View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.admin;
35  
36  import fr.paris.lutece.api.user.UserRole;
37  import java.math.BigInteger;
38  import java.security.SecureRandom;
39  import java.util.HashMap;
40  import java.util.Locale;
41  import java.util.Map;
42  
43  import javax.servlet.http.HttpServletRequest;
44  
45  import org.springframework.mock.web.MockHttpServletRequest;
46  
47  import fr.paris.lutece.portal.business.portlet.AliasPortlet;
48  import fr.paris.lutece.portal.business.portlet.AliasPortletHome;
49  import fr.paris.lutece.portal.business.portlet.IPortletInterfaceDAO;
50  import fr.paris.lutece.portal.business.portlet.Portlet;
51  import fr.paris.lutece.portal.business.portlet.PortletHome;
52  import fr.paris.lutece.portal.business.portlet.PortletType;
53  import fr.paris.lutece.portal.business.portlet.PortletTypeHome;
54  import fr.paris.lutece.portal.business.rbac.RBACRole;
55  import fr.paris.lutece.portal.business.rbac.RBAC;
56  import fr.paris.lutece.portal.business.rbac.RBACHome;
57  import fr.paris.lutece.portal.business.user.AdminUser;
58  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
59  import fr.paris.lutece.portal.service.i18n.I18nService;
60  import fr.paris.lutece.portal.service.message.AdminMessage;
61  import fr.paris.lutece.portal.service.message.AdminMessageService;
62  import fr.paris.lutece.portal.service.message.SiteMessageException;
63  import fr.paris.lutece.portal.service.portlet.PortletRemovalListenerService;
64  import fr.paris.lutece.portal.service.portlet.PortletResourceIdService;
65  import fr.paris.lutece.portal.service.security.SecurityTokenService;
66  import fr.paris.lutece.portal.service.util.RemovalListener;
67  import fr.paris.lutece.portal.web.constants.Parameters;
68  import fr.paris.lutece.test.LuteceTestCase;
69  import fr.paris.lutece.test.Utils;
70  import fr.paris.lutece.util.ReferenceItem;
71  import fr.paris.lutece.util.ReferenceList;
72  
73  /**
74   * Test the AdminPagePortletJspBean class
75   */
76  public class AdminPagePortletJspBeanTest extends LuteceTestCase
77  {
78  
79      /** status request parameter */
80      private static final String PORTLET_STATUS = "status";
81  
82      /**
83       * Test when no parameter given
84       * 
85       * @throws AccessDeniedException
86       *             should not happen
87       */
88      public void testGetModifyPortletStatusNoParam( ) throws AccessDeniedException
89      {
90          AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
91          MockHttpServletRequest request = new MockHttpServletRequest( );
92          String url = bean.getModifyPortletStatus( request );
93          assertNotNull( url );
94          AdminMessage message = AdminMessageService.getMessage( request );
95          assertNotNull( message );
96          assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
97      }
98  
99      /**
100      * Test when no status parameter given
101      * 
102      * @throws AccessDeniedException
103      *             should not happen
104      */
105     public void testGetModifyPortletStatusNoStatusParam( ) throws AccessDeniedException
106     {
107         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
108         MockHttpServletRequest request = new MockHttpServletRequest( );
109         request.addParameter( Parameters.PORTLET_ID, "1" );
110         String url = bean.getModifyPortletStatus( request );
111         assertNotNull( url );
112         AdminMessage message = AdminMessageService.getMessage( request );
113         assertNotNull( message );
114         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
115     }
116 
117     /**
118      * Test when no portlet_id parameter given
119      * 
120      * @throws AccessDeniedException
121      *             should not happen
122      */
123     public void testGetModifyPortletStatusNoPortletParam( ) throws AccessDeniedException
124     {
125         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
126         MockHttpServletRequest request = new MockHttpServletRequest( );
127         request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
128         String url = bean.getModifyPortletStatus( request );
129         assertNotNull( url );
130         AdminMessage message = AdminMessageService.getMessage( request );
131         assertNotNull( message );
132         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
133     }
134 
135     /**
136      * Test when the status is invalid
137      * 
138      * @throws AccessDeniedException
139      *             should not happen
140      */
141     public void testGetModifyPortletStatusInvalidStatus( ) throws AccessDeniedException
142     {
143         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
144         MockHttpServletRequest request = new MockHttpServletRequest( );
145         Portlet portlet = getPortlet( );
146         try
147         {
148             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
149             request.addParameter( PORTLET_STATUS, "999999999" );
150             String url = bean.getModifyPortletStatus( request );
151             assertNotNull( url );
152             AdminMessage message = AdminMessageService.getMessage( request );
153             assertNotNull( message );
154             assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
155         }
156         finally
157         {
158             removePortlet( portlet );
159         }
160     }
161 
162     /**
163      * Test when the portlet_id is invalid
164      * 
165      * @throws AccessDeniedException
166      *             should not happen
167      */
168     public void testGetModifyPortletStatusInvalidPortletID( ) throws AccessDeniedException
169     {
170         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
171         MockHttpServletRequest request = new MockHttpServletRequest( );
172         request.addParameter( Parameters.PORTLET_ID, "NOT_NUMERIC" );
173         request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
174         String url = bean.getModifyPortletStatus( request );
175         assertNotNull( url );
176         AdminMessage message = AdminMessageService.getMessage( request );
177         assertNotNull( message );
178         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
179     }
180 
181     /**
182      * Test when the portlet does not exist
183      * 
184      * @throws AccessDeniedException
185      *             should not happen
186      */
187     public void testGetModifyPortletStatusInexistantPortletID( ) throws AccessDeniedException
188     {
189         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
190         MockHttpServletRequest request = new MockHttpServletRequest( );
191         Portlet portlet = getPortlet( );
192         try
193         {
194             request.addParameter( Parameters.PORTLET_ID, "31415925" );
195             request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
196             String url = bean.getModifyPortletStatus( request );
197             assertNotNull( url );
198             AdminMessage message = AdminMessageService.getMessage( request );
199             assertNotNull( message );
200             assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
201         }
202         finally
203         {
204             removePortlet( portlet );
205         }
206     }
207 
208     /**
209      * Test when the user does not have the right ro manage portlets
210      */
211     public void testGetModifyPortletStatusNoRight( )
212     {
213         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
214         MockHttpServletRequest request = new MockHttpServletRequest( );
215         Portlet portlet = getPortlet( );
216         try
217         {
218             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
219             request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
220             Utils.registerAdminUser( request, new AdminUser( ) );
221             bean.getModifyPortletStatus( request );
222             fail( "Should not have been able to modify the portlet" );
223         }
224         catch( AccessDeniedException e )
225         {
226         }
227         finally
228         {
229             removePortlet( portlet );
230         }
231     }
232 
233     /**
234      * Test when all conditions are met
235      * 
236      * @throws AccessDeniedException
237      *             should not happen
238      */
239     public void testGetModifyPortletStatus( ) throws AccessDeniedException
240     {
241         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
242         MockHttpServletRequest request = new MockHttpServletRequest( );
243         Portlet portlet = null;
244         AdminUser user = null;
245         try
246         {
247             portlet = getPortlet( );
248             user = getAdminUser( );
249             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
250             request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
251             Utils.registerAdminUser( request, user );
252             String url = bean.getModifyPortletStatus( request );
253             assertNotNull( url );
254             AdminMessage message = AdminMessageService.getMessage( request );
255             assertNotNull( message );
256             assertNotNull( message.getRequestParameters( ).get( SecurityTokenService.PARAMETER_TOKEN ) );
257             assertEquals( message.getType( ), AdminMessage.TYPE_CONFIRMATION );
258         }
259         finally
260         {
261             if ( portlet != null )
262             {
263                 removePortlet( portlet );
264             }
265             if ( user != null )
266             {
267                 removeUser( user );
268             }
269         }
270     }
271 
272     /**
273      * Test when no parameter given
274      * 
275      * @throws AccessDeniedException
276      *             should not happen
277      */
278     public void testDoModifyPortletStatusNoParam( ) throws AccessDeniedException
279     {
280         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
281         MockHttpServletRequest request = new MockHttpServletRequest( );
282         request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
283                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
284         String url = bean.doModifyPortletStatus( request );
285         assertNotNull( url );
286         AdminMessage message = AdminMessageService.getMessage( request );
287         assertNotNull( message );
288         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
289     }
290 
291     /**
292      * Test when no status parameter given
293      * 
294      * @throws AccessDeniedException
295      *             should not happen
296      */
297     public void testDoModifyPortletStatusNoStatusParam( ) throws AccessDeniedException
298     {
299         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
300         MockHttpServletRequest request = new MockHttpServletRequest( );
301         request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
302                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
303         request.addParameter( Parameters.PORTLET_ID, "1" );
304         String url = bean.doModifyPortletStatus( request );
305         assertNotNull( url );
306         AdminMessage message = AdminMessageService.getMessage( request );
307         assertNotNull( message );
308         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
309     }
310 
311     /**
312      * Test when no portlet_id parameter given
313      * 
314      * @throws AccessDeniedException
315      *             should not happen
316      */
317     public void testDoModifyPortletStatusNoPortletParam( ) throws AccessDeniedException
318     {
319         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
320         MockHttpServletRequest request = new MockHttpServletRequest( );
321         request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
322         request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
323                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
324         String url = bean.doModifyPortletStatus( request );
325         assertNotNull( url );
326         AdminMessage message = AdminMessageService.getMessage( request );
327         assertNotNull( message );
328         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
329     }
330 
331     /**
332      * Test when the status is invalid
333      * 
334      * @throws AccessDeniedException
335      *             should not happen
336      */
337     public void testDoModifyPortletStatusInvalidStatus( ) throws AccessDeniedException
338     {
339         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
340         MockHttpServletRequest request = new MockHttpServletRequest( );
341         Portlet portlet = getPortlet( );
342         try
343         {
344             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
345                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
346             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
347             request.addParameter( PORTLET_STATUS, "999999999" );
348             String url = bean.doModifyPortletStatus( request );
349             assertNotNull( url );
350             AdminMessage message = AdminMessageService.getMessage( request );
351             assertNotNull( message );
352             assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
353         }
354         finally
355         {
356             removePortlet( portlet );
357         }
358     }
359 
360     /**
361      * Test when the portlet_id is invalid
362      * 
363      * @throws AccessDeniedException
364      *             should not happen
365      */
366     public void testDoModifyPortletStatusInvalidPortletID( ) throws AccessDeniedException
367     {
368         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
369         MockHttpServletRequest request = new MockHttpServletRequest( );
370         request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
371                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
372         request.addParameter( Parameters.PORTLET_ID, "NOT_NUMERIC" );
373         request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
374         String url = bean.doModifyPortletStatus( request );
375         assertNotNull( url );
376         AdminMessage message = AdminMessageService.getMessage( request );
377         assertNotNull( message );
378         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
379     }
380 
381     /**
382      * Test when the portlet does not exist
383      * 
384      * @throws AccessDeniedException
385      *             should not happen
386      */
387     public void testDoModifyPortletStatusInexistantPortletID( ) throws AccessDeniedException
388     {
389         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
390         MockHttpServletRequest request = new MockHttpServletRequest( );
391         Portlet portlet = getPortlet( );
392         try
393         {
394             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
395                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
396             request.addParameter( Parameters.PORTLET_ID, "31415925" );
397             request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
398             String url = bean.doModifyPortletStatus( request );
399             assertNotNull( url );
400             AdminMessage message = AdminMessageService.getMessage( request );
401             assertNotNull( message );
402             assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
403         }
404         finally
405         {
406             removePortlet( portlet );
407         }
408     }
409 
410     /**
411      * Test when the user does not have the right ro manage portlets
412      */
413     public void testDoModifyPortletStatusNoRight( )
414     {
415         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
416         MockHttpServletRequest request = new MockHttpServletRequest( );
417         Portlet portlet = getPortlet( );
418         try
419         {
420             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
421                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
422             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
423             request.addParameter( PORTLET_STATUS, Integer.toString( Portlet.STATUS_PUBLISHED ) );
424             Utils.registerAdminUser( request, new AdminUser( ) );
425             bean.doModifyPortletStatus( request );
426             fail( "Should not have been able to modify the portlet" );
427         }
428         catch( AccessDeniedException e )
429         {
430         }
431         finally
432         {
433             removePortlet( portlet );
434         }
435     }
436 
437     /**
438      * Test when all conditions are met
439      * 
440      * @throws AccessDeniedException
441      *             should not happen
442      */
443     public void testDoModifyPortletStatus( ) throws AccessDeniedException
444     {
445         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
446         MockHttpServletRequest request = new MockHttpServletRequest( );
447         Portlet portlet = null;
448         AdminUser user = null;
449         try
450         {
451             portlet = getPortlet( );
452             int nStatus = portlet.getStatus( );
453             int nNewStatus = nStatus == Portlet.STATUS_PUBLISHED ? Portlet.STATUS_UNPUBLISHED : Portlet.STATUS_PUBLISHED;
454             user = getAdminUser( );
455             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
456                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) );
457             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
458             request.addParameter( PORTLET_STATUS, Integer.toString( nNewStatus ) );
459             Utils.registerAdminUser( request, user );
460             String url = bean.doModifyPortletStatus( request );
461             assertNotNull( url );
462             AdminMessage message = AdminMessageService.getMessage( request );
463             assertNull( message );
464             Portlet storedPortlet = PortletHome.findByPrimaryKey( portlet.getId( ) );
465             assertNotNull( storedPortlet );
466             assertEquals( nNewStatus, storedPortlet.getStatus( ) );
467         }
468         finally
469         {
470             if ( portlet != null )
471             {
472                 removePortlet( portlet );
473             }
474             if ( user != null )
475             {
476                 removeUser( user );
477             }
478         }
479     }
480 
481     /**
482      * Test when no token
483      * 
484      * @throws AccessDeniedException
485      *             should not happen
486      */
487     public void testDoModifyPortletStatusNoCSRFToken( ) throws AccessDeniedException
488     {
489         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
490         MockHttpServletRequest request = new MockHttpServletRequest( );
491         Portlet portlet = null;
492         AdminUser user = null;
493         int nStatus = 0;
494         try
495         {
496             portlet = getPortlet( );
497             nStatus = portlet.getStatus( );
498             int nNewStatus = nStatus == Portlet.STATUS_PUBLISHED ? Portlet.STATUS_UNPUBLISHED : Portlet.STATUS_PUBLISHED;
499             user = getAdminUser( );
500             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
501             request.addParameter( PORTLET_STATUS, Integer.toString( nNewStatus ) );
502             Utils.registerAdminUser( request, user );
503             bean.doModifyPortletStatus( request );
504             fail( "Should have thrown" );
505         }
506         catch( AccessDeniedException e )
507         {
508             Portlet storedPortlet = PortletHome.findByPrimaryKey( portlet.getId( ) );
509             assertNotNull( storedPortlet );
510             assertEquals( nStatus, storedPortlet.getStatus( ) );
511         }
512         finally
513         {
514             if ( portlet != null )
515             {
516                 removePortlet( portlet );
517             }
518             if ( user != null )
519             {
520                 removeUser( user );
521             }
522         }
523     }
524 
525     /**
526      * Test when invalid token
527      * 
528      * @throws AccessDeniedException
529      *             should not happen
530      */
531     public void testDoModifyPortletStatusInvalidCSRFToken( ) throws AccessDeniedException
532     {
533         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
534         MockHttpServletRequest request = new MockHttpServletRequest( );
535         Portlet portlet = null;
536         AdminUser user = null;
537         int nStatus = 0;
538         try
539         {
540             portlet = getPortlet( );
541             nStatus = portlet.getStatus( );
542             int nNewStatus = nStatus == Portlet.STATUS_PUBLISHED ? Portlet.STATUS_UNPUBLISHED : Portlet.STATUS_PUBLISHED;
543             user = getAdminUser( );
544             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
545                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoModifyPortletStatus.jsp" ) + "b" );
546             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
547             request.addParameter( PORTLET_STATUS, Integer.toString( nNewStatus ) );
548             Utils.registerAdminUser( request, user );
549             bean.doModifyPortletStatus( request );
550             fail( "Should have thrown" );
551         }
552         catch( AccessDeniedException e )
553         {
554             Portlet storedPortlet = PortletHome.findByPrimaryKey( portlet.getId( ) );
555             assertNotNull( storedPortlet );
556             assertEquals( nStatus, storedPortlet.getStatus( ) );
557         }
558         finally
559         {
560             if ( portlet != null )
561             {
562                 removePortlet( portlet );
563             }
564             if ( user != null )
565             {
566                 removeUser( user );
567             }
568         }
569     }
570 
571     /**
572      * Test when no parameter given
573      * 
574      * @throws AccessDeniedException
575      *             should not happen
576      */
577     public void testGetRemovePortletNoParam( ) throws AccessDeniedException
578     {
579         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
580         MockHttpServletRequest request = new MockHttpServletRequest( );
581         String url = bean.getRemovePortlet( request );
582         assertNotNull( url );
583         AdminMessage message = AdminMessageService.getMessage( request );
584         assertNotNull( message );
585         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
586     }
587 
588     /**
589      * Test when the portlet_id is invalid
590      * 
591      * @throws AccessDeniedException
592      *             should not happen
593      */
594     public void testGetRemovePortletInvalidPortletID( ) throws AccessDeniedException
595     {
596         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
597         MockHttpServletRequest request = new MockHttpServletRequest( );
598         request.addParameter( Parameters.PORTLET_ID, "NOT_NUMERIC" );
599         String url = bean.getRemovePortlet( request );
600         assertNotNull( url );
601         AdminMessage message = AdminMessageService.getMessage( request );
602         assertNotNull( message );
603         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
604     }
605 
606     /**
607      * Test when the portlet does not exist
608      * 
609      * @throws AccessDeniedException
610      *             should not happen
611      */
612     public void testGetRemovePortletInexistantPortletID( ) throws AccessDeniedException
613     {
614         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
615         MockHttpServletRequest request = new MockHttpServletRequest( );
616         Portlet portlet = getPortlet( );
617         try
618         {
619             request.addParameter( Parameters.PORTLET_ID, "31415925" );
620             String url = bean.getRemovePortlet( request );
621             assertNotNull( url );
622             AdminMessage message = AdminMessageService.getMessage( request );
623             assertNotNull( message );
624             assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
625         }
626         finally
627         {
628             removePortlet( portlet );
629         }
630     }
631 
632     /**
633      * Test when the user does not have the right ro manage portlets
634      */
635     public void testGetRemovePortletNoRight( )
636     {
637         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
638         MockHttpServletRequest request = new MockHttpServletRequest( );
639         Portlet portlet = getPortlet( );
640         try
641         {
642             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
643             Utils.registerAdminUser( request, new AdminUser( ) );
644             bean.getRemovePortlet( request );
645             fail( "Should not have been able to modify the portlet" );
646         }
647         catch( AccessDeniedException e )
648         {
649         }
650         finally
651         {
652             removePortlet( portlet );
653         }
654     }
655 
656     /**
657      * Test when all conditions are met
658      * 
659      * @throws AccessDeniedException
660      *             should not happen
661      */
662     public void testGetRemovePortlet( ) throws AccessDeniedException
663     {
664         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
665         MockHttpServletRequest request = new MockHttpServletRequest( );
666         Portlet portlet = null;
667         AdminUser user = null;
668         try
669         {
670             portlet = getPortlet( );
671             user = getAdminUser( );
672             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
673             Utils.registerAdminUser( request, user );
674             String url = bean.getRemovePortlet( request );
675             assertNotNull( url );
676             AdminMessage message = AdminMessageService.getMessage( request );
677             assertNotNull( message );
678             assertEquals( message.getType( ), AdminMessage.TYPE_CONFIRMATION );
679             assertNotNull( message.getRequestParameters( ).get( SecurityTokenService.PARAMETER_TOKEN ) );
680             ReferenceList listLanguages = I18nService.getAdminLocales( Locale.FRANCE );
681             for ( ReferenceItem lang : listLanguages )
682             {
683                 assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( portlet.getName( ) ) );
684             }
685         }
686         finally
687         {
688             if ( portlet != null )
689             {
690                 removePortlet( portlet );
691             }
692             if ( user != null )
693             {
694                 removeUser( user );
695             }
696         }
697     }
698 
699     /**
700      * Test when all conditions are met
701      * 
702      * @throws AccessDeniedException
703      *             should not happen
704      */
705     public void testGetRemovePortletWithAlias( ) throws AccessDeniedException
706     {
707         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
708         MockHttpServletRequest request = new MockHttpServletRequest( );
709         Portlet portlet = null;
710         AdminUser user = null;
711         try
712         {
713             portlet = getPortlet( );
714             getAlias( portlet );
715             user = getAdminUser( );
716             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
717             Utils.registerAdminUser( request, user );
718             String url = bean.getRemovePortlet( request );
719             assertNotNull( url );
720             AdminMessage message = AdminMessageService.getMessage( request );
721             assertNotNull( message );
722             assertNotNull( message.getRequestParameters( ).get( SecurityTokenService.PARAMETER_TOKEN ) );
723             assertEquals( message.getType( ), AdminMessage.TYPE_CONFIRMATION );
724             ReferenceList listLanguages = I18nService.getAdminLocales( Locale.FRANCE );
725             for ( ReferenceItem lang : listLanguages )
726             {
727                 assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( portlet.getName( ) ) );
728             }
729         }
730         finally
731         {
732             if ( portlet != null )
733             {
734                 removePortlet( portlet );
735             }
736             if ( user != null )
737             {
738                 removeUser( user );
739             }
740         }
741     }
742 
743     /**
744      * Test when all conditions are met
745      * 
746      * @throws AccessDeniedException
747      *             should not happen
748      */
749     public void testGetRemovePortletWithPortletRemovalListener( ) throws AccessDeniedException
750     {
751         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
752         MockHttpServletRequest request = new MockHttpServletRequest( );
753         Portlet portlet = null;
754         AdminUser user = null;
755         try
756         {
757             portlet = getPortlet( );
758             user = getAdminUser( );
759             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
760             Utils.registerAdminUser( request, user );
761             final int nPortletId = portlet.getId( );
762             final String removalRefusedMessage = "REMOVAL_REFUSED_" + nPortletId;
763             PortletRemovalListenerService.getService( ).registerListener( new RemovalListener( )
764             {
765                 // removalListener cannot be unregistered. Try not to interfere with other tests
766                 private boolean first = true;
767 
768                 @Override
769                 public String getRemovalRefusedMessage( String id, Locale locale )
770                 {
771                     return removalRefusedMessage;
772                 }
773 
774                 @Override
775                 public boolean canBeRemoved( String id )
776                 {
777                     // always allow removal after first use
778                     boolean res = !first || !id.equals( Integer.toString( nPortletId ) );
779                     first = false;
780                     return res;
781                 }
782             } );
783             String url = bean.getRemovePortlet( request );
784             assertNotNull( url );
785             AdminMessage message = AdminMessageService.getMessage( request );
786             assertNotNull( message );
787             assertNotNull( message.getRequestParameters( ).get( SecurityTokenService.PARAMETER_TOKEN ) );
788             assertEquals( message.getType( ), AdminMessage.TYPE_STOP );
789             ReferenceList listLanguages = I18nService.getAdminLocales( Locale.FRANCE );
790             for ( ReferenceItem lang : listLanguages )
791             {
792                 assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( portlet.getName( ) ) );
793                 assertTrue( message.getText( new Locale( lang.getCode( ) ) ).contains( removalRefusedMessage ) );
794             }
795         }
796         finally
797         {
798             if ( portlet != null )
799             {
800                 removePortlet( portlet );
801             }
802             if ( user != null )
803             {
804                 removeUser( user );
805             }
806         }
807     }
808 
809     /**
810      * Test when no parameter given
811      * 
812      * @throws AccessDeniedException
813      *             should not happen
814      */
815     public void testDoRemovePortletNoParam( ) throws AccessDeniedException
816     {
817         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
818         MockHttpServletRequest request = new MockHttpServletRequest( );
819         request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
820                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoRemovePortlet.jsp" ) );
821         String url = bean.doRemovePortlet( request );
822         assertNotNull( url );
823         AdminMessage message = AdminMessageService.getMessage( request );
824         assertNotNull( message );
825         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
826     }
827 
828     /**
829      * Test when the portlet_id is invalid
830      * 
831      * @throws AccessDeniedException
832      *             should not happen
833      */
834     public void testDoRemovePortletInvalidPortletID( ) throws AccessDeniedException
835     {
836         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
837         MockHttpServletRequest request = new MockHttpServletRequest( );
838         request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
839                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoRemovePortlet.jsp" ) );
840         request.addParameter( Parameters.PORTLET_ID, "NOT_NUMERIC" );
841         String url = bean.doRemovePortlet( request );
842         assertNotNull( url );
843         AdminMessage message = AdminMessageService.getMessage( request );
844         assertNotNull( message );
845         assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
846     }
847 
848     /**
849      * Test when the portlet does not exist
850      * 
851      * @throws AccessDeniedException
852      *             should not happen
853      */
854     public void testDoRemovePortletInexistantPortletID( ) throws AccessDeniedException
855     {
856         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
857         MockHttpServletRequest request = new MockHttpServletRequest( );
858         Portlet portlet = getPortlet( );
859         try
860         {
861             request.addParameter( Parameters.PORTLET_ID, "31415925" );
862             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
863                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoRemovePortlet.jsp" ) );
864             String url = bean.doRemovePortlet( request );
865             assertNotNull( url );
866             AdminMessage message = AdminMessageService.getMessage( request );
867             assertNotNull( message );
868             assertEquals( message.getType( ), AdminMessage.TYPE_ERROR );
869         }
870         finally
871         {
872             removePortlet( portlet );
873         }
874     }
875 
876     /**
877      * Test when the user does not have the right ro manage portlets
878      */
879     public void testDoRemovePortletNoRight( )
880     {
881         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
882         MockHttpServletRequest request = new MockHttpServletRequest( );
883         Portlet portlet = getPortlet( );
884         try
885         {
886             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
887             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
888                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoRemovePortlet.jsp" ) );
889             Utils.registerAdminUser( request, new AdminUser( ) );
890             bean.doRemovePortlet( request );
891             fail( "Should not have been able to modify the portlet" );
892         }
893         catch( AccessDeniedException e )
894         {
895         }
896         finally
897         {
898             removePortlet( portlet );
899         }
900     }
901 
902     /**
903      * Test when all conditions are met
904      * 
905      * @throws AccessDeniedException
906      *             should not happen
907      */
908     public void testDoRemovePortlet( ) throws AccessDeniedException
909     {
910         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
911         MockHttpServletRequest request = new MockHttpServletRequest( );
912         Portlet portlet = null;
913         AdminUser user = null;
914         try
915         {
916             portlet = getPortlet( );
917             user = getAdminUser( );
918             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
919             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
920                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoRemovePortlet.jsp" ) );
921             Utils.registerAdminUser( request, user );
922             String url = bean.doRemovePortlet( request );
923             assertNotNull( url );
924             AdminMessage message = AdminMessageService.getMessage( request );
925             assertNull( message );
926             try
927             {
928                 portlet = PortletHome.findByPrimaryKey( portlet.getId( ) );
929                 fail( "Portlet was not removed" );
930             }
931             catch( NullPointerException e )
932             {
933                 portlet = null;
934             }
935         }
936         finally
937         {
938             if ( portlet != null )
939             {
940                 removePortlet( portlet );
941             }
942             if ( user != null )
943             {
944                 removeUser( user );
945             }
946         }
947     }
948 
949     /**
950      * Test when no CSRF token
951      * 
952      * @throws AccessDeniedException
953      *             should not happen
954      */
955     public void testDoRemovePortletNoCSRFToken( ) throws AccessDeniedException
956     {
957         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
958         MockHttpServletRequest request = new MockHttpServletRequest( );
959         Portlet portlet = null;
960         AdminUser user = null;
961         try
962         {
963             portlet = getPortlet( );
964             user = getAdminUser( );
965             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
966             Utils.registerAdminUser( request, user );
967             bean.doRemovePortlet( request );
968             fail( "Should have thrown" );
969         }
970         catch( AccessDeniedException e )
971         {
972             assertNotNull( PortletHome.findByPrimaryKey( portlet.getId( ) ) );
973         }
974         finally
975         {
976             if ( portlet != null )
977             {
978                 removePortlet( portlet );
979             }
980             if ( user != null )
981             {
982                 removeUser( user );
983             }
984         }
985     }
986 
987     /**
988      * Test when invalid CSRF token
989      * 
990      * @throws AccessDeniedException
991      *             should not happen
992      */
993     public void testDoRemovePortletInvalidCSRFToken( ) throws AccessDeniedException
994     {
995         AdminPagePortletJspBean bean = new AdminPagePortletJspBean( );
996         MockHttpServletRequest request = new MockHttpServletRequest( );
997         Portlet portlet = null;
998         AdminUser user = null;
999         try
1000         {
1001             portlet = getPortlet( );
1002             user = getAdminUser( );
1003             request.addParameter( Parameters.PORTLET_ID, Integer.toString( portlet.getId( ) ) );
1004             request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1005                     SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/site/DoRemovePortlet.jsp" ) + "b" );
1006             Utils.registerAdminUser( request, user );
1007             bean.doRemovePortlet( request );
1008             fail( "Should have thrown" );
1009         }
1010         catch( AccessDeniedException e )
1011         {
1012             assertNotNull( PortletHome.findByPrimaryKey( portlet.getId( ) ) );
1013         }
1014         finally
1015         {
1016             if ( portlet != null )
1017             {
1018                 removePortlet( portlet );
1019             }
1020             if ( user != null )
1021             {
1022                 removeUser( user );
1023             }
1024         }
1025     }
1026 
1027     /**
1028      * Get an admin user with a Role which can manage portlets
1029      * 
1030      * @return the admin user
1031      */
1032     private AdminUser getAdminUser( )
1033     {
1034         String strRoleKey = "ROLE_" + new BigInteger( 40, new SecureRandom( ) ).toString( 32 );
1035         RBAC rbac = new RBAC( );
1036         rbac.setResourceTypeKey( PortletType.RESOURCE_TYPE );
1037         rbac.setPermissionKey( PortletResourceIdService.PERMISSION_MANAGE );
1038         rbac.setResourceId( RBAC.WILDCARD_RESOURCES_ID );
1039         rbac.setRoleKey( strRoleKey );
1040         RBACHome.create( rbac );
1041         RBACRole role = new RBACRole( );
1042         role.setKey( strRoleKey );
1043         role.setDescription( strRoleKey );
1044         AdminUser user = new AdminUser( );
1045         Map<String, RBACRole> roles = new HashMap<>( );
1046         roles.put( strRoleKey, role );
1047         user.setRoles( roles );
1048         return user;
1049     }
1050 
1051     /**
1052      * Remove objects persisted with the test user
1053      * 
1054      * @param user
1055      *            the test user
1056      */
1057     private void removeUser( AdminUser user )
1058     {
1059         Map<String, UserRole> roles = user.getRoles( );
1060         for ( String roleKey : roles.keySet( ) )
1061         {
1062             RBACHome.removeForRoleKey( roleKey );
1063         }
1064     }
1065 
1066     /**
1067      * Remove the test portlet
1068      * 
1069      * @param portlet
1070      *            the test portlet
1071      */
1072     private void removePortlet( Portlet portlet )
1073     {
1074         PortletType portletType = PortletTypeHome.findByPrimaryKey( portlet.getPortletTypeId( ) );
1075         PortletHome portletHome = new TestPortletHome( );
1076         portletHome.remove( portlet );
1077         PortletTypeHome.remove( portletType.getId( ) );
1078     }
1079 
1080     /**
1081      * Get a test portlet
1082      * 
1083      * @return a test portlet
1084      */
1085     private Portlet getPortlet( )
1086     {
1087         PortletType portletType = new PortletType( );
1088         String strPortletTypeID = "TEST_" + new BigInteger( 40, new SecureRandom( ) ).toString( 32 );
1089         portletType.setId( strPortletTypeID );
1090         portletType.setHomeClass( TestPortletHome.class.getName( ) );
1091         PortletTypeHome.create( portletType );
1092         Portlet portlet = new TestPortlet( portletType );
1093         portlet.setStatus( Portlet.STATUS_UNPUBLISHED );
1094         portlet.setName( strPortletTypeID );
1095         portlet.setAcceptAlias( 1 );
1096         PortletHome portletHome = new TestPortletHome( );
1097         portletHome.create( portlet );
1098         return portlet;
1099     }
1100 
1101     private Portlet getAlias( Portlet portlet )
1102     {
1103         AliasPortlet aliasPortlet = new AliasPortlet( );
1104         aliasPortlet.setPageId( portlet.getPageId( ) );
1105         aliasPortlet.setName( "ALIAS_" + portlet.getName( ) );
1106         aliasPortlet.setAliasId( portlet.getId( ) );
1107         aliasPortlet.setStyleId( portlet.getStyleId( ) );
1108         AliasPortletHome.getInstance( ).create( aliasPortlet );
1109         return aliasPortlet;
1110     }
1111 
1112     /**
1113      * Test portlet
1114      */
1115     private static final class TestPortlet extends Portlet
1116     {
1117 
1118         /**
1119          * Constructor
1120          * 
1121          * @param type
1122          *            the portlet type
1123          */
1124         TestPortlet( PortletType type )
1125         {
1126             setPortletTypeId( type.getId( ) );
1127         }
1128 
1129         @Override
1130         public String getXml( HttpServletRequest request ) throws SiteMessageException
1131         {
1132             return null;
1133         }
1134 
1135         @Override
1136         public String getXmlDocument( HttpServletRequest request ) throws SiteMessageException
1137         {
1138             return null;
1139         }
1140 
1141         @Override
1142         public void remove( )
1143         {
1144             new TestPortletHome( ).remove( this );
1145             ;
1146         }
1147 
1148     }
1149 
1150     /**
1151      * The test portlet home
1152      */
1153     public static final class TestPortletHome extends PortletHome
1154     {
1155 
1156         @Override
1157         public IPortletInterfaceDAO getDAO( )
1158         {
1159             return new TestPortletInterfaceDAO( );
1160         }
1161 
1162         @Override
1163         public String getPortletTypeId( )
1164         {
1165             throw new UnsupportedOperationException( );
1166         }
1167     }
1168 
1169     /**
1170      * The test portlet DAO
1171      */
1172     private static final class TestPortletInterfaceDAO implements IPortletInterfaceDAO
1173     {
1174 
1175         private static final Map<Integer, Portlet> _storage = new HashMap<>( );
1176 
1177         @Override
1178         public void insert( Portlet portlet )
1179         {
1180             _storage.put( portlet.getId( ), portlet );
1181         }
1182 
1183         @Override
1184         public void delete( int nPortletId )
1185         {
1186             _storage.remove( nPortletId );
1187         }
1188 
1189         @Override
1190         public Portlet load( int nPortletId )
1191         {
1192             return _storage.get( nPortletId );
1193         }
1194 
1195         @Override
1196         public void store( Portlet portlet )
1197         {
1198             _storage.put( portlet.getId( ), portlet );
1199         }
1200 
1201     }
1202 
1203 }