Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.fcrepo.client.integration;
019
020import static javax.ws.rs.core.Response.Status.CREATED;
021import static javax.ws.rs.core.Response.Status.FORBIDDEN;
022import static javax.ws.rs.core.Response.Status.NO_CONTENT;
023import static javax.ws.rs.core.Response.Status.OK;
024import static org.fcrepo.client.TestUtils.TEXT_TURTLE;
025import static org.fcrepo.client.TestUtils.rdfTtl;
026import static org.fcrepo.client.TestUtils.sparqlUpdate;
027import static org.junit.Assert.assertEquals;
028
029import java.io.ByteArrayInputStream;
030import java.io.InputStream;
031import java.net.URI;
032
033import org.apache.commons.io.IOUtils;
034import org.fcrepo.client.FcrepoClient;
035import org.fcrepo.client.FcrepoResponse;
036import org.jgroups.util.UUID;
037import org.junit.Test;
038
039/**
040 * @author mohideen
041 */
042public class FcrepoAuthenticationIT extends AbstractResourceIT {
043
044    protected static FcrepoClient authClient;
045
046    public FcrepoAuthenticationIT() throws Exception {
047        super();
048
049        client = FcrepoClient.client().build();
050        authClient = FcrepoClient.client()
051                .credentials("fedoraAdmin", "password")
052                .authScope("localhost")
053                .build();
054    }
055
056    @Test
057    public void testAuthUserCanPut() throws Exception {
058
059        final InputStream body = new ByteArrayInputStream(rdfTtl.getBytes());
060        final FcrepoResponse response = authClient.put(new URI(serverAddress + "testobj1"))
061                .body(body, TEXT_TURTLE)
062                .perform();
063        final String content = IOUtils.toString(response.getBody(), "UTF-8");
064        final int status = response.getStatusCode();
065        assertEquals("Didn't get a CREATED response! Got content:\n" + content,
066                CREATED.getStatusCode(), status);
067    }
068
069    @Test
070    public void testUnAuthUserCannotPut() throws Exception {
071        final InputStream body = new ByteArrayInputStream(rdfTtl.getBytes());
072        final FcrepoResponse response = client.put(new URI(serverAddress + "testobj2"))
073                .body(body, TEXT_TURTLE)
074                .perform();
075        final String content = IOUtils.toString(response.getBody(), "UTF-8");
076        final int status = response.getStatusCode();
077        assertEquals("Unauthenticated user should be forbidden! Got content:\n" + content,
078                FORBIDDEN.getStatusCode(), status);
079    }
080
081    @Test
082    public void testAuthUserCanPatch() throws Exception {
083        final InputStream body = new ByteArrayInputStream(sparqlUpdate.getBytes());
084        final FcrepoResponse response = authClient.patch(new URI(serverAddress + "testobj1"))
085                .body(body)
086                .perform();
087        final int status = response.getStatusCode();
088        assertEquals("Didn't get a successful PATCH response! Got content:\n",
089                NO_CONTENT.getStatusCode(), status);
090    }
091
092    @Test
093    public void testUnAuthUserCannotPatch() throws Exception {
094        final InputStream body = new ByteArrayInputStream(sparqlUpdate.getBytes());
095        final FcrepoResponse response = client.patch(new URI(serverAddress + "testobj1"))
096                .body(body)
097                .perform();
098        final String content = IOUtils.toString(response.getBody(), "UTF-8");
099        final int status = response.getStatusCode();
100        assertEquals("Unauthenticated user should be forbidden! Got content:\n" + content,
101                FORBIDDEN.getStatusCode(), status);
102    }
103
104    @Test
105    public void testAuthUserCanPost() throws Exception {
106        final InputStream body = new ByteArrayInputStream(rdfTtl.getBytes());
107        final FcrepoResponse response = authClient.post(new URI(serverAddress))
108                .body(body, TEXT_TURTLE)
109                .perform();
110        final String content = IOUtils.toString(response.getBody(), "UTF-8");
111        final int status = response.getStatusCode();
112        assertEquals("Didn't get a CREATED response! Got content:\n" + content,
113                CREATED.getStatusCode(), status);
114    }
115
116    @Test
117    public void testUnAuthUserCannotPost() throws Exception {
118        final InputStream body = new ByteArrayInputStream(rdfTtl.getBytes());
119        final FcrepoResponse response = client.post(new URI(serverAddress))
120                .body(body, TEXT_TURTLE)
121                .perform();
122        final String content = IOUtils.toString(response.getBody(), "UTF-8");
123        final int status = response.getStatusCode();
124        assertEquals("Unauthenticated user should be forbidden! Got content:\n" + content,
125                FORBIDDEN.getStatusCode(), status);
126    }
127
128    @Test
129    public void testAuthUserCanGet() throws Exception {
130        final URI uri = URI.create(serverAddress + UUID.randomUUID().toString());
131        createRestrictedResource(uri);
132
133        final FcrepoResponse response = authClient.get(uri).perform();
134        final int status = response.getStatusCode();
135        assertEquals("Authenticated user can not read root!", OK
136                .getStatusCode(), status);
137    }
138
139    @Test
140    public void testUnAuthUserCanGet() throws Exception {
141        final URI uri = URI.create(serverAddress + UUID.randomUUID().toString());
142        createRestrictedResource(uri);
143
144        final FcrepoResponse response = client.get(new URI(serverAddress)).perform();
145        final int status = response.getStatusCode();
146        assertEquals("Unauthenticated user should be forbidden!", OK
147                .getStatusCode(), status);
148    }
149
150    private static final String AUTHENTICATED_ACL =
151            "@prefix acl: <http://www.w3.org/ns/auth/acl#> .\n" +
152            "\n" +
153            "<#authenticated_agent> a acl:Authorization ;\n" +
154            "   acl:agentClass acl:AuthenticatedAgent ;\n" +
155            "   acl:mode acl:Read ;\n" +
156            "   acl:accessTo <%s> .";
157
158    private void createRestrictedResource(final URI uri) throws Exception {
159        authClient.put(uri).perform();
160
161        final URI aclUri = URI.create(uri.toString() + "/fcr:acl");
162        final String aclBody = String.format(AUTHENTICATED_ACL, uri.toString());
163
164        authClient.put(aclUri)
165                .body(new ByteArrayInputStream(aclBody.getBytes()), "text/turtle")
166                .perform();
167    }
168}