You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2005/02/23 18:14:35 UTC
svn commit: r155029 [1/2] - in incubator/directory/authx/trunk:
api/src/java/org/apache/authx/authorization/
example/src/java/org/apache/authx/example/web/ example/src/webapp/WEB-INF/
impl/src/java/org/apache/authx/authorization/
impl/src/java/org/apache/authx/authorization/condition/
impl/src/java/org/apache/authx/authorization/effect/
impl/src/java/org/apache/authx/authorization/predicate/
impl/src/test/org/apache/authx/authorization/
impl/src/test/org/apache/authx/authorization/effect/
script/src/java/org/apache/authx/script/xml/
script/src/java/org/apache/authx/script/xml/builder/
script/src/test/org/apache/authx/script/xml/
Author: vtence
Date: Wed Feb 23 09:14:19 2005
New Revision: 155029
URL: http://svn.apache.org/viewcvs?view=rev&rev=155029
Log:
Enhanced AuthorizationRequest to collect rule votes on authorization decision. Rule concept made easier to work with in preparation for scripted rule definitions. Predicate renamed to more appropriate Condition.
Added:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java (with props)
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java (with props)
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java (with props)
incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java (with props)
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java (with props)
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java (with props)
Removed:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchasePredicateBuilder.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/AbstractCombinedEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/predicate/
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndPredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalsePredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupPredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRolePredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernamePredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalPredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrPredicateBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TruePredicateBuilder.java
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorPredicateBuilder.java
Modified:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java
incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+import javax.security.auth.Subject;
+
+public final class AuthorizationRequest
+{
+ private final Subject m_subject;
+ private final Permission m_permission;
+
+ private Effect m_effect;
+
+ public AuthorizationRequest( Subject subject, Permission permission )
+ {
+ m_subject = subject;
+ m_permission = permission;
+ }
+
+ public AuthorizationRequest( Subject subject, Permission permission, Effect initialEffect )
+ {
+ m_subject = subject;
+ m_permission = permission;
+ m_effect = initialEffect;
+ }
+
+ public boolean affectsSuject( Condition condition )
+ {
+ return condition.evaluate( m_subject );
+ }
+
+ public boolean targetsPermission( Condition condition )
+ {
+ return condition.evaluate( m_permission );
+ }
+
+ public Subject getSubject()
+ {
+ return m_subject;
+ }
+
+ public Permission getPermission()
+ {
+ return m_permission;
+ }
+
+ public void grant()
+ {
+ m_effect = m_effect.permit();
+ }
+
+ public void deny()
+ {
+ m_effect = m_effect.deny();
+ }
+
+ public void propagateEffect( AuthorizationRequest other )
+ {
+ m_effect.apply( other );
+ }
+
+ public AuthorizationRequest childRequest( Effect effect )
+ {
+ return new AuthorizationRequest( m_subject, m_permission, effect );
+ }
+
+ public Effect outcome()
+ {
+ return m_effect.reduce();
+ }
+}
Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java (original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java Wed Feb 23 09:14:19 2005
@@ -26,10 +26,10 @@
* by rendering an authorization decision.
* <p>
* At this stage, no abstraction of authorization
- * decision exist and a boolean representation
+ * outcome exist and a boolean representation
* is used. That could change at some point to support
* a richer authorization model that associates positive
- * decisions to sets of obligations to which the client
+ * outcomes to sets of obligations to which the client
* must compell.
*/
public interface Authorizer
Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Condition
+{
+ boolean evaluate( Object o );
+}
Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Effect
+{
+ void apply( AuthorizationRequest request );
+
+ Effect permit();
+
+ Effect deny();
+
+ Effect reduce();
+}
Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java (original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java Wed Feb 23 09:14:19 2005
@@ -21,5 +21,5 @@
*/
public interface Rule
{
- Effect evaluate( AuthorizationRequest request );
+ void evaluate( AuthorizationRequest request );
}
Added: incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.example.web;
+
+import org.apache.authx.script.xml.builder.AbstractElementBuilder;
+import org.apache.authx.authorization.condition.ImpliedPermissionCondition;
+import org.dom4j.Element;
+
+public class CanPurchaseConditionBuilder extends AbstractElementBuilder
+{
+ public boolean canBuild( Element e )
+ {
+ return "buy".equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ float limit = Float.parseFloat( e.attributeValue( "limit" ) );
+ return new ImpliedPermissionCondition( new PurchasePermission( limit ) );
+ }
+}
Propchange: incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy (original)
+++ incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy Wed Feb 23 09:14:19 2005
@@ -22,7 +22,7 @@
policy = new org.apache.authx.authorization.Policy( new org.apache.authx.authorization.effect.PermitOverridesEffect() )
permissions = new java.io.FileReader( "c:/tools/jakarta-tomcat-5.0.28/webapps/authx-example/WEB-INF/permissions.xml" )
policyBuilder = org.apache.authx.script.xml.Dom4JRuleSetBuilder.fromReader( permissions )
- policyBuilder.registerBuilder( new org.apache.authx.example.web.CanPurchasePredicateBuilder() )
+ policyBuilder.registerBuilder( new org.apache.authx.example.web.CanPurchaseConditionBuilder() )
policyBuilder.buildRuleSet( policy )
authorizer = new org.apache.authx.authorization.DefaultAuthorizer( policy );
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java Wed Feb 23 09:14:19 2005
@@ -16,6 +16,7 @@
*/
package org.apache.authx.authorization;
+import org.apache.authx.authorization.effect.LastApplicableEffect;
import org.apache.authx.authorization.effect.Effects;
import javax.security.auth.Subject;
@@ -26,44 +27,40 @@
{
private final Map m_decisions;
private final RuleSet m_ruleSet;
- private boolean m_defaultDecision;
public DefaultAuthorizer( RuleSet ruleSet )
{
m_ruleSet = ruleSet;
- m_defaultDecision = true;
m_decisions = new HashMap();
m_decisions.put( Effects.GRANT, Boolean.TRUE );
- m_decisions.put( Effects.NOT_APPLICABLE, Boolean.TRUE );
- m_decisions.put( Effects.DENY, Boolean.FALSE );
+ m_decisions.put( Effects.NOT_APPLICABLE, Boolean.FALSE );
+ m_decisions.put( Effects.DENY, Boolean.FALSE);
}
public boolean renderDecision( Subject s, Permission p )
{
- AuthorizationRequest request = new SimpleAuthorizationRequest( s, p );
- Effect effect = m_ruleSet.evaluate( request ).reduce();
- Boolean decision = ( Boolean ) m_decisions.get( effect );
+ AuthorizationRequest request = new AuthorizationRequest( s, p, new LastApplicableEffect() );
+ m_ruleSet.evaluate( request );
- return decision != null ? decision.booleanValue() : m_defaultDecision;
- }
+ Effect outcome = request.outcome();
+ if ( unknown( outcome ) ) throw new IllegalArgumentException( "Don't know what to decide on: " + outcome );
+ Boolean decision = (Boolean) m_decisions.get( outcome );
- public void grantOn( Effect effect )
- {
- m_decisions.put( effect, Boolean.TRUE );
+ return decision.booleanValue();
}
- public void denyOn( Effect effect )
+ private boolean unknown( Effect outcome )
{
- m_decisions.put( effect, Boolean.FALSE );
+ return !m_decisions.containsKey( outcome );
}
- public void grantIfUnsure()
+ public void grantOn( Effect effect )
{
- m_defaultDecision = true;
+ m_decisions.put( effect, Boolean.TRUE );
}
- public void denyIfUnsure()
+ public void denyOn( Effect effect )
{
- m_defaultDecision = false;
+ m_decisions.put( effect, Boolean.FALSE );
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java Wed Feb 23 09:14:19 2005
@@ -17,10 +17,8 @@
package org.apache.authx.authorization;
import org.apache.authx.authorization.effect.Effects;
-import org.apache.authx.authorization.predicate.OrPredicate;
-import org.apache.authx.authorization.predicate.Predicates;
-
-import javax.security.auth.Subject;
+import org.apache.authx.authorization.condition.OrCondition;
+import org.apache.authx.authorization.condition.Predicates;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
@@ -28,8 +26,8 @@
public class DefaultRule implements Rule
{
private Effect m_effect;
- private Predicate m_subjectPredicate;
- private Predicate m_permissionPredicate;
+ private Condition m_subjectCondition;
+ private Condition m_permissionCondition;
public DefaultRule()
{
@@ -39,8 +37,8 @@
public DefaultRule( Effect effect )
{
m_effect = effect;
- m_subjectPredicate = Predicates.FALSE;
- m_permissionPredicate = Predicates.FALSE;
+ m_subjectCondition = Predicates.FALSE;
+ m_permissionCondition = Predicates.FALSE;
}
public void setEffect( Effect effect )
@@ -48,33 +46,21 @@
m_effect = effect;
}
- public void matchSubjects( Predicate condition )
- {
- m_subjectPredicate = new OrPredicate( m_subjectPredicate, condition );
- }
-
- public void matchPermissions( Predicate condition )
- {
- m_permissionPredicate = new OrPredicate( m_permissionPredicate, condition );
- }
-
- public Effect evaluate( Subject s, Permission p )
- {
- return matches( s, p ) ? m_effect : Effects.NOT_APPLICABLE;
- }
-
- private boolean matches( Subject s, Permission p )
+ public void matchSubjects( Condition condition )
{
- return m_subjectPredicate.evaluate( s ) && m_permissionPredicate.evaluate( p );
+ m_subjectCondition = new OrCondition( m_subjectCondition, condition );
}
- private boolean isApplicableTo( AuthorizationRequest request )
+ public void matchPermissions( Condition condition )
{
- return request.affectsSubjectMatching( m_subjectPredicate ) && request.targetsPermissionMatching( m_permissionPredicate );
+ m_permissionCondition = new OrCondition( m_permissionCondition, condition );
}
- public Effect evaluate( AuthorizationRequest request )
+ public void evaluate( AuthorizationRequest request )
{
- return isApplicableTo( request ) ? m_effect : Effects.NOT_APPLICABLE;
+ if ( request.affectsSuject( m_subjectCondition ) && request.targetsPermission( m_permissionCondition ) )
+ {
+ m_effect.apply( request );
+ }
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java Wed Feb 23 09:14:19 2005
@@ -16,7 +16,6 @@
*/
package org.apache.authx.authorization;
-import javax.security.auth.Subject;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
@@ -40,17 +39,16 @@
m_rules.add( rule );
}
- public Effect evaluate( AuthorizationRequest request )
+ public void evaluate( AuthorizationRequest request )
{
- Effect decision = m_effect;
+ AuthorizationRequest child = request.childRequest( m_effect );
for ( Iterator it = m_rules.iterator(); it.hasNext(); )
{
- Rule rule = ( Rule ) it.next();
- Effect effect = rule.evaluate( request );
- decision = decision.add( effect );
+ final Rule rule = ( Rule ) it.next();
+ rule.evaluate( child );
}
- return decision;
+ child.propagateEffect( request );
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java Wed Feb 23 09:14:19 2005
@@ -16,19 +16,17 @@
*/
package org.apache.authx.authorization;
-
-
public class PrimitiveRule implements Rule
{
- private final Effect effect;
+ private final Effect m_effect;
public PrimitiveRule( Effect effect )
{
- this.effect = effect;
+ m_effect = effect;
}
- public Effect evaluate( AuthorizationRequest request )
+ public void evaluate( AuthorizationRequest request )
{
- return effect;
+ m_effect.apply( request );
}
}
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+public class AndCondition implements Condition
+{
+ private final Condition m_left;
+ private final Condition m_right;
+
+ public AndCondition( Condition left, Condition right )
+ {
+ m_left = left;
+ m_right = right;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ return m_left.evaluate( o ) && m_right.evaluate( o );
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Permission;
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DependedUponPermissionCondition implements Condition
+{
+ private final Permission m_permission;
+
+ public DependedUponPermissionCondition( Permission permission )
+ {
+ m_permission = permission;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ Permission p = ( Permission ) o;
+ return p.implies( m_permission );
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class EqualCondition implements Condition
+{
+ private final Object m_obj;
+
+ public EqualCondition( Object obj )
+ {
+ m_obj = obj;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ return m_obj.equals( o );
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FalseCondition implements Condition
+{
+ public boolean evaluate( Object o )
+ {
+ return false;
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class HasPrincipalCondition implements Condition
+{
+ private final Principal m_principal;
+
+ public HasPrincipalCondition( Principal principal )
+ {
+ m_principal = principal;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ Subject s = ( Subject ) o;
+
+ for ( Iterator it = s.getPrincipals().iterator(); it.hasNext(); )
+ {
+ Principal p = ( Principal ) it.next();
+ if ( m_principal.equals( p ) ) return true;
+ }
+
+ return false;
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Permission;
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class ImpliedPermissionCondition implements Condition
+{
+ private final Permission m_permission;
+
+ public ImpliedPermissionCondition( Permission permission )
+ {
+ m_permission = permission;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ Permission p = ( Permission ) o;
+ return m_permission.implies( p );
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+public class OrCondition implements Condition
+{
+ private final Condition m_left;
+ private final Condition m_right;
+
+ public OrCondition( Condition left, Condition right )
+ {
+ m_left = left;
+ m_right = right;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ return m_left.evaluate( o ) || m_right.evaluate( o );
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Permission;
+import org.apache.authx.authorization.Condition;
+
+import java.security.Principal;
+
+public final class Predicates
+{
+ public static final Condition TRUE = new TrueCondition();
+ public static final Condition FALSE = new FalseCondition();
+
+ private Predicates()
+ {
+ }
+
+ public static Condition isImplied( Permission p )
+ {
+ return new ImpliedPermissionCondition( p );
+ }
+
+ public static Condition isDependedUpon( Permission p )
+ {
+ return new DependedUponPermissionCondition( p );
+ }
+
+ public static Condition is( Object o )
+ {
+ return new EqualCondition( o );
+ }
+
+ public static Condition hasPrincipal( Principal p )
+ {
+ return new HasPrincipalCondition( p );
+ }
+
+ public static Condition and( Condition p1, Condition p2 )
+ {
+ return new AndCondition( p1, p2 );
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class TrueCondition implements Condition
+{
+ public boolean evaluate( Object o )
+ {
+ return true;
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java Wed Feb 23 09:14:19 2005
@@ -16,6 +16,7 @@
*/
package org.apache.authx.authorization.effect;
+import org.apache.authx.authorization.AuthorizationRequest;
import org.apache.authx.authorization.Effect;
/**
@@ -27,14 +28,9 @@
{
}
- public Effect add( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return this;
- }
-
- public Effect applyTo( Effect effect )
- {
- return effect.deny();
+ request.deny();
}
public Effect permit()
@@ -54,6 +50,6 @@
public String toString()
{
- return "Deny";
+ return "deny";
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
*/
-public class DenyOverridesEffect extends AbstractCombinedEffect
+public class DenyOverridesEffect implements Effect
{
+ private final Effect m_effect;
+
public DenyOverridesEffect()
{
this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
public DenyOverridesEffect( Effect effect )
{
- super( effect );
+ m_effect = effect;
}
- public Effect applyTo( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return m_effect.applyTo( effect );
+ m_effect.apply( request );
}
public Effect permit()
@@ -48,9 +51,13 @@
return Effects.DENY;
}
+ public Effect reduce()
+ {
+ return m_effect.reduce();
+ }
public String toString()
{
- return "Deny Overrides";
+ return "deny overrides";
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
*/
-public class FirstApplicableEffect extends AbstractCombinedEffect
+public class FirstApplicableEffect implements Effect
{
+ private final Effect m_effect;
+
public FirstApplicableEffect()
{
this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
protected FirstApplicableEffect( Effect effect )
{
- super( effect );
+ m_effect = effect;
}
- public Effect applyTo( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return m_effect.applyTo( effect );
+ m_effect.apply( request );
}
public Effect permit()
@@ -48,8 +51,13 @@
return Effects.DENY;
}
+ public Effect reduce()
+ {
+ return m_effect.reduce();
+ }
+
public String toString()
{
- return "First Applicable";
+ return "first applicable";
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java Wed Feb 23 09:14:19 2005
@@ -17,6 +17,7 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
@@ -27,14 +28,9 @@
{
}
- public Effect add( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return this;
- }
-
- public Effect applyTo( Effect effect )
- {
- return effect.permit();
+ request.grant();
}
public Effect permit()
@@ -54,6 +50,6 @@
public String toString()
{
- return "Grant";
+ return "grant";
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
*/
-public class LastApplicableEffect extends AbstractCombinedEffect
+public class LastApplicableEffect implements Effect
{
+ private final Effect m_effect;
+
public LastApplicableEffect()
{
this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
protected LastApplicableEffect( Effect effect )
{
- super( effect );
+ m_effect = effect;
}
- public Effect applyTo( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return m_effect.applyTo( effect );
+ m_effect.apply( request );
}
public Effect permit()
@@ -48,9 +51,13 @@
return new LastApplicableEffect( Effects.DENY );
}
+ public Effect reduce()
+ {
+ return m_effect.reduce();
+ }
public String toString()
{
- return "Last Applicable";
+ return "last applicable";
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java Wed Feb 23 09:14:19 2005
@@ -17,6 +17,7 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
@@ -27,14 +28,8 @@
{
}
- public Effect applyTo( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return effect;
- }
-
- public Effect add( Effect effect )
- {
- return this;
}
public Effect permit()
@@ -54,6 +49,6 @@
public String toString()
{
- return "Not Applicable";
+ return "not applicable";
}
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
/**
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
*/
-public class PermitOverridesEffect extends AbstractCombinedEffect
+public class PermitOverridesEffect implements Effect
{
+ private final Effect m_effect;
+
public PermitOverridesEffect()
{
this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
protected PermitOverridesEffect( Effect effect )
{
- super( effect );
+ m_effect = effect;
}
- public Effect applyTo( Effect effect )
+ public void apply( AuthorizationRequest request )
{
- return m_effect.applyTo( effect );
+ m_effect.apply( request );
}
public Effect permit()
@@ -48,9 +51,13 @@
return new PermitOverridesEffect( Effects.DENY );
}
+ public Effect reduce()
+ {
+ return m_effect.reduce();
+ }
public String toString()
{
- return "Permit Overrides";
+ return "permit overrides";
}
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java Wed Feb 23 09:14:19 2005
@@ -34,21 +34,18 @@
public void testTakesPositiveDecisionIfRuleSuggestsPermission()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.GRANT ) );
- m_authorizer.denyIfUnsure();
assertTrue( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
}
- public void testTakesPositiveDecisionIfRuleIsNotApplicable()
+ public void testTakesNegativeDecisionIfRuleIsNotApplicable()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.NOT_APPLICABLE ) );
- m_authorizer.denyIfUnsure();
- assertTrue( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
+ assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
}
public void testTakesNegativeDecisionIfRuleSuggestDenial()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
- m_authorizer.grantIfUnsure();
assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
}
@@ -66,10 +63,9 @@
assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
}
- public void testEffectsAreReducedBeforeTakingDecision()
+ public void testMakesDecisionBasedOnPrimitiveEffect()
{
m_authorizer = new DefaultAuthorizer( new Policy( new PermitOverridesEffect() ) );
- m_authorizer.grantIfUnsure();
m_authorizer.denyOn( Effects.NOT_APPLICABLE );
assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java Wed Feb 23 09:14:19 2005
@@ -16,11 +16,12 @@
*/
package org.apache.authx.authorization;
+import org.apache.authx.authorization.condition.FalseCondition;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.apache.authx.authorization.condition.ImpliedPermissionCondition;
+import org.apache.authx.authorization.condition.TrueCondition;
import org.apache.authx.authorization.effect.Effects;
-import org.apache.authx.authorization.predicate.FalsePredicate;
-import org.apache.authx.authorization.predicate.HasPrincipalPredicate;
-import org.apache.authx.authorization.predicate.ImpliedPermissionPredicate;
-import org.apache.authx.authorization.predicate.TruePredicate;
+import org.apache.authx.authorization.effect.LastApplicableEffect;
import org.apache.authx.testmodel.Subjects;
import org.apache.authx.testmodel.Usernames;
import org.jmock.MockObjectTestCase;
@@ -45,42 +46,64 @@
public void testEvaluatesToRuleEffectIfTargetVerifiesCondition()
{
m_rule.setEffect( Effects.DENY );
- m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
- m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
- assertEquals( Effects.DENY, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ));
+ m_rule.matchSubjects( new HasPrincipalCondition( Usernames.john() ) );
+ m_rule.matchPermissions( new ImpliedPermissionCondition( new SomePermission() ) );
+
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+
+ assertEquals( Effects.DENY, request.outcome() );
}
public void testSubjectConditionsAreCombinedIntoAnOrOperation()
{
m_rule.setEffect( Effects.GRANT );
- m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
- m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
- m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.joe(), new SomePermission() ) ) );
+ m_rule.matchSubjects( new HasPrincipalCondition( Usernames.john() ) );
+ m_rule.matchSubjects( new HasPrincipalCondition( Usernames.joe() ) );
+ m_rule.matchPermissions( new ImpliedPermissionCondition( new SomePermission() ) );
+
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.joe(), new SomePermission(), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testPermissionConditionsAreCombinedIntoAnOrOperation()
{
m_rule.setEffect( Effects.GRANT );
- m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
- m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "foo" ) ) );
- m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "bar" ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ) ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ) ) ) );
+ m_rule.matchSubjects( new HasPrincipalCondition( Usernames.john() ) );
+ m_rule.matchPermissions( new ImpliedPermissionCondition( new BasicPermission( "foo" ) ) );
+ m_rule.matchPermissions( new ImpliedPermissionCondition( new BasicPermission( "bar" ) ) );
+
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testIsNotApplicableIfSubjectConditionIsNotVerified()
{
- m_rule.matchSubjects( new FalsePredicate() );
- m_rule.matchPermissions( new TruePredicate() );
- assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+ m_rule.matchSubjects( new FalseCondition() );
+ m_rule.matchPermissions( new TrueCondition() );
+
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
}
public void testIsNotApplicableIfPermissionConditionIsNotVerified()
{
- m_rule.matchSubjects( new TruePredicate() );
- m_rule.matchPermissions( new FalsePredicate() );
- assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+ m_rule.matchSubjects( new TrueCondition() );
+ m_rule.matchPermissions( new FalseCondition() );
+
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+ m_rule.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
}
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java Wed Feb 23 09:14:19 2005
@@ -16,26 +16,33 @@
*/
package org.apache.authx.authorization;
-import junit.framework.TestCase;
import org.apache.authx.authorization.effect.Effects;
import org.apache.authx.authorization.effect.PermitOverridesEffect;
+import org.apache.authx.authorization.effect.LastApplicableEffect;
+import org.jmock.MockObjectTestCase;
import javax.security.auth.Subject;
-public class PolicyTest extends TestCase
+public class PolicyTest extends MockObjectTestCase
{
public void testRendersDefaultDecisionWhenEmpty()
{
Policy policy = new Policy( new PermitOverridesEffect() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( new Subject(), new SomePermission(), new LastApplicableEffect() );
+ policy.evaluate( request );
+
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
}
public void testCombinesResultOfContainedRulesEvaluation()
{
Policy policy = new Policy( new PermitOverridesEffect() );
- policy.addRule( new PrimitiveRule( Effects.DENY ) );
policy.addRule( new PrimitiveRule( Effects.GRANT ) );
+ policy.addRule( new PrimitiveRule( Effects.DENY ) );
+
+ AuthorizationRequest request = new AuthorizationRequest( new Subject(), new SomePermission(), new LastApplicableEffect() );
+ policy.evaluate( request );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
+ assertEquals( Effects.GRANT, request.outcome() );
}
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java Wed Feb 23 09:14:19 2005
@@ -16,10 +16,10 @@
*/
package org.apache.authx.authorization.effect;
+import junit.framework.TestCase;
import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
-public class DenyOverridesEffectTest extends MockObjectTestCase
+public class DenyOverridesEffectTest extends TestCase
{
public void testDefaultsToNotApplicable()
{
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java Wed Feb 23 09:14:19 2005
@@ -17,9 +17,9 @@
package org.apache.authx.authorization.effect;
import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
+import junit.framework.TestCase;
-public class FirstApplicableEffectTest extends MockObjectTestCase
+public class FirstApplicableEffectTest extends TestCase
{
public void testDefaultsToNotApplicable()
{
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java Wed Feb 23 09:14:19 2005
@@ -16,10 +16,10 @@
*/
package org.apache.authx.authorization.effect;
+import junit.framework.TestCase;
import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
-public class LastApplicableEffectTest extends MockObjectTestCase
+public class LastApplicableEffectTest extends TestCase
{
public void testDefaultsToNotApplicable()
{
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java Wed Feb 23 09:14:19 2005
@@ -16,10 +16,10 @@
*/
package org.apache.authx.authorization.effect;
+import junit.framework.TestCase;
import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
-public class PermitOverridesEffectTest extends MockObjectTestCase
+public class PermitOverridesEffectTest extends TestCase
{
public void testDefaultsToNotApplicable()
{
Modified: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java (original)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java Wed Feb 23 09:14:19 2005
@@ -19,15 +19,15 @@
import org.apache.authx.authorization.Rule;
import org.apache.authx.authorization.RuleSet;
import org.apache.authx.script.RuleSetBuilder;
-import org.apache.authx.script.xml.builder.AndPredicateBuilder;
+import org.apache.authx.script.xml.builder.AndConditionBuilder;
import org.apache.authx.script.xml.builder.DenyRuleBuilder;
-import org.apache.authx.script.xml.builder.FalsePredicateBuilder;
+import org.apache.authx.script.xml.builder.FalseConditionBuilder;
import org.apache.authx.script.xml.builder.GrantRuleBuilder;
-import org.apache.authx.script.xml.builder.HasGroupPredicateBuilder;
-import org.apache.authx.script.xml.builder.HasRolePredicateBuilder;
-import org.apache.authx.script.xml.builder.HasUsernamePredicateBuilder;
-import org.apache.authx.script.xml.builder.OrPredicateBuilder;
-import org.apache.authx.script.xml.builder.TruePredicateBuilder;
+import org.apache.authx.script.xml.builder.HasGroupConditionBuilder;
+import org.apache.authx.script.xml.builder.HasRoleConditionBuilder;
+import org.apache.authx.script.xml.builder.HasUsernameConditionBuilder;
+import org.apache.authx.script.xml.builder.OrConditionBuilder;
+import org.apache.authx.script.xml.builder.TrueConditionBuilder;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
@@ -91,15 +91,15 @@
{
m_buildingContext.registerBuilder( new GrantRuleBuilder() );
m_buildingContext.registerBuilder( new DenyRuleBuilder() );
- m_buildingContext.registerBuilder( new AndPredicateBuilder( "subject" ) );
- m_buildingContext.registerBuilder( new TruePredicateBuilder() );
- m_buildingContext.registerBuilder( new FalsePredicateBuilder() );
- m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );
- m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );
- m_buildingContext.registerBuilder( new HasGroupPredicateBuilder() );
- m_buildingContext.registerBuilder( new HasRolePredicateBuilder() );
- m_buildingContext.registerBuilder( new AndPredicateBuilder() );
- m_buildingContext.registerBuilder( new OrPredicateBuilder() );
+ m_buildingContext.registerBuilder( new AndConditionBuilder( "subject" ) );
+ m_buildingContext.registerBuilder( new TrueConditionBuilder() );
+ m_buildingContext.registerBuilder( new FalseConditionBuilder() );
+ m_buildingContext.registerBuilder( new HasUsernameConditionBuilder() );
+ m_buildingContext.registerBuilder( new HasUsernameConditionBuilder() );
+ m_buildingContext.registerBuilder( new HasGroupConditionBuilder() );
+ m_buildingContext.registerBuilder( new HasRoleConditionBuilder() );
+ m_buildingContext.registerBuilder( new AndConditionBuilder() );
+ m_buildingContext.registerBuilder( new OrConditionBuilder() );
}
}
Modified: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java (original)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java Wed Feb 23 09:14:19 2005
@@ -18,7 +18,7 @@
import org.apache.authx.authorization.DefaultRule;
import org.apache.authx.authorization.Effect;
-import org.apache.authx.authorization.Predicate;
+import org.apache.authx.authorization.Condition;
import org.dom4j.Element;
import java.util.Iterator;
@@ -48,9 +48,9 @@
return rule;
}
- private Predicate predicate( Element e )
+ private Condition predicate( Element e )
{
- return ( Predicate ) getParent().buildFrom( e );
+ return ( Condition ) getParent().buildFrom( e );
}
private void setPermissionPredicate( DefaultRule rule, Element element )
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.Condition;
+import org.apache.authx.authorization.condition.AndCondition;
+import org.apache.authx.authorization.condition.Predicates;
+
+public class AndConditionBuilder
+ extends LogicalConditionBuilder
+{
+ public AndConditionBuilder()
+ {
+ this( "and" );
+ }
+
+ public AndConditionBuilder( String elementName )
+ {
+ super( elementName );
+ }
+
+ protected Condition getSeed()
+ {
+ return Predicates.TRUE;
+ }
+
+ public Condition compute( Condition left, Condition right )
+ {
+ return new AndCondition( left, right );
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.condition.Predicates;
+import org.dom4j.Element;
+
+public class FalseConditionBuilder extends AbstractElementBuilder
+{
+ private final String m_elementName;
+
+ public FalseConditionBuilder()
+ {
+ this( "none" );
+ }
+
+ public FalseConditionBuilder( String elementName )
+ {
+ m_elementName = elementName;
+ }
+
+ public boolean canBuild( Element e )
+ {
+ return m_elementName.equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ return Predicates.FALSE;
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authentication.attribute.GroupPrincipal;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.dom4j.Element;
+
+public class HasGroupConditionBuilder extends AbstractElementBuilder
+{
+ private final String m_elementName;
+
+ public HasGroupConditionBuilder()
+ {
+ this( "group" );
+ }
+
+ public HasGroupConditionBuilder( String elementName )
+ {
+ m_elementName = elementName;
+ }
+
+ public boolean canBuild( Element e )
+ {
+ return m_elementName.equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ return new HasPrincipalCondition( new GroupPrincipal( e.getTextTrim() ) );
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authentication.attribute.RolePrincipal;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.dom4j.Element;
+
+public class HasRoleConditionBuilder extends AbstractElementBuilder
+{
+ private final String m_elementName;
+
+ public HasRoleConditionBuilder()
+ {
+ this( "role" );
+ }
+
+ public HasRoleConditionBuilder( String elementName )
+ {
+ m_elementName = elementName;
+ }
+
+ public boolean canBuild( Element e )
+ {
+ return m_elementName.equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ return new HasPrincipalCondition( new RolePrincipal( e.getTextTrim() ) );
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authentication.realm.UsernamePrincipal;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.dom4j.Element;
+
+public class HasUsernameConditionBuilder extends AbstractElementBuilder
+{
+ private final String m_elementName;
+
+ public HasUsernameConditionBuilder()
+ {
+ this( "username" );
+ }
+
+ public HasUsernameConditionBuilder( String elementName )
+ {
+ m_elementName = elementName;
+ }
+
+ public boolean canBuild( Element e )
+ {
+ return m_elementName.equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ return new HasPrincipalCondition( new UsernamePrincipal( e.getTextTrim() ) );
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *