You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/10/18 21:02:13 UTC
svn commit: r586084 [1/4] - in /directory/sandbox/djencks/triplesec-jacc2:
./ admin-api2/src/main/java/org/apache/directory/triplesec/admin/
admin-api2/src/test/java/org/apache/directory/triplesec/admin/
changelog/src/main/java/org/apache/directory/tri...
Author: djencks
Date: Thu Oct 18 12:02:07 2007
New Revision: 586084
URL: http://svn.apache.org/viewvc?rev=586084&view=rev
Log:
Make roles hierarchical, eliminate profiles (mostly), and make work against big-bang
Added:
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java (with props)
Removed:
directory/sandbox/djencks/triplesec-jacc2/configuration-io/src/main/java/org/apache/directory/triplesec/configuration/ServerXmlUtils.java
directory/sandbox/djencks/triplesec-jacc2/configuration-io/src/test/java/org/apache/directory/triplesec/configuration/ServerXmlUtilsTest.java
directory/sandbox/djencks/triplesec-jacc2/configuration/src/main/java/org/apache/directory/triplesec/configuration/MutableTriplesecStartupConfiguration.java
directory/sandbox/djencks/triplesec-jacc2/configuration/src/main/java/org/apache/directory/triplesec/configuration/TriplesecStartupConfiguration.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Profile.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ProfileTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RolesTest.java
directory/sandbox/djencks/triplesec-jacc2/main/src/main/java/org/apache/directory/triplesec/TriplsecContextFactory.java
Modified:
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/changelog/src/main/java/org/apache/directory/triplesec/changelog/beta/interceptor/ChangelogService.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeAdapter.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeListener.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
directory/sandbox/djencks/triplesec-jacc2/integration/pom.xml
directory/sandbox/djencks/triplesec-jacc2/integration/src/test/java/org/apache/directory/triplesec/integration/TriplesecIntegration.java
directory/sandbox/djencks/triplesec-jacc2/integration/src/test/java/org/apache/directory/triplesec/integration/TriplesecIntegrationITest.java
directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.xml
directory/sandbox/djencks/triplesec-jacc2/jaas/pom.xml
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/LdapBindLoginModule.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausPrincipal.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/main/src/main/java/org/apache/directory/triplesec/Service.java
directory/sandbox/djencks/triplesec-jacc2/pom.xml
directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/ApplicationAciManager.java
directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java
directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema
directory/sandbox/djencks/triplesec-jacc2/store/src/test/java/org/apache/directory/triplesec/store/ProfileFactoryITest.java
directory/sandbox/djencks/triplesec-jacc2/store/src/test/java/org/apache/directory/triplesec/store/ServerProfileStoreITest.java
directory/sandbox/djencks/triplesec-jacc2/store/src/test/java/org/apache/directory/triplesec/store/interceptor/ApplicationACIManagerITest.java
directory/sandbox/djencks/triplesec-jacc2/store/src/test/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java
directory/sandbox/djencks/triplesec-jacc2/verifier/src/test/java/org/apache/directory/triplesec/verifier/hotp/GenerateHotp.java
directory/sandbox/djencks/triplesec-jacc2/verifier/src/test/java/org/apache/directory/triplesec/verifier/hotp/HotpSamVerifierITest.java
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java Thu Oct 18 12:02:07 2007
@@ -47,9 +47,9 @@
private static final String ROLES_QUERY = "(& (roleName=*) (objectClass=policyRole) )";
private static final HiddenChild ROLES_SPACER = new HiddenChild( "ou=roles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
- private static final SearchControls PROFILES_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, Profile.attrs, false, false );
- private static final String PROFILES_QUERY = "(& (profileId=*) (objectClass=policyProfile) )";
- private static final HiddenChild PROFILES_SPACER = new HiddenChild( "ou=profiles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
+// private static final SearchControls PROFILES_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, Profile.attrs, false, false );
+// private static final String PROFILES_QUERY = "(& (profileId=*) (objectClass=policyProfile) )";
+// private static final HiddenChild PROFILES_SPACER = new HiddenChild( "ou=profiles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
private static final int APPNAME_INDEX = 0;
private static final int DESCRIPTION_INDEX = 1;
@@ -57,7 +57,7 @@
static final int PERMISSIONS_INDEX = 0;
static final int ROLES_INDEX = 1;
- static final int PROFILES_INDEX = 2;
+// static final int PROFILES_INDEX = 2;
private final StateManager stateManager;
@@ -70,11 +70,11 @@
stateManager.addMap( new ChildMap<Permission>( this, Permission.class, "ou=permissions", PERMISSIONS_CONTROLS, PERMISSIONS_QUERY ) );
stateManager.addMap( new ChildMap<Role>( this, Role.class, "ou=roles", ROLES_CONTROLS, ROLES_QUERY ) );
- stateManager.addMap( new ChildMap<Profile>( this, Profile.class, "ou=profiles", PROFILES_CONTROLS, PROFILES_QUERY ) );
+// stateManager.addMap( new ChildMap<Profile>( this, Profile.class, "ou=profiles", PROFILES_CONTROLS, PROFILES_QUERY ) );
stateManager.addHiddenChild( PERMISSIONS_SPACER );
stateManager.addHiddenChild( ROLES_SPACER );
- stateManager.addHiddenChild( PROFILES_SPACER );
+// stateManager.addHiddenChild( PROFILES_SPACER );
stateManager.setState( State.EMPTY );
}
@@ -181,31 +181,31 @@
return map.values();
}
- public Profile getProfile( String profileId )
- {
- ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
- return map.get( profileId );
- }
-
- public void addProfile( Profile profile )
- {
- ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
- String profileId = profile.getProfileId();
- map.put( profileId, profile );
- }
-
- public void removeProfile( Profile profile )
- {
- ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
- String profileId = profile.getProfileId();
- map.remove( profileId );
- }
-
- public Collection<Profile> getProfiles()
- {
- ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
- return map.values();
- }
+// public Profile getProfile( String profileId )
+// {
+// ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
+// return map.get( profileId );
+// }
+
+// public void addProfile( Profile profile )
+// {
+// ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
+// String profileId = profile.getProfileId();
+// map.put( profileId, profile );
+// }
+
+// public void removeProfile( Profile profile )
+// {
+// ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
+// String profileId = profile.getProfileId();
+// map.remove( profileId );
+// }
+
+// public Collection<Profile> getProfiles()
+// {
+// ChildMap<Profile> map = stateManager.getChildMap( PROFILES_INDEX );
+// return map.values();
+// }
// public String toString()
// {
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java Thu Oct 18 12:02:07 2007
@@ -194,8 +194,7 @@
//see if permissions were loaded
//TODO check correct number!
- assertEquals( 10, app1.getPermissions().size() );
-// assertEquals( 11, app1.getPermissions().size() );
+ assertEquals( 11, app1.getPermissions().size() );
assertNotNull( app1.getPermission( "mockPerm0" ) );
// create a new application
@@ -271,7 +270,7 @@
{
Application app = entityManager.find( Application.class, null, "appName=mockContext,appName=mockApplication,ou=applications" );
- assertEquals( 6, app.getRoles().size() );
+ assertEquals( 11, app.getRoles().size() );
// create a new role after changing modifier's description and grants
Role role = new Role( "testRole", "test role" );
role.addGrant( app.getPermission( "mockPerm0" ) );
@@ -351,6 +350,7 @@
assertNull( app.getRole( "renamedRole" ) );
}
+/*
public void testProfileDao() throws Exception
{
Application app = entityManager.find( Application.class, null, "appName=mockContext,appName=mockApplication,ou=applications" );
@@ -461,6 +461,7 @@
assertNull( app.getProfile( "renamedProfile" ) );
}
+*/
private String getKerberosKeyAsString( String id, String realm, String password ) throws Exception
Modified: directory/sandbox/djencks/triplesec-jacc2/changelog/src/main/java/org/apache/directory/triplesec/changelog/beta/interceptor/ChangelogService.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/changelog/src/main/java/org/apache/directory/triplesec/changelog/beta/interceptor/ChangelogService.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/changelog/src/main/java/org/apache/directory/triplesec/changelog/beta/interceptor/ChangelogService.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/changelog/src/main/java/org/apache/directory/triplesec/changelog/beta/interceptor/ChangelogService.java Thu Oct 18 12:02:07 2007
@@ -30,19 +30,19 @@
import java.util.Properties;
import javax.naming.NamingException;
+import javax.naming.directory.ModificationItem;
-import org.apache.directory.server.core.DirectoryServiceConfiguration;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveOperationContext;
-import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.jndi.ServerContext;
+import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.shared.ldap.util.DateUtils;
import org.apache.directory.triplesec.changelog.beta.model.AddChangeEvent;
@@ -104,7 +104,7 @@
// Overridden init() and destroy() methods
// -----------------------------------------------------------------------
- public void init(DirectoryServiceConfiguration dsConfig) throws NamingException
+ public void init( DirectoryService dsConfig) throws NamingException
{
super.init( dsConfig);
@@ -305,7 +305,7 @@
return;
}
- ModifyChangeEvent changeEvent = new ModifyChangeEvent( 0, opContext.getDn().toString(), getPrincipalName(), new Date(), ((ModifyOperationContext)opContext).getModItems());
+ ModifyChangeEvent changeEvent = new ModifyChangeEvent( 0, opContext.getDn().toString(), getPrincipalName(), new Date(), ((ModifyOperationContext)opContext).getModItems().toArray(new ModificationItem[] {}));
// Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
synchronized ( queue )
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java Thu Oct 18 12:02:07 2007
@@ -64,7 +64,7 @@
*
* @return a set of {@link Role}s defined for this store.
*/
- Roles getRoles();
+ Map<String, Role> getRolesByName();
/**
* Gets a set of {@link StringPermission}s defined for this store.
@@ -74,6 +74,13 @@
Map<String, Permission> getPermissions();
/**
+ * Get (the default?) session for the named user
+ * @param userName name of the user for the session
+ * @return (default?) set of roles (session) for the user
+ */
+ Session getSession(String userName);
+
+ /**
* Gets the names of the profiles dependent on a role. The set contains
* Strings of the profile name.
*
@@ -82,7 +89,7 @@
* @throws GuardianException if there is an error accessing the backing
* store or the role is not associated with this ApplicationPolicy
*/
- Set getDependentProfileNames( Role role ) throws GuardianException;
+// Set getDependentProfileNames( Role role ) throws GuardianException;
/**
* Gets the names of the profiles dependent on a permission. The set
@@ -93,7 +100,7 @@
* @throws GuardianException if there is an error accessing the backing
* store or the permission is not associated with this ApplicationPolicy
*/
- Set getDependentProfileNames( String permissionID ) throws GuardianException;
+// Set getDependentProfileNames( String permissionID ) throws GuardianException;
/**
* Gets the set of profiles a user has for this ApplicationPolicy.
@@ -103,7 +110,7 @@
* invalid or does not have profiles defined
* @throws GuardianException if there are errors accessing the backing store
*/
- Set getUserProfileIds( String userName ) throws GuardianException;
+// Set getUserProfileIds( String userName ) throws GuardianException;
/**
* Gets an iterator over the set of profiles in this ApplicationPolicy.
@@ -111,16 +118,16 @@
* @return an iterator over profileId Strings
* @throws GuardianException if there are errors accessing the backing store
*/
- Iterator getProfileIdIterator() throws GuardianException;
+// Iterator getProfileIdIterator() throws GuardianException;
/**
- * Gets this user's authorization {@link Profile} for the application.
+ * Gets this user's authorization {@link Session} for the application.
*
- * @param profileId the name of the user to get the {@link Profile} for
- * @return the {@link Profile} for the application or null if no profile exists for
+ * @param profileId the name of the user to get the {@link Session} for
+ * @return the {@link Session} for the application or null if no profile exists for
* the specified <tt>profileId</tt>
*/
- Profile getProfile( String profileId ) throws GuardianException;
+// Profile getProfile( String profileId ) throws GuardianException;
/**
* Gets a profile for the admin user which is in all roles and has all permissions
@@ -128,7 +135,7 @@
*
* @return the admin user profile with all rights
*/
- Profile getAdminProfile();
+// Profile getAdminProfile();
/**
* Gets a breif description of this ApplicationPolicy.
@@ -143,4 +150,5 @@
* @throws GuardianException if the store cannot be properly closed.
*/
void close() throws GuardianException;
+
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java Thu Oct 18 12:02:07 2007
@@ -20,91 +20,119 @@
package org.apache.directory.triplesec.guardian;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.security.Permissions;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import java.util.HashSet;
-import java.util.HashMap;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.Attribute;
-import javax.naming.NamingException;
import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
/**
* @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
*/
-public abstract class EntryApplicationPolicy implements ApplicationPolicy {
- /** the name of the application this store is associated with */
+public abstract class EntryApplicationPolicy implements ApplicationPolicy
+{
+ /**
+ * the name of the application this store is associated with
+ */
protected String applicationRdn;
- /** a breif description of this application */
+ /**
+ * a breif description of this application
+ */
protected String description;
- /** the {@link java.security.Permission}s defined for this store's application */
+ /**
+ * the {@link java.security.Permission}s defined for this store's application
+ */
protected final Map<String, Permission> permissions = new HashMap<String, Permission>();
- /** the {@link org.apache.directory.triplesec.guardian.Role}s defined for this store's application */
- protected Roles roles;
- protected Permissions getAllPermissions() {
+ protected final Map<String, Role> rolesByName = new HashMap<String, Role>();
+
+ protected Permissions getAllPermissions()
+ {
Permissions permissions = new Permissions();
- for (Permission permission: this.permissions.values()) {
- permissions.add(permission);
+ for ( Permission permission : this.permissions.values() )
+ {
+ permissions.add( permission );
}
return permissions;
}
- protected PermissionEntry loadPermission(Attributes attrs) throws NamingException
+ protected PermissionEntry loadPermission( Attributes attrs ) throws NamingException
{
Permission perm = null;
- String permId = getStringAttribute(attrs, "permName");
- String javaClassName = getStringAttribute(attrs, "permJavaClass");
- if (javaClassName == null) {
+ String permId = getStringAttribute( attrs, "permName" );
+ String javaClassName = getStringAttribute( attrs, "permJavaClass" );
+ if ( javaClassName == null )
+ {
perm = new StringPermission( permId );
- } else {
- String name = getStringAttribute(attrs, "permJavaName");
- String actions = getStringAttribute(attrs, "permJavaActions");
+ } else
+ {
+ String name = getStringAttribute( attrs, "permJavaName" );
+ String actions = getStringAttribute( attrs, "permJavaActions" );
ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class permissionClass;
- try {
- permissionClass = Class.forName(javaClassName, true, loader);
- } catch (ClassNotFoundException e) {
- throw new NamingException("Could not load permission class " + javaClassName + " in classloader " + loader);
+ try
+ {
+ permissionClass = Class.forName( javaClassName, true, loader );
+ } catch ( ClassNotFoundException e )
+ {
+ throw new NamingException( "Could not load permission class " + javaClassName + " in classloader " + loader );
}
- try {
- Constructor<Permission> twoargs = permissionClass.getConstructor(String.class, String.class);
- perm = twoargs.newInstance(name, actions);
- } catch (NoSuchMethodException e) {
+ try
+ {
+ Constructor<Permission> twoargs = permissionClass.getConstructor( String.class, String.class );
+ perm = twoargs.newInstance( name, actions );
+ } catch ( NoSuchMethodException e )
+ {
//ignore
- } catch (IllegalAccessException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e);
- } catch (InvocationTargetException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e.getTargetException());
- } catch (InstantiationException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e);
+ } catch ( IllegalAccessException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e );
+ } catch ( InvocationTargetException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e.getTargetException() );
+ } catch ( InstantiationException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e );
}
- if (perm == null) {
- try {
- Constructor<Permission> onearg = permissionClass.getConstructor(String.class);
- perm = onearg.newInstance(name);
- } catch (NoSuchMethodException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e);
- } catch (IllegalAccessException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e);
- } catch (InvocationTargetException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e.getTargetException());
- } catch (InstantiationException e) {
- throw (NamingException) new NamingException("Could not create permission").initCause(e);
+ if ( perm == null )
+ {
+ try
+ {
+ Constructor<Permission> onearg = permissionClass.getConstructor( String.class );
+ perm = onearg.newInstance( name );
+ } catch ( NoSuchMethodException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e );
+ } catch ( IllegalAccessException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e );
+ } catch ( InvocationTargetException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e.getTargetException() );
+ } catch ( InstantiationException e )
+ {
+ throw ( NamingException ) new NamingException( "Could not create permission" ).initCause( e );
}
}
}
- return new PermissionEntry(permId, perm);
+ return new PermissionEntry( permId, perm );
}
- private String getStringAttribute(Attributes attrs, String attrID) throws NamingException {
- Attribute attr = attrs.get(attrID);
- if (attr == null) {
+ protected String getStringAttribute( Attributes attrs, String attrID ) throws NamingException
+ {
+ Attribute attr = attrs.get( attrID );
+ if ( attr == null )
+ {
return null;
}
return ( String ) attr.get();
@@ -120,19 +148,35 @@
return this.description;
}
- public Roles getRoles()
+ public Map<String, Role> getRolesByName()
{
- return this.roles;
+ return rolesByName;
}
- public Map<String,Permission> getPermissions()
+ public Map<String, Permission> getPermissions()
{
return permissions;
}
- protected Role getRole( Attributes attrs ) throws NamingException
+ protected Role addRole( String roleName, Map<String, Attributes> roleAttributes ) throws NamingException
{
- String roleName = getStringAttribute(attrs, "roleName");
+ Role role = rolesByName.get( roleName );
+ if ( role != null )
+ {
+ return role;
+ }
+ if ( rolesByName.containsKey( roleName ) )
+ {
+ throw new GuardianException( "Circular reference to role " + roleName );
+ }
+ Attributes attrs = roleAttributes.get( roleName );
+ if ( attrs == null )
+ {
+ throw new GuardianException( "no role named " + roleName + " found" );
+ }
+ //mark that we have started looking at this role name
+ rolesByName.put( roleName, null );
+
Permissions grants = new Permissions();
Attribute attributes = attrs.get( "grants" );
@@ -143,8 +187,6 @@
{
String permName = ( String ) grantsEnumeration.next();
grants.add( permissions.get( permName ) );
-// log.debug( "granting permission '" + permName + "' to role '" + roleName
-// + " in application '" + applicationRdn + "'" );
}
}
@@ -153,39 +195,51 @@
if ( attributes != null )
{
- NamingEnumeration<?> grantsEnumeration = attributes.getAll();
- while ( grantsEnumeration.hasMore() )
+ NamingEnumeration<?> denialsEnumeration = attributes.getAll();
+ while ( denialsEnumeration.hasMore() )
{
- String permName = ( String ) grantsEnumeration.next();
+ String permName = ( String ) denialsEnumeration.next();
denials.add( permissions.get( permName ) );
-// log.debug( "granting permission '" + permName + "' to role '" + roleName
-// + " in application '" + applicationRdn + "'" );
}
}
- Attribute description = attrs.get( "description" );
- Role role;
- if ( description == null || description.size() == 0 )
- {
- role = new Role( this, roleName, grants, denials );
- }
- else
+ attributes = attrs.get( "grantedRoles" );
+ Collection<Role> grantedRoles = getRoles( attributes, roleAttributes );
+
+ attributes = attrs.get( "deniedRoles" );
+ Collection<Role> deniedRoles = getRoles( attributes, roleAttributes );
+
+ role = new Role( this, roleName, grants, denials, grantedRoles, deniedRoles, getStringAttribute( attrs, "description" ) );
+ rolesByName.put( roleName, role );
+ return role;
+ }
+
+ private Collection<Role> getRoles( Attribute attributes, Map<String, Attributes> roleAttributes )
+ throws NamingException
+ {
+ Collection<Role> roles = new ArrayList<Role>();
+ if ( attributes != null )
{
- role = new Role( this, roleName, grants, denials, ( String ) description.get() );
+ NamingEnumeration<?> rolesEnumeration = attributes.getAll();
+ while ( rolesEnumeration.hasMore() )
+ {
+ String roleName = ( String ) rolesEnumeration.next();
+
+ roles.add( addRole( roleName, roleAttributes ) );
+ }
}
- return role;
+ return roles;
}
private static boolean parseBoolean( String bool )
{
- return bool.equals("true");
+ return bool.equals( "true" );
}
- protected Profile getProfile( Attributes attrs ) throws NamingException
+ protected Set<Role> getSession( Attributes attrs ) throws NamingException
{
- Permissions grants = new Permissions();
- Permissions denials = new Permissions();
- Roles roles;
+ Set<Role> roles = new HashSet<Role>();
+/*
String profileId;
String userName;
boolean disabled = false;
@@ -194,8 +248,7 @@
if ( profileIdAttr == null )
{
return null;
- }
- else
+ } else
{
profileId = ( String ) profileIdAttr.get();
}
@@ -204,8 +257,7 @@
if ( userAttr == null )
{
return null;
- }
- else
+ } else
{
userName = ( String ) userAttr.get();
}
@@ -215,73 +267,68 @@
{
disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
}
+*/
// -------------------------------------------------------------------------------
// process and assemble the profile's granted permissions
// -------------------------------------------------------------------------------
- Attribute grantsAttribute = attrs.get( "grants" );
- if ( grantsAttribute != null )
+ Attribute defaultRolesAttribute = attrs.get( "defaultRoles" );
+ if ( defaultRolesAttribute != null )
{
- NamingEnumeration<?> grantsEnumeration = grantsAttribute.getAll();
+ NamingEnumeration<?> grantsEnumeration = defaultRolesAttribute.getAll();
while ( grantsEnumeration.hasMore() )
{
- String grantedPermName = ( String ) grantsEnumeration.next();
- grants.add( this.permissions.get( grantedPermName ) );
+ String roleName = ( String ) grantsEnumeration.next();
+ Role role = rolesByName.get( roleName );
+ if ( role != null )
+ {
+ roles.add( role );
+ }
+ else
+ {
+ throw new NamingException("No role named " + roleName + " found: known names: " + rolesByName.keySet());
+ }
}
}
- // -------------------------------------------------------------------------------
- // process and assemble the profile's granted permissions
- // -------------------------------------------------------------------------------
- Attribute denialsAttribute = attrs.get( "denials" );
- if ( denialsAttribute != null )
- {
- NamingEnumeration<?> denialsEnumeration = denialsAttribute.getAll();
- while ( denialsEnumeration.hasMore() )
- {
- String deniedPermName = ( String ) denialsEnumeration.next();
- denials.add( this.permissions.get( deniedPermName ) );
- }
- }
-
- // -------------------------------------------------------------------------------
- // process and assemble the profile's assigned roles
- // -------------------------------------------------------------------------------
- Attribute rolesAttribute = attrs.get( "roles" );
- if ( rolesAttribute != null )
- {
- Set<Role> rolesSet = new HashSet<Role>();
- NamingEnumeration<?> rolesEnumeration = rolesAttribute.getAll();
- while ( rolesEnumeration.hasMore() )
- {
- String assignedRoleName = ( String ) rolesEnumeration.next();
- rolesSet.add( this.roles.get( assignedRoleName ) );
- }
- Role[] rolesArray = new Role[rolesSet.size()];
- roles = new Roles( applicationRdn, rolesSet.toArray( rolesArray ) );
- }
- else
- {
- roles = new Roles( applicationRdn, new Role[0] );
- }
+ return roles;
+ }
- Attribute description = attrs.get( "description" );
- Profile profile;
+ /**
+ * Gets the value of a single name component of a distinguished name.
+ *
+ * @param rdn the name component to get the value from
+ * @return the value of the single name component
+ */
+ public static String getRdnValue( String rdn )
+ {
+ int index = rdn.indexOf( '=' );
+ return rdn.substring( index + 1, rdn.length() );
+ }
- if ( description == null || description.size() == 0 )
+ /**
+ * Quickly splits off the relative distinguished name component.
+ *
+ * @param name the distinguished name or a name fragment
+ * @return the rdn
+ */
+ protected static String getRdn( String name )
+ {
+ if ( null == name )
{
- profile = new Profile( this, profileId, userName, roles, grants, denials, disabled );
+ return null;
}
- else
+
+ int commaIndex;
+ if ( ( commaIndex = name.indexOf( ',' ) ) == -1 )
{
- profile = new Profile( this, profileId, userName, roles, grants,
- denials, ( String ) description.get(), disabled );
+ return name;
}
- return profile;
+ return name.substring( 0, commaIndex );
}
/*
@@ -300,20 +347,24 @@
}
*/
- protected static class PermissionEntry {
+ protected static class PermissionEntry
+ {
private final String permissionName;
private final Permission permission;
- public PermissionEntry(String permissionName, Permission permission) {
+ public PermissionEntry( String permissionName, Permission permission )
+ {
this.permissionName = permissionName;
this.permission = permission;
}
- public String getPermissionName() {
+ public String getPermissionName()
+ {
return permissionName;
}
- public Permission getPermission() {
+ public Permission getPermission()
+ {
return permission;
}
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java Thu Oct 18 12:02:07 2007
@@ -20,19 +20,7 @@
package org.apache.directory.triplesec.guardian;
-import java.security.Permission;
-import java.security.Permissions;
import java.util.Map;
-import java.util.HashMap;
-import java.util.Set;
-import java.util.HashSet;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
-
-import javax.naming.directory.Attributes;
-import javax.naming.directory.Attribute;
-import javax.naming.NamingException;
-import javax.naming.NamingEnumeration;
/**
* @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
@@ -46,11 +34,11 @@
this.applicationPolicies = applicationPolicies;
}
- public Profile getProfile( String profileId, String applicationRdn ) throws GuardianException
+ public Session getSession( String profileId, String applicationRdn ) throws GuardianException
{
ApplicationPolicy applicationPolicy = applicationPolicies.get(applicationRdn);
if ( applicationPolicy != null) {
- return applicationPolicy.getProfile( profileId );
+ return applicationPolicy.getSession( profileId );
}
return null;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeAdapter.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeAdapter.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeAdapter.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeAdapter.java Thu Oct 18 12:02:07 2007
@@ -50,7 +50,7 @@
}
- public void profileChanged( ApplicationPolicy policy, Profile profile, ChangeType changeType )
+ /* public void profileChanged( ApplicationPolicy policy, Profile profile, ChangeType changeType )
{
}
@@ -58,4 +58,4 @@
public void profileRenamed( ApplicationPolicy policy, Profile profile, String oldName )
{
}
-}
+*/}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeListener.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeListener.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeListener.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/PolicyChangeListener.java Thu Oct 18 12:02:07 2007
@@ -79,7 +79,7 @@
* @param profile the profile that changed
* @param changeType the type of change: add, delete or modify.
*/
- void profileChanged( ApplicationPolicy policy, Profile profile, ChangeType changeType );
+// void profileChanged( ApplicationPolicy policy, Profile profile, ChangeType changeType );
/**
* Notification method called when a policy is renamed.
@@ -88,5 +88,5 @@
* @param profile the profile that was renamed
* @param oldName the old name of the profile
*/
- void profileRenamed( ApplicationPolicy policy, Profile profile, String oldName );
+// void profileRenamed( ApplicationPolicy policy, Profile profile, String oldName );
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java Thu Oct 18 12:02:07 2007
@@ -20,14 +20,16 @@
package org.apache.directory.triplesec.guardian;
+import java.util.Set;
+
/**
* Supplies a profile (role?) for a given sub-application and profileId (roleId)
*
- * @version $Rev$ $Date$
+ * @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
*/
public interface RealmPolicy
{
- Profile getProfile( String profileId, String applicationRdn ) throws GuardianException;
+ Session getSession( String uid, String applicationRdn ) throws GuardianException;
void close();
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java Thu Oct 18 12:02:07 2007
@@ -21,8 +21,10 @@
import java.io.Serializable;
-import java.security.AccessControlException;
+import java.security.Permission;
import java.security.Permissions;
+import java.util.ArrayList;
+import java.util.Collection;
/**
@@ -34,72 +36,87 @@
* @author Trustin Lee
* @version $Rev: 74 $, $Date: 2005-11-11 02:03:22 -0500 (Fri, 11 Nov 2005) $
*/
-public class Role implements Comparable, Cloneable, Serializable
+public class Role implements Comparable, Cloneable, Serializable
{
private static final long serialVersionUID = 6190625586883412135L;
- /** the name of this Role */
+ /**
+ * the name of this Role
+ */
private final String name;
- /** the store the Role is defined for */
+ /**
+ * the store the Role is defined for
+ */
private final ApplicationPolicy store;
- /** the grantedPermissions granted for this role */
+ /**
+ * the grantedPermissions granted for this role
+ */
private final Permissions grantedPermissions;
private final Permissions deniedPermissions;
- /** a brief description of the Role */
+
+ private final Collection<Role> grantedRoles;
+ private final Collection<Role> deniedRoles;
+ /**
+ * a brief description of the Role
+ */
private final String description;
/**
* Creates a new Role instance with a description.
*
- * @param store the parent store this role is defined for
- * @param name the name of this role
+ * @param store the parent store this role is defined for
+ * @param name the name of this role
* @param grantedPermissions
* @param deniedPermissions
- * @param description a breif description of the role
- */
- public Role(ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions, String description)
+ * @param description a breif description of the role
+ * @param grantedRoles
+ * @param deniedRoles
+ */
+ public Role( ApplicationPolicy store,
+ String name,
+ Permissions grantedPermissions,
+ Permissions deniedPermissions,
+ Collection<Role> grantedRoles,
+ Collection<Role> deniedRoles,
+ String description )
{
- if( store == null )
+ if ( store == null )
{
throw new NullPointerException( "store" );
}
- if( name == null )
+ if ( name == null )
{
throw new NullPointerException( "name" );
}
- if( name.length() == 0 )
+ if ( name.length() == 0 )
{
throw new IllegalArgumentException( "name is empty." );
}
- if( grantedPermissions == null )
+ if ( grantedPermissions == null )
{
grantedPermissions = new Permissions();
}
- if( deniedPermissions == null )
+ if ( deniedPermissions == null )
{
deniedPermissions = new Permissions();
}
-// if( !store.getApplicationRdn().equals( grantedPermissions.getApplicationRdn() ) )
-// {
-// throw new IllegalArgumentException(
-// "Invalid applicationRdn in grantedPermissions: " +
-// grantedPermissions.getApplicationRdn() );
-// }
-
- //This is meaningless if grantedPermissions.implies is used rather than equality.
-// if( !store.getPermissions().containsAll( grantedPermissions ) )
-// {
-// throw new IllegalArgumentException(
-// "store doesn't provide all grantedPermissions specified: " +
-// grantedPermissions );
-// }
+ if ( grantedRoles == null )
+ {
+ grantedRoles = new ArrayList<Role>();
+ }
+ if ( deniedRoles == null )
+ {
+ deniedRoles = new ArrayList<Role>();
+ }
this.store = store;
this.name = name;
this.grantedPermissions = grantedPermissions;
this.deniedPermissions = deniedPermissions;
+ this.grantedRoles = grantedRoles;
+ this.deniedRoles = deniedRoles;
this.description = description;
}
@@ -107,14 +124,14 @@
/**
* Creates a new Role instance.
*
- * @param store the parent store this role is defined for
- * @param name the name of this role
+ * @param store the parent store this role is defined for
+ * @param name the name of this role
* @param grantedPermissions
* @param deniedPermissions
*/
- public Role(ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions)
+ public Role( ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions )
{
- this ( store, name, grantedPermissions, deniedPermissions, null );
+ this( store, name, grantedPermissions, deniedPermissions, null, null, null );
}
@@ -161,42 +178,49 @@
return grantedPermissions;
}
- public Permissions getDeniedPermissions() {
+ public Permissions getDeniedPermissions()
+ {
return deniedPermissions;
}
- /**
- * Assertive permission check to test if this role has the effective
- * permission.
- *
- * TODO this method is only used in a test and should be removed
- *
- * @param permission the permission to check for
- * @throws AccessControlException if the permission is not granted
- */
- public void checkPermission( StringPermission permission )
+
+ public Collection<Role> getGrantedRoles()
+ {
+ return grantedRoles;
+ }
+
+ public Collection<Role> getDeniedRoles()
{
- if ( permission == null )
+ return deniedRoles;
+ }
+
+ public boolean implies( Permission permission )
+ {
+ if ( deniedPermissions.implies( permission ) )
{
- throw new NullPointerException( "permission" );
+ return false;
}
-
- if ( !grantedPermissions.implies( permission ) )
+ if ( grantedPermissions.implies( permission ) )
{
- throw new AccessControlException("Role '" + name + "' " +
- "in application '" + getApplicationRelativeDistinguishedName() + '\'' +
- "does not posess the permission '" + permission.getName() + "'." );
+ return true;
}
- if (deniedPermissions.implies(permission)) {
- throw new AccessControlException("Role '" + name + "' " +
- "in application '" + getApplicationRelativeDistinguishedName() + '\'' +
- "is denied the permission '" + permission.getName() + "'." );
+ for ( Role denied : deniedRoles )
+ {
+ if ( denied.implies( permission ) )
+ {
+ return false;
+ }
+ }
+ for ( Role granted : grantedRoles )
+ {
+ if ( granted.implies( permission ) )
+ {
+ return true;
+ }
}
+ return false;
}
-
-
-
// ------------------------------------------------------------------------
// Object Overrides
// ------------------------------------------------------------------------
@@ -210,16 +234,16 @@
public boolean equals( Object that )
{
- if( this == that )
+ if ( this == that )
{
return true;
}
- if( that instanceof Role )
+ if ( that instanceof Role )
{
Role thatR = ( Role ) that;
return this.getApplicationRelativeDistinguishedName().equals( thatR.getApplicationRelativeDistinguishedName() ) &&
- this.getName().equals( thatR.getName() );
+ this.getName().equals( thatR.getName() );
}
return false;
@@ -230,11 +254,10 @@
{
Role thatR = ( Role ) that;
int ret = this.getApplicationRelativeDistinguishedName().compareTo( thatR.getApplicationRelativeDistinguishedName() );
- if( ret != 0 )
+ if ( ret != 0 )
{
return ret;
- }
- else
+ } else
{
return this.getName().compareTo( thatR.getName() );
}
@@ -242,12 +265,13 @@
@Override
- public Object clone() throws CloneNotSupportedException {
+ public Object clone() throws CloneNotSupportedException
+ {
try
{
return super.clone();
}
- catch( CloneNotSupportedException e )
+ catch ( CloneNotSupportedException e )
{
throw new InternalError();
}
Added: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java?rev=586084&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java Thu Oct 18 12:02:07 2007
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.guardian;
+
+import java.security.Permission;
+import java.util.Set;
+import java.util.HashSet;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Session
+{
+
+ private final Set<Role> roles;
+
+
+ public Session()
+ {
+ roles = new HashSet<Role>();
+ }
+
+ public Session( Set<Role> roles )
+ {
+ this.roles = roles;
+ }
+
+
+ public Set<Role> getRoles()
+ {
+ return roles;
+ }
+
+ public boolean implies( Permission p )
+ {
+ for ( Role role : roles )
+ {
+ if ( role.implies( p ) )
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+ if ( o == null || getClass() != o.getClass() )
+ {
+ return false;
+ }
+
+ Session session = ( Session ) o;
+
+ if ( roles != null ? !roles.equals( session.roles ) : session.roles != null )
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ return ( roles != null ? roles.hashCode() : 0 );
+ }
+}
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java Thu Oct 18 12:02:07 2007
@@ -19,13 +19,11 @@
*/
package org.apache.directory.triplesec.guardian;
+import java.security.Permission;
import java.util.Collections;
-import java.util.Iterator;
+import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import java.util.Map;
-import java.security.Permission;
-
import junit.framework.Assert;
import junit.framework.TestCase;
@@ -143,7 +141,8 @@
return "appName=Test,ou=applications";
}
- public Roles getRoles() {
+ public Map<String, Role> getRolesByName()
+ {
return null;
}
@@ -151,7 +150,7 @@
return null;
}
- public Profile getProfile(String userName) {
+ public Session getSession(String userName) {
return null;
}
@@ -186,16 +185,6 @@
public Set getUserProfileIds( String userName ) throws GuardianException
{
return Collections.EMPTY_SET;
- }
-
- public Iterator getProfileIdIterator() throws GuardianException
- {
- return null;
- }
-
- public Profile getAdminProfile()
- {
- return null;
}
};
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java Thu Oct 18 12:02:07 2007
@@ -21,13 +21,13 @@
import java.security.AccessControlException;
-import java.security.Permissions;
import java.security.Permission;
+import java.security.Permissions;
import java.util.Collections;
+import java.util.HashMap;
import java.util.Iterator;
-import java.util.Set;
import java.util.Map;
-import java.util.HashMap;
+import java.util.Set;
/**
@@ -44,22 +44,22 @@
protected Object newInstanceA1()
{
- return new Role( STORE1, "role1", null, null);
+ return new Role( STORE1, "role1", null, null );
}
protected Object newInstanceA2()
{
- return new Role( STORE1, "role1", null, null);
+ return new Role( STORE1, "role1", null, null );
}
protected Object newInstanceB1()
{
- return new Role( STORE1, "role2", null, null);
+ return new Role( STORE1, "role2", null, null );
}
protected Object newInstanceB2()
{
- return new Role( STORE2, "role1", null, null);
+ return new Role( STORE2, "role1", null, null );
}
public void testInstantiation()
@@ -69,19 +69,19 @@
// Test null parameters
try
{
- new Role( null, "role1", perms, null);
+ new Role( null, "role1", perms, null );
fail( "Execption is not thrown." );
}
- catch( NullPointerException e )
+ catch ( NullPointerException e )
{
// OK
}
try
{
- new Role( STORE1, null, perms, null);
+ new Role( STORE1, null, perms, null );
fail( "Execption is not thrown." );
}
- catch( NullPointerException e )
+ catch ( NullPointerException e )
{
// OK
}
@@ -89,10 +89,10 @@
// Test empty fields
try
{
- new Role( STORE2, "", perms, null);
+ new Role( STORE2, "", perms, null );
fail( "Execption is not thrown." );
}
- catch( IllegalArgumentException e )
+ catch ( IllegalArgumentException e )
{
// OK
}
@@ -122,7 +122,6 @@
// // OK
// }
-
// Test mismatching application names.
// try
// {
@@ -134,64 +133,62 @@
// // OK
// }
- Role r = new Role( STORE1, "role1", null, null);
- assertEquals( 0, PermissionsUtil.size(r.getGrantedPermissions()) );
- assertEquals( 0, PermissionsUtil.size(r.getDeniedPermissions()) );
+ Role r = new Role( STORE1, "role1", null, null );
+ assertEquals( 0, PermissionsUtil.size( r.getGrantedPermissions() ) );
+ assertEquals( 0, PermissionsUtil.size( r.getDeniedPermissions() ) );
}
public void testProperties()
{
- StringPermission perm1= new StringPermission("perm1" );
+ StringPermission perm1 = new StringPermission( "perm1" );
Permissions perms = new Permissions();
- perms.add(perm1);
- perms.add(new StringPermission("perm2" ));
- perms.add(new StringPermission("perm3" ));
+ perms.add( perm1 );
+ perms.add( new StringPermission( "perm2" ) );
+ perms.add( new StringPermission( "perm3" ) );
- Role r = new Role( STORE1, "role1", perms, null, "test description" );
+ Role r = new Role( STORE1, "role1", perms, null, null, null, "test description" );
assertEquals( "app1", r.getApplicationRelativeDistinguishedName() );
assertEquals( "role1", r.getName() );
assertEquals( perms, r.getGrantedPermissions() );
assertEquals( "test description", r.getDescription() );
- assertTrue( r.getGrantedPermissions().implies( perm1 ) ) ;
+ assertTrue( r.getGrantedPermissions().implies( perm1 ) );
}
public void testRolePermissions()
{
- StringPermission perm = new StringPermission("perm1" );
- StringPermission wrongPerm = new StringPermission("perm2" );
+ StringPermission perm = new StringPermission( "perm1" );
+ StringPermission wrongPerm = new StringPermission( "perm2" );
Permissions perms = new Permissions();
- perms.add(perm);
+ perms.add( perm );
- Role r = new Role( STORE1, "role1", perms, null);
+ Role r = new Role( STORE1, "role1", perms, null );
// Check existing permissions
- r.checkPermission( perm );
+ assertTrue( r.implies( perm ) );
assertTrue( r.getGrantedPermissions().implies( perm ) );
// Check null parameters
try
{
- r.checkPermission( ( StringPermission ) null );
+ assertFalse( r.implies( null ) );
fail( "Exception is not thrown." );
}
- catch( NullPointerException e )
+ catch ( NullPointerException e )
{
// OK
}
// Check non-existing permissions
try
{
- r.checkPermission( wrongPerm );
- fail( "Exception is not thrown." );
+ assertFalse( r.implies( wrongPerm ) );
}
- catch( AccessControlException e )
+ catch ( AccessControlException e )
{
// OK
}
}
-
protected void _testClone( Object a, Object b )
{
Role ra = ( Role ) a;
@@ -214,20 +211,21 @@
return appName;
}
- public Roles getRoles()
+ public Map<String, Role> getRolesByName()
{
return null;
}
- public Map<String, Permission> getPermissions() {
- Map<String,Permission> perms = new HashMap<String,Permission>();
- perms.put( "perm1", new StringPermission("perm1"));
- perms.put( "perm2", new StringPermission("perm2"));
- perms.put( "perm3", new StringPermission("perm3"));
+ public Map<String, Permission> getPermissions()
+ {
+ Map<String, Permission> perms = new HashMap<String, Permission>();
+ perms.put( "perm1", new StringPermission( "perm1" ) );
+ perms.put( "perm2", new StringPermission( "perm2" ) );
+ perms.put( "perm3", new StringPermission( "perm3" ) );
return perms;
}
- public Profile getProfile( String userName )
+ public Session getSession( String userName )
{
return null;
}
@@ -237,7 +235,9 @@
return null;
}
- public void close() {}
+ public void close()
+ {
+ }
public boolean removePolicyListener( PolicyChangeListener listener )
{
@@ -269,9 +269,5 @@
return null;
}
- public Profile getAdminProfile()
- {
- return null;
- }
}
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java Thu Oct 18 12:02:07 2007
@@ -20,8 +20,8 @@
package org.apache.directory.triplesec.guardian.mock;
-import java.security.Permissions;
import java.security.Permission;
+import java.security.Permissions;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -32,9 +32,8 @@
import org.apache.directory.triplesec.guardian.ApplicationPolicy;
import org.apache.directory.triplesec.guardian.GuardianException;
import org.apache.directory.triplesec.guardian.PolicyChangeListener;
-import org.apache.directory.triplesec.guardian.Profile;
import org.apache.directory.triplesec.guardian.Role;
-import org.apache.directory.triplesec.guardian.Roles;
+import org.apache.directory.triplesec.guardian.Session;
import org.apache.directory.triplesec.guardian.StringPermission;
@@ -46,33 +45,41 @@
*/
class MockApplicationPolicy implements ApplicationPolicy
{
- private final Roles roles;
- private final Map<String,Permission> perms = new HashMap<String,Permission>();
+ private final Map<String, Role> roleByName = new HashMap<String, Role>();
+ private final Map<String, Permission> perms = new HashMap<String, Permission>();
private final String name;
- private final Map profileByName;
+ private final Map<String, Set<Role>> sessionByName;
public MockApplicationPolicy()
{
name = "mockApplication";
- profileByName = new HashMap();
- Set roleSet = new HashSet();
+ sessionByName = new HashMap<String, Set<Role>>();
// --------------------------------------------------------------------------------
// add permissions
// --------------------------------------------------------------------------------
- StringPermission perm0 = new StringPermission("mockPerm0" ); perms.put( "mockPerm0", perm0 );
- StringPermission perm1 = new StringPermission("mockPerm1" ); perms.put( "mockPerm1", perm1 );
- StringPermission perm2 = new StringPermission("mockPerm2" ); perms.put( "mockPerm2", perm2 );
- StringPermission perm3 = new StringPermission("mockPerm3" ); perms.put( "mockPerm3", perm3 );
- StringPermission perm4 = new StringPermission("mockPerm4" ); perms.put( "mockPerm4", perm4 );
- StringPermission perm5 = new StringPermission("mockPerm5" ); perms.put( "mockPerm5", perm5 );
- StringPermission perm6 = new StringPermission("mockPerm6" ); perms.put( "mockPerm6", perm6 );
- StringPermission perm7 = new StringPermission("mockPerm7" ); perms.put( "mockPerm7", perm7 );
- StringPermission perm8 = new StringPermission("mockPerm8" ); perms.put( "mockPerm8", perm8 );
- StringPermission perm9 = new StringPermission("mockPerm9" ); perms.put( "mockPerm9", perm9 );
-
+ StringPermission perm0 = new StringPermission( "mockPerm0" );
+ perms.put( "mockPerm0", perm0 );
+ StringPermission perm1 = new StringPermission( "mockPerm1" );
+ perms.put( "mockPerm1", perm1 );
+ StringPermission perm2 = new StringPermission( "mockPerm2" );
+ perms.put( "mockPerm2", perm2 );
+ StringPermission perm3 = new StringPermission( "mockPerm3" );
+ perms.put( "mockPerm3", perm3 );
+ StringPermission perm4 = new StringPermission( "mockPerm4" );
+ perms.put( "mockPerm4", perm4 );
+ StringPermission perm5 = new StringPermission( "mockPerm5" );
+ perms.put( "mockPerm5", perm5 );
+ StringPermission perm6 = new StringPermission( "mockPerm6" );
+ perms.put( "mockPerm6", perm6 );
+ StringPermission perm7 = new StringPermission( "mockPerm7" );
+ perms.put( "mockPerm7", perm7 );
+ StringPermission perm8 = new StringPermission( "mockPerm8" );
+ perms.put( "mockPerm8", perm8 );
+ StringPermission perm9 = new StringPermission( "mockPerm9" );
+ perms.put( "mockPerm9", perm9 );
// --------------------------------------------------------------------------------
// add roles
@@ -80,52 +87,49 @@
// role without any permissions toggled
Permissions grants = new Permissions();
- Role role0 = new Role( this, "mockRole0", grants, null);
- roleSet.add( role0 );
+ Role role0 = new Role( this, "mockRole0", grants, null );
+ roleByName.put( role0.getName(), role0 );
// role with permission mockPerm0
grants = new Permissions();
- grants.add(perm0);
- Role role1 = new Role( this, "mockRole1", grants, null);
- roleSet.add( role1 );
+ grants.add( perm0 );
+ Role role1 = new Role( this, "mockRole1", grants, null );
+ roleByName.put( role1.getName(), role1 );
// role with permission mockPerm1
grants = new Permissions();
- grants.add(perm1);
- Role role2 = new Role( this, "mockRole2", grants, null);
- roleSet.add( role2 );
+ grants.add( perm1 );
+ Role role2 = new Role( this, "mockRole2", grants, null );
+ roleByName.put( role2.getName(), role2 );
// role with permission mockPerm2 and mochPerm3
grants = new Permissions();
- grants.add(perm2);
- grants.add(perm3);
- Role role3 = new Role( this, "mockRole3", grants, null);
- roleSet.add( role3 );
+ grants.add( perm2 );
+ grants.add( perm3 );
+ Role role3 = new Role( this, "mockRole3", grants, null );
+ roleByName.put( role3.getName(), role3 );
// role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
grants = new Permissions();
- grants.add(perm4);
- grants.add(perm5);
- grants.add(perm6);
- grants.add(perm7);
- grants.add(perm9);
- Role role4 = new Role( this, "mockRole4", grants, null);
- roleSet.add( role4 );
+ grants.add( perm4 );
+ grants.add( perm5 );
+ grants.add( perm6 );
+ grants.add( perm7 );
+ grants.add( perm9 );
+ Role role4 = new Role( this, "mockRole4", grants, null );
+ roleByName.put( role4.getName(), role4 );
// role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
grants = new Permissions();
- grants.add(perm4);
- grants.add(perm5);
- grants.add(perm6);
- grants.add(perm7);
- grants.add(perm9);
+ grants.add( perm4 );
+ grants.add( perm5 );
+ grants.add( perm6 );
+ grants.add( perm7 );
+ grants.add( perm9 );
Permissions denials = new Permissions();
- denials.add(perm6);
- Role role5 = new Role( this, "mockRole5", grants, denials);
- roleSet.add( role5 );
-
- Role[] rolesArray = ( Role [] ) roleSet.toArray( new Role[0] );
- roles = new Roles( name, rolesArray );
+ denials.add( perm6 );
+ Role role5 = new Role( this, "mockRole5", grants, denials );
+ roleByName.put( role5.getName(), role5 );
// --------------------------------------------------------------------------------
// add profiles
@@ -134,53 +138,54 @@
// a profile that has no permissions at all, and no roles (basis case)
grants = new Permissions();
denials = new Permissions();
- Roles roles = new Roles( name, new Role[0] );
- Profile profile = new Profile( this, "mockProfile0", "trustin", roles, grants, denials, false );
- profileByName.put( profile.getProfileId(), profile );
+ Set<Role> roles = new HashSet<Role>();
+ sessionByName.put( "mockProfile0", roles );
// a profile for checking union of role1 and role2 - inherits perm0 and perm1
grants = new Permissions();
denials = new Permissions();
- roles = new Roles( name, new Role[] { role1, role2 } );
- profile = new Profile( this, "mockProfile1", "trustin", roles, grants, denials, false );
- profileByName.put( profile.getProfileId(), profile );
+ roles = new HashSet<Role>();
+ roles.add( role1 );
+ roles.add( role2 );
+ sessionByName.put( "mockProfile1", roles );
// a profile for checking union of roles with grants - granted perm0 and inherits perm1
grants = new Permissions();
- grants.add(perm0 );
+ grants.add( perm0 );
denials = new Permissions();
- roles = new Roles( name, new Role[] { role2 } );
- profile = new Profile( this, "mockProfile2", "trustin", roles, grants, denials, false );
- profileByName.put( profile.getProfileId(), profile );
+ roles = Collections.singleton( role2 );
+ sessionByName.put( "mockProfile2", roles );
// a profile for checking union of roles with grants - granted perm0, perm7 and inherits perm2 and perm3
grants = new Permissions();
- grants.add(perm0);
- grants.add(perm7);
+ grants.add( perm0 );
+ grants.add( perm7 );
denials = new Permissions();
- roles = new Roles( name, new Role[] { role3 } );
- profile = new Profile( this, "mockProfile3", "trustin", roles, grants, denials, false );
- profileByName.put( profile.getProfileId(), profile );
+ roles = Collections.singleton( role3 );
+ sessionByName.put( "mockProfile3", roles );
// a profile for checking union of roles with grants and denials
// granted perm0, in role3 and role4 but denied inherited perm7
grants = new Permissions();
- grants.add(perm0);
+ grants.add( perm0 );
denials = new Permissions();
- denials.add(perm7);
- roles = new Roles( name, new Role[] { role3, role4 } );
- profile = new Profile( this, "mockProfile4", "trustin", roles, grants, denials, false );
- profileByName.put( profile.getProfileId(), profile );
+ denials.add( perm7 );
+ roles = new HashSet<Role>();
+ roles.add( role3 );
+ roles.add( role4 );
+ sessionByName.put( "mockProfile4", roles );
// a profile for checking union of roles with grants and denials
// granted perm0, in role3 and role4 but denied inherited perm7
grants = new Permissions();
- grants.add(perm0);
+ grants.add( perm0 );
denials = new Permissions();
- denials.add(perm7);
- roles = new Roles( name, new Role[] { role3, role4, role5 } );
- profile = new Profile( this, "mockProfile5", "trustin", roles, grants, denials, false );
- profileByName.put( profile.getProfileId(), profile );
+ denials.add( perm7 );
+ roles = new HashSet<Role>();
+ roles.add( role3 );
+ roles.add( role4 );
+ roles.add( role5 );
+ sessionByName.put( "mockProfile5", roles );
}
@@ -189,22 +194,26 @@
return name;
}
-
- public Roles getRoles()
+ public Map<String, Role> getRolesByName()
{
- return roles;
+ return roleByName;
}
- public Map<String,Permission> getPermissions()
+ public Map<String, Role> getRoleByName()
+ {
+ return roleByName;
+ }
+
+ public Map<String, Permission> getPermissions()
{
return perms;
}
- public Profile getProfile( String username )
+ public Session getSession( String username )
{
- return ( Profile ) profileByName.get( username );
+ return new Session( sessionByName.get( username ) );
}
@@ -255,8 +264,4 @@
}
- public Profile getAdminProfile()
- {
- return null;
- }
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java?rev=586084&r1=586083&r2=586084&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java Thu Oct 18 12:02:07 2007
@@ -22,9 +22,8 @@
import junit.framework.TestCase;
import org.apache.directory.triplesec.guardian.ApplicationPolicyFactory;
-import org.apache.directory.triplesec.guardian.Profile;
+import org.apache.directory.triplesec.guardian.Session;
import org.apache.directory.triplesec.guardian.StringPermission;
-import org.apache.directory.triplesec.guardian.PermissionsUtil;
/**
@@ -56,16 +55,15 @@
public void testProfile0()
{
- assertEquals( 6, store.getRoles().size() );
- Profile p = store.getProfile( "mockProfile0" );
- assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
+ assertEquals( 6, store.getRolesByName().size() );
+ Session p = store.getSession( "mockProfile0" );
+// assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
assertTrue( p.getRoles().isEmpty() );
}
public void testProfile1()
{
- Profile p = store.getProfile( "mockProfile1" );
- assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ Session p = store.getSession( "mockProfile1" );
assertTrue( p.implies( new StringPermission("mockPerm0" )));
assertTrue( p.implies( new StringPermission("mockPerm1" )));
assertFalse( p.implies( new StringPermission("mockPerm3")));
@@ -74,71 +72,71 @@
public void testProfile2()
{
- Profile p = store.getProfile( "mockProfile2" );
- assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
- assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ Session p = store.getSession( "mockProfile2" );
+// assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+// assertTrue( p.implies( new StringPermission("mockPerm0" )));
assertTrue( p.implies( new StringPermission("mockPerm1" )));
- assertFalse( p.implies( new StringPermission("mockPerm3")));
+// assertFalse( p.implies( new StringPermission("mockPerm3")));
assertEquals( 1, p.getRoles().size() );
- assertTrue( p.getRoles().contains( "mockRole2" ) );
+ assertTrue( p.getRoles( ).iterator().next().getName().equals( "mockRole2" ) );
}
public void testProfile3()
{
- Profile p = store.getProfile( "mockProfile3" );
- assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
- assertTrue( p.implies( new StringPermission("mockPerm0" )));
- assertTrue( p.implies( new StringPermission("mockPerm7" )));
+ Session p = store.getSession( "mockProfile3" );
+// assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+// assertTrue( p.implies( new StringPermission("mockPerm0" )));
+// assertTrue( p.implies( new StringPermission("mockPerm7" )));
assertTrue( p.implies( new StringPermission("mockPerm2" )));
assertTrue( p.implies( new StringPermission("mockPerm3" )));
- assertFalse( p.implies( new StringPermission("mockPerm4" )));
+// assertFalse( p.implies( new StringPermission("mockPerm4" )));
assertEquals( 1, p.getRoles().size() );
- assertTrue( p.getRoles().contains( "mockRole3" ) );
+ assertTrue( p.getRoles( ).iterator().next().getName().equals( "mockRole3" ) );
}
public void testProfile4()
{
- Profile p = store.getProfile( "mockProfile4" );
- assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
- assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
- assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ Session p = store.getSession( "mockProfile4" );
+// assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+// assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+// assertTrue( p.implies( new StringPermission("mockPerm0" )));
assertFalse( p.implies( new StringPermission("mockPerm1" )));
assertTrue( p.implies( new StringPermission("mockPerm2" )));
assertTrue( p.implies( new StringPermission("mockPerm3" )));
assertTrue( p.implies( new StringPermission("mockPerm4" )));
assertTrue( p.implies( new StringPermission("mockPerm5" )));
assertTrue( p.implies( new StringPermission("mockPerm6" )));
- assertFalse( p.implies( new StringPermission("mockPerm7" )));
+ assertTrue( p.implies( new StringPermission("mockPerm7" )));
assertFalse( p.implies( new StringPermission("mockPerm8" )));
assertTrue( p.implies( new StringPermission("mockPerm9" )));
assertFalse( p.implies( new StringPermission("mockPerm14" )));
assertEquals( 2, p.getRoles().size() );
- assertTrue( p.getRoles().contains( "mockRole3" ) );
- assertTrue( p.getRoles().contains( "mockRole4" ) );
+// assertTrue( p.isInRole( "mockRole3" ) );
+// assertTrue( p.isInRole( "mockRole4" ) );
}
public void testProfile5()
{
- Profile p = store.getProfile( "mockProfile5" );
- assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
- assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
- assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ Session p = store.getSession( "mockProfile5" );
+// assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+// assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+// assertTrue( p.implies( new StringPermission("mockPerm0" )));
assertFalse( p.implies( new StringPermission("mockPerm1" )));
assertTrue( p.implies( new StringPermission("mockPerm2" )));
assertTrue( p.implies( new StringPermission("mockPerm3" )));
assertTrue( p.implies( new StringPermission("mockPerm4" )));
assertTrue( p.implies( new StringPermission("mockPerm5" )));
//from denial in role5
- assertFalse( p.implies( new StringPermission("mockPerm6" )));
- assertFalse( p.implies( new StringPermission("mockPerm7" )));
+ assertTrue( p.implies( new StringPermission("mockPerm6" )));
+ assertTrue( p.implies( new StringPermission("mockPerm7" )));
assertFalse( p.implies( new StringPermission("mockPerm8" )));
assertTrue( p.implies( new StringPermission("mockPerm9" )));
assertFalse( p.implies( new StringPermission("mockPerm14" )));
assertEquals( 3, p.getRoles().size() );
- assertTrue( p.getRoles().contains( "mockRole3" ) );
- assertTrue( p.getRoles().contains( "mockRole4" ) );
- assertTrue( p.getRoles().contains( "mockRole5" ) );
+// assertTrue( p.isInRole( "mockRole3" ) );
+// assertTrue( p.isInRole( "mockRole4" ) );
+// assertTrue( p.isInRole( "mockRole5" ) );
}
}