You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/10/20 19:10:18 UTC
svn commit: r586761 - in /directory/sandbox/djencks/triplesec-jacc2:
admin-api2/src/main/java/org/apache/directory/triplesec/admin/
admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/
admin-api2/src/test/java/org/apache/directory...
Author: djencks
Date: Sat Oct 20 10:10:15 2007
New Revision: 586761
URL: http://svn.apache.org/viewvc?rev=586761&view=rev
Log:
switch to unique roleId rather than context dependent rolename to identify role references
Modified:
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Group.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Role.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/StateManager.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java
directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java Sat Oct 20 10:10:15 2007
@@ -92,7 +92,7 @@
String APP_NAME_ID = "appName";
String PERM_NAME_ID = "permName";
String ROLE_NAME_ID = "roleName";
- String PROFILEID_ID = "profileId";
+ String ROLEID_ID = "roleId";
String TRIPLESEC_ID = "triplesecUid";
String CREATORS_NAME_ID = "creatorsName";
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Group.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Group.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Group.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Group.java Sat Oct 20 10:10:15 2007
@@ -72,7 +72,7 @@
public Collection<User> getMembers()
{
- return stateManager.getReferenceMapField( MEMBERS_INDEX ).getCurrentValues();
+ return stateManager.<User>getReferenceMapField( MEMBERS_INDEX ).getCurrentValues();
}
public void addMember( User member )
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Role.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Role.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Role.java Sat Oct 20 10:10:15 2007
@@ -42,11 +42,12 @@
Constants.DENIALS_ID};
private static final int ROLENAME_INDEX = 0;
- private static final int DESCRIPTION_INDEX = 1;
- private static final int GRANTS_INDEX = 2;
- private static final int DENIALS_INDEX = 3;
- private static final int GRANTED_ROLES_INDEX = 4;
- private static final int DENIED_ROLES_INDEX = 5;
+ private static final int ROLEID_INDEX = 1;
+ private static final int DESCRIPTION_INDEX = 2;
+ private static final int GRANTS_INDEX = 3;
+ private static final int DENIALS_INDEX = 4;
+ private static final int GRANTED_ROLES_INDEX = 5;
+ private static final int DENIED_ROLES_INDEX = 6;
private final StateManager<Role> stateManager;
@@ -55,6 +56,7 @@
stateManager = new StateManager<Role>( this );
stateManager.setRdn( new SimpleRdn( Constants.ROLE_NAME_ID, null, "ou=roles" ) );
+ stateManager.addField( new SingleValuedField<String>( Constants.ROLEID_ID, null ) );
stateManager.addField( new SingleValuedField<String>( Constants.DESCRIPTION_ID, null ) );
stateManager.addField( new ReferenceMapField<Permission>( Constants.GRANTS_ID, stateManager ) );
stateManager.addField( new ReferenceMapField<Permission>( Constants.DENIALS_ID, stateManager ) );
@@ -65,10 +67,11 @@
}
- public Role( String roleName, String description )
+ public Role( String roleName, String roleId, String description )
{
this();
stateManager.setStringValue( ROLENAME_INDEX, roleName );
+ stateManager.setStringValue( ROLEID_INDEX, roleId );
stateManager.setStringValue( DESCRIPTION_INDEX, description );
}
@@ -83,6 +86,16 @@
stateManager.setId( roleName );
}
+ public String getRoleId()
+ {
+ return stateManager.getStringValue( ROLEID_INDEX );
+ }
+
+ public void setRoleId( String roleId )
+ {
+ stateManager.setStringValue( ROLEID_INDEX, roleId );
+ }
+
public String getDescription()
{
return stateManager.getStringValue( DESCRIPTION_INDEX );
@@ -95,7 +108,7 @@
public Collection<Permission> getGrants()
{
- return stateManager.getReferenceMapField( GRANTS_INDEX ).getCurrentValues();
+ return stateManager.<Permission>getReferenceMapField( GRANTS_INDEX ).getCurrentValues();
}
public void addGrant( Permission permission )
@@ -110,7 +123,7 @@
public Collection<Permission> getDenials()
{
- return stateManager.getReferenceMapField( DENIALS_INDEX ).getCurrentValues();
+ return stateManager.<Permission>getReferenceMapField( DENIALS_INDEX ).getCurrentValues();
}
public void addDenial( Permission permission )
@@ -125,7 +138,7 @@
public Collection<Role> getGrantedRoles()
{
- return stateManager.getReferenceMapField( GRANTED_ROLES_INDEX ).getCurrentValues();
+ return stateManager.<Role>getReferenceMapField( GRANTED_ROLES_INDEX ).getCurrentValues();
}
public void addGrantedRole( Role role )
@@ -140,7 +153,7 @@
public Collection<Role> getDeniedRoles()
{
- return stateManager.getReferenceMapField( DENIED_ROLES_INDEX ).getCurrentValues();
+ return stateManager.<Role>getReferenceMapField( DENIED_ROLES_INDEX ).getCurrentValues();
}
public void addDeniedRole( Role role )
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/StateManager.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/StateManager.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/StateManager.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/StateManager.java Sat Oct 20 10:10:15 2007
@@ -208,9 +208,9 @@
return fields.get( pos );
}
- public ReferenceMapField getReferenceMapField( int pos)
+ public <S extends PersistenceCapable> ReferenceMapField<S> getReferenceMapField( int pos)
{
- return ((ReferenceMapField)getField( pos));
+ return ((ReferenceMapField<S>)getField( pos));
}
public String getStringValue( int pos )
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java Sat Oct 20 10:10:15 2007
@@ -272,7 +272,7 @@
assertEquals( 11, app.getRoles().size() );
// create a new role after changing modifier's description and grants
- Role role = new Role( "testRole", "test role" );
+ Role role = new Role( "testRole", "testRole", "test role" );
role.addGrant( app.getPermission( "mockPerm0" ) );
role.addGrant( app.getPermission( "mockPerm1" ) );
role.addDenial( app.getPermission( "mockPerm8" ) );
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java Sat Oct 20 10:10:15 2007
@@ -64,7 +64,7 @@
*
* @return a set of {@link Role}s defined for this store.
*/
- Map<String, Role> getRolesByName();
+ Map<String, Role> getRolesById();
/**
* Gets a set of {@link StringPermission}s defined for this store.
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java Sat Oct 20 10:10:15 2007
@@ -54,7 +54,7 @@
*/
protected final Map<String, Permission> permissions = new HashMap<String, Permission>();
- protected final Map<String, Role> rolesByName = new HashMap<String, Role>();
+ protected final Map<String, Role> rolesById = new HashMap<String, Role>();
protected Permissions getAllPermissions()
{
@@ -148,9 +148,9 @@
return this.description;
}
- public Map<String, Role> getRolesByName()
+ public Map<String, Role> getRolesById()
{
- return rolesByName;
+ return rolesById;
}
public Map<String, Permission> getPermissions()
@@ -158,24 +158,27 @@
return permissions;
}
- protected Role addRole( String roleName, Map<String, Attributes> roleAttributes ) throws NamingException
+ protected Role addRole( String roleId, Map<String, Attributes> roleAttributes ) throws NamingException
{
- Role role = rolesByName.get( roleName );
+ Role role = rolesById.get( roleId );
if ( role != null )
{
return role;
}
- if ( rolesByName.containsKey( roleName ) )
+ if ( rolesById.containsKey( roleId ) )
{
- throw new GuardianException( "Circular reference to role " + roleName );
+ throw new GuardianException( "Circular reference to role " + roleId );
}
- Attributes attrs = roleAttributes.get( roleName );
+ Attributes attrs = roleAttributes.get( roleId );
if ( attrs == null )
{
- throw new GuardianException( "no role named " + roleName + " found" );
+ return null;
+// throw new GuardianException( "no role named " + roleId + " found" );
}
//mark that we have started looking at this role name
- rolesByName.put( roleName, null );
+ rolesById.put( roleId, null );
+
+ String roleName = getStringAttribute( attrs, "roleName" );
Permissions grants = new Permissions();
Attribute attributes = attrs.get( "grants" );
@@ -209,8 +212,8 @@
attributes = attrs.get( "deniedRoles" );
Collection<Role> deniedRoles = getRoles( attributes, roleAttributes );
- role = new Role( this, roleName, grants, denials, grantedRoles, deniedRoles, getStringAttribute( attrs, "description" ) );
- rolesByName.put( roleName, role );
+ role = new Role( this, roleName, roleId, grants, denials, grantedRoles, deniedRoles, getStringAttribute( attrs, "description" ) );
+ rolesById.put( roleId, role );
return role;
}
@@ -225,7 +228,11 @@
{
String roleName = ( String ) rolesEnumeration.next();
- roles.add( addRole( roleName, roleAttributes ) );
+ Role role = addRole( roleName, roleAttributes );
+ if ( role != null )
+ {
+ roles.add( role );
+ }
}
}
return roles;
@@ -279,15 +286,16 @@
NamingEnumeration<?> grantsEnumeration = defaultRolesAttribute.getAll();
while ( grantsEnumeration.hasMore() )
{
- String roleName = ( String ) grantsEnumeration.next();
- Role role = rolesByName.get( roleName );
+ String roleId = ( String ) grantsEnumeration.next();
+ Role role = rolesById.get( roleId );
if ( role != null )
{
roles.add( role );
}
else
{
- throw new NamingException("No role named " + roleName + " found: known names: " + rolesByName.keySet());
+// this is OK, role could be present only in another application
+// throw new NamingException("No role named " + roleId + " found: known names: " + rolesById.keySet());
}
}
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java Sat Oct 20 10:10:15 2007
@@ -44,6 +44,7 @@
* the name of this Role
*/
private final String name;
+ private final String id;
/**
* the store the Role is defined for
*/
@@ -67,14 +68,16 @@
*
* @param store the parent store this role is defined for
* @param name the name of this role
+ * @param id
* @param grantedPermissions
* @param deniedPermissions
- * @param description a breif description of the role
* @param grantedRoles
* @param deniedRoles
+ * @param description a breif description of the role
*/
public Role( ApplicationPolicy store,
String name,
+ String id,
Permissions grantedPermissions,
Permissions deniedPermissions,
Collection<Role> grantedRoles,
@@ -93,6 +96,10 @@
{
throw new IllegalArgumentException( "name is empty." );
}
+ if (id == null)
+ {
+ throw new NullPointerException("roleId");
+ }
if ( grantedPermissions == null )
{
@@ -113,6 +120,7 @@
}
this.store = store;
this.name = name;
+ this.id = id;
this.grantedPermissions = grantedPermissions;
this.deniedPermissions = deniedPermissions;
this.grantedRoles = grantedRoles;
@@ -126,12 +134,13 @@
*
* @param store the parent store this role is defined for
* @param name the name of this role
+ * @param id
* @param grantedPermissions
* @param deniedPermissions
*/
- public Role( ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions )
+ public Role( ApplicationPolicy store, String name, String id, Permissions grantedPermissions, Permissions deniedPermissions )
{
- this( store, name, grantedPermissions, deniedPermissions, null, null, null );
+ this( store, name, id, grantedPermissions, deniedPermissions, null, null, null );
}
@@ -145,6 +154,11 @@
return name;
}
+
+ public String getId()
+ {
+ return id;
+ }
/**
* Gets a brief description for this Role if one exists.
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java Sat Oct 20 10:10:15 2007
@@ -141,7 +141,7 @@
return "appName=Test,ou=applications";
}
- public Map<String, Role> getRolesByName()
+ public Map<String, Role> getRolesById()
{
return null;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java Sat Oct 20 10:10:15 2007
@@ -44,22 +44,22 @@
protected Object newInstanceA1()
{
- return new Role( STORE1, "role1", null, null );
+ return new Role( STORE1, "role1", "role1", null, null );
}
protected Object newInstanceA2()
{
- return new Role( STORE1, "role1", null, null );
+ return new Role( STORE1, "role1", "role1", null, null );
}
protected Object newInstanceB1()
{
- return new Role( STORE1, "role2", null, null );
+ return new Role( STORE1, "role2", "role2", null, null );
}
protected Object newInstanceB2()
{
- return new Role( STORE2, "role1", null, null );
+ return new Role( STORE2, "role1", "role1", null, null );
}
public void testInstantiation()
@@ -69,7 +69,7 @@
// Test null parameters
try
{
- new Role( null, "role1", perms, null );
+ new Role( null, "role1", "role1", perms, null );
fail( "Execption is not thrown." );
}
catch ( NullPointerException e )
@@ -78,7 +78,7 @@
}
try
{
- new Role( STORE1, null, perms, null );
+ new Role( STORE1, null, null, perms, null );
fail( "Execption is not thrown." );
}
catch ( NullPointerException e )
@@ -89,7 +89,7 @@
// Test empty fields
try
{
- new Role( STORE2, "", perms, null );
+ new Role( STORE2, "", "", perms, null );
fail( "Execption is not thrown." );
}
catch ( IllegalArgumentException e )
@@ -133,7 +133,7 @@
// // OK
// }
- Role r = new Role( STORE1, "role1", null, null );
+ Role r = new Role( STORE1, "role1", "role1", null, null );
assertEquals( 0, PermissionsUtil.size( r.getGrantedPermissions() ) );
assertEquals( 0, PermissionsUtil.size( r.getDeniedPermissions() ) );
}
@@ -146,7 +146,7 @@
perms.add( new StringPermission( "perm2" ) );
perms.add( new StringPermission( "perm3" ) );
- Role r = new Role( STORE1, "role1", perms, null, null, null, "test description" );
+ Role r = new Role( STORE1, "role1", "role1", perms, null, null, null, "test description" );
assertEquals( "app1", r.getApplicationRelativeDistinguishedName() );
assertEquals( "role1", r.getName() );
assertEquals( perms, r.getGrantedPermissions() );
@@ -161,7 +161,7 @@
Permissions perms = new Permissions();
perms.add( perm );
- Role r = new Role( STORE1, "role1", perms, null );
+ Role r = new Role( STORE1, "role1", "role1", perms, null );
// Check existing permissions
assertTrue( r.implies( perm ) );
@@ -211,7 +211,7 @@
return appName;
}
- public Map<String, Role> getRolesByName()
+ public Map<String, Role> getRolesById()
{
return null;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java Sat Oct 20 10:10:15 2007
@@ -87,26 +87,26 @@
// role without any permissions toggled
Permissions grants = new Permissions();
- Role role0 = new Role( this, "mockRole0", grants, null );
+ Role role0 = new Role( this, "mockRole0", "mockRole0", grants, null );
roleByName.put( role0.getName(), role0 );
// role with permission mockPerm0
grants = new Permissions();
grants.add( perm0 );
- Role role1 = new Role( this, "mockRole1", grants, null );
+ Role role1 = new Role( this, "mockRole1", "mockRole1", grants, null );
roleByName.put( role1.getName(), role1 );
// role with permission mockPerm1
grants = new Permissions();
grants.add( perm1 );
- Role role2 = new Role( this, "mockRole2", grants, null );
+ Role role2 = new Role( this, "mockRole2", "mockRole2", grants, null );
roleByName.put( role2.getName(), role2 );
// role with permission mockPerm2 and mochPerm3
grants = new Permissions();
grants.add( perm2 );
grants.add( perm3 );
- Role role3 = new Role( this, "mockRole3", grants, null );
+ Role role3 = new Role( this, "mockRole3", "mockRole3", grants, null );
roleByName.put( role3.getName(), role3 );
// role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
@@ -116,7 +116,7 @@
grants.add( perm6 );
grants.add( perm7 );
grants.add( perm9 );
- Role role4 = new Role( this, "mockRole4", grants, null );
+ Role role4 = new Role( this, "mockRole4", "mockRole4", grants, null );
roleByName.put( role4.getName(), role4 );
// role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
@@ -128,7 +128,7 @@
grants.add( perm9 );
Permissions denials = new Permissions();
denials.add( perm6 );
- Role role5 = new Role( this, "mockRole5", grants, denials );
+ Role role5 = new Role( this, "mockRole5", "mockRole5", grants, denials );
roleByName.put( role5.getName(), role5 );
// --------------------------------------------------------------------------------
@@ -194,7 +194,7 @@
return name;
}
- public Map<String, Role> getRolesByName()
+ public Map<String, Role> getRolesById()
{
return roleByName;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java Sat Oct 20 10:10:15 2007
@@ -55,7 +55,7 @@
public void testProfile0()
{
- assertEquals( 6, store.getRolesByName().size() );
+ assertEquals( 6, store.getRolesById().size() );
Session p = store.getSession( "mockProfile0" );
// assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
assertTrue( p.getRoles().isEmpty() );
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java Sat Oct 20 10:10:15 2007
@@ -96,7 +96,7 @@
loadRoles();
// setup the administrator with all permissions and roles
-// adminProfile = new Profile( this, "admin", "admin", new HashSet<Role>(rolesByName.values()), getAllPermissions(),
+// adminProfile = new Profile( this, "admin", "admin", new HashSet<Role>(rolesById.values()), getAllPermissions(),
// new Permissions( ), false );
try
@@ -148,27 +148,26 @@
*/
private void loadRoles() throws GuardianException
{
- Set<Role> roleSet = new HashSet<Role>();
SearchControls ctrls = new SearchControls();
- ctrls.setReturningAttributes( new String[] { "roleName", "grants", "denials", "grantedRoles", "deniedRoles" } );
- ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+ ctrls.setReturningAttributes( new String[] { "roleName", "roleId", "grants", "denials", "grantedRoles", "deniedRoles" } );
+ ctrls.setSearchScope( SearchControls.SUBTREE_SCOPE );
try
{
Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
- NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + applicationRdn,
+ NamingEnumeration<SearchResult> list = ctx.search( applicationRdn,
"(objectClass=policyRole)", ctrls );
while ( list.hasMore() )
{
SearchResult result = list.next();
Attributes attributes = result.getAttributes();
- String roleName = getStringAttribute(attributes, "roleName");
- roleAttributes.put(roleName, attributes);
+ String roleId = getStringAttribute(attributes, "roleId");
+ roleAttributes.put(roleId, attributes);
}
- for (String roleName: roleAttributes.keySet())
+ for (String roleId: roleAttributes.keySet())
{
- addRole(roleName, roleAttributes);
+ addRole(roleId, roleAttributes);
}
}
catch ( NamingException e )
@@ -609,7 +608,7 @@
}
// setup the administrator with all permissions and roles
-// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesByName.values()), getAllPermissions(),
+// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesById.values()), getAllPermissions(),
// new Permissions( ), false );
}
catch ( NamingException e )
@@ -698,7 +697,7 @@
}
// setup the administrator with all permissions and roles
-// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesByName.values()), getAllPermissions(),
+// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesById.values()), getAllPermissions(),
// new Permissions( ), false );
}
catch ( NamingException e )
@@ -770,7 +769,7 @@
}
// setup the administrator with all permissions and roles
-// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesByName.values()), getAllPermissions(),
+// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesById.values()), getAllPermissions(),
// new Permissions( ), false );
}
catch ( NamingException e )
@@ -847,7 +846,7 @@
}
// setup the administrator with all permissions and roles
-// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesByName.values()), getAllPermissions(),
+// adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", new HashSet<Role>(rolesById.values()), getAllPermissions(),
// new Permissions( ), false );
}
catch ( NamingException e )
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java Sat Oct 20 10:10:15 2007
@@ -121,7 +121,7 @@
//
// }
-// assertEquals( 12, store.getRolesByName().size() );
+// assertEquals( 12, store.getRolesById().size() );
Session p = store.getSession( "nonexistant" );
assertEquals(0, p.getRoles().size() );
@@ -177,16 +177,16 @@
public void XtestGetDependantProfilesRole() throws Exception
{
- Role role0 = store.getRolesByName().get( "mockRole0" );
+ Role role0 = store.getRolesById().get( "mockRole0" );
Set dependents = store.getDependentProfileNames( role0 );
assertEquals( 1, dependents.size() );
- Role role1 = store.getRolesByName().get( "mockRole1" );
+ Role role1 = store.getRolesById().get( "mockRole1" );
dependents = store.getDependentProfileNames( role1 );
assertEquals( 2, dependents.size() );
assertTrue( dependents.contains( "mockProfile1" ) );
- Role role2 = store.getRolesByName().get( "mockRole2" );
+ Role role2 = store.getRolesById().get( "mockRole2" );
dependents = store.getDependentProfileNames( role2 );
assertEquals( 3, dependents.size() );
assertTrue( dependents.contains( "mockProfile1" ) );
@@ -378,7 +378,7 @@
assertFalse( role.getGrantedPermissions().implies(new StringPermission("mockPerm1" )));
// make sure that policy is updated with this new role
- assertEquals( this.role, this.store.getRolesByName().get( "mockRole6" ) );
+ assertEquals( this.role, this.store.getRolesById().get( "mockRole6" ) );
this.role = null;
this.changeType = null;
@@ -419,7 +419,7 @@
assertFalse( role.getGrantedPermissions().implies(new StringPermission("mockPerm1" )));
// make sure that policy is updated with this new role
- assertNull( this.store.getRolesByName().get( "mockRole6" ) );
+ assertNull( this.store.getRolesById().get( "mockRole6" ) );
this.role = null;
this.changeType = null;
@@ -602,7 +602,7 @@
// assertFalse( role.getGrantedPermissions().implies( new StringPermission("mockPerm0" )));
// make sure that policy is updated with this changed role
- assertEquals( role, store.getRolesByName().get( "mockRole1" ) );
+ assertEquals( role, store.getRolesById().get( "mockRole1" ) );
// -------------------------------------------------------------------
// Test Permission Alteration and Notification
@@ -700,8 +700,8 @@
// -------------------------------------------------------------------
reset();
- assertNotNull( store.getRolesByName().get( "mockRole0" ) );
- assertNull( store.getRolesByName().get( "renamed" ) );
+ assertNotNull( store.getRolesById().get( "mockRole0" ) );
+ assertNull( store.getRolesById().get( "renamed" ) );
ctx.rename( "roleName=mockRole0,ou=roles", "roleName=renamed,ou=roles" );
// wait until the object is set or exit in 10 seconds
@@ -725,8 +725,8 @@
// assertNull( profile );
assertNull( permission );
- assertNull( store.getRolesByName().get( "mockRole0" ) );
- assertNotNull( store.getRolesByName().get( "renamed" ) );
+ assertNull( store.getRolesById().get( "mockRole0" ) );
+ assertNotNull( store.getRolesById().get( "renamed" ) );
assertNotNull( role );
assertEquals( "renamed", role.getName() );
assertNotNull( originalName );
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java Sat Oct 20 10:10:15 2007
@@ -92,7 +92,7 @@
// loads the ldifs as a map of LdapNames to Attributes
load( in );
// create the admin profile with all permissions as grants and in all roles
-// this.adminProfile = new Profile( this, "admin", "admin", new HashSet<Role>( rolesByName.values() ), getAllPermissions(),
+// this.adminProfile = new Profile( this, "admin", "admin", new HashSet<Role>( rolesById.values() ), getAllPermissions(),
// new Permissions(), false );
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicyTest.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicyTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/test/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicyTest.java Sat Oct 20 10:10:15 2007
@@ -131,7 +131,7 @@
{
Session p = policy.getSession( "mockProfile0" );
// assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
- assertEquals( 6, policy.getRolesByName().size() );
+ assertEquals( 6, policy.getRolesById().size() );
assertEquals( p, policy.getSession( "mockProfile0" ) );
}
Modified: directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif Sat Oct 20 10:10:15 2007
@@ -465,6 +465,7 @@
objectClass: policyRole
objectClass: top
roleName: mockRole
+roleId:mockRole
dn: roleName=mockRolepg1,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -472,6 +473,7 @@
objectClass: policyRole
grants: mockPerm1
roleName: mockRolepg1
+roleId: mockRolepg1
dn: roleName=mockRolepg2,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -479,6 +481,7 @@
objectClass: policyRole
grants: mockPerm2
roleName: mockRolepg2
+roleId: mockRolepg2
dn: roleName=mockRolepg3,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -486,6 +489,7 @@
objectClass: policyRole
grants: mockPerm3
roleName: mockRolepg3
+roleId: mockRolepg3
dn: roleName=mockRole4,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -497,6 +501,7 @@
grants: mockPerm5
grants: mockPerm4
roleName: mockRole4
+roleId: mockRole4
dn: roleName=mockRole5,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -508,6 +513,7 @@
grants: mockPerm4
denials: mockPerm6
roleName: mockRole5
+roleId: mockRole5
dn: roleName=mockRolerg12,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -516,6 +522,7 @@
grantedRoles: mockRolepg2
grantedRoles: mockRolepg1
roleName: mockRolerg12
+roleId: mockRolerg12
dn: roleName=mockRolepg1rg2,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -524,6 +531,7 @@
grants: mockPerm1
grantedRoles: mockRolepg2
roleName: mockRolepg1rg2
+roleId: mockRolepg1rg2
dn: roleName=mockRolepd1rg1,ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -532,6 +540,7 @@
denials: mockPerm1
grantedRoles: mockRolepg1
roleName: mockRolepd1rg1
+roleId: mockRolepd1rg1
dn: roleName=mockRolerg(rg12)rd(pg1),ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -540,6 +549,7 @@
grantedRoles: mockRolerg12
deniedRoles: mockRolepg1
roleName: mockRolerg(rg12)rd(pg1)
+roleId: mockRolerg(rg12)rd(pg1)
dn: roleName=mockRolerg1(rg(rg12)rd(pg1)),ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
@@ -548,6 +558,7 @@
grantedRoles: mockRolepg1
grantedRoles: mockRolerg(rg12)rd(pg1)
roleName: mockRolerg1(rg(rg12)rd(pg1))
+roleId: mockRolerg1(rg(rg12)rd(pg1))
dn: uid=mockProfilemockRolerg12,ou=users,dc=example,dc=com
changetype: add
Modified: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java Sat Oct 20 10:10:15 2007
@@ -42,13 +42,13 @@
public static final String UNIVERSAL_ROLE_NAME = "org.apache.directory.triplesec.jacc.universal";
private final Application context;
- private final EntityManager entityManager;
private int counter = 0;
+ private static int roleCount = 0;
public DataPolicyConfiguration( String contextID, TripleSecPolicyConfigurationFactory policyConfigurationFactory ) throws PolicyContextException
{
- entityManager = policyConfigurationFactory.getEntityManager();
+ EntityManager entityManager = policyConfigurationFactory.getEntityManager();
Application context;
try
{
@@ -57,7 +57,7 @@
{
context = new Application();
context.setAppName( contextID );
- context.addRole( new Role( UNIVERSAL_ROLE_NAME, "universal role" ) );
+ context.addRole( new Role( UNIVERSAL_ROLE_NAME, getRoleId(), "universal role" ) );
entityManager.persist( context, null );
}
this.context = context;
@@ -176,15 +176,20 @@
return false;
}
- private Role getRole( String roleId )
+ private Role getRole( String roleName )
{
- Role role = context.getRole( roleId );
+ Role role = context.getRole( roleName );
if ( role == null )
{
- role = new Role( roleId, null );
+ role = new Role( roleName, getRoleId(), null );
context.addRole( role );
}
return role;
+ }
+
+ private String getRoleId()
+ {
+ return "roleId" + roleCount++;
}
private synchronized String nextPermissionId()
Modified: directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema?rev=586761&r1=586760&r2=586761&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema (original)
+++ directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema Sat Oct 20 10:10:15 2007
@@ -190,8 +190,8 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.18060.0.4.6.2.207
- NAME 'profileId'
- DESC 'a profile identifier'
+ NAME 'roleId'
+ DESC 'a role identifier'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
@@ -220,7 +220,7 @@
objectclass ( 1.3.6.1.4.1.18060.0.4.6.3.203 NAME 'policyRole'
SUP top
STRUCTURAL
- MUST ( roleName )
+ MUST ( roleName $ roleId )
MAY ( grants $ denials $ grantedRoles $ deniedRoles $ description ) )
objectclass ( 1.3.6.1.4.1.18060.0.4.6.3.204 NAME 'policyUser'