertion != null);
888	0	MessageElement[] msgElement = assertion.get_any();
889	0	SAMLAssertion samlAssertion =
890		new SAMLAssertion(msgElement[0].getAsDOM());
891	0	logger.debug("Assertion : " + samlAssertion.toString());
892	0	samlAssertion.verify(false);
893
894	0	return samlAssertion.getStatements();
895		}
896
897		// all resources, all actions.
898	0	public SAMLAuthorizationDecisionQuery constructMaxQuery(SAMLSubject sub)
899		throws Exception {
900	0	String resource = CasConstants.RESOURCE_WILDCARD;
901	0	Vector actions = new Vector();
902		// Conststruct an action
903	0	SAMLAction samlAction =
904		new SAMLAction(CasConstants.ACTION_NS_WILDCARD,
905		CasConstants.ACTION_WILDCARD);
906	0	actions.add(samlAction);
907	0	return new SAMLAuthorizationDecisionQuery(sub, resource, actions, null);
908		}
909		}
910
911		class PopulateDB {
912
913		public static String nsNick = "FTPNamespace";
914		public static String objId1 = null;
915		public static String objId2 = null;
916		public static String objId3 = null;
917		public static String objGp1 = null;
918		public static String objGp2 = null;
919		public static String userGp = null;
920		public static String serviceType1 = null;
921		public static String serviceType2 = null;
922		public static String serviceType3 = null;
923		public static String serviceGp1 = null;
924		public static String actionId1 = null;
925		public static String actionId2 = null;
926		public static String actionId3 = null;
927		public static String actionId4 = null;
928		public static String actionId5 = null;
929		public static String actionId6 = null;
930
931		public static String scenarioOnePolicy = null;
932		public static String scenarioTwoPolicy = null;
933		public static String scenarioThreePolicy1 = null;
934		public static String scenarioThreePolicy2 = null;
935		public static String scenarioFourPolicy1 = null;
936		public static String scenarioFourPolicy2 = null;
937		public static String implGp = null;
938
939	0	public static void addExternalObjects() throws Exception {
940
941	0	String basename = "basename1";
942	0	String compAlg = "org.globus.cas.impl.databaseAccess.ExactComparison";
943	0	NamespaceData nsData = new NamespaceData();
944	0	nsData.setNickname(nsNick);
945	0	nsData.setBasename(basename);
946	0	nsData.setComparisonAlg(compAlg);
947	0	NamespaceDataHandler.storeObject(nsData);
948
949		// add external objects
950	0	ObjectData objectData = new ObjectData();
951	0	objectData.setObjectName("ftp://sample1.org");
952	0	objectData.setObjectNamespace(nsNick);
953	0	objId1 = ObjectDataHandler.storeObject(objectData);
954	0	objectData.setObjectName("ftp://sample2.org");
955	0	objId2 = ObjectDataHandler.storeObject(objectData);
956	0	objectData.setObjectName("ftp://sample3.org");
957	0	objId3 = ObjectDataHandler.storeObject(objectData);
958
959		// add objectGroup
960	0	objGp1 = "objectGroupName";
961	0	ObjectGroupData objGroup = new ObjectGroupData();
962	0	objGroup.setGroupName(objGp1);
963	0	ObjectGroupDataHandler.storeObject(objGroup);
964
965		// Add Obejct 1 and 2 to group
966	0	ObjectGroupDataHandler.addObjectToGroup(objGp1, "ftp://sample1.org",
967		nsNick);
968	0	ObjectGroupDataHandler.addObjectToGroup(objGp1, "ftp://sample2.org",
969		nsNick);
970
971		// add object group with both implicit and external object
972	0	objGp2 = "mixedObjGp";
973	0	objGroup.setGroupName(objGp2);
974	0	ObjectGroupDataHandler.storeObject(objGroup);
975		// Add Obejct 1 and casServer
976	0	ObjectGroupDataHandler.addObjectToGroup(objGp2, "ftp://sample1.org",
977		nsNick);
978	0	ObjectGroupDataHandler.addObjectToGroup(objGp2,
979		CasConstants.OBJECT_SELF,
980		CasConstants.NAMESPACE_SELF);
981
982		// add service type
983	0	serviceType1 = "fileType";
984	0	ServiceTypeData serviceTypeData = new ServiceTypeData();
985	0	serviceTypeData.setName(serviceType1);
986	0	ServiceTypeDataHandler.storeObject(serviceTypeData);
987	0	serviceType2 = "directory";
988	0	serviceTypeData.setName(serviceType2);
989	0	ServiceTypeDataHandler.storeObject(serviceTypeData);
990	0	serviceType3 = "somthingElse";
991	0	serviceTypeData.setName(serviceType3);
992	0	ServiceTypeDataHandler.storeObject(serviceTypeData);
993
994		// add action mapping
995	0	actionId1 =
996		ServiceTypeActionHandler.addServiceActionMapping(serviceType1,
997		"read");
998	0	actionId2 =
999		ServiceTypeActionHandler.addServiceActionMapping(serviceType1,
1000		"write");
1001	0	actionId3 =
1002		ServiceTypeActionHandler.addServiceActionMapping(serviceType1,
1003		"execute");
1004	0	actionId4 =
1005		ServiceTypeActionHandler.addServiceActionMapping(serviceType2,
1006		"read");
1007	0	actionId5 =
1008		ServiceTypeActionHandler.addServiceActionMapping(serviceType2,
1009		"write");
1010	0	actionId6 =
1011		ServiceTypeActionHandler.addServiceActionMapping(serviceType3,
1012		"random");
1013
1014		// add serviceActionGroup
1015	0	serviceGp1 = "readFtpGp";
1016	0	ServiceTypeActionHandler.createServiceActionGroup(serviceGp1);
1017
1018		// add servicetype 1 and 2 selected actions
1019	0	ServiceTypeActionHandler.addServiceActionGpEntry(serviceGp1,
1020		serviceType1,
1021		"read");
1022	0	ServiceTypeActionHandler.addServiceActionGpEntry(serviceGp1,
1023		serviceType2,
1024		"read");
1025		// add another user group
1026	0	userGp = "externalUserGroup";
1027	0	UserGroupData userGpData = new UserGroupData();
1028	0	userGpData.setGroupName(userGp);
1029	0	UserGroupDataHandler.storeObject(userGpData);
1030		}
1031
1032	0	static void removeExternalObjects() throws Exception {
1033
1034	0	UserGroupDataHandler.deleteObject(userGp);
1035	0	ServiceTypeActionHandler.removeServiceActionGpEntry(serviceGp1,
1036		serviceType1,
1037		"read");
1038	0	ServiceTypeActionHandler.removeServiceActionGpEntry(serviceGp1,
1039		serviceType2,
1040		"read");
1041	0	ServiceTypeActionHandler.deleteServiceActionGroup(serviceGp1);
1042
1043	0	ServiceTypeActionHandler.removeServiceActionMapping(serviceType1,
1044		"read");
1045	0	ServiceTypeActionHandler.removeServiceActionMapping(serviceType1,
1046		"write");
1047	0	ServiceTypeActionHandler.removeServiceActionMapping(serviceType1,
1048		"execute");
1049	0	ServiceTypeActionHandler.removeServiceActionMapping(serviceType2,
1050		"read");
1051	0	ServiceTypeActionHandler.removeServiceActionMapping(serviceType2,
1052		"write");
1053	0	ServiceTypeActionHandler.removeServiceActionMapping(serviceType3,
1054		"random");
1055	0	ServiceTypeDataHandler.deleteObject(serviceType3);
1056	0	ServiceTypeDataHandler.deleteObject(serviceType2);
1057	0	ServiceTypeDataHandler.deleteObject(serviceType1);
1058
1059	0	ObjectGroupDataHandler.removeObjectFromGroup(objGp2,
1060		"ftp://sample1.org",
1061		nsNick);
1062	0	ObjectGroupDataHandler.removeObjectFromGroup(
1063		objGp2,
1064		CasConstants.OBJECT_SELF,
1065		CasConstants.NAMESPACE_SELF);
1066
1067	0	ObjectGroupDataHandler.deleteObject(objGp2);
1068
1069	0	ObjectGroupDataHandler.removeObjectFromGroup(objGp1,
1070		"ftp://sample1.org",
1071		nsNick);
1072	0	ObjectGroupDataHandler.removeObjectFromGroup(
1073		objGp1,
1074		"ftp://sample2.org",
1075		nsNick);
1076	0	ObjectGroupDataHandler.deleteObject(objGp1);
1077	0	ObjectDataHandler.deleteObjectForId(objId1);
1078	0	ObjectDataHandler.deleteObjectForId(objId2);
1079	0	ObjectDataHandler.deleteObjectForId(objId3);
1080
1081		}
1082
1083		// User belong to multiple user groups
1084		// Object Group of mixed objects
1085		// Action Group
1086	0	static void scenarioOne(boolean setup) throws Exception {
1087
1088	0	if (setup) {
1089	0	UserGroupDataHandler.addGroupMember(userGp, TestConstants.user1);
1090
1091	0	PolicyData policyData = new PolicyData();
1092		// Object Gp and action Gp
1093	0	policyData.setUserGroupName(TestConstants.defUserGp);
1094	0	policyData.setActionSpec(serviceGp1);
1095	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTIONGP_SPEC);
1096	0	policyData.setObjectSpec(objGp2);
1097	0	policyData.setObjectSpecDesc(CasConstants.OBJECTGP_SPEC);
1098	0	scenarioOnePolicy = PolicyDataHandler.storeObject(policyData);
1099		}
1100		else {
1101	0	UserGroupDataHandler.removeGroupMember(userGp, TestConstants.user1);
1102	0	PolicyDataHandler.deleteObject(scenarioOnePolicy);
1103		}
1104		}
1105
1106		// User belong to multiple user groups, user second gp
1107		// Object Group of mixed objects and an object
1108		// Action Group (ading to scenario one)
1109	0	static void scenarioTwo(boolean setup) throws Exception {
1110
1111	0	if (setup) {
1112	0	PolicyData policyData = new PolicyData();
1113	0	policyData.setUserGroupName(userGp);
1114	0	policyData.setActionSpec(serviceGp1);
1115	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTIONGP_SPEC);
1116	0	policyData.setObjectSpec(objId3);
1117	0	policyData.setObjectSpecDesc(CasConstants.OBJECT_SPEC);
1118	0	scenarioTwoPolicy = PolicyDataHandler.storeObject(policyData);
1119		}
1120		else
1121	0	PolicyDataHandler.deleteObject(scenarioTwoPolicy);
1122		}
1123
1124		// User belong to multiple user groups
1125		// Object Group of mixed objects, group of external and an object
1126		// Action Group (ading to scenario one) and an action
1127	0	static void scenarioThree(boolean setup) throws Exception {
1128
1129	0	if (setup) {
1130	0	PolicyData policyData = new PolicyData();
1131	0	policyData.setUserGroupName(userGp);
1132	0	policyData.setActionSpec(serviceGp1);
1133	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTIONGP_SPEC);
1134	0	policyData.setObjectSpec(objGp1);
1135	0	policyData.setObjectSpecDesc(CasConstants.OBJECTGP_SPEC);
1136	0	scenarioThreePolicy1 = PolicyDataHandler.storeObject(policyData);
1137	0	policyData.setActionSpec(actionId3);
1138	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTION_SPEC);
1139	0	scenarioThreePolicy2 = PolicyDataHandler.storeObject(policyData);
1140	0	System.out.println("* actionId " + actionId3);
1141	0	System.out.println("* scenarioThreePolicy " + scenarioThreePolicy2);
1142		}
1143		else {
1144	0	PolicyDataHandler.deleteObject(scenarioThreePolicy1);
1145	0	PolicyDataHandler.deleteObject(scenarioThreePolicy2);
1146		}
1147		}
1148
1149		// Add object/action, group of implicit objects
1150	0	static void scenarioFour(boolean setup) throws Exception {
1151
1152
1153	0	if (setup) {
1154	0	PolicyData policyData = new PolicyData();
1155	0	policyData.setUserGroupName(userGp);
1156	0	policyData.setActionSpec(actionId6);
1157	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTION_SPEC);
1158	0	policyData.setObjectSpec(objId1);
1159	0	policyData.setObjectSpecDesc(CasConstants.OBJECT_SPEC);
1160	0	scenarioFourPolicy1 = PolicyDataHandler.storeObject(policyData);
1161
1162	0	implGp = "implicitGroup";
1163	0	ObjectGroupData objGroup = new ObjectGroupData();
1164	0	objGroup.setGroupName(implGp);
1165	0	ObjectGroupDataHandler.storeObject(objGroup);
1166
1167		// Add implicit object
1168	0	ObjectGroupDataHandler.addObjectToGroup(
1169		implGp,
1170		CasConstants.OBJECT_SELF,
1171		CasConstants.NAMESPACE_SELF);
1172	0	policyData.setActionSpec(actionId6);
1173	0	policyData.setActionSpecDesc(CasConstants.SERVICEACTION_SPEC);
1174	0	policyData.setObjectSpec(implGp);
1175	0	policyData.setObjectSpecDesc(CasConstants.OBJECTGP_SPEC);
1176	0	scenarioFourPolicy2 = PolicyDataHandler.storeObject(policyData);
1177
1178		}
1179		else {
1180	0	PolicyDataHandler.deleteObject(scenarioFourPolicy1);
1181	0	PolicyDataHandler.deleteObject(scenarioFourPolicy2);
1182		}
1183		}
1184		}

Report generated by Clover v1.3.1_01 Mon Jul 4 2005 18:16:31 CDT.     Open Source License registered to the Globus Toolkit Project. This license of Clover is provided to support the development of Globus Toolkit only.