forked from infinispan/infinispan
-
Notifications
You must be signed in to change notification settings - Fork 2
/
CacheManagerAuthorizationTest.java
48 lines (39 loc) · 1.83 KB
/
CacheManagerAuthorizationTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package org.infinispan.security;
import static org.testng.Assert.assertTrue;
import java.lang.reflect.Field;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.infinispan.commons.test.Exceptions;
import org.testng.annotations.Test;
@Test(groups = {"functional", "smoke"}, testName = "security.CacheManagerAuthorizationTest")
public class CacheManagerAuthorizationTest extends BaseAuthorizationTest {
@TestCachePermission(AuthorizationPermission.ADMIN)
Runnable GET_GLOBAL_COMPONENT_REGISTRY = () -> cacheManager.getGlobalComponentRegistry();
@TestCachePermission(AuthorizationPermission.ADMIN)
Runnable GET_CACHE_MANAGER_CONFIGURATION = () -> cacheManager.getCacheManagerConfiguration();
@TestCachePermission(AuthorizationPermission.MONITOR)
Runnable GET_STATS = () -> cacheManager.getStats();
public void testCombinations() throws Exception {
Field[] fields = this.getClass().getDeclaredFields();
for (Field f : fields) {
if (f.getType().equals(Runnable.class)) {
final Runnable fn = (Runnable) f.get(this);
PrivilegedExceptionAction<Boolean> action = () -> {
fn.run();
return true;
};
TestCachePermission p = f.getAnnotation(TestCachePermission.class);
for (final AuthorizationPermission perm : AuthorizationPermission.values()) {
Subject subject = SUBJECTS.get(perm);
if (perm.implies(p.value())) {
assertTrue(Security.doAs(subject, action));
} else {
Exceptions.expectException(PrivilegedActionException.class, SecurityException.class,
() -> Security.doAs(subject, action));
}
}
}
}
}
}