You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/10/20 22:34:14 UTC
svn commit: r586794 - in /directory/sandbox/djencks/triplesec-jacc2:
guardian-api/src/main/java/org/apache/directory/triplesec/guardian/
guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/
itest-data/src/main/resources/
Author: djencks
Date: Sat Oct 20 13:34:14 2007
New Revision: 586794
URL: http://svn.apache.org/viewvc?rev=586794&view=rev
Log:
make application/role relationship work with app tree
Modified:
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java?rev=586794&r1=586793&r2=586794&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java Sat Oct 20 13:34:14 2007
@@ -30,6 +30,7 @@
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
+import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -158,7 +159,7 @@
return permissions;
}
- protected Role addRole( String roleId, Map<String, Attributes> roleAttributes ) throws NamingException
+ protected Role addRole( String roleId, List<Map<String,Attributes>> appRoleAttributes ) throws NamingException
{
Role role = rolesById.get( roleId );
if ( role != null )
@@ -169,11 +170,19 @@
{
throw new GuardianException( "Circular reference to role " + roleId );
}
- Attributes attrs = roleAttributes.get( roleId );
+ Attributes attrs = null;
+ for (Map<String,Attributes> roleAttributes: appRoleAttributes)
+ {
+ attrs = roleAttributes.get( roleId );
+ if (attrs != null)
+ {
+ break;
+ }
+ }
if ( attrs == null )
{
return null;
-// throw new GuardianException( "no role named " + roleId + " found" );
+// throw new GuardianException( "no role named " + roleId + " found" );
}
//mark that we have started looking at this role name
rolesById.put( roleId, null );
@@ -207,17 +216,17 @@
}
attributes = attrs.get( "grantedRoles" );
- Collection<Role> grantedRoles = getRoles( attributes, roleAttributes );
+ Collection<Role> grantedRoles = getRoles( attributes, appRoleAttributes );
attributes = attrs.get( "deniedRoles" );
- Collection<Role> deniedRoles = getRoles( attributes, roleAttributes );
+ Collection<Role> deniedRoles = getRoles( attributes, appRoleAttributes );
role = new Role( this, roleName, roleId, grants, denials, grantedRoles, deniedRoles, getStringAttribute( attrs, "description" ) );
rolesById.put( roleId, role );
return role;
}
- private Collection<Role> getRoles( Attribute attributes, Map<String, Attributes> roleAttributes )
+ private Collection<Role> getRoles( Attribute attributes, List<Map<String, Attributes>> roleAttributes )
throws NamingException
{
Collection<Role> roles = new ArrayList<Role>();
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java?rev=586794&r1=586793&r2=586794&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java Sat Oct 20 13:34:14 2007
@@ -28,6 +28,7 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.Collections;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -69,6 +70,8 @@
/** the profile for the admin user with all rights in all roles */
// private Profile adminProfile;
+ private final List<String> appDns;
+
/**
* Creates an instance of the LDAP ApplicationPolicyStore.
@@ -88,7 +91,7 @@
// extract the applicationRdn from the applicationPrincipalDN
this.applicationRdn = applicationRdn;
-
+ appDns = getAppPath(applicationRdn);
// load the set of permissions associated with this application
loadPermissions();
@@ -121,6 +124,18 @@
initializeNotifications();
}
+ private List<String> getAppPath( String applicationRdn )
+ {
+ List<String> appDns = new ArrayList<String>();
+ while (applicationRdn.startsWith( "appName"))
+ {
+ appDns.add(0, applicationRdn);
+ applicationRdn = applicationRdn.substring( applicationRdn.indexOf( ',') + 1);
+ }
+
+ return appDns;
+ }
+
private boolean initializeNotifications()
{
@@ -150,24 +165,36 @@
{
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes( new String[] { "roleName", "roleId", "grants", "denials", "grantedRoles", "deniedRoles" } );
- ctrls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+ ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+ List<Map<String, Attributes>> appRoleAttributes = new ArrayList<Map<String, Attributes>>();
try
{
- Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
- NamingEnumeration<SearchResult> list = ctx.search( applicationRdn,
- "(objectClass=policyRole)", ctrls );
- while ( list.hasMore() )
+ for ( String appDn: appDns )
{
- SearchResult result = list.next();
- Attributes attributes = result.getAttributes();
- String roleId = getStringAttribute(attributes, "roleId");
- roleAttributes.put(roleId, attributes);
+ Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
+ NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + appDn,
+ "(objectClass=policyRole)", ctrls );
+ while ( list.hasMore() )
+ {
+ SearchResult result = list.next();
+ Attributes attributes = result.getAttributes();
+ String roleId = getStringAttribute(attributes, "roleId");
+ roleAttributes.put(roleId, attributes);
+ }
+ appRoleAttributes.add(roleAttributes);
}
- for (String roleId: roleAttributes.keySet())
+ int end = appRoleAttributes.size();
+ int pos = 0;
+ for ( Map<String, Attributes> roleAttributes: appRoleAttributes )
{
- addRole(roleId, roleAttributes);
+ List<Map<String, Attributes>> childRoleAttributes = appRoleAttributes.subList( pos++, end);
+
+ for (String roleId: roleAttributes.keySet())
+ {
+ addRole(roleId, childRoleAttributes);
+ }
}
}
catch ( NamingException e )
Modified: directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif?rev=586794&r1=586793&r2=586794&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif Sat Oct 20 13:34:14 2007
@@ -454,6 +454,12 @@
objectClass: policyPermission
permName: mockPerm9
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+changetype: add
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
dn: ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
changetype: add
objectClass: top