Merge pull request #92 from SawamiWataru/Issue-78-Add-value-check-RequireSchemaAuthz

Issue 78 add value check require schema authz

Author: SawamiWataru

src/main/java/io/personium/core/auth/OAuth2Helper.java

@@ -328,7 +328,6 @@ public static class SchemaLevel {
          */
         public static boolean isMatchPermittedValue(String value) {
             if (value == null
-                    || value.isEmpty()
                     || NONE.equals(value)
                     || PUBLIC.equals(value)
                     || CONFIDENTIAL.equals(value)) {

src/main/java/io/personium/core/model/jaxb/Acl.java

@@ -199,7 +199,7 @@ public boolean allows(final Privilege priv, final AccessContext ac, Map<String,
     public void validateAcl(boolean isCellLevel) {
         // Check whether requireSchemaAuthz matches permitted value.
         if (!OAuth2Helper.SchemaLevel.isMatchPermittedValue(requireSchemaAuthz)) {
-            String cause = String.format("Value [%s] of requireSchemaAuthz is invalid", requireSchemaAuthz);
+            String cause = String.format("Value [%s] for requireSchemaAuthz is invalid", requireSchemaAuthz);
             throw PersoniumCoreException.Dav.XML_VALIDATE_ERROR.params(cause);
         }
         // <!ELEMENT acl (ace*) >

src/test/java/io/personium/test/jersey/box/CollectionTest.java

@@ -1455,7 +1455,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                     .with("colname", path)
                     .with("token", TOKEN)
                     .with("roleBaseUrl", UrlUtils.roleResource(testcell, null, ""))
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
 
@@ -1556,7 +1556,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                     .with("colname", path)
                     .with("token", TOKEN)
                     .with("roleBaseUrl", UrlUtils.roleResource(testcell, null, ""))
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
 
@@ -1611,7 +1611,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                     .with("colname", path)
                     .with("token", TOKEN)
                     .with("roleBaseUrl", UrlUtils.roleResource(testcell, null, ""))
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
 
@@ -1662,7 +1662,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                 .with("colname", path)
                 .with("token", TOKEN)
                 .with("roleBaseUrl", UrlUtils.roleResource(testcell, null, ""))
-                .with("level", "")
+                .with("level", "none")
                 .returns()
                 .statusCode(HttpStatus.SC_BAD_REQUEST);
 
@@ -1696,7 +1696,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                 .with("col", Setup.TEST_ODATA)
                 .with("token", AbstractCase.MASTER_TOKEN_NAME)
                 .with("roleBaseUrl", UrlUtils.roleResource(Setup.TEST_CELL1, "notExistsBox", "role1"))
-                .with("level", "")
+                .with("level", "none")
                 .returns()
                 .statusCode(HttpStatus.SC_BAD_REQUEST);
     }
@@ -1714,7 +1714,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                 .with("role", "notExistsCol/../__/role1")
                 .with("token", AbstractCase.MASTER_TOKEN_NAME)
                 .with("roleBaseUrl", UrlUtils.roleResource(Setup.TEST_CELL1, null, ""))
-                .with("level", "")
+                .with("level", "none")
                 .returns()
                 .statusCode(HttpStatus.SC_BAD_REQUEST);
     }
@@ -1740,7 +1740,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                     .with("col", Setup.TEST_ODATA)
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
                     .with("roleBaseUrl", UrlUtils.roleResource(Setup.TEST_CELL1, testBox, testRole))
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_BAD_REQUEST);
         } finally {
@@ -1767,7 +1767,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
                     .with("colname", "")
                     .with("token", TOKEN)
                     .with("roleBaseUrl", UrlUtils.roleResource(testcell, null, ""))
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
 
@@ -1799,7 +1799,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
             // ACLの設定を下に戻す
             DavResourceUtils.setACL(testcell, AbstractCase.MASTER_TOKEN_NAME,
                     HttpStatus.SC_OK, "", ACL_AUTH_TEST_SETTING_FILE, Setup.TEST_BOX1,
-                    "");
+                    "none");
         }
     }
 
@@ -1822,7 +1822,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
 
                     // ACLの設定
                     DavResourceUtils.setACLwithBox(testcell, token, HttpStatus.SC_OK,
-                            path, "", "box/acl-setting.txt", role, path, "<D:write/>", "");
+                            path, "", "box/acl-setting.txt", role, path, "<D:write/>", "none");
 
                     // ACLの確認
                     TResponse tresponseWebDav = CellUtils.propfind(testcell + "/" + path,
@@ -1850,7 +1850,7 @@ private void depthTest(final NodeList nodeList, final String resorce, final Stri
             // ACL設定を元に戻す
             DavResourceUtils.setACL(testcell, AbstractCase.MASTER_TOKEN_NAME,
                     HttpStatus.SC_OK, "", ACL_AUTH_TEST_SETTING_FILE, Setup.TEST_BOX1,
-                    "");
+                    "none");
         }
     }
 

src/test/java/io/personium/test/jersey/box/acl/AclTest.java

@@ -103,7 +103,7 @@ public AclTest() {
             // Principal:all
             // Privilege:readのACLをbox1に設定
             DavResourceUtils.setACL(null, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME, ACL_ALL_TEST,
-                    null, "<D:read/>", "");
+                    null, "<D:read/>", "none");
 
             // PROPFINDでACLの確認
             TResponse tresponse = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME,
@@ -155,7 +155,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }
@@ -171,7 +171,7 @@ public AclTest() {
             // Principal:role1 Privilege:write
             // のACLをbox1に設定
             setAclAllandRole(TEST_CELL1, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME,
-                    "box/acl-setting-all-role.txt", "role1", "<D:read/>", "<D:write/>", "");
+                    "box/acl-setting-all-role.txt", "role1", "<D:read/>", "<D:write/>", "none");
 
             // PROPFINDでACLの確認
             CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME,
@@ -210,7 +210,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }
@@ -227,7 +227,7 @@ public AclTest() {
             // Principal:all
             // Privilege:readのACLをbox1に設定
             DavResourceUtils.setACL(null, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME, ACL_ALL_TEST,
-                    null, "<D:read/>", "");
+                    null, "<D:read/>", "none");
 
             // PROPFINDでACLの確認
             TResponse tresponse = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME,
@@ -239,7 +239,7 @@ public AclTest() {
 
             // ・空のACLを設定してACLが消えることを確認
             DavResourceUtils.setACL(TEST_CELL1, TOKEN, HttpStatus.SC_OK, "", ACL_NULL_TEST,
-                    null, null, "");
+                    null, null, "none");
 
             // PROPFINDでACLの確認
             TResponse tresponse2 = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME,
@@ -254,7 +254,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }
@@ -276,7 +276,7 @@ public AclTest() {
 
             // 上記Boxに上記RoleでACL設定
             DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox, "",
-                    ACL_SETTING_TEST, testRole, testBox, "<D:read/>", "");
+                    ACL_SETTING_TEST, testRole, testBox, "<D:read/>", "none");
 
             // PROPFIND
             TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
@@ -324,7 +324,7 @@ public AclTest() {
 
             // 上記BoxにBoxに紐付かないRoleでACL設定
             DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox, "", ACL_SETTING_TEST,
-                    testRole, null, "<D:read/>", "");
+                    testRole, null, "<D:read/>", "none");
 
             // PROPFIND
             TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
@@ -388,7 +388,7 @@ public AclTest() {
 
             // 上記Boxに上記RoleでACL設定
             DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox1, "",
-                    ACL_SETTING_TEST, testRole, testBox1, "<D:read/>", "");
+                    ACL_SETTING_TEST, testRole, testBox1, "<D:read/>", "none");
 
             // PROPFIND
             TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
@@ -437,7 +437,7 @@ public AclTest() {
             // 上記Boxに上記RoleでACL設定
             DavResourceUtils.setACLwithRoleBaseUrl(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox1, "",
                     "box/acl-setting-baseurl.txt", UrlUtils.roleResource(TEST_CELL1, testBox1, testRole),
-                    "<D:read/>", "");
+                    "<D:read/>", "none");
 
             // PROPFIND
             TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
@@ -505,7 +505,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }
@@ -528,7 +528,7 @@ public AclTest() {
             // ACLをtestcell1/box2に設定
             DavResourceUtils.setACLwithBox(TEST_CELL1, AbstractCase.BEARER_MASTER_TOKEN, HttpStatus.SC_OK, box2, "",
                     "box/acl-2role-setting.txt", roleNotDelete, roleDelete, box2, "<D:read/>",
-                    "<D:write/>", "");
+                    "<D:write/>", "none");
 
             // roleを削除
             RoleUtils.delete(TEST_CELL1, TOKEN, roleDelete, box2, HttpStatus.SC_NO_CONTENT);
@@ -555,7 +555,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }
@@ -575,7 +575,7 @@ public AclTest() {
 
             // ACLをtestcell1/box2に設定
             DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, box2, "",
-                    ACL_SETTING_TEST, roleDelete, null, "<D:read/>", "");
+                    ACL_SETTING_TEST, roleDelete, null, "<D:read/>", "none");
 
             // roleを削除
             RoleUtils.delete(TEST_CELL1, TOKEN, roleDelete, null, HttpStatus.SC_NO_CONTENT);
@@ -598,7 +598,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", AbstractCase.MASTER_TOKEN_NAME)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }

src/test/java/io/personium/test/jersey/cell/AclTest.java

@@ -205,7 +205,7 @@ public AclTest() {
             // Principal:all Privilege:read
             // Principal:role1 Privilege:write
             setAclAllandRole(TEST_CELL1, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + testBox1,
-                "box/acl-setting-all-role.txt", "role1", "<D:read/>", "<D:write/>", "");
+                "box/acl-setting-all-role.txt", "role1", "<D:read/>", "<D:write/>", "none");
 
             // PROPFINDでACLの確認
             CellUtils.propfind(TEST_CELL1 + "/" + testBox1, TOKEN, "0", HttpStatus.SC_MULTI_STATUS);
@@ -236,7 +236,7 @@ public AclTest() {
                     .with("colname", "")
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                     .with("token", TOKEN)
-                    .with("level", "")
+                    .with("level", "none")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
 
@@ -247,7 +247,6 @@ public AclTest() {
                     .with("role2", TEST_ROLE2)
                     .with("box", testBox1)
                     .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
-                    .with("level", "")
                     .returns()
                     .statusCode(HttpStatus.SC_OK);
         }

src/test/java/io/personium/test/jersey/cell/auth/SchemaAuthTest.java

@@ -25,6 +25,8 @@
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 
+import com.sun.jersey.test.framework.JerseyTest;
+
 import io.personium.common.auth.token.AbstractOAuth2Token.TokenDsigException;
 import io.personium.common.auth.token.AbstractOAuth2Token.TokenParseException;
 import io.personium.common.auth.token.AbstractOAuth2Token.TokenRootCrtException;
@@ -46,10 +48,9 @@
 import io.personium.test.utils.CellUtils;
 import io.personium.test.utils.DavResourceUtils;
 import io.personium.test.utils.Http;
-import io.personium.test.utils.UserDataUtils;
 import io.personium.test.utils.ResourceUtils;
 import io.personium.test.utils.TResponse;
-import com.sun.jersey.test.framework.JerseyTest;
+import io.personium.test.utils.UserDataUtils;
 
 /**
  * スキーマ認証のテスト.
@@ -176,8 +177,12 @@ private void cheackResourceSchema(String path, String file, String token,
      * @param cellPath セル
      */
     private void setAclSchema(String box, String path, String level, String cellPath) {
+        String settingFile = ACL_AUTH_TEST_SETTING_FILE;
+        if (level.isEmpty()) {
+            settingFile = "box/acl-setscheme-none-schema-level.txt";
+        }
         DavResourceUtils.setACL(cellPath, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, path,
-                ACL_AUTH_TEST_SETTING_FILE, box, level);
+                settingFile, box, level);
     }
 
     /**
@@ -678,7 +683,7 @@ private void setAclSchema(String box, String path, String roleBaseUrl, String le
                     "hoge", Box.DEFAULT_BOX_NAME, DAV_RESOURCE, -1);
             // ACL設定
             DavResourceUtils.setACL(TEST_CELL1, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, DAV_RESOURCE,
-                    "box/acl-all.txt", Box.DEFAULT_BOX_NAME, "");
+                    "box/acl-all-none-schema-level.txt", Box.DEFAULT_BOX_NAME, "");
 
             this.checkResourcesWithSchema("", DAV_RESOURCE, tokenStr, Box.DEFAULT_BOX_NAME, TEST_CELL1);
         } finally {
@@ -791,7 +796,7 @@ private TResponse setACL(String box, String path, String setFile) {
                 .with("box", box)
                 .with("token", AbstractCase.MASTER_TOKEN_NAME)
                 .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
-                .with("level", "")
+                .with("level", "none")
                 .returns()
                 .statusCode(HttpStatus.SC_OK);
         return tresponseWebDav;

src/test/java/io/personium/test/setup/Setup.java

@@ -409,7 +409,7 @@ private void create(Config conf) {
             if ("box1".equals(box.boxName)) {
                 // BoxレベルACLテスト用
                 DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, "",
-                        "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                        "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
             }
         }
 
@@ -419,14 +419,14 @@ private void create(Config conf) {
             createOdataCollection(conf.cellName, TEST_BOX1, SEARCH_ODATA);
 
             DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, TEST_ODATA,
-                    "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                    "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
             createWebdavCollection(conf.cellName, TEST_BOX1, "setdavcol");
             DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, "setdavcol",
-                    "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                    "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
             this.createPatch2("setservice", conf.cellName);
             createServiceCollection(conf.cellName, TEST_BOX1, "service_relay");
             DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, "service_relay",
-                    "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                    "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
 
             // テストコレクションのエンティティ作成
             createTestCollectionSchema(conf.cellName);
@@ -452,14 +452,14 @@ private void create(Config conf) {
             createOdataCollection(conf.cellName, TEST_BOX1, TEST_ODATA);
 
             DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, TEST_ODATA,
-                    "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                    "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
             createWebdavCollection(conf.cellName, TEST_BOX1, "setdavcol");
             DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, "setdavcol",
-                    "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                    "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
             this.createPatch2("setservice", conf.cellName);
             createServiceCollection(conf.cellName, TEST_BOX1, "service_relay");
             DavResourceUtils.setACL(conf.cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_OK, "service_relay",
-                    "box/acl-authtest.txt", Setup.TEST_BOX1, "");
+                    "box/acl-setscheme-none-schema-level.txt", Setup.TEST_BOX1, "");
 
             // テストコレクションのエンティティ作成
             createTestCollectionSchema(conf.cellName);