mirror of
				https://github.com/Alfresco/alfresco-community-repo.git
				synced 2025-10-15 15:02:20 +00:00 
			
		
		
		
	17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
         - Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
         - Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
         - Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
         - Works with authentication chain containing mixture of internally and externally authenticated users
   17247: Fix failing unit tests
         - rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
   17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
   17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
		
	
		
			
				
	
	
		
			426 lines
		
	
	
		
			17 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
			
		
		
	
	
			426 lines
		
	
	
		
			17 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
| /*
 | |
|  * Copyright (C) 2005-2007 Alfresco Software Limited.
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU General Public License
 | |
|  * as published by the Free Software Foundation; either version 2
 | |
|  * of the License, or (at your option) any later version.
 | |
| 
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU General Public License for more details.
 | |
| 
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with this program; if not, write to the Free Software
 | |
|  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 | |
| 
 | |
|  * As a special exception to the terms and conditions of version 2.0 of 
 | |
|  * the GPL, you may redistribute this Program in connection with Free/Libre 
 | |
|  * and Open Source Software ("FLOSS") applications as described in Alfresco's 
 | |
|  * FLOSS exception.  You should have recieved a copy of the text describing 
 | |
|  * the FLOSS exception, and it is also available here: 
 | |
|  * http://www.alfresco.com/legal/licensing"
 | |
|  */
 | |
| package org.alfresco.repo.lock;
 | |
| 
 | |
| import java.io.Serializable;
 | |
| import java.util.HashMap;
 | |
| import java.util.List;
 | |
| 
 | |
| import org.alfresco.model.ContentModel;
 | |
| import org.alfresco.repo.security.authentication.AuthenticationComponent;
 | |
| import org.alfresco.service.cmr.lock.LockService;
 | |
| import org.alfresco.service.cmr.lock.LockStatus;
 | |
| import org.alfresco.service.cmr.lock.LockType;
 | |
| import org.alfresco.service.cmr.lock.UnableToAquireLockException;
 | |
| import org.alfresco.service.cmr.lock.UnableToReleaseLockException;
 | |
| import org.alfresco.service.cmr.repository.NodeRef;
 | |
| import org.alfresco.service.cmr.repository.NodeService;
 | |
| import org.alfresco.service.cmr.repository.StoreRef;
 | |
| import org.alfresco.service.cmr.security.MutableAuthenticationService;
 | |
| import org.alfresco.service.namespace.QName;
 | |
| import org.alfresco.util.BaseSpringTest;
 | |
| import org.alfresco.util.TestWithUserUtils;
 | |
| 
 | |
| /**
 | |
|  * Simple lock service test
 | |
|  * 
 | |
|  * @author Roy Wetherall
 | |
|  */
 | |
| public class LockServiceImplTest extends BaseSpringTest
 | |
| {
 | |
|     /**
 | |
|      * Services used in tests
 | |
|      */
 | |
|     private NodeService nodeService;
 | |
|     private LockService lockService;
 | |
|     private MutableAuthenticationService authenticationService;
 | |
|     
 | |
|     /**
 | |
|      * Data used in tests
 | |
|      */
 | |
|     private NodeRef parentNode;
 | |
|     private NodeRef childNode1;
 | |
|     private NodeRef childNode2;    
 | |
|     private NodeRef noAspectNode;
 | |
|     
 | |
|     private static final String GOOD_USER_NAME = "goodUser";
 | |
|     private static final String BAD_USER_NAME = "badUser";
 | |
|     private static final String PWD = "password";
 | |
|     
 | |
|     NodeRef rootNodeRef;
 | |
|     private StoreRef storeRef;
 | |
| 
 | |
|     /**
 | |
|      * Called during the transaction setup
 | |
|      */
 | |
|     protected void onSetUpInTransaction() throws Exception
 | |
|     {
 | |
|         this.nodeService = (NodeService)applicationContext.getBean("dbNodeService");
 | |
|         this.lockService = (LockService)applicationContext.getBean("lockService");
 | |
|         this.authenticationService = (MutableAuthenticationService)applicationContext.getBean("authenticationService");
 | |
|         
 | |
|         // Set the authentication
 | |
|         AuthenticationComponent authComponent = (AuthenticationComponent)this.applicationContext.getBean("authenticationComponent");
 | |
|         authComponent.setSystemUserAsCurrentUser();        
 | |
|         
 | |
|         // Create the node properties
 | |
|         HashMap<QName, Serializable> nodeProperties = new HashMap<QName, Serializable>();
 | |
|         nodeProperties.put(QName.createQName("{test}property1"), "value1");
 | |
|         
 | |
|         // Create a workspace that contains the 'live' nodes
 | |
|         storeRef = this.nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
 | |
|         
 | |
|         // Get a reference to the root node
 | |
|         rootNodeRef = this.nodeService.getRootNode(storeRef);
 | |
|         
 | |
|         // Create node 
 | |
|         this.parentNode = this.nodeService.createNode(
 | |
|                 rootNodeRef, 
 | |
| 				ContentModel.ASSOC_CHILDREN, 
 | |
|                 QName.createQName("{}ParentNode"),
 | |
|                 ContentModel.TYPE_CONTAINER,
 | |
|                 nodeProperties).getChildRef();
 | |
|         this.nodeService.addAspect(this.parentNode, ContentModel.ASPECT_LOCKABLE, new HashMap<QName, Serializable>());
 | |
|         HashMap<QName, Serializable> audProps = new HashMap<QName, Serializable>();
 | |
|         audProps.put(ContentModel.PROP_CREATOR, "Monkey");
 | |
|         this.nodeService.addAspect(this.parentNode, ContentModel.ASPECT_AUDITABLE, audProps);
 | |
|         assertNotNull(this.parentNode);
 | |
|         
 | |
|         // Add some children to the node
 | |
|         this.childNode1 = this.nodeService.createNode(
 | |
|                 this.parentNode,
 | |
| 				ContentModel.ASSOC_CHILDREN,
 | |
|                 QName.createQName("{}ChildNode1"),
 | |
|                 ContentModel.TYPE_CONTAINER,
 | |
|                 nodeProperties).getChildRef();
 | |
|         this.nodeService.addAspect(this.childNode1, ContentModel.ASPECT_LOCKABLE, new HashMap<QName, Serializable>());
 | |
|         assertNotNull(this.childNode1);
 | |
|         this.childNode2 = this.nodeService.createNode(
 | |
|                 this.parentNode,
 | |
| 				ContentModel.ASSOC_CHILDREN,
 | |
|                 QName.createQName("{}ChildNode2"),
 | |
|                 ContentModel.TYPE_CONTAINER,
 | |
|                 nodeProperties).getChildRef();
 | |
|         this.nodeService.addAspect(this.childNode2, ContentModel.ASPECT_LOCKABLE, new HashMap<QName, Serializable>());
 | |
|         assertNotNull(this.childNode2);
 | |
|         
 | |
|         // Create a node with no lockAspect
 | |
|         this.noAspectNode = this.nodeService.createNode(
 | |
|                 rootNodeRef, 
 | |
| 				ContentModel.ASSOC_CHILDREN, 
 | |
|                 QName.createQName("{}noAspectNode"),
 | |
|                 ContentModel.TYPE_CONTAINER,
 | |
|                 nodeProperties).getChildRef();
 | |
|         assertNotNull(this.noAspectNode);
 | |
|         
 | |
|         // Create the  users
 | |
|         TestWithUserUtils.createUser(GOOD_USER_NAME, PWD, rootNodeRef, this.nodeService, this.authenticationService);
 | |
|         TestWithUserUtils.createUser(BAD_USER_NAME, PWD, rootNodeRef, this.nodeService, this.authenticationService);
 | |
|         
 | |
|         // Stash the user node ref's for later use
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Test lock
 | |
|      */
 | |
|     public void testLock()
 | |
|     {
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Check that the node is not currently locked
 | |
|         assertEquals(
 | |
|                 LockStatus.NO_LOCK, 
 | |
|                 this.lockService.getLockStatus(this.parentNode));
 | |
|  
 | |
|         
 | |
|         // Test valid lock
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK);
 | |
|         assertEquals(
 | |
|                 LockStatus.LOCK_OWNER, 
 | |
|                 this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         assertEquals(
 | |
|                 LockStatus.LOCKED,
 | |
|                 this.lockService.getLockStatus(this.parentNode));
 | |
|      
 | |
|         // Test lock when already locked
 | |
|         try
 | |
|         {
 | |
|             this.lockService.lock(this.parentNode, LockType.WRITE_LOCK);
 | |
|             fail("The user should not be able to lock the node since it is already locked by another user.");
 | |
|         }
 | |
|         catch (UnableToAquireLockException exception)
 | |
|         {
 | |
|             System.out.println(exception.getMessage());
 | |
|         }
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Test already locked by this user
 | |
|         try
 | |
|         {
 | |
|             this.lockService.lock(this.parentNode, LockType.WRITE_LOCK);
 | |
|         }
 | |
|         catch (Exception exception)
 | |
|         {
 | |
|             fail("No error should be thrown when a node is re-locked by the current lock owner.");
 | |
|         }
 | |
|         
 | |
|         // Test with no apect node
 | |
|         this.lockService.lock(this.noAspectNode, LockType.WRITE_LOCK);        
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Test lock with lockChildren == true
 | |
|      */
 | |
|     // TODO
 | |
|     public void testLockChildren()
 | |
|     {
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Test lock with collection
 | |
|      */
 | |
|     // TODO
 | |
|     public void testLockMany()
 | |
|     {
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Test unlock node
 | |
|      */
 | |
|     public void testUnlock()
 | |
|     {
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Lock the parent node
 | |
|         testLock();
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Try and unlock a locked node
 | |
|         try
 | |
|         {
 | |
|             this.lockService.unlock(this.parentNode);
 | |
|             // This will pass in the open workd
 | |
|             //fail("A user cannot unlock a node that is currently lock by another user.");
 | |
|         }
 | |
|         catch (UnableToReleaseLockException exception)
 | |
|         {
 | |
|             System.out.println(exception.getMessage());
 | |
|         }
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Unlock the node
 | |
|         this.lockService.unlock(this.parentNode);
 | |
|         assertEquals(
 | |
|                 LockStatus.NO_LOCK,
 | |
|                 this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         assertEquals(
 | |
|                 LockStatus.NO_LOCK,
 | |
|                 this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Try and unlock node with no lock
 | |
|         try
 | |
|         {
 | |
|             this.lockService.unlock(this.parentNode);
 | |
|         }
 | |
|         catch (Exception exception)
 | |
|         {
 | |
|             fail("Unlocking an unlocked node should not result in an exception being raised.");
 | |
|         }
 | |
|         
 | |
|         // Test with no apect node
 | |
|         this.lockService.unlock(this.noAspectNode);
 | |
|     }
 | |
|     
 | |
|     // TODO
 | |
|     public void testUnlockChildren()
 | |
|     {
 | |
|     }
 | |
|     
 | |
|     // TODO
 | |
|     public void testUnlockMany()
 | |
|     {
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Test getLockStatus
 | |
|      */
 | |
|     public void testGetLockStatus()
 | |
|     {
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Check an unlocked node
 | |
|         LockStatus lockStatus1 = this.lockService.getLockStatus(this.parentNode);
 | |
|         assertEquals(LockStatus.NO_LOCK, lockStatus1);
 | |
|         
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK);
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Check for locked status
 | |
|         LockStatus lockStatus2 = this.lockService.getLockStatus(this.parentNode);
 | |
|         assertEquals(LockStatus.LOCKED, lockStatus2);
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Check for lock owner status
 | |
|         LockStatus lockStatus3 = this.lockService.getLockStatus(this.parentNode);
 | |
|         assertEquals(LockStatus.LOCK_OWNER, lockStatus3);
 | |
|                 
 | |
|         // Test with no apect node
 | |
|         this.lockService.getLockStatus(this.noAspectNode);
 | |
|         
 | |
|         // Test method overload
 | |
|         LockStatus lockStatus4 = this.lockService.getLockStatus(this.parentNode); 
 | |
|         assertEquals(LockStatus.LOCK_OWNER, lockStatus4);
 | |
|     }
 | |
|     
 | |
|     public void testGetLocks()
 | |
|     {
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         List<NodeRef> locked1 = this.lockService.getLocks(this.storeRef);
 | |
|         assertNotNull(locked1);
 | |
|         assertEquals(0, locked1.size());
 | |
|         
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK);
 | |
|         this.lockService.lock(this.childNode1, LockType.WRITE_LOCK);
 | |
|         this.lockService.lock(this.childNode2, LockType.READ_ONLY_LOCK);
 | |
|         
 | |
|         List<NodeRef> locked2 = this.lockService.getLocks(this.storeRef);
 | |
|         assertNotNull(locked2);
 | |
|         assertEquals(3, locked2.size());
 | |
|         
 | |
|         List<NodeRef> locked3 = this.lockService.getLocks(this.storeRef, LockType.WRITE_LOCK);
 | |
|         assertNotNull(locked3);
 | |
|         assertEquals(2, locked3.size());
 | |
|         
 | |
|         List<NodeRef> locked4 = this.lockService.getLocks(this.storeRef, LockType.READ_ONLY_LOCK);
 | |
|         assertNotNull(locked4);
 | |
|         assertEquals(1, locked4.size());
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         List<NodeRef> locked5 = this.lockService.getLocks(this.storeRef);
 | |
|         assertNotNull(locked5);
 | |
|         assertEquals(0, locked5.size());
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Test getLockType
 | |
|      */
 | |
|     public void testGetLockType()
 | |
|     {
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         // Get the lock type (should be null since the object is not locked)
 | |
|         LockType lockType1 = this.lockService.getLockType(this.parentNode);
 | |
|         assertNull(lockType1);
 | |
|         
 | |
|         // Lock the object for writing
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK);
 | |
|         LockType lockType2 = this.lockService.getLockType(this.parentNode);
 | |
|         assertNotNull(lockType2);               
 | |
|         assertEquals(LockType.WRITE_LOCK, lockType2);
 | |
|         
 | |
|         // Unlock the node
 | |
|         this.lockService.unlock(this.parentNode);
 | |
|         LockType lockType3 = this.lockService.getLockType(this.parentNode);
 | |
|         assertNull(lockType3);
 | |
|         
 | |
|         // Lock the object for read only
 | |
|         this.lockService.lock(this.parentNode, LockType.READ_ONLY_LOCK);
 | |
|         LockType lockType4 = this.lockService.getLockType(this.parentNode);
 | |
|         assertNotNull(lockType4);
 | |
|         assertEquals(LockType.READ_ONLY_LOCK, lockType4);
 | |
|         
 | |
|         // Test with no apect node
 | |
|         this.lockService.getLockType(this.noAspectNode);
 | |
|     }
 | |
|     
 | |
|     public void testTimeToExpire()
 | |
|     {
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK, 1);
 | |
|         assertEquals(LockStatus.LOCK_OWNER, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         
 | |
|         assertEquals(LockStatus.LOCKED, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         // Wait for 2 second before re-testing the status
 | |
|         try {Thread.sleep(2*1000);} catch (Exception exception){};
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         assertEquals(LockStatus.LOCK_EXPIRED, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         assertEquals(LockStatus.LOCK_EXPIRED, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         // Re-lock and then update the time to expire before lock expires
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK, 0);
 | |
|         try
 | |
|         {
 | |
|             TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|             this.lockService.lock(this.parentNode, LockType.WRITE_LOCK, 1);
 | |
|             fail("Can not update lock info if not lock owner");
 | |
|         }
 | |
|         catch (UnableToAquireLockException exception)
 | |
|         {
 | |
|             // Expected
 | |
|         }
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         this.lockService.lock(this.parentNode, LockType.WRITE_LOCK, 1);
 | |
|         assertEquals(LockStatus.LOCK_OWNER, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         assertEquals(LockStatus.LOCKED, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         // Wait for 2 second before re-testing the status
 | |
|         try {Thread.sleep(2*1000);} catch (Exception exception){};
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(GOOD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         assertEquals(LockStatus.LOCK_EXPIRED, this.lockService.getLockStatus(this.parentNode));
 | |
|         
 | |
|         TestWithUserUtils.authenticateUser(BAD_USER_NAME, PWD, rootNodeRef, this.authenticationService);
 | |
|         assertEquals(LockStatus.LOCK_EXPIRED, this.lockService.getLockStatus(this.parentNode));
 | |
|     }
 | |
| }
 |