package org.codelibs.elasticsearch.auth; import static org.codelibs.elasticsearch.runner.ElasticsearchClusterRunner.newConfigs; import java.util.Map; import junit.framework.TestCase; import org.codelibs.elasticsearch.runner.ElasticsearchClusterRunner; import org.codelibs.elasticsearch.runner.net.Curl; import org.codelibs.elasticsearch.runner.net.CurlResponse; import org.elasticsearch.common.settings.ImmutableSettings.Builder; import org.elasticsearch.node.Node; public class AuthPluginTest extends TestCase { private ElasticsearchClusterRunner runner; @Override protected void setUp() throws Exception { // create ES instance runner = new ElasticsearchClusterRunner(); // create ES nodes runner.onBuild(new ElasticsearchClusterRunner.Builder() { @Override public void build(final int number, final Builder settingBuilder) { } }).build( newConfigs() .clusterName("es-auth" + System.currentTimeMillis()) .ramIndexStore().numOfNode(1)); // wait for yellow status runner.ensureYellow(); } @Override protected void tearDown() throws Exception { // close runner runner.close(); // close all files runner.clean(); } public void test_runCluster() throws Exception { final String indexAaa = "aaa"; final String indexBbb = "bbb"; final String indexCcc = "ccc"; final String indexDdd = "ddd"; final String queryUserAdmin = "{\"authenticator\":\"index\",\"username\":\"admin\",\"password\":\"admin123\",\"roles\":[\"admin\"]}"; final String queryUserTaro = "{\"authenticator\":\"index\",\"username\":\"taro\",\"password\":\"taro123\",\"roles\":[\"user\"]}"; final String queryUserJiro = "{\"authenticator\":\"index\",\"username\":\"jiro\",\"password\":\"jiro123\",\"roles\":[\"manager\"]}"; final String queryUserHanako = "{\"authenticator\":\"index\",\"username\":\"hanako\",\"password\":\"hanako123\",\"roles\":[\"manager\",\"admin\"]}"; final String queryConsAdmin = "{\"paths\":[\"/aaa\",\"/bbb\",\"/ccc\",\"/ddd\"],\"methods\":[\"get\",\"put\",\"post\",\"delete\"],\"roles\":[\"admin\"]}"; final String queryConsManager = "{\"paths\":[\"/bbb\",\"/ccc\",\"/ddd\"],\"methods\":[\"get\",\"put\",\"post\",\"delete\"],\"roles\":[\"manager\"]}"; final String queryConsUserCcc = "{\"paths\":[\"/ccc\"],\"methods\":[\"get\"],\"roles\":[\"user\"]}"; final String queryConsUserDdd = "{\"paths\":[\"/ddd\"],\"methods\":[\"get\",\"put\",\"post\",\"delete\"],\"roles\":[\"user\"]}"; final String queryConsGuest = "{\"paths\":[\"/ddd\"],\"methods\":[\"get\"],\"roles\":[\"guest\"]}"; // create index runner.createIndex(indexAaa, null); runner.createIndex(indexBbb, null); runner.createIndex(indexCcc, null); runner.createIndex(indexDdd, null); if (!runner.indexExists(indexAaa) | !runner.indexExists(indexBbb) | !runner.indexExists(indexCcc) | !runner.indexExists(indexDdd)) { fail(); } Node node = runner.node(); // create users /*Curl.delete(node, "/auth/user/_query?q=*:*").execute();*/ Curl.put(node, "/_auth/account").body(queryUserAdmin).execute(); Curl.put(node, "/_auth/account").body(queryUserTaro).execute(); Curl.put(node, "/_auth/account").body(queryUserJiro).execute(); Curl.put(node, "/_auth/account").body(queryUserHanako).execute(); // create constraints Curl.delete(node, "/security/constraint/_query?q=*:*").execute(); Curl.post(node, "/security/constraint/admin_all").body(queryConsAdmin).execute(); Curl.post(node, "/security/constraint/manager_bcd").body(queryConsManager).execute(); Curl.post(node, "/security/constraint/user_ccc").body(queryConsUserCcc).execute(); Curl.post(node, "/security/constraint/user_ddd").body(queryConsUserDdd).execute(); Curl.post(node, "/security/constraint/guest_ddd").body(queryConsGuest).execute(); Curl.post(node, "/_auth/reload").execute(); // cleanup Curl.delete(node, "/auth/token/_query?q=*:*").execute(); // Username: taro(user) CurlResponse loginTaroResponse = Curl.post(node, "/login") .body("{\"username\":\"taro\",\"password\":\"taro123\"}").execute(); Map<String, Object> loginTaroResponseContentAsMap = loginTaroResponse.getContentAsMap(); String tokenTaro = loginTaroResponseContentAsMap.get("token").toString(); try (CurlResponse curlResponse = Curl.get(node, "/aaa/_search") .param("q", "*:*").param("token", tokenTaro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/bbb/_search") .param("q", "*:*").param("token", tokenTaro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ccc/_search") .param("q", "*:*").param("token", tokenTaro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ddd/_search") .param("q", "*:*").param("token", tokenTaro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/aaa/user/1") .param("token", tokenTaro).body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/bbb/user/1") .param("token", tokenTaro).body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/ccc/user/1") .param("token", tokenTaro).body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/ddd/user/1") .param("token", tokenTaro).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/aaa/user/1") .param("token", tokenTaro).body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/bbb/user/1") .param("token", tokenTaro).body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/ccc/user/1") .param("token", tokenTaro).body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/ddd/user/1") .param("token", tokenTaro).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.delete(node, "/aaa/user/1?token=" + tokenTaro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/bbb/user/1?token=" + tokenTaro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/ccc/user/1?token=" + tokenTaro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/ddd/user/1?token=" + tokenTaro).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.post(node, "/logout?token=" + tokenTaro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); }; // Username: jiro(manager) CurlResponse loginJiroResponse = Curl.post(node, "/login") .body("{\"username\":\"jiro\",\"password\":\"jiro123\"}").execute(); Map<String, Object> loginJiroResponseContentAsMap = loginJiroResponse.getContentAsMap(); String tokenJiro = loginJiroResponseContentAsMap.get("token").toString(); try (CurlResponse curlResponse = Curl.get(node, "/aaa/_search") .param("q", "*:*").param("token", tokenJiro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/bbb/_search") .param("q", "*:*").param("token", tokenJiro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ccc/_search") .param("q", "*:*").param("token", tokenJiro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ddd/_search") .param("q", "*:*").param("token", tokenJiro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/aaa/manager/1") .param("token", tokenJiro).body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/bbb/manager/1") .param("token", tokenJiro).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/ccc/manager/1") .param("token", tokenJiro).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/ddd/manager/1") .param("token", tokenJiro).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/aaa/manager/1") .param("token", tokenJiro).body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/bbb/manager/1") .param("token", tokenJiro).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/ccc/manager/1") .param("token", tokenJiro).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/ddd/manager/1") .param("token", tokenJiro).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.delete(node, "/aaa/manager/1?token=" + tokenJiro).execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/bbb/manager/1?token=" + tokenJiro).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/ccc/manager/1?token=" + tokenJiro).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/ddd/manager/1?token=" + tokenJiro).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.post(node, "/logout?token=" + tokenJiro).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); }; // Username: hanako(admin,manager) CurlResponse loginHanakoResponse = Curl.post(node, "/login") .body("{\"username\":\"hanako\",\"password\":\"hanako123\"}").execute(); Map<String, Object> loginHanakoResponseContentAsMap = loginHanakoResponse.getContentAsMap(); String tokenHanako = loginHanakoResponseContentAsMap.get("token").toString(); try (CurlResponse curlResponse = Curl.get(node, "/aaa/_search") .param("q", "*:*").param("token", tokenHanako).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/bbb/_search") .param("q", "*:*").param("token", tokenHanako).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ccc/_search") .param("q", "*:*").param("token", tokenHanako).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ddd/_search") .param("q", "*:*").param("token", tokenHanako).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/aaa/admin/1") .param("token", tokenHanako).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/bbb/admin/1") .param("token", tokenHanako).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/ccc/admin/1") .param("token", tokenHanako).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/ddd/admin/1") .param("token", tokenHanako).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/aaa/admin/1") .param("token", tokenHanako).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/bbb/admin/1") .param("token", tokenHanako).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/ccc/admin/1") .param("token", tokenHanako).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/ddd/admin/1") .param("token", tokenHanako).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.delete(node, "/aaa/admin/1?token=" + tokenHanako).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/bbb/admin/1?token=" + tokenHanako).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/ccc/admin/1?token=" + tokenHanako).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/ddd/admin/1?token=" + tokenHanako).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.post(node, "/logout?token=" + tokenHanako).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } // Username: admin CurlResponse loginAdminResponse = Curl.post(node, "/login") .body("{\"username\":\"admin\",\"password\":\"admin123\"}").execute(); Map<String, Object> loginAdminResponseContentAsMap = loginAdminResponse.getContentAsMap(); String tokenAdmin = loginAdminResponseContentAsMap.get("token").toString(); try (CurlResponse curlResponse = Curl.get(node, "/aaa/_search") .param("q", "*:*").param("token", tokenAdmin).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/bbb/_search") .param("q", "*:*").param("token", tokenAdmin).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ccc/_search") .param("q", "*:*").param("token", tokenAdmin).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ddd/_search") .param("q", "*:*").param("token", tokenAdmin).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/aaa/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/bbb/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/ccc/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.put(node, "/ddd/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test1\"}").execute()) { assertEquals(true, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/aaa/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/bbb/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/ccc/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.post(node, "/ddd/admin/1") .param("token", tokenAdmin).body("{\"message\":\"test2\"}").execute()) { assertEquals(false, curlResponse.getContentAsMap().get("created")); } try (CurlResponse curlResponse = Curl.delete(node, "/aaa/admin/1?token=" + tokenAdmin).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/bbb/admin/1?token=" + tokenAdmin).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/ccc/admin/1?token=" + tokenAdmin).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.delete(node, "/ddd/admin/1?token=" + tokenAdmin).execute()) { assertEquals(true, curlResponse.getContentAsMap().get("found")); } try (CurlResponse curlResponse = Curl.post(node, "/logout?token=" + tokenAdmin).execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } // Username: guest try (CurlResponse curlResponse = Curl.get(node, "/aaa/_search").param("q", "*:*").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/bbb/_search").param("q", "*:*").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ccc/_search").param("q", "*:*").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.get(node, "/ddd/_search").param("q", "*:*").execute()) { assertEquals(200, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/aaa/guest/1").body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/bbb/guest/1").body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/ccc/guest/1").body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.put(node, "/ddd/guest/1").body("{\"message\":\"test1\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/aaa/guest/1").body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/bbb/guest/1").body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/ccc/guest/1").body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.post(node, "/ddd/guest/1").body("{\"message\":\"test2\"}").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/aaa/guest/1").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/bbb/guest/1").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/ccc/guest/1").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } try (CurlResponse curlResponse = Curl.delete(node, "/ddd/guest/1").execute()) { assertEquals(403, curlResponse.getHttpStatusCode()); } } }