当前位置: 首页>>代码示例>>Java>>正文

Java ESAPI.accessController方法代码示例

本文整理汇总了Java中org.owasp.esapi.ESAPI.accessController方法的典型用法代码示例。如果您正苦于以下问题:Java ESAPI.accessController方法的具体用法?Java ESAPI.accessController怎么用?Java ESAPI.accessController使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.owasp.esapi.ESAPI的用法示例。


在下文中一共展示了ESAPI.accessController方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: testIsAuthorizedForData

import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
 * Test of isAuthorizedForData method, of class
 * org.owasp.esapi.AccessController.
 */
public void testIsAuthorizedForData() {
	System.out.println("isAuthorizedForData");
	AccessController instance = ESAPI.accessController();
	Authenticator auth = ESAPI.authenticator();
	
	Class adminR = null;
	Class adminRW = null;
	Class userW = null;
	Class userRW = null;
	Class anyR = null;
	Class userAdminR = null;
	Class userAdminRW = null;
	Class undefined = null;
	
	try{
		adminR = Class.forName("java.util.ArrayList");
		adminRW = Class.forName("java.lang.Math");
		userW = Class.forName("java.util.Date");
		userRW = Class.forName("java.lang.String");
		anyR = Class.forName("java.io.BufferedReader");
		userAdminR = Class.forName("java.util.Random");
		userAdminRW = Class.forName("java.awt.event.MouseWheelEvent");
		undefined = Class.forName("java.io.FileWriter");
		
	}catch(ClassNotFoundException cnf){
		System.out.println("CLASS NOT FOUND.");
		cnf.printStackTrace();
	}
	//test User
	auth.setCurrentUser( auth.getUser("testuser1") );
	assertTrue(instance.isAuthorizedForData("read", userRW));
	assertFalse(instance.isAuthorizedForData("read", undefined));
	assertFalse(instance.isAuthorizedForData("write", undefined));
	assertFalse(instance.isAuthorizedForData("read", userW));
	assertFalse(instance.isAuthorizedForData("read", adminRW));
	assertTrue(instance.isAuthorizedForData("write", userRW));
	assertTrue(instance.isAuthorizedForData("write", userW));
	assertFalse(instance.isAuthorizedForData("write", anyR));
	assertTrue(instance.isAuthorizedForData("read", anyR));
	assertTrue(instance.isAuthorizedForData("read", userAdminR));
	assertTrue(instance.isAuthorizedForData("write", userAdminRW));
	
	//test Admin
	auth.setCurrentUser( auth.getUser("testuser2") );
	assertTrue(instance.isAuthorizedForData("read", adminRW));
	assertFalse(instance.isAuthorizedForData("read", undefined));
	assertFalse(instance.isAuthorizedForData("write", undefined));
	assertFalse(instance.isAuthorizedForData("read", userRW));
	assertTrue(instance.isAuthorizedForData("write", adminRW));
	assertFalse(instance.isAuthorizedForData("write", anyR));
	assertTrue(instance.isAuthorizedForData("read", anyR));
	assertTrue(instance.isAuthorizedForData("read", userAdminR));
	assertTrue(instance.isAuthorizedForData("write", userAdminRW));
	
	//test User/Admin
	auth.setCurrentUser( auth.getUser("testuser3") );
	assertTrue(instance.isAuthorizedForData("read", userRW));
	assertFalse(instance.isAuthorizedForData("read", undefined));
	assertFalse(instance.isAuthorizedForData("write", undefined));
	assertFalse(instance.isAuthorizedForData("read", userW));
	assertTrue(instance.isAuthorizedForData("read", adminR));
	assertTrue(instance.isAuthorizedForData("write", userRW));
	assertTrue(instance.isAuthorizedForData("write", userW));
	assertFalse(instance.isAuthorizedForData("write", anyR));
	assertTrue(instance.isAuthorizedForData("read", anyR));
	assertTrue(instance.isAuthorizedForData("read", userAdminR));
	assertTrue(instance.isAuthorizedForData("write", userAdminRW));
	try {
		instance.assertAuthorizedForData("read", userRW);
		instance.assertAuthorizedForData( "write", adminR );
		fail();
	} catch ( AccessControlException e ) {
		// expected
	}
	
}
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:81,代码来源:AccessControllerTest.java

示例2: testIsAuthorizedForFunction

import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
 * Test of isAuthorizedForFunction method, of class
 * org.owasp.esapi.AccessController.
 */
public void testIsAuthorizedForFunction() {
	System.out.println("isAuthorizedForFunction");
	AccessController instance = ESAPI.accessController();
	Authenticator auth = ESAPI.authenticator();
	
	auth.setCurrentUser( auth.getUser("testuser1") );
	assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionB"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
	assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));

	auth.setCurrentUser( auth.getUser("testuser2") );
	assertFalse(instance.isAuthorizedForFunction("/FunctionA"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
	assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
	assertTrue(instance.isAuthorizedForFunction("/FunctionD"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionDdeny"));

	auth.setCurrentUser( auth.getUser("testuser3") );
	assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
	assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
	assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
	assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));

	try {
		instance.assertAuthorizedForFunction("/FunctionA");
		instance.assertAuthorizedForFunction( "/FunctionDdeny" );
		fail();
	} catch ( AccessControlException e ) {
		// expected
	}
}
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:42,代码来源:AccessControllerTest.java

示例3: testIsAuthorizedForFile

import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
 * Test of isAuthorizedForFile method, of class
 * org.owasp.esapi.AccessController.
 */
public void testIsAuthorizedForFile() {
	System.out.println("isAuthorizedForFile");
	AccessController instance = ESAPI.accessController();
	Authenticator auth = ESAPI.authenticator();
	
	auth.setCurrentUser( auth.getUser("testuser1") );
	assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
	assertFalse(instance.isAuthorizedForFile("/Dir/File2"));
	assertTrue(instance.isAuthorizedForFile("/Dir/File3"));
	assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));

	auth.setCurrentUser( auth.getUser("testuser2") );
	assertFalse(instance.isAuthorizedForFile("/Dir/File1"));
	assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
	assertTrue(instance.isAuthorizedForFile("/Dir/File4"));
	assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));

	auth.setCurrentUser( auth.getUser("testuser3") );
	assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
	assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
	assertFalse(instance.isAuthorizedForFile("/Dir/File5"));
	assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));

	try {
		instance.assertAuthorizedForFile("/Dir/File1");
		instance.assertAuthorizedForFile( "/Dir/File6" );
		fail();
	} catch ( AccessControlException e ) {
		// expected
	}
}
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:36,代码来源:AccessControllerTest.java

示例4: testIsAuthorizedForService

import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
 * Test of isAuthorizedForService method, of class
 * org.owasp.esapi.AccessController.
 */
public void testIsAuthorizedForService() {
	System.out.println("isAuthorizedForService");
	AccessController instance = ESAPI.accessController();
	Authenticator auth = ESAPI.authenticator();
	
	auth.setCurrentUser( auth.getUser("testuser1") );
	assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
	assertFalse(instance.isAuthorizedForService("/services/ServiceB"));
	assertTrue(instance.isAuthorizedForService("/services/ServiceC"));
	
	assertFalse(instance.isAuthorizedForService("/test/ridiculous"));

	auth.setCurrentUser( auth.getUser("testuser2") );
	assertFalse(instance.isAuthorizedForService("/services/ServiceA"));
	assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
	assertFalse(instance.isAuthorizedForService("/services/ServiceF"));
	assertFalse(instance.isAuthorizedForService("/test/ridiculous"));

	auth.setCurrentUser( auth.getUser("testuser3") );
	assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
	assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
	assertFalse(instance.isAuthorizedForService("/services/ServiceE"));
	assertFalse(instance.isAuthorizedForService("/test/ridiculous"));

	try {
		instance.assertAuthorizedForService("/services/ServiceD");
		instance.assertAuthorizedForService( "/test/ridiculous" );
		fail();
	} catch ( AccessControlException e ) {
		// expected
	}
}
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:37,代码来源:AccessControllerTest.java

示例5: testIsAuthorizedForURL

import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
/**
 * Test of isAuthorizedForURL method, of class
 * org.owasp.esapi.AccessController.
    *
    * @throws Exception
    */
public void testIsAuthorizedForURL() throws Exception {
	System.out.println("isAuthorizedForURL");
	AccessController instance = ESAPI.accessController();
	Authenticator auth = ESAPI.authenticator();
	
	auth.setCurrentUser( auth.getUser("testuser1") );
	assertFalse(instance.isAuthorizedForURL("/nobody"));
	assertFalse(instance.isAuthorizedForURL("/test/admin"));
	assertTrue(instance.isAuthorizedForURL("/test/user"));
	assertTrue(instance.isAuthorizedForURL("/test/all"));
	assertFalse(instance.isAuthorizedForURL("/test/none"));
	assertTrue(instance.isAuthorizedForURL("/test/none/test.gif"));
	assertFalse(instance.isAuthorizedForURL("/test/none/test.exe"));
	assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
	assertFalse(instance.isAuthorizedForURL("/test/moderator"));
	assertTrue(instance.isAuthorizedForURL("/test/profile"));
	assertFalse(instance.isAuthorizedForURL("/upload"));

	auth.setCurrentUser( auth.getUser("testuser2") );
	assertFalse(instance.isAuthorizedForURL("/nobody"));
	assertTrue(instance.isAuthorizedForURL("/test/admin"));
	assertFalse(instance.isAuthorizedForURL("/test/user"));
	assertTrue(instance.isAuthorizedForURL("/test/all"));
	assertFalse(instance.isAuthorizedForURL("/test/none"));
	assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
	assertFalse(instance.isAuthorizedForURL("/test/moderator"));
	assertTrue(instance.isAuthorizedForURL("/test/profile"));
	assertFalse(instance.isAuthorizedForURL("/upload"));
	
	auth.setCurrentUser( auth.getUser("testuser3") );
	assertFalse(instance.isAuthorizedForURL("/nobody"));
	assertTrue(instance.isAuthorizedForURL("/test/admin"));
	assertTrue(instance.isAuthorizedForURL("/test/user"));
	assertTrue(instance.isAuthorizedForURL("/test/all"));
	assertFalse(instance.isAuthorizedForURL("/test/none"));
	assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
	assertFalse(instance.isAuthorizedForURL("/test/moderator"));
	assertTrue(instance.isAuthorizedForURL("/test/profile"));
	assertFalse(instance.isAuthorizedForURL("/upload"));
	
	try {
		instance.assertAuthorizedForURL("/test/admin");
		instance.assertAuthorizedForURL( "/nobody" );
		fail();
	} catch ( AccessControlException e ) {
		// expected
	}
}
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:55,代码来源:AccessControllerTest.java

示例6: setUp

import org.owasp.esapi.ESAPI; //导入方法依赖的package包/类
@Before
public void setUp() throws Exception {
	accessController = ESAPI.accessController();
}
开发者ID:abimael93,项目名称:owasp-esapi-java,代码行数:5,代码来源:ACRPolicyFileLoaderTest.java


注:本文中的org.owasp.esapi.ESAPI.accessController方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。