You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/08/29 01:01:29 UTC
svn commit: r570591 - in /directory/sandbox/djencks/triplesec-jacc2:
admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/
guardian-api/src/main/java/org/apache/directory/triplesec/guardian/
guardian-api/src/test/java/org/apache/di...
Author: djencks
Date: Tue Aug 28 16:01:28 2007
New Revision: 570591
URL: http://svn.apache.org/viewvc?rev=570591&view=rev
Log:
Remove some of the worst hacks in jacc usage
Added:
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java (with props)
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java (with props)
Modified:
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/ChildMap.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactory.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ConnectionDriver.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockConnectionDriver.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriverTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifConnectionDriver.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdapConnectionDriverTest.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/ChildMap.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/ChildMap.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/ChildMap.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/ChildMap.java Tue Aug 28 16:01:28 2007
@@ -65,8 +65,8 @@
String name = buf.toString();
try
{
- for (NamingEnumeration ne = ctx.search( name, filter, controls) ; ne.hasMoreElements(); ) {
- SearchResult result = ( SearchResult ) ne.nextElement();
+ for (NamingEnumeration<SearchResult> ne = ctx.search( name, filter, controls) ; ne.hasMoreElements(); ) {
+ SearchResult result = ne.nextElement();
Attributes attrs = result.getAttributes();
String dn = result.getName();
String pcRdn = dn + "," + rdn;
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactory.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactory.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactory.java Tue Aug 28 16:01:28 2007
@@ -220,7 +220,7 @@
{
try
{
- return driver.newStore( url, info );
+ return driver.newApplicationPolicy( url, info );
}
catch( StoreConnectionException e )
{
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ConnectionDriver.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ConnectionDriver.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ConnectionDriver.java Tue Aug 28 16:01:28 2007
@@ -53,7 +53,7 @@
* @return the connected {@link ApplicationPolicy}
* @throws GuardianException if failed to connect
*/
- ApplicationPolicy newStore( String url, Properties info ) throws GuardianException;
+ ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException;
RealmPolicy newRealmPolicy( String url, Properties info );
}
Added: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java?rev=570591&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java Tue Aug 28 16:01:28 2007
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.guardian;
+
+import java.security.Permission;
+import java.security.Permissions;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.Attribute;
+import javax.naming.NamingException;
+import javax.naming.NamingEnumeration;
+
+/**
+ * @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
+ */
+public class EntryRealmPolicy implements RealmPolicy {
+
+ private final Map<String, ApplicationPolicy> applicationPolicies;
+
+ public EntryRealmPolicy( Map<String, ApplicationPolicy> applicationPolicies )
+ {
+ this.applicationPolicies = applicationPolicies;
+ }
+
+ public Profile getProfile( String profileId, String applicationRdn ) throws GuardianException
+ {
+ ApplicationPolicy applicationPolicy = applicationPolicies.get(applicationRdn);
+ if ( applicationPolicy != null) {
+ return applicationPolicy.getProfile( profileId );
+ }
+ return null;
+ }
+
+ public void close()
+ {
+ for ( ApplicationPolicy applicationPolicy: applicationPolicies.values() )
+ {
+ applicationPolicy.close();
+ }
+ applicationPolicies.clear();
+ }
+
+}
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java Tue Aug 28 16:01:28 2007
@@ -80,12 +80,12 @@
{
continue;
}
-
+
if( !applicationName.equals( r.getApplicationRelativeDistinguishedName() ) )
{
throw new IllegalArgumentException( "Invalid applicationRdn: " + r.getApplicationRelativeDistinguishedName() );
}
-
+
this.roles.put( r.getName(), r );
}
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java Tue Aug 28 16:01:28 2007
@@ -136,7 +136,7 @@
return url.startsWith( prefix );
}
- public ApplicationPolicy newStore(String url, Properties info) throws GuardianException {
+ public ApplicationPolicy newApplicationPolicy(String url, Properties info) throws GuardianException {
return new ApplicationPolicy()
{
public String getApplicationRelativeDistinguishedName() {
@@ -235,12 +235,12 @@
counter = 0;
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
counter++;
if( counter == 3 )
{
- return super.newStore( url, info );
+ return super.newApplicationPolicy( url, info );
}
throw new StoreConnectionException();
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockConnectionDriver.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockConnectionDriver.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockConnectionDriver.java Tue Aug 28 16:01:28 2007
@@ -52,7 +52,7 @@
return false;
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
return new MockApplicationPolicy();
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java Tue Aug 28 16:01:28 2007
@@ -45,7 +45,9 @@
{
static
{
- ApplicationPolicyFactory.registerDriver( new LdapConnectionDriver() );
+ LdapConnectionDriver connectionDriver = new LdapConnectionDriver();
+ ApplicationPolicyFactory.registerDriver( connectionDriver );
+ RealmPolicyFactory.registerDriver( connectionDriver );
}
public LdapConnectionDriver()
@@ -54,15 +56,38 @@
public boolean accept( String url )
{
- if ( url.startsWith( "ldap://" ) )
- {
- return true;
- }
+ return url.startsWith( "ldap://" );
+
+ }
+
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
+ {
+ InitialDirContext ictx = getContext( info, url );
+
+ String applicationRdn = getApplicationRdn( info );
+
+ return new LdapApplicationPolicy( ictx, applicationRdn );
+ }
+
+ public RealmPolicy newRealmPolicy( String url, Properties info )
+ {
+ InitialDirContext ictx = getContext( info, url );
+
+ String applicationRdn = getApplicationRdn( info );
- return false;
+ return new LdapRealmPolicy( ictx, applicationRdn );
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ private String getApplicationRdn( Properties info )
+ {
+ String applicationRdn = info.getProperty("applicationRDN");
+ if (applicationRdn == null) {
+ throw new IllegalArgumentException( "The ApplicationRDN property must be provided" );
+ }
+ return applicationRdn;
+ }
+
+ private InitialDirContext getContext( Properties info, String url )
{
if ( info == null )
{
@@ -86,11 +111,6 @@
throw new IllegalArgumentException( "The applicationCredentials property must be provided" );
}
- String applicationRdn = info.getProperty("applicationRDN");
- if (applicationRdn == null) {
- throw new IllegalArgumentException( "The ApplicationRDN property must be provided" );
- }
-
Hashtable env = new Hashtable();
env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, url );
@@ -108,12 +128,7 @@
env.remove( Context.SECURITY_CREDENTIALS ); // remove credentials before printing to log
throw new StoreConnectionException( "Failed to obtain initial context for " + env, e );
}
-
- return new LdapApplicationPolicy( ictx, applicationRdn );
+ return ictx;
}
- public RealmPolicy newRealmPolicy( String url, Properties info )
- {
- return null;
- }
}
Added: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java?rev=570591&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java Tue Aug 28 16:01:28 2007
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.guardian.ldap;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.apache.directory.triplesec.guardian.ApplicationPolicy;
+import org.apache.directory.triplesec.guardian.EntryRealmPolicy;
+import org.apache.directory.triplesec.guardian.GuardianException;
+
+/**
+ * An LDAP backed implementation of a realm policy store.
+ *
+ * @version $Rev$
+ */
+class LdapRealmPolicy extends EntryRealmPolicy
+{
+
+ /**
+ * the realm JNDI Context at the base under which ou=applications can be found
+ */
+ private static final String[] ATTRS = {"appName"};
+ private static final SearchControls APPS_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, ATTRS, false, false );
+ private static final String APPS_QUERY = "(& (appName=*) (objectClass=policyApplication) )";
+
+
+ /**
+ * Creates an instance of the LDAP ApplicationPolicyStore.
+ *
+ * @param ctx the realm base context under which ou=applications and ou=users can be found
+ * @param applicationRdn relative distinguished name for this app context inside ctx
+ * @throws org.apache.directory.triplesec.guardian.GuardianException
+ * if failures are encountered while loading objects from the backing store
+ */
+ public LdapRealmPolicy( DirContext ctx, String applicationRdn ) throws GuardianException
+ {
+ super( buildApplicationPolicies( ctx, applicationRdn ) );
+ }
+
+ private static Map<String, ApplicationPolicy> buildApplicationPolicies( DirContext ctx, String applicationRdn )
+ {
+ Map<String, ApplicationPolicy> applicationPolicies = new HashMap<String, ApplicationPolicy>();
+ try
+ {
+ for ( NamingEnumeration<SearchResult> ne = ctx.search( applicationRdn, APPS_QUERY, APPS_CONTROLS ); ne.hasMoreElements(); )
+ {
+ SearchResult result = ne.nextElement();
+ String dn = result.getName();
+ Attribute attr = result.getAttributes().get("appName");
+ String contextId = ( String ) attr.get();
+ String pcRdn = dn + "," + applicationRdn;
+ ApplicationPolicy applicationPolicy = new LdapApplicationPolicy( ctx, pcRdn );
+ applicationPolicies.put( contextId, applicationPolicy );
+ }
+ } catch ( NamingException e )
+ {
+ throw new GuardianException( e );
+ }
+ return applicationPolicies;
+ }
+
+}
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriverTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriverTest.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriverTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriverTest.java Tue Aug 28 16:01:28 2007
@@ -39,7 +39,7 @@
try
{
- driver.newStore( "", null );
+ driver.newApplicationPolicy( "", null );
fail( "should not get here due to exception" );
}
catch( IllegalArgumentException e )
@@ -56,7 +56,7 @@
props.setProperty( "applicationCredentials", "secret" );
try
{
- driver.newStore( null, props );
+ driver.newApplicationPolicy( null, props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
@@ -74,7 +74,7 @@
{
Properties props = new Properties();
props.setProperty( "applicationCredentials", "secret" );
- driver.newStore( "", props );
+ driver.newApplicationPolicy( "", props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
@@ -91,7 +91,7 @@
props.setProperty( "applicationPrincipalDN", "appName=something" );
try
{
- driver.newStore( "", props );
+ driver.newApplicationPolicy( "", props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifConnectionDriver.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifConnectionDriver.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifConnectionDriver.java Tue Aug 28 16:01:28 2007
@@ -66,7 +66,7 @@
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
if ( info == null )
{
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdapConnectionDriverTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdapConnectionDriverTest.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdapConnectionDriverTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdapConnectionDriverTest.java Tue Aug 28 16:01:28 2007
@@ -38,7 +38,7 @@
LdifConnectionDriver driver = new LdifConnectionDriver();
try
{
- driver.newStore( "", null );
+ driver.newApplicationPolicy( "", null );
fail( "should not get here due to exception" );
}
catch( IllegalArgumentException e )
@@ -54,7 +54,7 @@
props.setProperty( "applicationPrincipalDN", "appName=something" );
try
{
- driver.newStore( null, props );
+ driver.newApplicationPolicy( null, props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
@@ -69,7 +69,7 @@
try
{
Properties props = new Properties();
- driver.newStore( "", props );
+ driver.newApplicationPolicy( "", props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
Modified: directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java Tue Aug 28 16:01:28 2007
@@ -33,9 +33,9 @@
{
private final String profileId;
- private final ApplicationPolicy realmPolicy;
+ private final RealmPolicy realmPolicy;
- public TriplesecRealmPrincipal( String profileId, ApplicationPolicy realmPolicy )
+ public TriplesecRealmPrincipal( String profileId, RealmPolicy realmPolicy )
{
this.profileId = profileId;
this.realmPolicy = realmPolicy;
@@ -53,8 +53,8 @@
*/
public Profile getProfile(String applicationName)
{
-// return realmPolicy.getProfile(profileId, applicationName);
- return realmPolicy.getProfile(profileId);
+ return realmPolicy.getProfile(profileId, applicationName);
+// return realmPolicy.getProfile(profileId);
}
Modified: directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java Tue Aug 28 16:01:28 2007
@@ -28,7 +28,7 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.CallbackHandler;
-import org.apache.directory.triplesec.guardian.ApplicationPolicy;
+import org.apache.directory.triplesec.guardian.RealmPolicy;
/**
* @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
@@ -37,11 +37,11 @@
{
public static final String PROFILE_KEY = LdapBindLoginModule.PREFIX + "profileID";
- public static final String POLICY_KEY = LdapBindLoginModule.PREFIX + "applicationPolicy";
+ public static final String POLICY_KEY = LdapBindLoginModule.PREFIX + "realmPolicy";
private Subject subject;
private String profileId;
- private ApplicationPolicy applicationPolicy;
+ private RealmPolicy realmPolicy;
private Principal principal;
public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
@@ -52,10 +52,10 @@
{
throw new IllegalArgumentException( "No profileID supplied in sharedState" );
}
- applicationPolicy = ( ApplicationPolicy ) options.get( POLICY_KEY );
- if ( applicationPolicy == null )
+ realmPolicy = ( RealmPolicy ) options.get( POLICY_KEY );
+ if ( realmPolicy == null )
{
- throw new IllegalArgumentException( "No application policy in options" );
+ throw new IllegalArgumentException( "No realm policy in options" );
}
}
@@ -66,7 +66,7 @@
public boolean commit() throws LoginException
{
- principal = new TriplesecRealmPrincipal( profileId, applicationPolicy );
+ principal = new TriplesecRealmPrincipal( profileId, realmPolicy );
subject.getPrincipals().add( principal );
return true;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java?rev=570591&r1=570590&r2=570591&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java Tue Aug 28 16:01:28 2007
@@ -36,58 +36,62 @@
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.Subject;
-import javax.security.auth.spi.LoginModule;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
-import org.apache.directory.triplesec.guardian.ApplicationPolicy;
-import org.apache.directory.triplesec.guardian.ApplicationPolicyFactory;
+import org.apache.directory.triplesec.guardian.RealmPolicy;
+import org.apache.directory.triplesec.guardian.RealmPolicyFactory;
import org.apache.directory.triplesec.guardian.StoreConnectionException;
import org.apache.directory.triplesec.guardian.StringPermission;
import org.apache.directory.triplesec.integration.TriplesecIntegration;
import org.apache.directory.triplesec.jaas.LdapBindLoginModule;
-import org.apache.directory.triplesec.jaas.SafehausLoginModule;
import org.apache.directory.triplesec.jaas.TriplesecRealmPrincipalLoginModule;
/**
* @version $Rev$ $Date$
*/
-public class TripleSecPolicyIntegrationTest extends TriplesecIntegration {
+public class TripleSecPolicyIntegrationTest extends TriplesecIntegration
+{
public final static String POLICY_CONFIG_FACTORY = "javax.security.jacc.PolicyConfigurationFactory.provider";
private static final String APP_NAME = "mockContext";
- private ApplicationPolicy applicationPolicy;
+ private RealmPolicy realmPolicy;
private static final String BASE_URL = "dc=example,dc=com";
private String providerUrl;
private static boolean POLICY_INSTALLED = false;
private PolicyConfigurationFactory policyConfigurationFactory;
private Properties props;
- public TripleSecPolicyIntegrationTest() throws Exception {
+ public TripleSecPolicyIntegrationTest() throws Exception
+ {
super();
}
- public TripleSecPolicyIntegrationTest(String string) throws Exception {
- super(string);
+ public TripleSecPolicyIntegrationTest( String string ) throws Exception
+ {
+ super( string );
}
- protected void setUp() throws Exception {
+ protected void setUp() throws Exception
+ {
super.setUp();
providerUrl = "ldap://localhost:" + super.getLdapPort() + "/" + BASE_URL;
props = new Properties();
- props.setProperty("applicationRDN", "appName=" + APP_NAME + ",appName=mockApplication,ou=applications");
+// props.setProperty("applicationRDN", "appName=" + APP_NAME + ",appName=mockApplication,ou=applications");
+ props.setProperty( "applicationRDN", "appName=mockApplication,ou=applications" );
// props.setProperty("applicationPrincipalDN", "appName=" + APP_NAME + ",appName=mockApplication,ou=applications," + BASE_URL);
// props.setProperty("applicationCredentials", "testing");
- props.setProperty("applicationPrincipalDN", "uid=admin,ou=system");
- props.setProperty("applicationCredentials", "secret");
+ props.setProperty( "applicationPrincipalDN", "uid=admin,ou=system" );
+ props.setProperty( "applicationCredentials", "secret" );
//TODO we need something
// props.setProperty( DaoFactory.IMPLEMENTATION_CLASS, LdapDaoFactory.class.getName() );
props.setProperty( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
@@ -98,75 +102,83 @@
props.setProperty( TripleSecPolicyConfigurationFactory.LDAP_ROOT_DN_KEY, "" );
- Class.forName("org.apache.directory.triplesec.guardian.ldap.LdapConnectionDriver");
+ Class.forName( "org.apache.directory.triplesec.guardian.ldap.LdapConnectionDriver" );
- if (!POLICY_INSTALLED) {
+ if ( !POLICY_INSTALLED )
+ {
Policy policy = new TripleSecPolicy();
policy.refresh();
- Policy.setPolicy(policy);
+ Policy.setPolicy( policy );
POLICY_INSTALLED = true;
}
- System.setProperty(POLICY_CONFIG_FACTORY, TripleSecPolicyConfigurationFactory.class.getName());
+ System.setProperty( POLICY_CONFIG_FACTORY, TripleSecPolicyConfigurationFactory.class.getName() );
Thread currentThread = Thread.currentThread();
ClassLoader oldClassLoader = currentThread.getContextClassLoader();
- currentThread.setContextClassLoader(this.getClass().getClassLoader());
- try {
+ currentThread.setContextClassLoader( this.getClass().getClassLoader() );
+ try
+ {
policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
- } finally {
- currentThread.setContextClassLoader(oldClassLoader);
+ } finally
+ {
+ currentThread.setContextClassLoader( oldClassLoader );
}
- ((TripleSecPolicyConfigurationFactory)policyConfigurationFactory).setLdapProperties(props);
+ ( ( TripleSecPolicyConfigurationFactory ) policyConfigurationFactory ).setLdapProperties( props );
}
- protected void tearDown() throws Exception {
+ protected void tearDown() throws Exception
+ {
super.tearDown();
- if ( applicationPolicy != null) {
- applicationPolicy.close();
+ if ( realmPolicy != null )
+ {
+ realmPolicy.close();
}
- applicationPolicy = null;
+ realmPolicy = null;
}
/**
* N.B. this test tends to fail run in IDE's due to a ProtectionDomain on the stack
* that does not have any Principals.
- *
+ * <p/>
* N.B. this test succeeds when it is the only test. Disabling since the other test is more interesting.
*
* @throws Exception
*/
- public void xtestLogin() throws Exception {
- PolicyContext.setContextID(APP_NAME);
- PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(APP_NAME, false);
+ public void xtestLogin() throws Exception
+ {
+ PolicyContext.setContextID( APP_NAME );
+ PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration( APP_NAME, false );
policyConfiguration.commit();
- StringPermission perm = new StringPermission("mockPerm0");
- applicationPolicy = ApplicationPolicyFactory.newInstance(providerUrl, props);
+ StringPermission perm = new StringPermission( "mockPerm0" );
+ realmPolicy = RealmPolicyFactory.newInstance( providerUrl, props );
- checkPermission(perm);
+ checkPermission( perm );
}
- public void testAddPermission() throws Exception {
- StringPermission perm = new StringPermission("mockPerm100");
- PolicyContext.setContextID(APP_NAME);
- PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(APP_NAME, false);
- policyConfiguration.addToRole("mockRole1", perm);
+ public void testAddPermission() throws Exception
+ {
+ StringPermission perm = new StringPermission( "mockPerm100" );
+ PolicyContext.setContextID( APP_NAME );
+ PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration( APP_NAME, false );
+ policyConfiguration.addToRole( "mockRole1", perm );
policyConfiguration.commit();
- applicationPolicy = ApplicationPolicyFactory.newInstance(providerUrl, props);
+ realmPolicy = RealmPolicyFactory.newInstance( providerUrl, props );
- InitialDirContext ctx = getContext(providerUrl, props);
+ InitialDirContext ctx = getContext( providerUrl, props );
String contextDn = "roleName=mockRole1,ou=roles,appName=mockContext,appName=mockApplication,ou=applications";
Attributes attrs = ctx.getAttributes( contextDn );
assertEquals( "mockPerm0", ( String ) attrs.get( "grants" ).get() );
- checkPermission(perm);
+ checkPermission( perm );
}
- private InitialDirContext getContext(String url, Properties info) {
+ private InitialDirContext getContext( String url, Properties info )
+ {
if ( url == null )
{
throw new IllegalArgumentException( "A non-null url must be provided." );
@@ -205,70 +217,89 @@
}
- private void checkPermission(StringPermission perm) throws LoginException {
+ private void checkPermission( StringPermission perm ) throws LoginException
+ {
Map<String, Object> options = new HashMap<String, Object>();
- options.put(Context.PROVIDER_URL, providerUrl);
- options.put(Context.SECURITY_AUTHENTICATION, "simple");
- options.put( LdapBindLoginModule.REALM_KEY, "example.com");
- options.put( TriplesecRealmPrincipalLoginModule.POLICY_KEY, applicationPolicy );
+ options.put( Context.PROVIDER_URL, providerUrl );
+ options.put( Context.SECURITY_AUTHENTICATION, "simple" );
+ options.put( LdapBindLoginModule.REALM_KEY, "example.com" );
+ options.put( TriplesecRealmPrincipalLoginModule.POLICY_KEY, realmPolicy );
LoginModule module = new TriplesecRealmPrincipalLoginModule();
Subject subject = new Subject();
// CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
CallbackHandler callbackHandler = null;
Map<String, Object> sharedState = new HashMap<String, Object>();
- sharedState.put(TriplesecRealmPrincipalLoginModule.PROFILE_KEY, "mockProfile1");
- module.initialize(subject, callbackHandler, sharedState, options);
+ sharedState.put( TriplesecRealmPrincipalLoginModule.PROFILE_KEY, "mockProfile1" );
+ module.initialize( subject, callbackHandler, sharedState, options );
module.login();
module.commit();
- final AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
- public Object run() {
+ PolicyContext.setContextID( APP_NAME );
+
+ final AccessControlContext acc = ( AccessControlContext ) Subject.doAsPrivileged( subject, new PrivilegedAction()
+ {
+ public Object run()
+ {
return AccessController.getContext();
}
- }, null);
- acc.checkPermission(perm);
+ }, null );
+ acc.checkPermission( perm );
- assertTrue((Boolean)Subject.doAsPrivileged(subject, new PrivilegedAction() {
+ assertTrue( ( Boolean ) Subject.doAsPrivileged( subject, new PrivilegedAction()
+ {
- public Object run() {
- try {
- acc.checkPermission(new StringPermission("mockPerm0"));
+ public Object run()
+ {
+ try
+ {
+ acc.checkPermission( new StringPermission( "mockPerm0" ) );
return true;
- } catch (AccessControlException e) {
+ } catch ( AccessControlException e )
+ {
return false;
}
}
- }, null));
- assertTrue((Boolean)Subject.doAs(subject, new PrivilegedAction() {
+ }, null ) );
+ assertTrue( ( Boolean ) Subject.doAs( subject, new PrivilegedAction()
+ {
- public Object run() {
- try {
- acc.checkPermission(new StringPermission("mockPerm0"));
+ public Object run()
+ {
+ try
+ {
+ acc.checkPermission( new StringPermission( "mockPerm0" ) );
return true;
- } catch (AccessControlException e) {
+ } catch ( AccessControlException e )
+ {
return false;
}
}
- }));
+ } ) );
}
- private static class TestCallbackHandler implements CallbackHandler {
+ private static class TestCallbackHandler implements CallbackHandler
+ {
private final String name;
private final String profileId;
private final char[] password;
- public TestCallbackHandler(String name, String profileId, char[] password) {
+ public TestCallbackHandler( String name, String profileId, char[] password )
+ {
this.name = name;
this.profileId = profileId;
this.password = password;
}
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (Callback callback : callbacks) {
- if (callback instanceof NameCallback) {
- ((NameCallback) callback).setName(name);
- } else if (callback instanceof PasswordCallback) {
- ((PasswordCallback) callback).setPassword(password);
+ public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException
+ {
+ for ( Callback callback : callbacks )
+ {
+ if ( callback instanceof NameCallback )
+ {
+ ( ( NameCallback ) callback ).setName( name );
+ } else if ( callback instanceof PasswordCallback )
+ {
+ ( ( PasswordCallback ) callback ).setPassword( password );
// } else if (callback instanceof ProfileIdCallback) {
// ((ProfileIdCallback) callback).setProfileId(profileId);
}