QPID-6306 : [Java Broker] Restrict broker to single ACL Provider at any given time

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1650708 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2015-01-10 01:20:02 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2015-01-10 01:20:02 +0000
commit: a1b5b082b083bc574866bb53712a68269fc793e0 (patch)
tree: 5d2c70ddd791ded9bd05029fe67bd75ead56840c /qpid/java/systests/src
parent: 6e403d50b2f88a04b04f018ad7c2dc9f492920a9 (diff)
download: qpid-python-a1b5b082b083bc574866bb53712a68269fc793e0.tar.gz
2 files changed, 14 insertions, 112 deletions
diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java
index 4140c9c12c..0dda8e077b 100644
--- a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java
+++ b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java
@@ -125,34 +125,28 @@ public class AccessControlProviderRestTest extends QpidRestTestCase
 
     public void testReplaceAccessControlProvider() throws Exception
     {
-        String accessControlProviderName1 = getTestName() + "1";
 
-        //verify that the access control provider doesn't exist, and
-        //in doing so implicitly verify that the 'denied' user can
-        //actually currently connect because no ACL is in effect yet
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-        assertAccessControlProviderExistence(accessControlProviderName1, false);
 
         //create the access control provider using the 'allowed' user
         getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        int responseCode = createAccessControlProvider(accessControlProviderName1, _aclFileContent1);
+        int responseCode = createAccessControlProvider(getTestName(), _aclFileContent1);
         assertEquals("Access control provider creation should be allowed", 201, responseCode);
 
         //verify it exists with the 'allowed' user
-        assertAccessControlProviderExistence(accessControlProviderName1, true);
+        assertAccessControlProviderExistence(getTestName(), true);
 
         //verify the 'denied' and 'other' user can no longer access the management
         //interface due to the just-created ACL file now preventing them
         getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-        assertCanAccessManagementInterface(accessControlProviderName1, false);
+        assertCanAccessManagementInterface(getTestName(), false);
         getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER);
-        assertCanAccessManagementInterface(accessControlProviderName1, false);
+        assertCanAccessManagementInterface(getTestName(), false);
 
         //create the replacement access control provider using the 'allowed' user.
         String accessControlProviderName2 = getTestName() + "2";
         getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        responseCode = createAccessControlProvider(accessControlProviderName2, _aclFileContent2);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
+        responseCode = createAccessControlProvider(getTestName(), _aclFileContent2);
+        assertEquals("Access control provider creation should be allowed", 200, responseCode);
 
         //Verify that it took effect immediately, replacing the first access control provider
 
@@ -162,11 +156,6 @@ public class AccessControlProviderRestTest extends QpidRestTestCase
         getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER);
         assertCanAccessManagementInterface(accessControlProviderName2, true);
 
-        //remove the original access control provider using the 'allowed' user
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName1, "DELETE");
-        assertEquals("Access control provider deletion should be allowed", 200, responseCode);
-        assertAccessControlProviderExistence(accessControlProviderName1, false);
 
         //verify the 'denied' user still can't access the management interface, the 'other' user still can, thus
         //confirming that the second access control provider is still in effect
@@ -177,61 +166,6 @@ public class AccessControlProviderRestTest extends QpidRestTestCase
     }
 
 
-    public void testAddAndRemoveSecondAccessControlProviderReinstatesOriginal() throws Exception
-    {
-        String accessControlProviderName1 = getTestName() + "1";
-
-        //verify that the access control provider doesn't exist, and
-        //in doing so implicitly verify that the 'denied' user can
-        //actually currently connect because no ACL is in effect yet
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-        assertAccessControlProviderExistence(accessControlProviderName1, false);
-
-        //create the access control provider using the 'allowed' user
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        int responseCode = createAccessControlProvider(accessControlProviderName1, _aclFileContent1);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
-
-        //verify it exists with the 'allowed' user
-        assertAccessControlProviderExistence(accessControlProviderName1, true);
-
-        //verify the 'denied' and 'other' user can no longer access the management
-        //interface due to the just-created ACL file now preventing them
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-        assertCanAccessManagementInterface(accessControlProviderName1, false);
-        getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER);
-        assertCanAccessManagementInterface(accessControlProviderName1, false);
-
-        //create the replacement access control provider using the 'allowed' user.
-        String accessControlProviderName2 = getTestName() + "2";
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        responseCode = createAccessControlProvider(accessControlProviderName2, _aclFileContent2);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
-
-        //Verify that it took effect immediately, replacing the first access control provider
-
-        //verify the 'denied' user still can't access the management interface, but the 'other' user now CAN.
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-        assertCanAccessManagementInterface(accessControlProviderName2, false);
-        getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER);
-        assertCanAccessManagementInterface(accessControlProviderName2, true);
-
-        //remove the second access control provider using the 'allowed' user
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName2, "DELETE");
-        assertEquals("Access control provider deletion should be allowed", 200, responseCode);
-        assertAccessControlProviderExistence(accessControlProviderName2, false);
-
-        //verify the 'denied' user still can't access the management interface, the
-        //'other' now CANT again, the 'allowed' still can, thus confirming that the
-        //first access control provider is now in effect once again
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-        assertCanAccessManagementInterface(accessControlProviderName2, false);
-        getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER);
-        assertCanAccessManagementInterface(accessControlProviderName2, false);
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-        assertCanAccessManagementInterface(accessControlProviderName2, true);
-    }
 
     public void testRemovalOfAccessControlProviderInErrorStateUsingManagementMode() throws Exception
     {
diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
index e40add449e..86ebf11575 100644
--- a/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
+++ b/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
@@ -714,19 +714,6 @@ public class BrokerACLTest extends QpidRestTestCase
 
     /* === AccessControlProvider === */
 
-    public void testCreateAccessControlProviderAllowed() throws Exception
-    {
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-
-        String accessControlProviderName = getTestName();
-
-        assertAccessControlProviderExistence(accessControlProviderName, false);
-
-        int responseCode = createAccessControlProvider(accessControlProviderName);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
-
-        assertAccessControlProviderExistence(accessControlProviderName, true);
-    }
 
     public void testCreateAccessControlProviderDenied() throws Exception
     {
@@ -746,18 +733,13 @@ public class BrokerACLTest extends QpidRestTestCase
     {
         getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
 
-        String accessControlProviderName = getTestName();
-
-        assertAccessControlProviderExistence(accessControlProviderName, false);
-
-        int responseCode = createAccessControlProvider(accessControlProviderName);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
+        String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
 
         assertAccessControlProviderExistence(accessControlProviderName, true);
 
         getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
 
-        responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE");
+        int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE");
         assertEquals("Access control provider deletion should be denied", 403, responseCode);
 
         assertAccessControlProviderExistence(accessControlProviderName, true);
@@ -767,16 +749,12 @@ public class BrokerACLTest extends QpidRestTestCase
     {
         getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
 
-        String accessControlProviderName = getTestName();
-
-        assertAccessControlProviderExistence(accessControlProviderName, false);
+        String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
 
-        int responseCode = createAccessControlProvider(accessControlProviderName);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
 
         assertAccessControlProviderExistence(accessControlProviderName, true);
 
-        responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE");
+        int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE");
         assertEquals("Access control provider deletion should be allowed", 200, responseCode);
 
         assertAccessControlProviderExistence(accessControlProviderName, false);
@@ -786,12 +764,7 @@ public class BrokerACLTest extends QpidRestTestCase
     {
         getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
 
-        String accessControlProviderName = getTestName();
-
-        assertAccessControlProviderExistence(accessControlProviderName, false);
-
-        int responseCode = createAccessControlProvider(accessControlProviderName);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
+        String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
 
         assertAccessControlProviderExistence(accessControlProviderName, true);
 
@@ -800,7 +773,7 @@ public class BrokerACLTest extends QpidRestTestCase
         Map<String, Object> attributes = new HashMap<String, Object>();
         attributes.put(AccessControlProvider.NAME, accessControlProviderName);
         attributes.put(FileBasedGroupProvider.PATH, aclFile.getAbsolutePath());
-        responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
+        int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
         assertEquals("Setting of access control provider attributes should be allowed", 200, responseCode);
     }
 
@@ -808,12 +781,7 @@ public class BrokerACLTest extends QpidRestTestCase
     {
         getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
 
-        String accessControlProviderName = getTestName();
-
-        assertAccessControlProviderExistence(accessControlProviderName, false);
-
-        int responseCode = createAccessControlProvider(accessControlProviderName);
-        assertEquals("Access control provider creation should be allowed", 201, responseCode);
+        String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
 
         assertAccessControlProviderExistence(accessControlProviderName, true);
 
@@ -823,7 +791,7 @@ public class BrokerACLTest extends QpidRestTestCase
         attributes.put(GroupProvider.NAME, accessControlProviderName);
         attributes.put(GroupProvider.TYPE, FileBasedGroupProviderImpl.GROUP_FILE_PROVIDER_TYPE);
         attributes.put(FileBasedGroupProvider.PATH, "/path/to/file");
-        responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
+        int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
         assertEquals("Setting of access control provider attributes should be denied", 403, responseCode);
     }
author	Robert Godfrey <rgodfrey@apache.org>	2015-01-10 01:20:02 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2015-01-10 01:20:02 +0000
commit	a1b5b082b083bc574866bb53712a68269fc793e0 (patch)
tree	5d2c70ddd791ded9bd05029fe67bd75ead56840c /qpid/java/systests/src
parent	6e403d50b2f88a04b04f018ad7c2dc9f492920a9 (diff)
download	qpid-python-a1b5b082b083bc574866bb53712a68269fc793e0.tar.gz