You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/01/02 00:49:10 UTC
svn commit: r491704 - in /directory/sandbox/triplesec-jacc:
admin-api/src/main/java/org/safehaus/triplesec/admin/
admin-api/src/main/java/org/safehaus/triplesec/admin/dao/
admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/
admin-api/src/tes...
Author: djencks
Date: Mon Jan 1 15:49:09 2007
New Revision: 491704
URL: http://svn.apache.org/viewvc?view=rev&rev=491704
Log:
Fix a lot of bugs so at least some of the jacc permission installation works. Includes a simple test.
Added:
directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml (with props)
directory/sandbox/triplesec-jacc/jacc/src/test/
directory/sandbox/triplesec-jacc/jacc/src/test/java/
directory/sandbox/triplesec-jacc/jacc/src/test/java/org/
directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/
directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/
directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/
directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/
directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java (with props)
Modified:
directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java
directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java
directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java
directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif
directory/sandbox/triplesec-jacc/jaas/pom.xml
directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
directory/sandbox/triplesec-jacc/jacc/pom.xml
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java
Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java Mon Jan 1 15:49:09 2007
@@ -35,4 +35,14 @@
{
super( msg );
}
+
+ public DataAccessException( String msg, Throwable t )
+ {
+ super( msg, t );
+ }
+
+ public DataAccessException( Throwable t )
+ {
+ super( t );
+ }
}
Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java Mon Jan 1 15:49:09 2007
@@ -28,7 +28,7 @@
import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class PermissionActions extends AdministeredEntity implements Constants {
@@ -39,7 +39,7 @@
Date modifyTimestamp, PermissionActionsDao dao, String permissionName, Set<String> actions) {
super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
this.permissionName = permissionName;
- this.actions = new HashSet<String>(actions);
+ this.actions = actions == null? new HashSet<String>(): new HashSet<String>(actions);
}
public String getPermissionName() {
Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java Mon Jan 1 15:49:09 2007
@@ -44,13 +44,13 @@
PermissionClass rename( String contextDn, String newPermClassName, PermissionClass permClass )
throws DataAccessException;
- PermissionClass load( String applicationName, String name )
+ PermissionClass load( String contextDn, String name )
throws DataAccessException;
- boolean has( String applicationName, String name )
+ boolean has( String contextDn, String name )
throws DataAccessException;
- Iterator permissionClassNameIterator( String applicationName )
+ Iterator permissionClassNameIterator( String contextDn )
throws DataAccessException;
}
Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java Mon Jan 1 15:49:09 2007
@@ -138,11 +138,11 @@
catch ( NamingException e )
{
log.error( "Unexpected failure", e );
- throw new DataAccessException( e.getMessage() );
+ throw new DataAccessException( e.getMessage(), e );
}
}
-
-
+
+
public void delete( String contextDn, String permClassName )
throws DataAccessException
{
@@ -172,7 +172,7 @@
String permClassName ) throws DataAccessException
{
String rdn = getRelativeDn( contextDn, permClassName );
-
+
// try
// {
// ctx.modifyAttributes( rdn, mods );
@@ -196,18 +196,18 @@
// log.error( msg, e );
// throw new NoSuchEntryException( msg );
// }
-
+
return new PermissionClass( creatorsName, createTimestamp, this.principalName,
new Date( System.currentTimeMillis() ), this, permClassName, null, null );
}
-
-
+
+
public PermissionClass rename( String contextDn, String newPermClassName, PermissionClass permClass )
throws DataAccessException
{
String oldRdn = getRelativeDn( contextDn, permClass.getPermissionClassName() );
String newRdn = getRelativeDn( contextDn, newPermClassName );
-
+
try
{
ctx.rename( oldRdn, newRdn );
@@ -236,13 +236,13 @@
log.error( msg, e );
throw new DataAccessException( msg );
}
-
+
return new PermissionClass( permClass.getCreatorsName(), permClass.getCreateTimestamp(), principalName,
- new Date( System.currentTimeMillis() ),
+ new Date( System.currentTimeMillis() ),
this, newPermClassName, permClass.getGrants(), permClass.getDenials() );
}
-
-
+
+
public PermissionClass load( String contextDn, String permClassName )
throws DataAccessException
{
@@ -286,13 +286,13 @@
return new PermissionClass( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this,
permClassName, grants, denials );
}
-
-
+
+
public boolean has( String appName, String permClassName )
throws DataAccessException
{
String rdn = getRelativeDn( appName, permClassName );
-
+
try
{
ctx.getAttributes( rdn );
@@ -307,8 +307,8 @@
return false;
}
}
-
-
+
+
public Iterator permissionClassNameIterator( String contextDn ) throws DataAccessException
{
SearchControls controls = new SearchControls();
@@ -332,7 +332,7 @@
// Private utility methods
// -----------------------------------------------------------------------
-
+
private String getRelativeDn( String contextDn, String permName )
{
StringBuffer buf = new StringBuffer();
Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java Mon Jan 1 15:49:09 2007
@@ -142,7 +142,9 @@
modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
for (Iterator iterator = permissionClassDao.permissionClassNameIterator(rdn); iterator.hasNext();) {
- permissionClasses.add((PermissionClass) iterator.next());
+ String permissionClassName = (String) iterator.next();
+ PermissionClass permissionClass = permissionClassDao.load(rdn, permissionClassName);
+ permissionClasses.add(permissionClass);
}
}
Modified: directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java Mon Jan 1 15:49:09 2007
@@ -53,17 +53,17 @@
private DirContext ctx;
private TriplesecAdmin admin;
-
+
public IntegrationTest() throws Exception
{
super();
}
-
+
public void setUp() throws Exception
{
super.setUp();
-
+
props = new Properties();
props.setProperty( DaoFactory.IMPLEMENTATION_CLASS, LdapDaoFactory.class.getName() );
props.setProperty( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
@@ -76,14 +76,14 @@
factory = DaoFactory.createInstance( props );
ctx = new InitialDirContext( props );
admin = new TriplesecAdmin( props );
-
+
assertNotNull( factory );
}
-
+
/**
* Tests the following {@link LdapPermissionClassDao} methods:
- *
+ *
* <ul>
* <li>{@link PermissionClassDao#delete(String, String)}</li>
* <li>{@link PermissionClassDao#load(String, String)}</li>
@@ -93,17 +93,25 @@
* <li>{@link PermissionClassDao#permissionClassNameIterator(String)}</li>
* </ul>
*/
- public void XtestPermissionClassDao() throws Exception
+ public void testPermissionClassDao() throws Exception
{
PermissionClassDao dao = factory.getPermissionClassDao();
-
+
+ PermissionActions permissionActions = new PermissionActions(null, null, null, null, factory.getPermissionActionsDao(), "foo", null);
+ Set<PermissionActions> grants = new HashSet<PermissionActions>();
+ grants.add(permissionActions);
// add a permission via add( String, String )
- dao.add( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications", getName() + "0", null, null );
- Attributes attrs = ctx.getAttributes( "permClassName=" + getName() + "0, " + "" +
- "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications" );
- assertEquals( getName() + "0", ( String ) attrs.get( "permClassName" ).get() );
+ String contextDn = "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications";
+ String permClassName = getName() + "0";
+ dao.add( contextDn, permClassName, grants, null );
+ String permClassDn = "permClassName=" + permClassName + "," + contextDn;
+ Attributes attrs = ctx.getAttributes( permClassDn );
+ assertEquals( permClassName, ( String ) attrs.get( "permClassName" ).get() );
assertNull( attrs.get( "description" ) );
-
+
+ Attributes permAttrs = ctx.getAttributes("grant=foo," + permClassDn);
+ assertEquals( "foo", ( String ) permAttrs.get( "grant" ).get() );
+
// add a permission via add( String, StringPermission )
// PermissionModifier modifier = new PermissionModifier( dao, "mockApplication", getName() + "1" );
// modifier.setDescription( "a non-null description" ).add();
Modified: directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java (original)
+++ directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java Mon Jan 1 15:49:09 2007
@@ -274,14 +274,15 @@
*/
private void init() throws Exception
{
- this.resourcesDirectory = new File ( System.getProperties().getProperty(
+ resourcesDirectory = new File ( System.getProperties().getProperty(
RESOURCES_DIRECTORY, "src/test/resources" ) );
if ( ! resourcesDirectory.exists() )
{
String msg = "The configuration resources directory '" +
resourcesDirectory + "' does not exist will search classpath for resources";
- fail( msg );
+ resourcesDirectory = null;
+ log.error( msg );
}
// --------------------------------------------------------------------
@@ -312,18 +313,20 @@
File webappsDir = new File( serverHome, "webapps" );
webappsDir.mkdir();
initWebapps( webappsDir );
-
- FileUtils.copyFileToDirectory( new File( resourcesDirectory, "server.xml" ), confDir );
- File [] ldifFiles = resourcesDirectory.listFiles( new FileFilter()
- {
- public boolean accept( File file )
+
+ if (resourcesDirectory != null) {
+ FileUtils.copyFileToDirectory( new File( resourcesDirectory, "server.xml" ), confDir );
+ File [] ldifFiles = resourcesDirectory.listFiles( new FileFilter()
{
- return file.getName().endsWith( "ldif" );
+ public boolean accept( File file )
+ {
+ return file.getName().endsWith( "ldif" );
+ }
+ });
+ for ( int ii = 0; ii < ldifFiles.length; ii++ )
+ {
+ FileUtils.copyFileToDirectory( ldifFiles[ii], confDir );
}
- });
- for ( int ii = 0; ii < ldifFiles.length; ii++ )
- {
- FileUtils.copyFileToDirectory( ldifFiles[ii], confDir );
}
}
Modified: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif Mon Jan 1 15:49:09 2007
@@ -349,6 +349,16 @@
objectClass: organizationalUnit
ou: roles
+dn: roleName=org.apache.directory.triplesec.jacc.unchecked,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: org.apache.directory.triplesec.jacc.unchecked
+
+dn: roleName=org.apache.directory.triplesec.jacc.excluded,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: org.apache.directory.triplesec.jacc.excluded
+
dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
objectClass: policyRole
objectClass: top
@@ -454,7 +464,7 @@
dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
objectClass: top
objectClass: policyProfile
-profileId: mockProfile0
+profileId: mockProfile0
user: akarasulu
dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
Added: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml?view=auto&rev=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml (added)
+++ directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml Mon Jan 1 15:49:09 2007
@@ -0,0 +1,250 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+ "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+ <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+ <property name="properties">
+ <props>
+ <prop key="java.naming.security.authentication">simple</prop>
+ <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+ <prop key="java.naming.security.credentials">secret</prop>
+ <prop key="java.naming.provider.url">dc=example,dc=com</prop>
+ <prop key="java.naming.factory.state">org.safehaus.triplesec.store.ProfileStateFactory</prop>
+ <prop key="java.naming.factory.object">org.safehaus.triplesec.store.ProfileObjectFactory</prop>
+
+ <prop key="kdc.primary.realm">EXAMPLE.COM</prop>
+ <prop key="kdc.principal">krbtgt/EXAMPLE.COM@EXAMPLE.COM</prop>
+ <prop key="kdc.encryption.types">des-cbc-md5 des3-cbc-sha1 des3-cbc-md5 des-cbc-md4 des-cbc-crc</prop>
+ <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
+ <prop key="kdc.java.naming.security.credentials">secret</prop>
+
+ <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
+ <prop key="changepw.java.naming.security.credentials">secret</prop>
+ <prop key="changepw.principal">kadmin/changepw@EXAMPLE.COM</prop>
+
+ <!-- All times are in minutes -->
+ <prop key="kdc.allowable.clockskew">5</prop>
+ <prop key="kdc.tgs.maximum.ticket.lifetime">1440</prop>
+ <prop key="kdc.tgs.maximum.renewable.lifetime">10080</prop>
+ <prop key="kdc.pa.enc.timestamp.required">true</prop>
+ <prop key="kdc.tgs.empty.addresses.allowed">true</prop>
+ <prop key="kdc.tgs.forwardable.allowed">true</prop>
+ <prop key="kdc.tgs.proxiable.allowed">true</prop>
+ <prop key="kdc.tgs.postdate.allowed">true</prop>
+ <prop key="kdc.tgs.renewable.allowed">true</prop>
+
+ <prop key="safehaus.entry.basedn">ou=Users,dc=example,dc=com</prop>
+ <prop key="safehaus.load.testdata">true</prop>
+ <prop key="kerberos.sam.type.7">org.safehaus.triplesec.verifier.hotp.DefaultHotpSamVerifier</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean id="configuration" class="org.safehaus.triplesec.configuration.MutableTriplesecStartupConfiguration">
+ <property name="workingDirectory"><value>partitions</value></property>
+ <property name="allowAnonymousAccess"><value>false</value></property>
+ <property name="accessControlEnabled"><value>true</value></property>
+ <property name="ldapPort"><value>10389</value></property>
+ <property name="enableKerberos"><value>true</value></property>
+ <property name="enableNtp"><value>false</value></property>
+ <property name="enableChangePassword"><value>true</value></property>
+
+ <!-- Uncomment below to have the server load entries on startup! -->
+ <!-- ldifDirectory property can point to a relative file, directory or -->
+ <!-- can point to an absolute path to either using the URL path -->
+ <!-- notation: i.e. file:///Users/jack/apacheds/ldifs -->
+
+ <!-- Entries will optionally be filtered using LdifLoadFilters in the -->
+ <!-- order specified. The included Krb5KdcEntryFilter will filter -->
+ <!-- kerberos principals creating keys for them using their -->
+ <!-- userPassword attribute if present. -->
+
+ <!-- If missing the Triplesec server will use LDIF files under the conf -->
+ <!-- directory where it has been installed. -->
+
+ <!--
+ <property name="ldifDirectory">
+ <value>example.ldif</value>
+ </property>
+ -->
+ <property name="ldifFilters">
+ <list>
+ <bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
+ </list>
+ </property>
+
+ <property name="activationConfiguration">
+ <bean class="org.safehaus.triplesec.configuration.ActivationConfiguration">
+ <property name="enableDecoyMidlet"><value>true</value></property>
+ <property name="otpLength"><value>6</value></property>
+ <property name="midletNameAttribute"><value>midletNameAttribute</value></property>
+ </bean>
+ </property>
+
+ <property name="smsConfiguration">
+ <bean class="org.safehaus.triplesec.configuration.SmsConfiguration">
+ <property name="smsUsername"><value>hauskeys</value></property>
+ <property name="smsPassword"><value>secret</value></property>
+ <property name="smsAccountName"><value>demo</value></property>
+ <property name="smsTransportUrl"><value>http://www.nbroadcasting.com/customers/messages/Sender.asp</value></property>
+ </bean>
+ </property>
+
+ <property name="smtpConfiguration">
+ <bean class="org.safehaus.triplesec.configuration.SmtpConfiguration">
+ <property name="smtpAuthenticate"><value>false</value></property>
+ <!-- uncomment and set above property if authentication is required by mail server
+ <property name="smtpUsername"><value>hauskeys</value></property>
+ <property name="smtpPassword"><value>secret</value></property>
+ -->
+ <property name="smtpHost"><value>localhost</value></property>
+ <property name="smtpSubject"><value>Triplesec Account Activated</value></property>
+ <property name="smtpFrom"><value>dev@safehaus.org</value></property>
+ </bean>
+ </property>
+
+ <property name="contextPartitionConfigurations">
+ <set>
+ <ref bean="examplePartitionConfiguration"/>
+ </set>
+ </property>
+ <property name="bootstrapSchemas">
+ <set>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CoreSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CosineSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.ApacheSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CollectiveSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.JavaSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.SystemSchema"/>
+ <bean class="org.safehaus.triplesec.store.schema.SafehausSchema"/>
+ </set>
+ </property>
+
+ <property name="extendedOperationHandlers">
+ <list>
+ <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
+ <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
+ </list>
+ </property>
+
+ <property name="interceptorConfigurations">
+ <list>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>normalizationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.normalization.NormalizationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>authenticationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.authn.AuthenticationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>referralService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.referral.ReferralService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>authorizationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.authz.AuthorizationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>defaultAuthorizationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.authz.DefaultAuthorizationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>exceptionService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.exception.ExceptionService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>schemaService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.schema.SchemaService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>subentryService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.subtree.SubentryService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>operationalAttributeService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.operational.OperationalAttributeService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>collectiveAttributeService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.collective.CollectiveAttributeService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>eventService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.event.EventService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>policyProtectionService</value></property>
+ <property name="interceptor">
+ <bean class="org.safehaus.triplesec.store.interceptor.PolicyProtectionInterceptor" />
+ </property>
+ </bean>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="examplePartitionConfiguration" class="org.apache.directory.server.core.configuration.MutablePartitionConfiguration">
+ <property name="name"><value>example</value></property>
+ <property name="suffix"><value>dc=example,dc=com</value></property>
+ <property name="indexedAttributes">
+ <set>
+ <value>objectClass</value>
+ <value>ou</value>
+ <value>dc</value>
+ <value>uid</value>
+ <value>profileId</value>
+ <value>roles</value>
+ <!--<value>grants</value>-->
+ <!--<value>denials</value>-->
+ <value>krb5PrincipalName</value>
+ </set>
+ </property>
+ <property name="contextEntry">
+ <value>
+ objectClass: top
+ objectClass: domain
+ objectClass: extensibleObject
+ dc: example
+ administrativeRole: accessControlSpecificArea
+ administrativeRole: collectiveAttributeSpecificArea
+ </value>
+ </property>
+ </bean>
+
+ <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+ <property name="customEditors">
+ <map>
+ <entry key="javax.naming.directory.Attributes">
+ <bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
+ </entry>
+ </map>
+ </property>
+ </bean>
+</beans>
Propchange: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: directory/sandbox/triplesec-jacc/jaas/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/pom.xml?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jaas/pom.xml Mon Jan 1 15:49:09 2007
@@ -60,6 +60,7 @@
<groupId>${pom.groupId}</groupId>
<artifactId>triplesec-integration</artifactId>
<version>${pom.version}</version>
+ <scope>test</scope>
</dependency>
<dependency>
Modified: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java Mon Jan 1 15:49:09 2007
@@ -36,10 +36,11 @@
import org.safehaus.triplesec.guardian.RealmPolicy;
import org.safehaus.triplesec.guardian.RealmPolicyFactory;
+import org.safehaus.triplesec.guardian.StringPermission;
import org.safehaus.triplesec.integration.TriplesecIntegration;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class SafehausLoginModuleIntegrationTest extends TriplesecIntegration {
@@ -109,6 +110,9 @@
assertEquals(1, subject.getPrincipals().size());
Principal p = subject.getPrincipals().iterator().next();
assertTrue(p instanceof SafehausPrincipal);
+ assertTrue(((SafehausPrincipal)p).getAuthorizationProfile("mockApplication").implies(new StringPermission("mockPerm0")));
+ assertTrue(((SafehausPrincipal)p).getAuthorizationProfile("mockApplication").implies(new StringPermission("mockPerm1")));
+ assertFalse(((SafehausPrincipal)p).getAuthorizationProfile("mockApplication").implies(new StringPermission("mockPerm2")));
}
private static class TestCallbackHandler implements CallbackHandler {
Modified: directory/sandbox/triplesec-jacc/jacc/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/pom.xml?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jacc/pom.xml Mon Jan 1 15:49:09 2007
@@ -44,6 +44,26 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>triplesec-guardian-ldap</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-integration</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-j2ee-jacc_1.0_spec</artifactId>
</dependency>
@@ -69,6 +89,95 @@
</plugin>
</plugins>
</build>
-
+ <profiles>
+ <profile>
+ <id>no-integration-tests</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test</value>
+ </property>
+ </systemProperties>
+
+ <excludes>
+ <exclude>**/*ITest.java</exclude>
+ <exclude>**/*IntegrationTest.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>validate</phase>
+ <configuration>
+ <tasks>
+ <echo>
+ =================================================================
+ W A R N I N G
+ -------------
+
+ Integration tests have been disabled. To enable integration
+ tests run maven with the -Dintegration switch.
+ =================================================================
+ </echo>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>integration</id>
+ <activation>
+ <property>
+ <name>integration</name>
+ </property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>dependency-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-itest-data</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+ </configuration>
+ </execution>
+
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
</project>
Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java Mon Jan 1 15:49:09 2007
@@ -110,12 +110,13 @@
}
public void delete() throws PolicyContextException {
- state = DELETED;
getDataPolicyConfiguration().delete();
+ state = DELETED;
}
public void commit() throws PolicyContextException {
getDataPolicyConfiguration().commit();
+ state = IN_SERVICE;
}
public boolean inService() throws PolicyContextException {
Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java Mon Jan 1 15:49:09 2007
@@ -28,16 +28,15 @@
import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class Permission {
private final String name;
private final Set<String> actionsSet = new HashSet<String>();
- public Permission(String name, String action) {
+ public Permission(String name) {
this.name = name;
- this.actionsSet.add(action);
}
public String getName() {
Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java Mon Jan 1 15:49:09 2007
@@ -29,11 +29,12 @@
import org.safehaus.triplesec.admin.DataAccessException;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class PermissionClass {
private final String permissionClassName;
+ private final boolean hasActions = false;
private final Map<String, Permission> grants = new HashMap<String, Permission>();
private final Map<String, Permission> denials = new HashMap<String, Permission>();
@@ -83,16 +84,16 @@
StringBuffer buf = new StringBuffer();
buf.append( "permClassName=" ).append( permName );
buf.append(",").append( contextDn );
- buf.append(",");
return buf.toString();
}
private void addPermission(String permissionName, String actions, Map<String, Permission> permissionMap) {
Permission permission = permissionMap.get(permissionName);
if (permission == null) {
- permission = new Permission(permissionName, actions);
+ permission = new Permission(permissionName);
permissionMap.put(permissionName, permission);
- } else {
+ }
+ if (hasActions) {
permission.addActions(actions);
}
}
Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java Mon Jan 1 15:49:09 2007
@@ -29,7 +29,7 @@
import org.safehaus.triplesec.admin.dao.RoleDao;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class Role {
@@ -60,6 +60,7 @@
PermissionClass permissionClass = permissionClasses.get(permissionClassName);
if (permissionClass == null) {
permissionClass = new PermissionClass(permissionClassName);
+ addPermissionClass(permissionClass);
}
return permissionClass;
}
@@ -81,7 +82,7 @@
StringBuffer buf = new StringBuffer();
buf.append( "roleName=" ).append( roleName );
buf.append( ",ou=Roles,appName=" ).append( appName );
- buf.append( ",ou=Applications," );
+ buf.append( ",ou=Applications" );
return buf.toString();
}
Added: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java?view=auto&rev=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java (added)
+++ directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java Mon Jan 1 15:49:09 2007
@@ -0,0 +1,275 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jacc;
+
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Policy;
+import java.security.PrivilegedAction;
+import java.security.AccessControlException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.InitialDirContext;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyConfiguration;
+
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.RealmPolicyFactory;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.safehaus.triplesec.guardian.StoreConnectionException;
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+import org.safehaus.triplesec.jaas.ProfileIdCallback;
+import org.safehaus.triplesec.jaas.SafehausLoginModule;
+import org.safehaus.triplesec.admin.dao.DaoFactory;
+import org.safehaus.triplesec.admin.dao.ldap.LdapDaoFactory;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class TripleSecPolicyIntegrationTest extends TriplesecIntegration {
+ public final static String POLICY_CONFIG_FACTORY = "javax.security.jacc.PolicyConfigurationFactory.provider";
+
+ private static final String APP_NAME = "mockApplication";
+
+ private RealmPolicy realmPolicy;
+ private static final String BASE_URL = "dc=example,dc=com";
+ private String providerUrl;
+ private static boolean POLICY_INSTALLED = false;
+ private PolicyConfigurationFactory policyConfigurationFactory;
+ private Properties props;
+
+ public TripleSecPolicyIntegrationTest() throws Exception {
+ super();
+ }
+
+ public TripleSecPolicyIntegrationTest(String string) throws Exception {
+ super(string);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ providerUrl = "ldap://localhost:" + super.getLdapPort() + "/" + BASE_URL;
+ props = new Properties();
+ props.setProperty("applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications," + BASE_URL);
+ props.setProperty("applicationCredentials", "testing");
+ props.setProperty( DaoFactory.IMPLEMENTATION_CLASS, LdapDaoFactory.class.getName() );
+ props.setProperty( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
+ props.setProperty( "java.naming.provider.url", "ldap://localhost:" + getLdapPort() + "/dc=example,dc=com" );
+ props.setProperty( "java.naming.security.principal", "uid=admin,ou=system" );
+ props.setProperty( "java.naming.security.credentials", "secret" );
+ props.setProperty( "java.naming.security.authentication", "simple" );
+
+ Class.forName("org.safehaus.triplesec.guardian.ldap.LdapConnectionDriver");
+
+
+ if (!POLICY_INSTALLED) {
+ Policy policy = new TripleSecPolicy();
+ policy.refresh();
+ Policy.setPolicy(policy);
+
+ POLICY_INSTALLED = true;
+ }
+
+ System.setProperty(POLICY_CONFIG_FACTORY, TripleSecPolicyConfigurationFactory.class.getName());
+ Thread currentThread = Thread.currentThread();
+ ClassLoader oldClassLoader = currentThread.getContextClassLoader();
+ currentThread.setContextClassLoader(this.getClass().getClassLoader());
+ try {
+ policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ } finally {
+ currentThread.setContextClassLoader(oldClassLoader);
+ }
+ ((TripleSecPolicyConfigurationFactory)policyConfigurationFactory).setLdapProperties(props);
+ }
+
+
+ protected void tearDown() throws Exception {
+ super.tearDown();
+ if (realmPolicy != null) {
+ realmPolicy.close();
+ }
+ realmPolicy = null;
+ }
+
+
+ /**
+ * N.B. this test tends to fail run in IDE's due to a ProtectionDomain on the stack
+ * that does not have any Principals.
+ *
+ * N.B. this test succeeds when it is the only test. Disabling since the other test is more interesting.
+ *
+ * @throws Exception
+ */
+ public void XtestLogin() throws Exception {
+ PolicyContext.setContextID(APP_NAME);
+ PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(APP_NAME, false);
+ policyConfiguration.commit();
+ StringPermission perm = new StringPermission("mockPerm0");
+ realmPolicy = RealmPolicyFactory.newInstance(providerUrl, props);
+
+ checkPermission(perm);
+ }
+
+ public void testAddPermission() throws Exception {
+ StringPermission perm = new StringPermission("mockPerm100");
+ PolicyContext.setContextID(APP_NAME);
+ PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(APP_NAME, false);
+ policyConfiguration.addToRole("mockRole1", perm);
+ policyConfiguration.commit();
+ realmPolicy = RealmPolicyFactory.newInstance(providerUrl, props);
+
+ InitialDirContext ctx = getContext(providerUrl, props);
+
+ String contextDn = "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications";
+ String permClassDn = "permClassName=" + perm.getClass().getName() + "," + contextDn;
+ Attributes attrs = ctx.getAttributes( permClassDn );
+ assertEquals( perm.getClass().getName(), ( String ) attrs.get( "permClassName" ).get() );
+ assertNull( attrs.get( "description" ) );
+
+ Attributes permAttrs = ctx.getAttributes("grant=mockPerm100," + permClassDn);
+ assertEquals( "mockPerm100", ( String ) permAttrs.get( "grant" ).get() );
+
+ checkPermission(perm);
+ }
+
+ private InitialDirContext getContext(String url, Properties info) {
+ if ( url == null )
+ {
+ throw new IllegalArgumentException( "A non-null url must be provided." );
+ }
+
+ String application = info.getProperty( "applicationPrincipalDN" );
+ if ( application == null )
+ {
+ throw new IllegalArgumentException( "An applicationPrincipalDN property value must be provided." );
+ }
+
+ String password = info.getProperty( "applicationCredentials" );
+ if ( password == null )
+ {
+ throw new IllegalArgumentException( "The applicationCredentials property must be provided" );
+ }
+
+ Hashtable env = new Hashtable();
+ env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
+ env.put( Context.PROVIDER_URL, url );
+ env.put( Context.SECURITY_AUTHENTICATION, "simple" );
+ env.put( Context.SECURITY_PRINCIPAL, info.get( "applicationPrincipalDN" ) );
+ env.put( Context.SECURITY_CREDENTIALS, info.get( "applicationCredentials" ) );
+
+ InitialDirContext ictx;
+ try
+ {
+ ictx = new InitialDirContext( env );
+ }
+ catch ( NamingException e )
+ {
+ env.remove( Context.SECURITY_CREDENTIALS ); // remove credentials before printing to log
+ throw new StoreConnectionException( "Failed to obtain initial context for " + env, e );
+ }
+ return ictx;
+ }
+
+
+ private void checkPermission(StringPermission perm) throws LoginException {
+ Map<String, Object> options = new HashMap<String, Object>();
+ options.put(Context.PROVIDER_URL, providerUrl);
+ options.put(Context.SECURITY_AUTHENTICATION, "simple");
+ options.put(SafehausLoginModule.REALM_KEY, "example.com");
+ options.put(SafehausLoginModule.REALM_POLICY_KEY, realmPolicy);
+ SafehausLoginModule module = new SafehausLoginModule();
+ Subject subject = new Subject();
+ CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
+ Map<String, Object> sharedState = new HashMap<String, Object>();
+ module.initialize(subject, callbackHandler, sharedState, options);
+ module.login();
+ module.commit();
+
+ final AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
+ public Object run() {
+ return AccessController.getContext();
+ }
+ }, null);
+ acc.checkPermission(perm);
+
+ assertTrue((Boolean)Subject.doAsPrivileged(subject, new PrivilegedAction() {
+
+ public Object run() {
+ try {
+ acc.checkPermission(new StringPermission("mockPerm0"));
+ return true;
+ } catch (AccessControlException e) {
+ return false;
+ }
+ }
+ }, null));
+ assertTrue((Boolean)Subject.doAs(subject, new PrivilegedAction() {
+
+ public Object run() {
+ try {
+ acc.checkPermission(new StringPermission("mockPerm0"));
+ return true;
+ } catch (AccessControlException e) {
+ return false;
+ }
+ }
+ }));
+ }
+
+ private static class TestCallbackHandler implements CallbackHandler {
+ private final String name;
+ private final String profileId;
+ private final char[] password;
+
+ public TestCallbackHandler(String name, String profileId, char[] password) {
+ this.name = name;
+ this.profileId = profileId;
+ this.password = password;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ ((NameCallback) callback).setName(name);
+ } else if (callback instanceof PasswordCallback) {
+ ((PasswordCallback) callback).setPassword(password);
+ } else if (callback instanceof ProfileIdCallback) {
+ ((ProfileIdCallback) callback).setProfileId(profileId);
+ }
+ }
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain