You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/10/23 08:15:49 UTC
svn commit: r587399 [1/2] - in /directory/sandbox/djencks/triplesec-jacc2:
admin-api2/src/main/java/org/apache/directory/triplesec/admin/
admin-api2/src/test/java/org/apache/directory/triplesec/admin/
guardian-api/ guardian-api/src/main/java/org/apache...
Author: djencks
Date: Mon Oct 22 23:15:47 2007
New Revision: 587399
URL: http://svn.apache.org/viewvc?rev=587399&view=rev
Log:
jacc works with hierarchical apps and roles
Added:
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java (with props)
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java (with props)
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java (with props)
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SessionFactoryCallback.java
- copied, changed from r564847, directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java (with props)
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java (with props)
directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java (with props)
Removed:
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java
Modified:
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java
directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java
directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java Mon Oct 22 23:15:47 2007
@@ -37,7 +37,7 @@
public class Application implements PersistenceCapable
{
- public static String PARENT_APPLICATION_RDN = "ou=applications";
+// public static String PARENT_APPLICATION_RDN = "ou=applications";
private static final SearchControls PERMISSIONS_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, Permission.attrs, false, false );
private static final String PERMISSIONS_QUERY = "(& (permName=*) (objectClass=policyPermission) )";
@@ -47,34 +47,27 @@
private static final String ROLES_QUERY = "(& (roleName=*) (objectClass=policyRole) )";
private static final HiddenChild ROLES_SPACER = new HiddenChild( "ou=roles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
-// private static final SearchControls PROFILES_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, Profile.attrs, false, false );
-// private static final String PROFILES_QUERY = "(& (profileId=*) (objectClass=policyProfile) )";
-// private static final HiddenChild PROFILES_SPACER = new HiddenChild( "ou=profiles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
-
private static final int APPNAME_INDEX = 0;
private static final int DESCRIPTION_INDEX = 1;
private static final int PASSWORD_INDEX = 2;
static final int PERMISSIONS_INDEX = 0;
static final int ROLES_INDEX = 1;
-// static final int PROFILES_INDEX = 2;
private final StateManager stateManager;
public Application()
{
stateManager = new StateManager<Application>( this );
- stateManager.setRdn( new SimpleRdn( "appName", null, PARENT_APPLICATION_RDN ) );
+ stateManager.setRdn( new SimpleRdn( "appName", null, null ) );
stateManager.addField( new SingleValuedField<String>( "description", null ) );
stateManager.addField( new SingleValuedField<String>( "userPassword", null ) );
stateManager.addMap( new ChildMap<Permission>( this, Permission.class, "ou=permissions", PERMISSIONS_CONTROLS, PERMISSIONS_QUERY ) );
stateManager.addMap( new ChildMap<Role>( this, Role.class, "ou=roles", ROLES_CONTROLS, ROLES_QUERY ) );
-// stateManager.addMap( new ChildMap<Profile>( this, Profile.class, "ou=profiles", PROFILES_CONTROLS, PROFILES_QUERY ) );
stateManager.addHiddenChild( PERMISSIONS_SPACER );
stateManager.addHiddenChild( ROLES_SPACER );
-// stateManager.addHiddenChild( PROFILES_SPACER );
stateManager.setState( State.EMPTY );
}
@@ -157,6 +150,7 @@
public Role getRole( String roleId )
{
+ //TODO should this work on name or id?
ChildMap<Role> map = stateManager.getChildMap( ROLES_INDEX );
return map.get( roleId );
}
Added: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.admin;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.directory.triplesec.admin.persistence.PersistenceCapable;
+import org.apache.directory.triplesec.admin.persistence.StateManager;
+import org.apache.directory.triplesec.admin.persistence.SimpleRdn;
+import org.apache.directory.triplesec.admin.persistence.State;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Applications implements PersistenceCapable
+{
+ private final StateManager stateManager;
+
+
+ public Applications()
+ {
+ stateManager = new StateManager<Applications>( this );
+ stateManager.setRdn( new SimpleRdn( "ou", "applications", null ) );
+ stateManager.setState( State.EMPTY );
+ }
+
+ public StateManager getStateManager()
+ {
+ return stateManager;
+ }
+
+ public Attributes getAttributes()
+ {
+ return new BasicAttributes( Constants.OBJECT_CLASS_ID, Constants.ORGANIZATIONAL_UNIT_OC, true );
+ }
+
+ public void parentSet( StateManager parentSm )
+ {
+ }
+}
Propchange: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java Mon Oct 22 23:15:47 2007
@@ -33,6 +33,7 @@
String GROUP_OF_UNIQUE_NAMES_OC = "groupOfUniqueNames";
String UID_OBJECT_OC = "uidObject";
String EXTENSIBLE_OBJECT_OC = "extensibleObject";
+ String ORGANIZATIONAL_UNIT_OC = "organizationalUnit";
String ORGANIZATIONAL_PERSON_OC = "organizationalPerson";
String PERSON_OC = "person";
String INET_ORG_PERSON_OC = "inetOrgPerson";
Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java Mon Oct 22 23:15:47 2007
@@ -80,7 +80,7 @@
// assertNotNull( factory );
entityManager = new EntityManagerImpl( ctx, null );
- Application.PARENT_APPLICATION_RDN = "appName=mockApplication,ou=applications";
+// Application.PARENT_APPLICATION_RDN = "appName=mockApplication,ou=applications";
}
@@ -198,9 +198,11 @@
assertNotNull( app1.getPermission( "mockPerm0" ) );
// create a new application
+ Applications apps = entityManager.find(Applications.class, null, "ou=applications");
+ Application parent = entityManager.find(Application.class, apps, "appName=mockApplication");
Application app2 = new Application( "testContext", "foo", "secret" );
assertEquals( State.EMPTY, app2.getStateManager().getState() );
- entityManager.persist( app2, null );
+ entityManager.persist( app2, parent );
assertEquals( State.NEW, app2.getStateManager().getState() );
app2.getStateManager().commit();
assertEquals( State.CLEAN, app2.getStateManager().getState() );
@@ -379,9 +381,9 @@
assertEquals( 1, profile.getDenials().size() );
assertTrue( profile.getDenials().contains( app.getPermission( "mockPerm4" ) ) );
assertFalse( profile.getDenials().contains( app.getPermission( "bogus" ) ) );
- assertEquals( 1, profile.getRoles().size() );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
- assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+ assertEquals( 1, profile.getRoleIds().size() );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+ assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
// lookup and confirm values again
profile = app.getProfile( "testProfile" );
@@ -396,9 +398,9 @@
assertEquals( 1, profile.getDenials().size() );
assertTrue( profile.getDenials().contains( app.getPermission( "mockPerm4" ) ) );
assertFalse( profile.getDenials().contains( app.getPermission( "bogus" ) ) );
- assertEquals( 1, profile.getRoles().size() );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
- assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+ assertEquals( 1, profile.getRoleIds().size() );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+ assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
// remove existing grant, add two new ones, remove existing grant, add a role and modify
profile.removeGrant( app.getPermission( "mockPerm1" ) );
@@ -417,10 +419,10 @@
assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm2" ) ) );
assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm3" ) ) );
assertFalse( profile.getGrants().contains( app.getPermission( "bogus" ) ) );
- assertEquals( 2, profile.getRoles().size() );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole3" ) ) );
- assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+ assertEquals( 2, profile.getRoleIds().size() );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole3" ) ) );
+ assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
// rename the profile, test values, look it up again and test values again
profile.setProfileId( "renamedProfile" );
@@ -435,10 +437,10 @@
assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm2" ) ) );
assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm3" ) ) );
assertFalse( profile.getGrants().contains( app.getPermission( "bogus" ) ) );
- assertEquals( 2, profile.getRoles().size() );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole3" ) ) );
- assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+ assertEquals( 2, profile.getRoleIds().size() );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole3" ) ) );
+ assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
profile = app.getProfile( "renamedProfile" );
assertNotNull( profile );
@@ -450,10 +452,10 @@
assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm2" ) ) );
assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm3" ) ) );
assertFalse( profile.getGrants().contains( app.getPermission( "bogus" ) ) );
- assertEquals( 2, profile.getRoles().size() );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
- assertTrue( profile.getRoles().contains( app.getRole( "mockRole3" ) ) );
- assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+ assertEquals( 2, profile.getRoleIds().size() );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+ assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole3" ) ) );
+ assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
// delete the profile
app.removeProfile( profile );
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml Mon Oct 22 23:15:47 2007
@@ -31,5 +31,17 @@
neutral manner. Separate driver implementations are designed for
accessing different policy store types.
</description>
- <packaging>jar</packaging>
+ <packaging>jar</packaging>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-ldap</artifactId>
+ </dependency>
+ <dependency>
+ <artifactId>nlog4j</artifactId>
+ <groupId>org.slf4j</groupId>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
</project>
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -25,6 +25,8 @@
import java.util.Map;
import java.security.Permission;
+import org.apache.directory.shared.ldap.name.LdapDN;
+
/**
* The policy store for an application whose access policy is managed by Triplesec.
@@ -57,7 +59,7 @@
*
* @return the name of this store
*/
- String getApplicationRelativeDistinguishedName();
+ LdapDN getApplicationRelativeDistinguishedName();
/**
* Gets a set of {@link Role}s defined for this store.
@@ -72,70 +74,6 @@
* @return a map from permission Name to {@link Permission}s defined for this store.
*/
Map<String, Permission> getPermissions();
-
- /**
- * Get (the default?) session for the named user
- * @param userName name of the user for the session
- * @return (default?) set of roles (session) for the user
- */
- Session getSession(String userName);
-
- /**
- * Gets the names of the profiles dependent on a role. The set contains
- * Strings of the profile name.
- *
- * @param role the role the dependent profiles are associated with
- * @return the name's of profiles that depend on the supplied role
- * @throws GuardianException if there is an error accessing the backing
- * store or the role is not associated with this ApplicationPolicy
- */
-// Set getDependentProfileNames( Role role ) throws GuardianException;
-
- /**
- * Gets the names of the profiles dependent on a permission. The set
- * contains Strings of the profile names.
- *
- * @param permissionID
- * @return the name's of profiles that depend on the supplied permission
- * @throws GuardianException if there is an error accessing the backing
- * store or the permission is not associated with this ApplicationPolicy
- */
-// Set getDependentProfileNames( String permissionID ) throws GuardianException;
-
- /**
- * Gets the set of profiles a user has for this ApplicationPolicy.
- *
- * @param userName the name of the user to get the profile ids for
- * @return a set of profile ids as Strings or the empty set if the userName is
- * invalid or does not have profiles defined
- * @throws GuardianException if there are errors accessing the backing store
- */
-// Set getUserProfileIds( String userName ) throws GuardianException;
-
- /**
- * Gets an iterator over the set of profiles in this ApplicationPolicy.
- *
- * @return an iterator over profileId Strings
- * @throws GuardianException if there are errors accessing the backing store
- */
-// Iterator getProfileIdIterator() throws GuardianException;
-
- /**
- * Gets this user's authorization {@link Session} for the application.
- *
- * @param profileId the name of the user to get the {@link Session} for
- * @return the {@link Session} for the application or null if no profile exists for
- * the specified <tt>profileId</tt>
- */
-// Profile getProfile( String profileId ) throws GuardianException;
-
- /**
- * Gets a profile for the admin user which is in all roles and has all permissions
- * granted.
- *
- * @return the admin user profile with all rights
- */
-// Profile getAdminProfile();
/**
* Gets a breif description of this ApplicationPolicy.
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -27,16 +27,16 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
import java.util.List;
+import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
+import org.apache.directory.shared.ldap.name.LdapDN;
+
/**
* @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
*/
@@ -45,7 +45,7 @@
/**
* the name of the application this store is associated with
*/
- protected String applicationRdn;
+ protected LdapDN applicationRdn;
/**
* a breif description of this application
*/
@@ -139,7 +139,7 @@
return ( String ) attr.get();
}
- public String getApplicationRelativeDistinguishedName()
+ public LdapDN getApplicationRelativeDistinguishedName()
{
return this.applicationRdn;
}
@@ -244,73 +244,6 @@
}
}
}
- return roles;
- }
-
- private static boolean parseBoolean( String bool )
- {
- return bool.equals( "true" );
- }
-
- protected Set<Role> getSession( Attributes attrs ) throws NamingException
- {
- Set<Role> roles = new HashSet<Role>();
-/*
- String profileId;
- String userName;
- boolean disabled = false;
-
- Attribute profileIdAttr = attrs.get( "profileId" );
- if ( profileIdAttr == null )
- {
- return null;
- } else
- {
- profileId = ( String ) profileIdAttr.get();
- }
-
- Attribute userAttr = attrs.get( "user" );
- if ( userAttr == null )
- {
- return null;
- } else
- {
- userName = ( String ) userAttr.get();
- }
-
- Attribute disabledAttr = attrs.get( "triplesecDisabled" );
- if ( disabledAttr != null )
- {
- disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
- }
-*/
-
- // -------------------------------------------------------------------------------
- // process and assemble the profile's granted permissions
- // -------------------------------------------------------------------------------
-
- Attribute defaultRolesAttribute = attrs.get( "defaultRoles" );
- if ( defaultRolesAttribute != null )
- {
- NamingEnumeration<?> grantsEnumeration = defaultRolesAttribute.getAll();
- while ( grantsEnumeration.hasMore() )
- {
- String roleId = ( String ) grantsEnumeration.next();
- Role role = rolesById.get( roleId );
- if ( role != null )
- {
- roles.add( role );
- }
- else
- {
-// this is OK, role could be present only in another application
-// throw new NamingException("No role named " + roleId + " found: known names: " + rolesById.keySet());
- }
- }
- }
-
-
-
return roles;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java Mon Oct 22 23:15:47 2007
@@ -22,30 +22,37 @@
import java.util.Map;
+import org.apache.directory.shared.ldap.name.LdapDN;
+
/**
* @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
*/
-public class EntryRealmPolicy implements RealmPolicy {
+public abstract class EntryRealmPolicy implements RealmPolicy
+{
- private final Map<String, ApplicationPolicy> applicationPolicies;
+ private final Map<LdapDN, ApplicationPolicy> applicationPolicies;
- public EntryRealmPolicy( Map<String, ApplicationPolicy> applicationPolicies )
+ public EntryRealmPolicy( Map<LdapDN, ApplicationPolicy> applicationPolicies )
{
this.applicationPolicies = applicationPolicies;
}
- public Session getSession( String profileId, String applicationRdn ) throws GuardianException
+ public ApplicationPolicy getApplicationPolicy( LdapDN dn ) throws GuardianException
{
- ApplicationPolicy applicationPolicy = applicationPolicies.get(applicationRdn);
- if ( applicationPolicy != null) {
- return applicationPolicy.getSession( profileId );
+ ApplicationPolicy applicationPolicy = applicationPolicies.get( dn );
+ if ( applicationPolicy == null )
+ {
+ applicationPolicy = newApplicationPolicy( dn );
+ applicationPolicies.put( dn, applicationPolicy );
}
- return null;
+ return applicationPolicy;
}
+ protected abstract ApplicationPolicy newApplicationPolicy( LdapDN dn ) throws GuardianException;
+
public void close()
{
- for ( ApplicationPolicy applicationPolicy: applicationPolicies.values() )
+ for ( ApplicationPolicy applicationPolicy : applicationPolicies.values() )
{
applicationPolicy.close();
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java Mon Oct 22 23:15:47 2007
@@ -20,7 +20,7 @@
package org.apache.directory.triplesec.guardian;
-import java.util.Set;
+import org.apache.directory.shared.ldap.name.LdapDN;
/**
* Supplies a profile (role?) for a given sub-application and profileId (roleId)
@@ -29,7 +29,7 @@
*/
public interface RealmPolicy
{
- Session getSession( String uid, String applicationRdn ) throws GuardianException;
+ ApplicationPolicy getApplicationPolicy( LdapDN dn ) throws GuardianException;
void close();
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java Mon Oct 22 23:15:47 2007
@@ -26,6 +26,8 @@
import java.util.ArrayList;
import java.util.Collection;
+import org.apache.directory.shared.ldap.name.LdapDN;
+
/**
* An application role. Roles are application specific and contain a set
@@ -176,7 +178,7 @@
*
* @return the name of the application this Role is defined for.
*/
- public String getApplicationRelativeDistinguishedName()
+ public LdapDN getApplicationRelativeDistinguishedName()
{
return store.getApplicationRelativeDistinguishedName();
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java Mon Oct 22 23:15:47 2007
@@ -23,37 +23,39 @@
import java.security.Permission;
import java.util.Set;
import java.util.HashSet;
+import java.util.Map;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class Session
{
- private final Set<Role> roles;
+ private final Set<String> roleIds;
public Session()
{
- roles = new HashSet<Role>();
+ roleIds = new HashSet<String>();
}
- public Session( Set<Role> roles )
+ public Session( Set<String> roles )
{
- this.roles = roles;
+ this.roleIds = roles;
}
- public Set<Role> getRoles()
+ public Set<String> getRoleIds()
{
- return roles;
+ return roleIds;
}
- public boolean implies( Permission p )
+ public boolean implies( Permission p, Map<String, Role> roleMap )
{
- for ( Role role : roles )
+ for ( String roleId : roleIds )
{
- if ( role.implies( p ) )
+ Role role = roleMap.get(roleId);
+ if ( role != null && role.implies( p ) )
{
return true;
}
@@ -75,7 +77,7 @@
Session session = ( Session ) o;
- if ( roles != null ? !roles.equals( session.roles ) : session.roles != null )
+ if ( roleIds != null ? !roleIds.equals( session.roleIds ) : session.roleIds != null )
{
return false;
}
@@ -85,6 +87,6 @@
public int hashCode()
{
- return ( roles != null ? roles.hashCode() : 0 );
+ return ( roleIds != null ? roleIds.hashCode() : 0 );
}
}
Added: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.guardian;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface SessionFactory
+{
+
+ /**
+ * Get (the default?) session for the named user
+ * @param userName name of the user for the session
+ * @return (default?) set of roles (session) for the user
+ */
+ Session getSession(String userName);
+
+}
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java Mon Oct 22 23:15:47 2007
@@ -25,8 +25,11 @@
import java.util.Properties;
import java.util.Set;
+import javax.naming.InvalidNameException;
+
import junit.framework.Assert;
import junit.framework.TestCase;
+import org.apache.directory.shared.ldap.name.LdapDN;
public class ApplicationPolicyFactoryTest extends TestCase
{
@@ -54,7 +57,7 @@
Assert.assertTrue( ApplicationPolicyFactory.registerDriver( testDriver2 ) );
Assert.assertFalse( ApplicationPolicyFactory.registerDriver( testDriver1 ) );
ApplicationPolicy testStore = ApplicationPolicyFactory.newInstance( "test2:dummy", new Properties() );
- Assert.assertEquals( "appName=Test,ou=applications", testStore.getApplicationRelativeDistinguishedName() );
+ Assert.assertEquals( "appname=Test,ou=applications", testStore.getApplicationRelativeDistinguishedName().toString() );
// Deregister driver and make sure it doesn't work.
Assert.assertTrue( ApplicationPolicyFactory.deregisterDriver( testDriver1.getClass() ) );
@@ -137,8 +140,14 @@
public ApplicationPolicy newApplicationPolicy(String url, Properties info) throws GuardianException {
return new ApplicationPolicy()
{
- public String getApplicationRelativeDistinguishedName() {
- return "appName=Test,ou=applications";
+ public LdapDN getApplicationRelativeDistinguishedName() {
+ try
+ {
+ return new LdapDN("appName=Test,ou=applications");
+ } catch ( InvalidNameException e )
+ {
+ throw new RuntimeException(e);
+ }
}
public Map<String, Role> getRolesById()
@@ -147,10 +156,6 @@
}
public Map<String, Permission> getPermissions() {
- return null;
- }
-
- public Session getSession(String userName) {
return null;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java Mon Oct 22 23:15:47 2007
@@ -29,6 +29,10 @@
import java.util.Map;
import java.util.Set;
+import javax.naming.InvalidNameException;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+
/**
* @author <a href="mailto:akarasulu@apache.org">Alex Karasulu</a>
@@ -36,11 +40,28 @@
*/
public class RoleTest extends AbstractEntityTest
{
- private static final ApplicationPolicy STORE1 = new TestApplicationPolicyStore(
- "app1" );
+ private static final ApplicationPolicy STORE1;
+
+ private static final ApplicationPolicy STORE2;
+
+ static
+ {
+ try
+ {
+ STORE1 = new TestApplicationPolicyStore(
+ new LdapDN( "appName=app1" ) );
+ STORE2 = new TestApplicationPolicyStore(
+ new LdapDN( "appName=app2" ) );
+ } catch ( InvalidNameException e )
+ {
+ throw new RuntimeException(e);
+ }
+ }
- private static final ApplicationPolicy STORE2 = new TestApplicationPolicyStore(
- "app2" );
+ public void testLdapDNHashCode() throws Exception
+ {
+ assertFalse( STORE1.getApplicationRelativeDistinguishedName().hashCode() == STORE2.getApplicationRelativeDistinguishedName().hashCode());
+ }
protected Object newInstanceA1()
{
@@ -138,7 +159,7 @@
assertEquals( 0, PermissionsUtil.size( r.getDeniedPermissions() ) );
}
- public void testProperties()
+ public void testProperties() throws InvalidNameException
{
StringPermission perm1 = new StringPermission( "perm1" );
Permissions perms = new Permissions();
@@ -147,7 +168,7 @@
perms.add( new StringPermission( "perm3" ) );
Role r = new Role( STORE1, "role1", "role1", perms, null, null, null, "test description" );
- assertEquals( "app1", r.getApplicationRelativeDistinguishedName() );
+ assertEquals( new LdapDN("appName=app1"), r.getApplicationRelativeDistinguishedName() );
assertEquals( "role1", r.getName() );
assertEquals( perms, r.getGrantedPermissions() );
assertEquals( "test description", r.getDescription() );
@@ -199,14 +220,14 @@
private static class TestApplicationPolicyStore implements
ApplicationPolicy
{
- private final String appName;
+ private final LdapDN appName;
- public TestApplicationPolicyStore( String appName )
+ public TestApplicationPolicyStore( LdapDN appName )
{
this.appName = appName;
}
- public String getApplicationRelativeDistinguishedName()
+ public LdapDN getApplicationRelativeDistinguishedName()
{
return appName;
}
@@ -223,11 +244,6 @@
perms.put( "perm2", new StringPermission( "perm2" ) );
perms.put( "perm3", new StringPermission( "perm3" ) );
return perms;
- }
-
- public Session getSession( String userName )
- {
- return null;
}
public String getDescription()
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -29,11 +29,15 @@
import java.util.Map;
import java.util.Set;
+import javax.naming.InvalidNameException;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.triplesec.guardian.ApplicationPolicy;
import org.apache.directory.triplesec.guardian.GuardianException;
import org.apache.directory.triplesec.guardian.PolicyChangeListener;
import org.apache.directory.triplesec.guardian.Role;
import org.apache.directory.triplesec.guardian.Session;
+import org.apache.directory.triplesec.guardian.SessionFactory;
import org.apache.directory.triplesec.guardian.StringPermission;
@@ -43,18 +47,24 @@
* @author <a href="mailto:akarasulu@apache.org">Alex Karasulu</a>
* @version $Rev: 72 $
*/
-class MockApplicationPolicy implements ApplicationPolicy
+class MockApplicationPolicy implements ApplicationPolicy, SessionFactory
{
private final Map<String, Role> roleByName = new HashMap<String, Role>();
private final Map<String, Permission> perms = new HashMap<String, Permission>();
- private final String name;
- private final Map<String, Set<Role>> sessionByName;
+ private final LdapDN name;
+ private final Map<String, Set<String>> sessionByName;
public MockApplicationPolicy()
{
- name = "mockApplication";
- sessionByName = new HashMap<String, Set<Role>>();
+ try
+ {
+ name = new LdapDN( "appName=mockApplication" );
+ } catch ( InvalidNameException e )
+ {
+ throw new RuntimeException( e );
+ }
+ sessionByName = new HashMap<String, Set<String>>();
// --------------------------------------------------------------------------------
// add permissions
@@ -138,22 +148,22 @@
// a profile that has no permissions at all, and no roles (basis case)
grants = new Permissions();
denials = new Permissions();
- Set<Role> roles = new HashSet<Role>();
+ Set<String> roles = new HashSet<String>();
sessionByName.put( "mockProfile0", roles );
// a profile for checking union of role1 and role2 - inherits perm0 and perm1
grants = new Permissions();
denials = new Permissions();
- roles = new HashSet<Role>();
- roles.add( role1 );
- roles.add( role2 );
+ roles = new HashSet<String>();
+ roles.add( role1.getId() );
+ roles.add( role2.getId() );
sessionByName.put( "mockProfile1", roles );
// a profile for checking union of roles with grants - granted perm0 and inherits perm1
grants = new Permissions();
grants.add( perm0 );
denials = new Permissions();
- roles = Collections.singleton( role2 );
+ roles = Collections.singleton( role2.getId() );
sessionByName.put( "mockProfile2", roles );
// a profile for checking union of roles with grants - granted perm0, perm7 and inherits perm2 and perm3
@@ -161,7 +171,7 @@
grants.add( perm0 );
grants.add( perm7 );
denials = new Permissions();
- roles = Collections.singleton( role3 );
+ roles = Collections.singleton( role3.getId() );
sessionByName.put( "mockProfile3", roles );
// a profile for checking union of roles with grants and denials
@@ -170,9 +180,9 @@
grants.add( perm0 );
denials = new Permissions();
denials.add( perm7 );
- roles = new HashSet<Role>();
- roles.add( role3 );
- roles.add( role4 );
+ roles = new HashSet<String>();
+ roles.add( role3.getId() );
+ roles.add( role4.getId() );
sessionByName.put( "mockProfile4", roles );
// a profile for checking union of roles with grants and denials
@@ -181,15 +191,15 @@
grants.add( perm0 );
denials = new Permissions();
denials.add( perm7 );
- roles = new HashSet<Role>();
- roles.add( role3 );
- roles.add( role4 );
- roles.add( role5 );
+ roles = new HashSet<String>();
+ roles.add( role3.getId() );
+ roles.add( role4.getId() );
+ roles.add( role5.getId() );
sessionByName.put( "mockProfile5", roles );
}
- public String getApplicationRelativeDistinguishedName()
+ public LdapDN getApplicationRelativeDistinguishedName()
{
return name;
}
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java Mon Oct 22 23:15:47 2007
@@ -58,16 +58,16 @@
assertEquals( 6, store.getRolesById().size() );
Session p = store.getSession( "mockProfile0" );
// assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
- assertTrue( p.getRoles().isEmpty() );
+ assertTrue( p.getRoleIds().isEmpty() );
}
public void testProfile1()
{
Session p = store.getSession( "mockProfile1" );
- assertTrue( p.implies( new StringPermission("mockPerm0" )));
- assertTrue( p.implies( new StringPermission("mockPerm1" )));
- assertFalse( p.implies( new StringPermission("mockPerm3")));
- assertEquals( 2, p.getRoles().size() );
+ assertTrue( p.implies( new StringPermission("mockPerm0" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
+ assertFalse( p.implies( new StringPermission("mockPerm3"), store.getRolesById()));
+ assertEquals( 2, p.getRoleIds().size() );
}
public void testProfile2()
@@ -75,10 +75,10 @@
Session p = store.getSession( "mockProfile2" );
// assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
// assertTrue( p.implies( new StringPermission("mockPerm0" )));
- assertTrue( p.implies( new StringPermission("mockPerm1" )));
+ assertTrue( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
// assertFalse( p.implies( new StringPermission("mockPerm3")));
- assertEquals( 1, p.getRoles().size() );
- assertTrue( p.getRoles( ).iterator().next().getName().equals( "mockRole2" ) );
+ assertEquals( 1, p.getRoleIds().size() );
+ assertTrue( p.getRoleIds( ).iterator().next().equals( "mockRole2" ) );
}
public void testProfile3()
@@ -87,11 +87,11 @@
// assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
// assertTrue( p.implies( new StringPermission("mockPerm0" )));
// assertTrue( p.implies( new StringPermission("mockPerm7" )));
- assertTrue( p.implies( new StringPermission("mockPerm2" )));
- assertTrue( p.implies( new StringPermission("mockPerm3" )));
+ assertTrue( p.implies( new StringPermission("mockPerm2" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm3" ), store.getRolesById()));
// assertFalse( p.implies( new StringPermission("mockPerm4" )));
- assertEquals( 1, p.getRoles().size() );
- assertTrue( p.getRoles( ).iterator().next().getName().equals( "mockRole3" ) );
+ assertEquals( 1, p.getRoleIds().size() );
+ assertTrue( p.getRoleIds( ).iterator().next().equals( "mockRole3" ) );
}
public void testProfile4()
@@ -100,18 +100,18 @@
// assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
// assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
// assertTrue( p.implies( new StringPermission("mockPerm0" )));
- assertFalse( p.implies( new StringPermission("mockPerm1" )));
- assertTrue( p.implies( new StringPermission("mockPerm2" )));
- assertTrue( p.implies( new StringPermission("mockPerm3" )));
- assertTrue( p.implies( new StringPermission("mockPerm4" )));
- assertTrue( p.implies( new StringPermission("mockPerm5" )));
- assertTrue( p.implies( new StringPermission("mockPerm6" )));
- assertTrue( p.implies( new StringPermission("mockPerm7" )));
- assertFalse( p.implies( new StringPermission("mockPerm8" )));
- assertTrue( p.implies( new StringPermission("mockPerm9" )));
+ assertFalse( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm2" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm3" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm4" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm5" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm6" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm7" ), store.getRolesById()));
+ assertFalse( p.implies( new StringPermission("mockPerm8" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm9" ), store.getRolesById()));
- assertFalse( p.implies( new StringPermission("mockPerm14" )));
- assertEquals( 2, p.getRoles().size() );
+ assertFalse( p.implies( new StringPermission("mockPerm14" ), store.getRolesById()));
+ assertEquals( 2, p.getRoleIds().size() );
// assertTrue( p.isInRole( "mockRole3" ) );
// assertTrue( p.isInRole( "mockRole4" ) );
}
@@ -122,19 +122,19 @@
// assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
// assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
// assertTrue( p.implies( new StringPermission("mockPerm0" )));
- assertFalse( p.implies( new StringPermission("mockPerm1" )));
- assertTrue( p.implies( new StringPermission("mockPerm2" )));
- assertTrue( p.implies( new StringPermission("mockPerm3" )));
- assertTrue( p.implies( new StringPermission("mockPerm4" )));
- assertTrue( p.implies( new StringPermission("mockPerm5" )));
+ assertFalse( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm2" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm3" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm4" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm5" ), store.getRolesById()));
//from denial in role5
- assertTrue( p.implies( new StringPermission("mockPerm6" )));
- assertTrue( p.implies( new StringPermission("mockPerm7" )));
- assertFalse( p.implies( new StringPermission("mockPerm8" )));
- assertTrue( p.implies( new StringPermission("mockPerm9" )));
+ assertTrue( p.implies( new StringPermission("mockPerm6" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm7" ), store.getRolesById()));
+ assertFalse( p.implies( new StringPermission("mockPerm8" ), store.getRolesById()));
+ assertTrue( p.implies( new StringPermission("mockPerm9" ), store.getRolesById()));
- assertFalse( p.implies( new StringPermission("mockPerm14" )));
- assertEquals( 3, p.getRoles().size() );
+ assertFalse( p.implies( new StringPermission("mockPerm14" ), store.getRolesById()));
+ assertEquals( 3, p.getRoleIds().size() );
// assertTrue( p.isInRole( "mockRole3" ) );
// assertTrue( p.isInRole( "mockRole4" ) );
// assertTrue( p.isInRole( "mockRole5" ) );
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -28,8 +28,8 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.Collections;
+import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
@@ -43,12 +43,13 @@
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.name.Rdn;
import org.apache.directory.triplesec.guardian.ChangeType;
import org.apache.directory.triplesec.guardian.EntryApplicationPolicy;
import org.apache.directory.triplesec.guardian.GuardianException;
import org.apache.directory.triplesec.guardian.PolicyChangeListener;
import org.apache.directory.triplesec.guardian.Role;
-import org.apache.directory.triplesec.guardian.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -61,26 +62,43 @@
*/
class LdapApplicationPolicy extends EntryApplicationPolicy
{
- private static final String[] PROF_ID = new String[] { "profileId" };
- /** the logger interface for this class */
+ private static final String[] PROF_ID = new String[] {"profileId"};
+ /**
+ * the logger interface for this class
+ */
private static Logger log = LoggerFactory.getLogger( LdapApplicationPolicy.class );
- /** the realm JNDI Context at the base under which ou=applications can be found */
+ /**
+ * the realm JNDI Context at the base under which ou=applications can be found
+ */
private DirContext ctx;
+ private static final LdapDN APPLICATIONS_RDN;
+
+ private static final Rdn ROLES_RDN;
+
+ static
+ {
+ try
+ {
+ APPLICATIONS_RDN = new LdapDN( "ou=applications" );
+ ROLES_RDN = new Rdn( "ou=roles" );
+ } catch ( InvalidNameException e )
+ {
+ throw new RuntimeException( e );
+ }
+ }
/** the profile for the admin user with all rights in all roles */
// private Profile adminProfile;
- private final List<String> appDns;
-
/**
* Creates an instance of the LDAP ApplicationPolicyStore.
*
* @param ctx the realm base context under which ou=applications and ou=users can be found
- * @param applicationRdn relative distinguished name for this app context inside ctx
+ * @param dn relative distinguished name for this app context inside ctx
* @throws GuardianException if failures are encountered while loading objects from the backing store
*/
- public LdapApplicationPolicy( DirContext ctx, String applicationRdn ) throws GuardianException
+ public LdapApplicationPolicy( DirContext ctx, LdapDN dn ) throws GuardianException
{
if ( ctx == null )
{
@@ -90,8 +108,13 @@
this.ctx = ctx;
// extract the applicationRdn from the applicationPrincipalDN
- this.applicationRdn = applicationRdn;
- appDns = getAppPath(applicationRdn);
+ try
+ {
+ this.applicationRdn = ( LdapDN ) new LdapDN(dn).addAll(0, APPLICATIONS_RDN);
+ } catch ( InvalidNameException e )
+ {
+ throw new GuardianException(e);
+ }
// load the set of permissions associated with this application
loadPermissions();
@@ -110,8 +133,7 @@
if ( descriptionAttr == null || descriptionAttr.size() == 0 )
{
description = null;
- }
- else
+ } else
{
description = ( String ) descriptionAttr.get();
}
@@ -127,10 +149,10 @@
private List<String> getAppPath( String applicationRdn )
{
List<String> appDns = new ArrayList<String>();
- while (applicationRdn.startsWith( "appName"))
+ while ( applicationRdn.startsWith( "appName" ) )
{
- appDns.add(0, applicationRdn);
- applicationRdn = applicationRdn.substring( applicationRdn.indexOf( ',') + 1);
+ appDns.add( 0, applicationRdn );
+ applicationRdn = applicationRdn.substring( applicationRdn.indexOf( ',' ) + 1 );
}
return appDns;
@@ -158,42 +180,43 @@
/**
- *
* @throws GuardianException
*/
private void loadRoles() throws GuardianException
{
SearchControls ctrls = new SearchControls();
- ctrls.setReturningAttributes( new String[] { "roleName", "roleId", "grants", "denials", "grantedRoles", "deniedRoles" } );
+ ctrls.setReturningAttributes( new String[] {"roleName", "roleId", "grants", "denials", "grantedRoles", "deniedRoles"} );
ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
List<Map<String, Attributes>> appRoleAttributes = new ArrayList<Map<String, Attributes>>();
try
{
- for ( String appDn: appDns )
+ for ( int i = 2; i <= applicationRdn.getRdns().size(); i++ )
{
+ LdapDN dn = ( LdapDN ) applicationRdn.getPrefix( i );
+ dn.add( ROLES_RDN );
Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
- NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + appDn,
+ NamingEnumeration<SearchResult> list = ctx.search( dn,
"(objectClass=policyRole)", ctrls );
while ( list.hasMore() )
{
SearchResult result = list.next();
Attributes attributes = result.getAttributes();
- String roleId = getStringAttribute(attributes, "roleId");
- roleAttributes.put(roleId, attributes);
+ String roleId = getStringAttribute( attributes, "roleId" );
+ roleAttributes.put( roleId, attributes );
}
- appRoleAttributes.add(roleAttributes);
+ appRoleAttributes.add( roleAttributes );
}
int end = appRoleAttributes.size();
int pos = 0;
- for ( Map<String, Attributes> roleAttributes: appRoleAttributes )
+ for ( Map<String, Attributes> roleAttributes : appRoleAttributes )
{
- List<Map<String, Attributes>> childRoleAttributes = appRoleAttributes.subList( pos++, end);
+ List<Map<String, Attributes>> childRoleAttributes = appRoleAttributes.subList( pos++, end );
- for (String roleId: roleAttributes.keySet())
+ for ( String roleId : roleAttributes.keySet() )
{
- addRole(roleId, childRoleAttributes);
+ addRole( roleId, childRoleAttributes );
}
}
}
@@ -209,7 +232,7 @@
private void loadPermissions() throws GuardianException
{
SearchControls ctrls = new SearchControls();
- ctrls.setReturningAttributes( new String[] { "permName", "permJavaClass", "permJavaName", "permJavaActions" } );
+ ctrls.setReturningAttributes( new String[] {"permName", "permJavaClass", "permJavaName", "permJavaActions"} );
ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
try
{
@@ -218,8 +241,8 @@
while ( list.hasMore() )
{
SearchResult result = list.next();
- PermissionEntry permEntry = loadPermission( result.getAttributes());
- permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
+ PermissionEntry permEntry = loadPermission( result.getAttributes() );
+ permissions.put( permEntry.getPermissionName(), permEntry.getPermission() );
log.debug( "loading permission " + permEntry.getPermissionName() + " for application " + applicationRdn );
}
}
@@ -232,74 +255,6 @@
}
-
- public Session getSession( String userName )
- {
- if ( ctx == null )
- {
- throw new IllegalStateException( "This ApplicationProfileStore has been closed." );
- }
-
- /*
- * Searching via one level scope for a profile is better than base scope lookups because
- * if the profile is not present search will not fail but return zero entries. Base scope
- * searches will raise an exception since the search base will be missing. Plus profileId
- * shall be indexed by default.
- */
- SearchControls ctrls = new SearchControls();
- ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-
- NamingEnumeration<SearchResult> list = null;
- try
- {
- //TODO fix base dn
- list = ctx.search( "ou=users", "(uid=" + userName + ")", ctrls );
- if ( list.hasMore() )
- {
- SearchResult result = list.next();
- Set<Role> session = getSession( result.getAttributes() );
-
- if ( log.isDebugEnabled() )
- {
- log.debug( "loaded profile '" + userName + "' in application '" + applicationRdn + "'" );
- }
-
- return new Session(session);
- }
- else
- {
- if ( log.isInfoEnabled() )
- {
- log.info( "Profile search for profileId '" + userName + "' in application '"
- + applicationRdn + "' failed to return an entry." );
- }
-
- return new Session();
- }
- }
- catch ( NamingException e )
- {
- String msg = "Failed on search to find profile for profileId '" + userName + "' in '" + applicationRdn + "'";
- log.error( msg, e );
- throw new GuardianException( msg, e );
- }
- finally
- {
- if ( list != null )
- {
- try
- {
- list.close();
- }
- catch ( NamingException e )
- {
- log.error( "Failed to close NamingEnumeration after profile search." );
- }
- }
- }
- }
-
-
public void close() throws GuardianException
{
if ( ctx == null )
@@ -365,14 +320,14 @@
if ( result.getAttributes().get( "profileId" ) != null )
{
- profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
+ profiles.add( ( String ) result.getAttributes().get( "profileId" ).get() );
}
}
}
catch ( NamingException e )
{
throw new GuardianException( "Failed to lookup profiles dependent on role '" +
- role.getName() + "' while searching the directory" );
+ role.getName() + "' while searching the directory" );
}
return profiles;
@@ -406,14 +361,14 @@
if ( result.getAttributes().get( "profileId" ) != null )
{
- profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
+ profiles.add( ( String ) result.getAttributes().get( "profileId" ).get() );
}
}
}
catch ( NamingException e )
{
throw new GuardianException( "Failed to lookup profiles dependent on permission '" +
- permissionID + "' while searching the directory" );
+ permissionID + "' while searching the directory" );
}
return profiles;
@@ -433,7 +388,7 @@
}
NamingEnumeration<?> all = oc.getAll();
- while( all.hasMore() )
+ while ( all.hasMore() )
{
String candidate = ( String ) all.next();
if ( candidate.equalsIgnoreCase( value ) )
@@ -445,10 +400,15 @@
return false;
}
+ public DirContext getContext()
+ {
+ return ctx;
+ }
+
/**
* An event transducer that converts JNDI notifications of change into
- * Guardian policy change notifications.
+ * Guardian policy change notifications.
*/
class JndiListener implements ObjectChangeListener, NamespaceChangeListener
{
@@ -467,8 +427,7 @@
if ( entry == null )
{
buf.append( "\tentry = " ).append( "null" ).append( "\n" );
- }
- else
+ } else
{
buf.append( "\tentry = " ).append( entry ).append( "\n" );
}
@@ -483,6 +442,10 @@
public void objectChanged( NamingEvent evt )
{
+ if ( true )
+ {
+ return;
+ }
SearchResult result;
Attributes entry;
Attribute oc;
@@ -495,7 +458,8 @@
result = ( SearchResult ) evt.getNewBinding();
String name = result.getName();
- //TODO this test is very very wrong.
+/*
+ //TODO this test is very very wrong.
if ( name.toLowerCase( ).indexOf( applicationRdn.toLowerCase( ) ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -505,6 +469,7 @@
}
return;
}
+*/
try
{
@@ -530,8 +495,8 @@
if ( hasObjectClass( oc, "policyPermission" ) )
{
- PermissionEntry newPermEntry = loadPermission(entry);
- Permission oldPermission = permissions.put(newPermEntry.getPermissionName(), newPermEntry.getPermission());
+ PermissionEntry newPermEntry = loadPermission( entry );
+ Permission oldPermission = permissions.put( newPermEntry.getPermissionName(), newPermEntry.getPermission() );
if ( log.isDebugEnabled() )
{
log.debug( "Received notification that a policyPermission " + newPermEntry.getPermissionName() + " has changed." );
@@ -577,12 +542,12 @@
LdapApplicationPolicy.this.roles = roles;
*/
- for (PolicyChangeListener listener : listeners) {
- listener.permissionChanged(LdapApplicationPolicy.this, newPermEntry.getPermissionName(), newPermEntry.getPermission(),
- ChangeType.MODIFY);
+ for ( PolicyChangeListener listener : listeners )
+ {
+ listener.permissionChanged( LdapApplicationPolicy.this, newPermEntry.getPermissionName(), newPermEntry.getPermission(),
+ ChangeType.MODIFY );
}
- }
- else if ( hasObjectClass( oc, "policyRole" ) )
+ } else if ( hasObjectClass( oc, "policyRole" ) )
{
String roleName = ( String ) entry.get( "roleName" ).get();
@@ -651,8 +616,7 @@
if ( enabled )
{
log.info( "Re-enabled notifications" );
- }
- else
+ } else
{
log.error( "Could not re-enable notifications. Notifications will no longer be recieved." );
}
@@ -661,12 +625,17 @@
public void objectAdded( NamingEvent evt )
{
+ if ( true )
+ {
+ return;
+ }
SearchResult result = ( SearchResult ) evt.getNewBinding();
Attributes entry = result.getAttributes();
Attribute oc = entry.get( "objectClass" );
String name = result.getName();
logEvent( evt, entry );
+/*
if ( name.indexOf( applicationRdn ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -676,6 +645,7 @@
}
return;
}
+*/
try
{
@@ -685,14 +655,14 @@
* 1. Need to add the permission to the permissions of the application
* 2. Need to notify of the permission's addition to all listeners
*/
- PermissionEntry permEntry = loadPermission( entry);
- permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
+ PermissionEntry permEntry = loadPermission( entry );
+ permissions.put( permEntry.getPermissionName(), permEntry.getPermission() );
- for (PolicyChangeListener listener : listeners) {
- listener.permissionChanged(LdapApplicationPolicy.this, permEntry.getPermissionName(), permEntry.getPermission(), ChangeType.ADD);
+ for ( PolicyChangeListener listener : listeners )
+ {
+ listener.permissionChanged( LdapApplicationPolicy.this, permEntry.getPermissionName(), permEntry.getPermission(), ChangeType.ADD );
}
- }
- else if ( hasObjectClass( oc, "policyRole" ) )
+ } else if ( hasObjectClass( oc, "policyRole" ) )
{
/*
* 1. Need to add the role to the roles of the application
@@ -736,12 +706,17 @@
public void objectRemoved( NamingEvent evt )
{
+ if ( true )
+ {
+ return;
+ }
SearchResult result = ( SearchResult ) evt.getOldBinding();
Attributes entry = result.getAttributes();
Attribute oc = entry.get( "objectClass" );
String name = result.getName();
logEvent( evt, entry );
+/*
if ( name.indexOf( applicationRdn ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -751,6 +726,7 @@
}
return;
}
+*/
try
{
@@ -761,12 +737,12 @@
* 2. Need to notify of the permission's removal to all listeners
*/
String permName = ( String ) entry.get( "permName" ).get();
- Permission permission = permissions.remove(permName);
- for (PolicyChangeListener listener : listeners) {
- listener.permissionChanged(LdapApplicationPolicy.this, permName, permission, ChangeType.DEL);
+ Permission permission = permissions.remove( permName );
+ for ( PolicyChangeListener listener : listeners )
+ {
+ listener.permissionChanged( LdapApplicationPolicy.this, permName, permission, ChangeType.DEL );
}
- }
- else if ( hasObjectClass( oc, "policyRole" ) )
+ } else if ( hasObjectClass( oc, "policyRole" ) )
{
/*
* 1. Need to remove the role from the roles of the application
@@ -778,8 +754,7 @@
// for (PolicyChangeListener listener : listeners) {
// listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.DEL);
// }
- }
- else if ( hasObjectClass( oc, "policyProfile" ) )
+ } else if ( hasObjectClass( oc, "policyProfile" ) )
{
/*
* 1. Need to notify of the profile's addition to all listeners
@@ -788,8 +763,7 @@
// for (PolicyChangeListener listener : listeners) {
// listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.DEL);
// }
- }
- else
+ } else
{
System.out.println( "Entry '" + name + "' ignored!" );
return;
@@ -808,6 +782,10 @@
public void objectRenamed( NamingEvent evt )
{
+ if ( true )
+ {
+ return;
+ }
logEvent( evt, null );
/*
* For permissions and roles we need to first remove the old object from
@@ -820,6 +798,7 @@
Attributes newEntry = ( ( SearchResult ) evt.getNewBinding() ).getAttributes();
Attribute oc = newEntry.get( "objectClass" );
+/*
if ( oldName.indexOf( applicationRdn ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -829,6 +808,7 @@
}
return;
}
+*/
try
{
@@ -841,12 +821,12 @@
PermissionEntry permEntry = loadPermission( newEntry );
add( permEntry );
- for (Object listener1 : listeners) {
- PolicyChangeListener listener = (PolicyChangeListener) listener1;
- listener.permissionRenamed(LdapApplicationPolicy.this, permEntry.getPermission(), newName, oldProfileId);
+ for ( Object listener1 : listeners )
+ {
+ PolicyChangeListener listener = ( PolicyChangeListener ) listener1;
+ listener.permissionRenamed( LdapApplicationPolicy.this, permEntry.getPermission(), newName, oldProfileId );
}
- }
- else if ( hasObjectClass( oc, "policyRole" ) )
+ } else if ( hasObjectClass( oc, "policyRole" ) )
{
// removeRole( oldProfileId );
// Role newRole = getRole( newEntry );
@@ -855,8 +835,7 @@
// for (PolicyChangeListener listener : listeners) {
// listener.roleRenamed(LdapApplicationPolicy.this, newRole, oldProfileId);
// }
- }
- else if ( hasObjectClass( oc, "policyProfile" ) )
+ } else if ( hasObjectClass( oc, "policyProfile" ) )
{
/*
* 1. Need to notify of the profile's addition to all listeners
@@ -865,8 +844,7 @@
// for (PolicyChangeListener listener : listeners) {
// listener.profileRenamed(LdapApplicationPolicy.this, profile, oldProfileId);
// }
- }
- else
+ } else
{
System.out.println( "Rename of entry '" + oldName + "' to '" + newName + "' ignored!" );
return;
@@ -920,14 +898,14 @@
if ( result.getAttributes().get( "profileId" ) != null )
{
- profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
+ profiles.add( ( String ) result.getAttributes().get( "profileId" ).get() );
}
}
}
catch ( NamingException e )
{
throw new GuardianException( "Failed to lookup profiles for user '" +
- userName + "' while searching the directory" );
+ userName + "' while searching the directory" );
}
return profiles;
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java Mon Oct 22 23:15:47 2007
@@ -25,6 +25,7 @@
import javax.naming.Context;
import javax.naming.NamingException;
+import javax.naming.InvalidNameException;
import javax.naming.directory.InitialDirContext;
import org.apache.directory.triplesec.guardian.ApplicationPolicy;
@@ -34,6 +35,7 @@
import org.apache.directory.triplesec.guardian.StoreConnectionException;
import org.apache.directory.triplesec.guardian.RealmPolicy;
import org.apache.directory.triplesec.guardian.RealmPolicyFactory;
+import org.apache.directory.shared.ldap.name.LdapDN;
/**
@@ -64,7 +66,7 @@
{
InitialDirContext ictx = getContext( info, url );
- String applicationRdn = getApplicationRdn( info );
+ LdapDN applicationRdn = getApplicationRdn( info );
return new LdapApplicationPolicy( ictx, applicationRdn );
}
@@ -73,18 +75,22 @@
{
InitialDirContext ictx = getContext( info, url );
- String applicationRdn = getApplicationRdn( info );
-
- return new LdapRealmPolicy( ictx, applicationRdn );
+ return new LdapRealmPolicy( ictx );
}
- private String getApplicationRdn( Properties info )
+ private LdapDN getApplicationRdn( Properties info )
{
String applicationRdn = info.getProperty("applicationRDN");
if (applicationRdn == null) {
throw new IllegalArgumentException( "The ApplicationRDN property must be provided" );
}
- return applicationRdn;
+ try
+ {
+ return new LdapDN(applicationRdn);
+ } catch ( InvalidNameException e )
+ {
+ throw new GuardianException(e);
+ }
}
private InitialDirContext getContext( Properties info, String url )
Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java Mon Oct 22 23:15:47 2007
@@ -25,11 +25,11 @@
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
+import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.triplesec.guardian.ApplicationPolicy;
import org.apache.directory.triplesec.guardian.EntryRealmPolicy;
import org.apache.directory.triplesec.guardian.GuardianException;
@@ -39,50 +39,65 @@
*
* @version $Rev$
*/
-class LdapRealmPolicy extends EntryRealmPolicy
+public class LdapRealmPolicy extends EntryRealmPolicy
{
/**
* the realm JNDI Context at the base under which ou=applications can be found
*/
private static final String[] ATTRS = {"appName"};
- private static final SearchControls APPS_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, ATTRS, false, false );
+ private static final SearchControls APPS_CONTROLS = new SearchControls( SearchControls.SUBTREE_SCOPE, 0, 0, ATTRS, false, false );
private static final String APPS_QUERY = "(& (appName=*) (objectClass=policyApplication) )";
+ private final DirContext ctx;
/**
* Creates an instance of the LDAP ApplicationPolicyStore.
*
* @param ctx the realm base context under which ou=applications and ou=users can be found
- * @param applicationRdn relative distinguished name for this app context inside ctx
* @throws org.apache.directory.triplesec.guardian.GuardianException
* if failures are encountered while loading objects from the backing store
*/
- public LdapRealmPolicy( DirContext ctx, String applicationRdn ) throws GuardianException
+ public LdapRealmPolicy( DirContext ctx ) throws GuardianException
{
- super( buildApplicationPolicies( ctx, applicationRdn ) );
+ super( buildApplicationPolicies( ctx, null ) );
+ this.ctx = ctx;
}
- private static Map<String, ApplicationPolicy> buildApplicationPolicies( DirContext ctx, String applicationRdn )
+ private static Map<LdapDN, ApplicationPolicy> buildApplicationPolicies( DirContext ctx, String applicationRdn )
{
- Map<String, ApplicationPolicy> applicationPolicies = new HashMap<String, ApplicationPolicy>();
+ Map<LdapDN, ApplicationPolicy> applicationPolicies = new HashMap<LdapDN, ApplicationPolicy>();
+/*
try
{
for ( NamingEnumeration<SearchResult> ne = ctx.search( applicationRdn, APPS_QUERY, APPS_CONTROLS ); ne.hasMoreElements(); )
{
SearchResult result = ne.nextElement();
String dn = result.getName();
- Attribute attr = result.getAttributes().get("appName");
- String contextId = ( String ) attr.get();
+// Attribute attr = result.getAttributes().get("appName");
+// String contextId = ( String ) attr.get();
String pcRdn = dn + "," + applicationRdn;
+ String nameInNamespace = result.getNameInNamespace();
+ LdapDN ldapDn = new LdapDN(nameInNamespace);
ApplicationPolicy applicationPolicy = new LdapApplicationPolicy( ctx, pcRdn );
- applicationPolicies.put( contextId, applicationPolicy );
+ applicationPolicies.put( ldapDn, applicationPolicy );
}
} catch ( NamingException e )
{
throw new GuardianException( e );
}
+*/
return applicationPolicies;
}
+ protected ApplicationPolicy newApplicationPolicy( LdapDN dn ) throws GuardianException
+ {
+ return new LdapApplicationPolicy( ctx, dn );
+ }
+
+
+ public DirContext getCtx()
+ {
+ return ctx;
+ }
}