You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ck...@apache.org on 2007/07/23 22:02:03 UTC
svn commit: r558849 [2/6] - in /directory/triplesec/trunk: admin-api/
admin-api/src/test/java/org/apache/directory/triplesec/admin/
admin-api/src/test/resources/ guardian-api/src/main/java/org/apache/
guardian-api/src/main/java/org/apache/directory/ gu...
Added: directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Profile.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Profile.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Profile.java (added)
+++ directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Profile.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,473 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+
+import java.io.Serializable;
+import java.security.AccessControlException;
+import java.util.Iterator;
+
+
+/**
+ * <p>
+ * A user's application authorization profile. Authorization policy is used
+ * to manage access controls for user profiles associated with applications.
+ * Profiles associate users with applications. This class models that profile
+ * by linking the user with an application and allowing the assignment of an
+ * application specific {@link Role} set and {@link Permission} set to the
+ * profile.
+ * </p>
+ * <p>
+ * Profiles contain three sets of Permissions and a set of Roles used for
+ * managing an authorization policy of a user. A Role Based Access Control
+ * (RBAC) model is used to easily manage the Profile. The three Permission
+ * sets are: grants, denials and the effective calculated permissions for the
+ * profile. Roles assigned to the Profile lead to the inheritance of Permission
+ * granted to Role. Besides Role based Permission inheritence, additional
+ * Permission may be granted or denied to influence the total effective Permission.
+ * The grants Permissions set contains extra granted Permissions which may not be
+ * inherited by assigned Roles. The denials Permissions set contains
+ * {@link Permissions} that are denied whether they are inherited by assigned
+ * {@link Role}s or granted through the grants Permissions set. Denials
+ * take precedence. For more information take a look at the documentation here:
+ * </p>
+ * <ul>
+ * <li><a href="http://guardian.safehaus.org/User%27s+Guide">Guardian User's Guide</a></li>
+ * </ul>
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @author Trustin Lee
+ * @version $Rev: 74 $, $Date: 2005-11-11 02:03:22 -0500 (Fri, 11 Nov 2005) $
+ */
+public class Profile implements Comparable, Cloneable, Serializable
+{
+ /** */
+ private static final long serialVersionUID = 1762844758784443519L;
+
+ /** the store this Profile is for */
+ private final ApplicationPolicy store;
+ /** the name of the User this Profile is for */
+ private final String userName;
+ /** the id of this Profile is for */
+ private final String profileId;
+ /** the roles assigned to this Profile */
+ private final Roles roles;
+ /** the permissions granted to this Profile */
+ private final Permissions grants;
+ /** the permissions denied by this Profile */
+ private final Permissions denials;
+ /** the effective calculated permissions for this Profile */
+ private final Permissions effectivePermissions;
+ /** a brief description of the Profile */
+ private final String description;
+ /** whether or not this profile is disabled */
+ private final boolean disabled;
+
+
+ /**
+ * Creates a default User Profile for an ApplicationPolicyStore.
+ *
+ * @param profileId the id of this Profile
+ * @param userName the name of the User this Profile is for
+ * @param store the store this Profile is for
+ * @param roles the roles assigned to this Profile
+ * @param grants the permissions granted to this Profile
+ * @param denials the permissions denied by this Profile
+ * @param disabled true if this Profile is disabled otherwise false
+ */
+ public Profile(
+ ApplicationPolicy store,
+ String profileId, String userName, Roles roles,
+ Permissions grants, Permissions denials, boolean disabled )
+ {
+ this ( store, profileId, userName, roles, grants, denials, null, disabled );
+ }
+
+
+ /**
+ * Creates a default User Profile for an ApplicationPolicyStore.
+ *
+ * @param profileId the name of the User this Profile is for
+ * @param store the store this Profile is for
+ * @param roles the roles assigned to this Profile
+ * @param grants the permissions granted to this Profile
+ * @param denials the permissions denied by this Profile
+ * @param description a brief description for this Profile
+ * @param disabled true if this Profile is disabled otherwise false
+ */
+ public Profile(
+ ApplicationPolicy store,
+ String profileId, String userName, Roles roles,
+ Permissions grants, Permissions denials, String description, boolean disabled )
+ {
+ if( store == null )
+ {
+ throw new NullPointerException( "store" );
+ }
+ if( profileId == null )
+ {
+ throw new NullPointerException( "profileId" );
+ }
+ if( userName == null )
+ {
+ throw new NullPointerException( "userName" );
+ }
+ if( profileId.length() == 0 )
+ {
+ throw new IllegalArgumentException( "profileId is empty." );
+ }
+ if( roles == null )
+ {
+ roles = new Roles( store.getApplicationName(), null );
+ }
+ if( !store.getApplicationName().equals( roles.getApplicationName() ) )
+ {
+ throw new IllegalArgumentException( "Invalid applicationName in roles: " + roles.getApplicationName() );
+ }
+ if( grants == null )
+ {
+ grants = new Permissions( store.getApplicationName(), null );
+ }
+ if( !store.getApplicationName().equals( grants.getApplicationName() ) )
+ {
+ throw new IllegalArgumentException( "Invalid applicationName in grants: " + grants.getApplicationName() );
+ }
+ if( !store.getPermissions().containsAll( grants ) )
+ {
+ throw new IllegalArgumentException(
+ "store doesn't provide all permissions specified: " +
+ grants );
+ }
+ if( denials == null )
+ {
+ denials = new Permissions( store.getApplicationName(), null );
+ }
+ if( !store.getApplicationName().equals( denials.getApplicationName() ) )
+ {
+ throw new IllegalArgumentException( "Invalid applicationName in denials: " + denials.getApplicationName() );
+ }
+ if( !store.getPermissions().containsAll( denials ) )
+ {
+ throw new IllegalArgumentException(
+ "store doesn't provide all permissions specified: " +
+ denials );
+ }
+
+ this.disabled = disabled;
+ this.store = store;
+ this.profileId = profileId;
+ this.userName = userName;
+ this.roles = roles;
+ this.grants = grants;
+ this.denials = denials;
+ this.description = description;
+
+ // Calculate effective permissions
+ Permissions effectivePermissions = new Permissions( store.getApplicationName(), null );
+ for( Iterator i = roles.iterator(); i.hasNext(); )
+ {
+ Role r = ( Role ) i.next();
+ effectivePermissions = effectivePermissions.addAll( r.getGrants() );
+ }
+ effectivePermissions = effectivePermissions.addAll( grants );
+ this.effectivePermissions = effectivePermissions.removeAll( denials );
+ }
+
+
+ /**
+ * Checks whether or not this Profile has been disabled.
+ *
+ * @return true if this Profile is disabled, false if enabled
+ */
+ public boolean isDisabled()
+ {
+ return disabled;
+ }
+
+
+ /**
+ * Gets the id of the this Profile.
+ *
+ * @return the id of this Profile
+ */
+ public String getProfileId()
+ {
+ return profileId;
+ }
+
+
+ /**
+ * Gets the name of the user who owns this Profile.
+ *
+ * @return the name of the user associated with this Profile
+ */
+ public String getUserName()
+ {
+ return userName;
+ }
+
+
+ /**
+ * Gets a brief description for this Profile if one exists.
+ *
+ * @return a description for this Profile
+ */
+ public String getDescription()
+ {
+ return description;
+ }
+
+
+ /**
+ * Gets the name of the application this Profile is associated with.
+ *
+ * @return the name of the application this Profile is associated with
+ */
+ public String getApplicationName()
+ {
+ return store.getApplicationName();
+ }
+
+
+ /**
+ * Gets a set of {@link Role}s which are assigned to this Profile.
+ *
+ * @return a container of {@link Role} objects which are assigned to this Profile
+ */
+ public Roles getRoles()
+ {
+ return roles;
+ }
+
+
+ /**
+ * Checks to see if the user according to this Profile is in a Role.
+ *
+ * @param roleName the name of the Role to check for
+ * @return true if the user is in the Role, false otherwise
+ */
+ public boolean isInRole( String roleName )
+ {
+ return roles.contains( roleName );
+ }
+
+
+ /**
+ * Gets the set of {@link Permission}s granted to this Profile.
+ *
+ * @return a container of granted {@link Permission} objects
+ */
+ public Permissions getGrants()
+ {
+ return grants;
+ }
+
+ /**
+ * Gets a set of permissions explicitly denied by this profile.
+ * This is the only time and place where negative permissions will ever be
+ * found.
+ *
+ * @return a container of denied {@link Permission} objects
+ */
+ public Permissions getDenials()
+ {
+ return denials;
+ }
+
+
+ /**
+ * Gets the set of effective (net calculated) permissions for this Profile.
+ * An effective permission is calculated from the assigned {@link Role}s,
+ * granted {@link Permissions} and denied {@link Permissions} of this
+ * Profile.
+ *
+ * @return a container of effective {@link Permission} objects for this profile.
+ */
+ public Permissions getEffectivePermissions()
+ {
+ return effectivePermissions;
+ }
+
+
+ /**
+ * Assertive check to test if this Profile has the effective {@link Permission}.
+ *
+ * @param permissionName the permission name to check for
+ * @throws AccessControlException if the permission is not granted or
+ * inherited from an assigned Role
+ */
+ public void checkPermission( String permissionName )
+ {
+ checkPermission(
+ permissionName,
+ "User '" + profileId + "' " +
+ "in application '" + getApplicationName() + '\'' +
+ "does not posess the permission '" + permissionName + "'." );
+ }
+
+
+ /**
+ * Get's whether or not this Profile has the permission.
+ *
+ * @param permission the permission to check for
+ * @return true if the permission is granted, false otherwise
+ */
+ public boolean hasPermission( Permission permission )
+ {
+ return effectivePermissions.contains( permission );
+ }
+
+
+ /**
+ * Get's whether or not this Profile has the permission.
+ *
+ * @param permissionName the permission to check for
+ * @return true if the permission is granted, false otherwise
+ */
+ public boolean hasPermission( String permissionName )
+ {
+ return effectivePermissions.get( permissionName ) != null;
+ }
+
+
+ /**
+ * Assertive permission check to test if this Profile has the effective
+ * permission.
+ *
+ * @param permission the permission to check for
+ * @throws AccessControlException if the permission is not granted or
+ * inherited from an assigned Role
+ */
+ public void checkPermission( Permission permission )
+ {
+ checkPermission(
+ permission,
+ "User '" + profileId + "' " +
+ "in application '" + getApplicationName() + '\'' +
+ "does not posess the permission '" + permission.getName() + "'." );
+ }
+
+
+ /**
+ * Assertive permission check to test if this Profile has the effective
+ * permission.
+ *
+ * @param permissionName the permission name to check for
+ * @param message to use for AccessControlException if it is thrown
+ * @throws AccessControlException if the permission is not granted or
+ * inherited from an assigned Role
+ */
+ public void checkPermission( String permissionName, String message )
+ {
+ if ( permissionName == null )
+ {
+ throw new NullPointerException( "permissionName" );
+ }
+
+ if ( !effectivePermissions.contains( permissionName ) )
+ {
+ throw new AccessControlException( message );
+ }
+ }
+
+
+ /**
+ * Assertive permission check to test if this Profile has the effective
+ * permission.
+ *
+ * @param permission the permission to check for
+ * @param message to use for AccessControlException if it is thrown
+ * @throws AccessControlException if the permission is not granted or
+ * inherited from an assigned Role
+ */
+ public void checkPermission( Permission permission, String message )
+ {
+ if ( permission == null )
+ {
+ throw new NullPointerException( "permission" );
+ }
+
+ if ( !effectivePermissions.contains( permission ) )
+ {
+ throw new AccessControlException( message );
+ }
+ }
+
+
+ // ------------------------------------------------------------------------
+ // Object Overrides
+ // ------------------------------------------------------------------------
+
+
+ public int hashCode()
+ {
+ return getApplicationName().hashCode() ^ profileId.hashCode();
+ }
+
+
+ public boolean equals( Object that )
+ {
+ if( this == that )
+ {
+ return true;
+ }
+
+ if( that instanceof Profile )
+ {
+ Profile thatP = ( Profile ) that;
+ return this.getApplicationName().equals( thatP.getApplicationName() ) &&
+ this.getProfileId().equals( thatP.getProfileId() );
+ }
+
+ return false;
+ }
+
+
+ public int compareTo( Object that )
+ {
+ Profile thatP = ( Profile ) that;
+ int ret = this.getApplicationName().compareTo( thatP.getApplicationName() );
+ if( ret != 0 )
+ {
+ return ret;
+ }
+
+ return this.getProfileId().compareTo( thatP.getProfileId() );
+ }
+
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch( CloneNotSupportedException e )
+ {
+ throw new InternalError();
+ }
+ }
+
+
+ public String toString()
+ {
+ return "Profile(" + getProfileId() + ": " + effectivePermissions + ')';
+ }
+}
Added: directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java (added)
+++ directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+
+import java.io.Serializable;
+import java.security.AccessControlException;
+
+
+/**
+ * An application role. Roles are application specific and contain a set
+ * of permission grants. Users assigned to these Roles inherit the set of
+ * permission grants from their roles.
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @author Trustin Lee
+ * @version $Rev: 74 $, $Date: 2005-11-11 02:03:22 -0500 (Fri, 11 Nov 2005) $
+ */
+public class Role implements Comparable, Cloneable, Serializable
+{
+ private static final long serialVersionUID = 6190625586883412135L;
+
+ /** an empty byte array used as a placeholder for empty grants */
+ private static final Permission[] EMPTY_PERMISSION_ARRAY = new Permission[0];
+
+ /** the name of this Role */
+ private final String name;
+ /** the store the Role is defined for */
+ private final ApplicationPolicy store;
+ /** the permissions granted for this role */
+ private final Permissions permissions;
+ /** a brief description of the Role */
+ private final String description;
+
+
+ /**
+ * Creates a new Role instance with a description.
+ *
+ * @param store the parent store this role is defined for
+ * @param name the name of this role
+ * @param permissions a set of permissions granted for this role
+ * @param description a breif description of the role
+ */
+ public Role( ApplicationPolicy store, String name, Permissions permissions, String description )
+ {
+ if( store == null )
+ {
+ throw new NullPointerException( "store" );
+ }
+ if( name == null )
+ {
+ throw new NullPointerException( "name" );
+ }
+ if( name.length() == 0 )
+ {
+ throw new IllegalArgumentException( "name is empty." );
+ }
+
+ if( permissions == null )
+ {
+ permissions = new Permissions(
+ store.getApplicationName(), EMPTY_PERMISSION_ARRAY );
+ }
+ if( !store.getApplicationName().equals( permissions.getApplicationName() ) )
+ {
+ throw new IllegalArgumentException(
+ "Invalid applicationName in permissions: " +
+ permissions.getApplicationName() );
+ }
+
+ if( !store.getPermissions().containsAll( permissions ) )
+ {
+ throw new IllegalArgumentException(
+ "store doesn't provide all permissions specified: " +
+ permissions );
+ }
+
+ this.store = store;
+ this.name = name;
+ this.permissions = permissions;
+ this.description = description;
+ }
+
+
+ /**
+ * Creates a new Role instance.
+ *
+ * @param store the parent store this role is defined for
+ * @param name the name of this role
+ * @param permissions a set of permissions granted for this role
+ */
+ public Role( ApplicationPolicy store, String name, Permissions permissions )
+ {
+ this ( store, name, permissions, null );
+ }
+
+
+ /**
+ * Gets the name of this Role.
+ *
+ * @return the name of this Role
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+
+ /**
+ * Gets a brief description for this Role if one exists.
+ *
+ * @return a description for this Role
+ */
+ public String getDescription()
+ {
+ return description;
+ }
+
+
+ /**
+ * Gets the application name this Role is defined for.
+ *
+ * @return the name of the application this Role is defined for.
+ */
+ public String getApplicationName()
+ {
+ return store.getApplicationName();
+ }
+
+
+ /**
+ * Gets a set of permissions granted to this role.
+ *
+ * @return a set of permissions granted to this role.
+ */
+ public Permissions getGrants()
+ {
+ return permissions;
+ }
+
+
+ /**
+ * Assertive permission check to test if this role has the effective
+ * permission.
+ *
+ * @param permission the permission to check for
+ * @throws AccessControlException if the permission is not granted
+ */
+ public void checkPermission( Permission permission )
+ {
+ checkPermission(
+ permission,
+ "Role '" + name + "' " +
+ "in application '" + getApplicationName() + '\'' +
+ "does not posess the permission '" + permission.getName() + "'." );
+ }
+
+
+ /**
+ * Get's whether or not this Role has the permission.
+ *
+ * @param permissionName the permission to check for
+ * @return true if the permission is granted,false otherwise
+ */
+ public boolean hasPermission( String permissionName )
+ {
+ return permissions.get( permissionName ) != null;
+ }
+
+
+ /**
+ * Get's whether or not this Role has the permission.
+ *
+ * @param permission the name of permission to check for
+ * @return true if the permission is granted,false otherwise
+ */
+ public boolean hasPermission( Permission permission )
+ {
+ return permissions.contains( permission );
+ }
+
+
+ /**
+ * Assertive permission check to test if this role has the effective
+ * permission.
+ *
+ * @param permissionName the name of the permission to check for
+ * @throws AccessControlException if the permission is not granted
+ */
+ public void checkPermission( String permissionName )
+ {
+ checkPermission(
+ permissionName,
+ "Role '" + name + "' " +
+ "in application '" + getApplicationName() + '\'' +
+ "does not posess the permission '" + permissionName + "'." );
+ }
+
+
+ /**
+ * Assertive permission check to test if this Role has the effective
+ * permission.
+ *
+ * @param permission the permission to check for
+ * @param message to use for AccessControlException if it is thrown
+ * @throws AccessControlException if the permission is not granted
+ */
+ public void checkPermission( Permission permission, String message )
+ {
+ if ( permission == null )
+ {
+ throw new NullPointerException( "permission" );
+ }
+
+ if ( !permissions.contains( permission ) )
+ {
+ throw new AccessControlException( message );
+ }
+ }
+
+
+ /**
+ * Assertive permission check to test if this role has the effective
+ * permission.
+ *
+ * @param permissionName the permission name to check for
+ * @param message to use for AccessControlException if it is thrown
+ * @throws AccessControlException if the permission is not granted
+ */
+ public void checkPermission( String permissionName, String message )
+ {
+ if ( permissionName == null )
+ {
+ throw new NullPointerException( "permissionName" );
+ }
+
+ if ( !permissions.contains( permissionName ) )
+ {
+ throw new AccessControlException( message );
+ }
+ }
+
+
+ // ------------------------------------------------------------------------
+ // Object Overrides
+ // ------------------------------------------------------------------------
+
+
+ public int hashCode()
+ {
+ return getApplicationName().hashCode() ^ name.hashCode();
+ }
+
+
+ public boolean equals( Object that )
+ {
+ if( this == that )
+ {
+ return true;
+ }
+
+ if( that instanceof Role )
+ {
+ Role thatR = ( Role ) that;
+ return this.getApplicationName().equals( thatR.getApplicationName() ) &&
+ this.getName().equals( thatR.getName() );
+ }
+
+ return false;
+ }
+
+
+ public int compareTo( Object that )
+ {
+ Role thatR = ( Role ) that;
+ int ret = this.getApplicationName().compareTo( thatR.getApplicationName() );
+ if( ret != 0 )
+ {
+ return ret;
+ }
+ else
+ {
+ return this.getName().compareTo( thatR.getName() );
+ }
+ }
+
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch( CloneNotSupportedException e )
+ {
+ throw new InternalError();
+ }
+ }
+
+
+ public String toString()
+ {
+ return "Role(" + getName() + ": " + permissions + ')';
+ }
+}
Added: directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java (added)
+++ directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Roles.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,382 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
+
+
+/**
+ * Represnets an immutable set of {@link Role}s.
+ *
+ * @author Trustin Lee
+ * @version $Rev: 52 $, $Date: 2005-08-19 23:03:36 -0400 (Fri, 19 Aug 2005) $
+ */
+public class Roles implements Cloneable, Serializable
+{
+ private static final long serialVersionUID = 654756629481872197L;
+ /** An empty array of Role objects */
+ private static final Role[] EMPTY_ROLE_ARRAY = new Role[0];
+
+ /** the name of the application this roles belong to */
+ private final String applicationName;
+ /** <tt>Map<String roleName, Role role;></tt> */
+ private final Map roles = new HashMap();
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param applicationName the name of the application this roles belong to
+ * @param roles the array of {@link Role}s that will belong to this role set
+ */
+ public Roles( String applicationName, Role[] roles )
+ {
+ // Check nulls and emptiness
+ if( applicationName == null )
+ {
+ throw new NullPointerException( "applicationName" );
+ }
+ if( applicationName.length() == 0 )
+ {
+ throw new IllegalArgumentException( "applicationName is empty." );
+ }
+ if( roles == null )
+ {
+ roles = EMPTY_ROLE_ARRAY;
+ }
+
+ this.applicationName = applicationName;
+
+ // Add all roles while checking if application names are all
+ // same with what user specified.
+ for( int i = roles.length - 1; i >= 0; i -- )
+ {
+ Role r = roles[ i ];
+ if( r == null )
+ {
+ continue;
+ }
+
+ if( !applicationName.equals( r.getApplicationName() ) )
+ {
+ throw new IllegalArgumentException( "Invalid applicationName: " + r.getApplicationName() );
+ }
+
+ this.roles.put( r.getName(), r );
+ }
+ }
+
+
+ /**
+ * Returns the name of the application this roles belong to
+ *
+ * @return the name of the application this roles belong to
+ */
+ public String getApplicationName()
+ {
+ return applicationName;
+ }
+
+
+ /**
+ * Returns <tt>true</tt> if and only if this set contains the specified
+ * <tt>role</tt>.
+ *
+ * @param role the role to find
+ * @return <tt>true</tt> if and only if this set contains the specified
+ * <tt>role</tt>
+ */
+ public boolean contains( Role role )
+ {
+ return applicationName.equals( role.getApplicationName() ) &&
+ roles.containsKey( role.getName() );
+ }
+
+
+ /**
+ * Returns <tt>true</tt> if and only if this set contains the {@link Role}
+ * with the specified <tt>roleName</tt>.
+ *
+ * @param roleName the name of the role to find
+ * @return <tt>true</tt> if and only if this set contains the specified
+ * <tt>roleName</tt>
+ */
+ public boolean contains( String roleName )
+ {
+ return roles.containsKey( roleName );
+ }
+
+
+ /**
+ * Returns <tt>true</tt> if and only if this set contains all elements of
+ * the specified <tt>roles</tt>.
+ *
+ * @param roles another set of roles
+ * @return <tt>true</tt> if and only if this set contains all elements of
+ * the specified <tt>roles</tt>
+ */
+ public boolean containsAll( Roles roles )
+ {
+ checkApplicationName( roles );
+ return this.roles.keySet().containsAll( roles.roles.keySet() );
+ }
+
+
+ /**
+ * Returns the {@link Role} with the specified <tt>roleName</tt>.
+ *
+ * @param roleName the name of the role to find
+ * @return <tt>null</tt> if there's no role with the specified name
+ */
+ public Role get( String roleName )
+ {
+ return ( Role ) roles.get( roleName );
+ }
+
+
+ /**
+ * Returns <tt>true</tt> if this set is empty.
+ *
+ * @return <tt>true</tt> if this set is empty
+ */
+ public boolean isEmpty()
+ {
+ return roles.isEmpty();
+ }
+
+
+ /**
+ * Returns the number of elements this set contains.
+ *
+ * @return the number of elements this set contains
+ */
+ public int size()
+ {
+ return roles.size();
+ }
+
+
+ /**
+ * Returns an {@link Iterator} that iterates all {@link Role}s this set contains.
+ *
+ * @return an {@link Iterator} that iterates all {@link Role}s this set contains
+ */
+ public Iterator iterator()
+ {
+ return Collections.unmodifiableCollection( roles.values() ).iterator();
+ }
+
+
+ /**
+ * Creates a new set of {@link Role}s which contains all elements of
+ * both this set and the specified set (OR operation). This operation never
+ * modifies this set.
+ *
+ * @param roles a set of roles to add
+ * @return a new set
+ */
+ public Roles addAll( Roles roles )
+ {
+ checkApplicationName( roles );
+ Roles newRoles = ( Roles ) clone();
+ newRoles.roles.putAll( roles.roles );
+ return newRoles;
+ }
+
+
+ /**
+ * Creates a new set of {@link Role}s which contains elements of
+ * this set excluding what exists in the specified set (NAND operation).
+ * This operation never modifies this set.
+ *
+ * @param roles a set of roles to remove
+ * @return a new set
+ */
+ public Roles removeAll( Roles roles )
+ {
+ checkApplicationName( roles );
+ Roles newRoles = ( Roles ) clone();
+ newRoles.roles.keySet().removeAll(
+ roles.roles.keySet() );
+ return newRoles;
+ }
+
+
+ /**
+ * Creates a new set of {@link Role}s which contains elements which
+ * exists in both this set and the specified set (AND operation). This
+ * operation never modifies this set.
+ *
+ * @param roles a set of roles to retain.
+ * @return a new set
+ */
+ public Roles retainAll( Roles roles )
+ {
+ checkApplicationName( roles );
+ Roles newRoles = ( Roles ) clone();
+ newRoles.roles.keySet().retainAll(
+ roles.roles.keySet() );
+ return newRoles;
+ }
+
+
+ public Roles getDependentRoles( String permName )
+ {
+ List dependents = new ArrayList();
+ for ( Iterator ii = this.roles.values().iterator(); ii.hasNext(); /**/ )
+ {
+ Role role = ( Role ) ii.next();
+ if ( role.hasPermission( permName ) )
+ {
+ dependents.add( role );
+ }
+ }
+
+ if ( dependents.size() == 0 )
+ {
+ return new Roles( getApplicationName(), EMPTY_ROLE_ARRAY );
+ }
+
+ Role[] roleArray = new Role[dependents.size()];
+ dependents.toArray( roleArray );
+ return new Roles( getApplicationName(), roleArray );
+ }
+
+
+ public Roles getDependentRoles( Permission perm )
+ {
+ if ( ! perm.getApplicationName().equals( getApplicationName() ) )
+ {
+ throw new IllegalArgumentException( "The permission '" + perm.getName() + "' is not " +
+ "\nassociated with this application. It is associated with " + perm.getApplicationName() );
+ }
+
+ List dependents = new ArrayList();
+ for ( Iterator ii = this.roles.values().iterator(); ii.hasNext(); /**/ )
+ {
+ Role role = ( Role ) ii.next();
+ if ( role.hasPermission( perm ) )
+ {
+ dependents.add( role );
+ }
+ }
+
+ if ( dependents.size() == 0 )
+ {
+ return new Roles( getApplicationName(), EMPTY_ROLE_ARRAY );
+ }
+
+ Role[] roleArray = new Role[dependents.size()];
+ dependents.toArray( roleArray );
+ return new Roles( getApplicationName(), roleArray );
+ }
+
+
+ // ------------------------------------------------------------------------
+ // Object Overrides
+ // ------------------------------------------------------------------------
+
+
+ public Object clone()
+ {
+ Role[] roleArray = new Role[ size() ];
+ roleArray = ( Role[] ) roles.values().toArray( roleArray );
+ return new Roles( applicationName, roleArray );
+ }
+
+
+ public int hashCode()
+ {
+ return applicationName.hashCode() ^ roles.hashCode();
+ }
+
+
+ public boolean equals( Object that )
+ {
+ if( this == that )
+ {
+ return true;
+ }
+
+ if( that instanceof Roles )
+ {
+ Roles thatP = ( Roles ) that;
+ // We don't compare application name because roles already
+ // contain it.
+ return this.roles.equals( thatP.roles );
+ }
+
+ return false;
+ }
+
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer();
+ buf.append( "Roles(" );
+ buf.append( applicationName );
+ buf.append( ": " );
+
+ // Sort roles by name
+ Set sortedRoles = new TreeSet( roles.values() );
+ Iterator i = sortedRoles.iterator();
+
+ // Add the first one
+ if( i.hasNext() )
+ {
+ Role r = ( Role ) i.next();
+ buf.append( r.getName() );
+
+ // Add others
+ while( i.hasNext() )
+ {
+ r = ( Role ) i.next();
+ buf.append( ", " );
+ buf.append( r.getName() );
+ }
+ }
+ else
+ {
+ buf.append( "empty" );
+ }
+
+ buf.append( ')' );
+
+ return buf.toString();
+ }
+
+
+ private void checkApplicationName( Roles roles )
+ {
+ if( !applicationName.equals( roles.getApplicationName() ) )
+ {
+ throw new IllegalArgumentException( "Wrong application name: " + roles.getApplicationName() );
+ }
+ }
+}
Added: directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/StoreConnectionException.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/StoreConnectionException.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/StoreConnectionException.java (added)
+++ directory/triplesec/trunk/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/StoreConnectionException.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+
+/**
+ * A {@link GuardianException} which is thrown when {@link ConnectionDriver}
+ * failed to connect to {@link ApplicationPolicy} due to network,
+ * authentication, or parameter problems.
+ *
+ * @author Trustin Lee
+ * @version $Rev: 53 $, $Date: 2005-08-21 20:58:16 -0400 (Sun, 21 Aug 2005) $
+ */
+public class StoreConnectionException extends GuardianException
+{
+ /** */
+ private static final long serialVersionUID = -3699779444160471445L;
+
+
+ /**
+ *
+ */
+ public StoreConnectionException()
+ {
+ super();
+ }
+
+
+ /**
+ *
+ * @param message
+ */
+ public StoreConnectionException( String message )
+ {
+ super(message);
+ }
+
+
+ /**
+ *
+ * @param nested
+ */
+ public StoreConnectionException( Throwable nested )
+ {
+ super(nested);
+ }
+
+
+ /**
+ *
+ * @param message
+ * @param nested
+ */
+ public StoreConnectionException( String message, Throwable nested )
+ {
+ super(message, nested);
+ }
+
+}
Added: directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/AbstractEntityTest.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/AbstractEntityTest.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/AbstractEntityTest.java (added)
+++ directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/AbstractEntityTest.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+
+/**
+ *
+ * @author Trustin Lee
+ * @version $Rev: 52 $, $Date: 2005-08-19 23:03:36 -0400 (Fri, 19 Aug 2005) $
+ */
+public abstract class AbstractEntityTest extends TestCase {
+
+ private Object a1;
+ private Object a2;
+ private Object b1;
+ private Object b2;
+ private Object wrong;
+
+ protected abstract Object newInstanceA1();
+ protected abstract Object newInstanceA2();
+ protected abstract Object newInstanceB1();
+ protected abstract Object newInstanceB2();
+
+ protected Object newWrongInstance()
+ {
+ return new Object();
+ }
+
+ public void setUp()
+ {
+ a1 = newInstanceA1();
+ a2 = newInstanceA2();
+ b1 = newInstanceB1();
+ b2 = newInstanceB2();
+ wrong = newWrongInstance();
+ }
+
+ public void testEquals()
+ {
+ Assert.assertEquals( a1, a1 );
+ Assert.assertEquals( a1, a2 );
+ Assert.assertFalse( a1.equals( null ) );
+ Assert.assertFalse( a1.equals( b1 ) );
+ Assert.assertFalse( a1.equals( b2 ) );
+ Assert.assertFalse( a1.equals( wrong ) );
+ }
+
+ public void testHashCode()
+ {
+ Assert.assertEquals( a1.hashCode(), a2.hashCode() );
+ Assert.assertFalse( a1.hashCode() == b1.hashCode() );
+ Assert.assertFalse( a1.hashCode() == b2.hashCode() );
+ }
+
+ public void testCompareTo()
+ {
+ if( !( a1 instanceof Comparable ) )
+ {
+ return;
+ }
+
+ Comparable a1 = ( Comparable ) this.a1;
+
+ Assert.assertTrue( a1.compareTo( a1 ) == 0 );
+ Assert.assertTrue( a1.compareTo( a2 ) == 0 );
+
+ try
+ {
+ a1.compareTo( null );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+
+ Assert.assertFalse( a1.compareTo( b1 ) == 0 );
+ Assert.assertFalse( a1.compareTo( b2 ) == 0 );
+
+ try
+ {
+ a1.compareTo( wrong );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( ClassCastException e )
+ {
+ // OK
+ }
+ }
+
+ public void testClone() throws Exception
+ {
+ Object a = a1;
+ Object b = a1.getClass().getMethod( "clone", null ).invoke( a1, null );
+ Assert.assertEquals( a, b );
+ _testClone( a, b );
+ }
+
+ protected void _testClone( Object a, Object b )
+ {
+ }
+
+ public void testToString() throws Exception
+ {
+ a1.toString();
+ a2.toString();
+ b1.toString();
+ b2.toString();
+ }
+
+ public static void main(String[] args) {
+ junit.textui.TestRunner.run(AbstractEntityTest.class);
+ }
+
+}
Added: directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java (added)
+++ directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,242 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Set;
+
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+
+public class ApplicationPolicyFactoryTest extends TestCase
+{
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( ApplicationPolicyFactoryTest.class );
+ }
+
+ protected void setUp() throws Exception
+ {
+ }
+
+ protected void tearDown() throws Exception
+ {
+ }
+
+ public void testDriverRegistration() throws Exception
+ {
+ ConnectionDriver testDriver1 = new TestConnectionDriver1();
+ ConnectionDriver testDriver2 = new TestConnectionDriver2();
+
+ // Register driver and make sure it works.
+ Assert.assertTrue( ApplicationPolicyFactory.registerDriver( testDriver1 ) );
+ Assert.assertTrue( ApplicationPolicyFactory.registerDriver( testDriver2 ) );
+ Assert.assertFalse( ApplicationPolicyFactory.registerDriver( testDriver1 ) );
+ ApplicationPolicy testStore = ApplicationPolicyFactory.newInstance( "test2:dummy", new Properties() );
+ Assert.assertEquals( "Test", testStore.getApplicationName() );
+
+ // Deregister driver and make sure it doesn't work.
+ Assert.assertTrue( ApplicationPolicyFactory.deregisterDriver( testDriver1.getClass() ) );
+ Assert.assertFalse( ApplicationPolicyFactory.deregisterDriver( testDriver1.getClass() ) );
+ Assert.assertFalse( ApplicationPolicyFactory.deregisterDriver( Integer.class ) );
+ try
+ {
+ ApplicationPolicyFactory.newInstance( "test:dummy", new Properties() );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( NoConnectionDriverException e )
+ {
+ // OK
+ }
+ }
+
+ public void testConnectionRetry()
+ {
+ FailingConnectionDriver driver = new FailingConnectionDriver();
+ ApplicationPolicyFactory.registerDriver( driver );
+
+ String url = "failure:dummy";
+ Properties info = new Properties();
+
+ // No retries
+ try
+ {
+ ApplicationPolicyFactory.newInstance( url, null );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( StoreConnectionException e )
+ {
+ // OK
+ }
+
+ // Two retries
+ driver.reset();
+ info.setProperty( ApplicationPolicyFactory.RETRY_COUNT, "2" );
+ ApplicationPolicyFactory.newInstance( url, info );
+
+ // Wrong retry count
+ driver.reset();
+ info.setProperty( ApplicationPolicyFactory.RETRY_COUNT, "-1" );
+ try
+ {
+ ApplicationPolicyFactory.newInstance( url, info );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( StoreConnectionException e )
+ {
+ // OK
+ }
+
+ // With retry delay
+ driver.reset();
+ info.setProperty( ApplicationPolicyFactory.RETRY_COUNT, "2" );
+ info.setProperty( ApplicationPolicyFactory.RETRY_DELAY, "1" );
+ ApplicationPolicyFactory.newInstance( url, info );
+
+ // With wrong retry delay
+ driver.reset();
+ info.setProperty( ApplicationPolicyFactory.RETRY_COUNT, "2" );
+ info.setProperty( ApplicationPolicyFactory.RETRY_DELAY, "-1" );
+ ApplicationPolicyFactory.newInstance( url, info );
+ }
+
+ private static class TestConnectionDriver implements ConnectionDriver
+ {
+ private final String prefix;
+
+ public TestConnectionDriver( String prefix )
+ {
+ this.prefix = prefix;
+ }
+
+ public boolean accept(String url) {
+ return url.startsWith( prefix );
+ }
+
+ public ApplicationPolicy newStore(String url, Properties info) throws GuardianException {
+ return new ApplicationPolicy()
+ {
+ public String getApplicationName() {
+ return "Test";
+ }
+
+ public Roles getRoles() {
+ return null;
+ }
+
+ public Permissions getPermissions() {
+ return null;
+ }
+
+ public Profile getProfile(String userName) {
+ return null;
+ }
+
+ public void close() {}
+
+
+ public String getDescription()
+ {
+ return null;
+ }
+
+ public boolean removePolicyListener( PolicyChangeListener listener )
+ {
+ return false;
+ }
+
+ public boolean addPolicyListener( PolicyChangeListener listener )
+ {
+ return false;
+ }
+
+ public Set getDependentProfileNames( Role role ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Set getDependentProfileNames( Permission permission ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Set getUserProfileIds( String userName ) throws GuardianException
+ {
+ return Collections.EMPTY_SET;
+ }
+
+ public Iterator getProfileIdIterator() throws GuardianException
+ {
+ return null;
+ }
+
+ public Profile getAdminProfile()
+ {
+ return null;
+ }
+ };
+ }
+ }
+
+ private static class TestConnectionDriver1 extends TestConnectionDriver
+ {
+ public TestConnectionDriver1()
+ {
+ super( "test1" );
+ }
+ }
+
+ private static class TestConnectionDriver2 extends TestConnectionDriver
+ {
+ public TestConnectionDriver2()
+ {
+ super( "test2" );
+ }
+ }
+
+ private static class FailingConnectionDriver extends TestConnectionDriver
+ {
+ private int counter = 0;
+ public FailingConnectionDriver()
+ {
+ super( "failure" );
+ }
+
+ public void reset()
+ {
+ counter = 0;
+ }
+
+ public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ {
+ counter++;
+ if( counter == 3 )
+ {
+ return super.newStore( url, info );
+ }
+
+ throw new StoreConnectionException();
+ }
+ }
+}
Added: directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ExceptionTests.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ExceptionTests.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ExceptionTests.java (added)
+++ directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ExceptionTests.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+
+import junit.framework.TestCase;
+
+
+/**
+ * Just here to make clover happy with Exceptions.
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @version $Rev: 25 $
+ */
+public class ExceptionTests extends TestCase
+{
+ public void testGuardianExceptionTests()
+ {
+ GuardianException e = new GuardianException();
+ assertNotNull( e );
+ e = new GuardianException( "some message" );
+ assertNotNull( e );
+ e = new GuardianException( new NullPointerException() );
+ assertNotNull( e );
+ e = new GuardianException( "some message", new NullPointerException() );
+ assertNotNull( e );
+ }
+
+
+ public void testNoConnectionDriverExceptionTests()
+ {
+ NoConnectionDriverException e = new NoConnectionDriverException();
+ assertNotNull( e );
+ e = new NoConnectionDriverException( "some message" );
+ assertNotNull( e );
+ e = new NoConnectionDriverException( new NullPointerException() );
+ assertNotNull( e );
+ e = new NoConnectionDriverException( "some message", new NullPointerException() );
+ assertNotNull( e );
+ }
+}
Added: directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionTest.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionTest.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionTest.java (added)
+++ directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionTest.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+
+/**
+ *
+ * @author Trustin Lee
+ * @version $Rev: 52 $, $Date: 2005-08-19 23:03:36 -0400 (Fri, 19 Aug 2005) $
+ */
+public class PermissionTest extends AbstractEntityTest
+{
+
+ protected Object newInstanceA1()
+ {
+ return new Permission( "app1", "perm1" );
+ }
+
+
+ protected Object newInstanceA2()
+ {
+ return new Permission( "app1", "perm1" );
+ }
+
+
+ protected Object newInstanceB1()
+ {
+ return new Permission( "app1", "perm2" );
+ }
+
+
+ protected Object newInstanceB2()
+ {
+ return new Permission( "app2", "perm1" );
+ }
+
+
+ public void testInstantiation()
+ {
+ try
+ {
+ new Permission( "test", null );
+ fail( "Exception is not thrown." );
+ }
+ catch ( NullPointerException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Permission( null, "test" );
+ fail( "Exception is not thrown." );
+ }
+ catch ( NullPointerException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Permission( "test", "" );
+ fail( "Exception is not thrown." );
+ }
+ catch ( IllegalArgumentException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Permission( "", "test" );
+ fail( "Exception is not thrown." );
+ }
+ catch ( IllegalArgumentException e )
+ {
+ // OK
+ }
+ }
+
+
+ public void testPropeties()
+ {
+ Permission p = new Permission( "a", "b", "c" );
+ assertEquals( "a", p.getApplicationName() );
+ assertEquals( "b", p.getName() );
+ assertEquals( "c", p.getDescription() );
+ }
+
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( PermissionTest.class );
+ }
+}
Added: directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionsTest.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionsTest.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionsTest.java (added)
+++ directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/PermissionsTest.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import junit.framework.Assert;
+
+
+/**
+ *
+ *
+ * @author Trustin Lee
+ * @version $Rev: 52 $, $Date: 2005-08-19 23:03:36 -0400 (Fri, 19 Aug 2005) $
+ *
+ */
+public class PermissionsTest extends AbstractEntityTest
+{
+ protected Object newInstanceA1()
+ {
+ return new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ new Permission( "app1", "perm2" ),
+ new Permission( "app1", "perm3" ),
+ });
+ }
+
+ protected Object newInstanceA2()
+ {
+ return new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ new Permission( "app1", "perm2" ),
+ new Permission( "app1", "perm3" ),
+ });
+ }
+
+ protected Object newInstanceB1()
+ {
+ return new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ });
+ }
+
+ protected Object newInstanceB2()
+ {
+ return new Permissions( "app2", new Permission[0] );
+ }
+
+ public void testInstantiation()
+ {
+ // Test null values
+ try
+ {
+ new Permissions( null, null );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+
+ // Test empty values
+ try
+ {
+ new Permissions( "", null );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+ // Test null elements
+ Permissions perms = new Permissions( "app1", new Permission[] {
+ null, null, null,
+ });
+ Assert.assertTrue( perms.isEmpty() );
+
+ // Test mismatching application names
+ try
+ {
+ new Permissions( "app1", new Permission[] {
+ new Permission( "app2", "perm1" ),
+ });
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ //OK
+ }
+
+ Assert.assertTrue( perms.isEmpty() );
+ }
+
+ public void testProperties()
+ {
+ Permission p1 = new Permission( "app1", "perm1" );
+ Permission p2 = new Permission( "app1", "perm2" );
+ Permission p3 = new Permission( "app1", "perm3" );
+ Permissions perms = new Permissions( "app1", new Permission[] {
+ p1, p2, p3,
+ });
+
+ Assert.assertEquals( "app1", perms.getApplicationName() );
+ Assert.assertEquals( 3, perms.size() );
+ Assert.assertTrue( perms.contains( p1 ) );
+ Assert.assertTrue( perms.contains( p2 ) );
+ Assert.assertTrue( perms.contains( p3 ) );
+ Assert.assertTrue( perms.contains( p1.getName() ) );
+ Assert.assertTrue( perms.contains( p2.getName() ) );
+ Assert.assertTrue( perms.contains( p3.getName() ) );
+ Assert.assertEquals( p1, perms.get( p1.getName() ) );
+ Assert.assertEquals( p2, perms.get( p2.getName() ) );
+ Assert.assertEquals( p3, perms.get( p3.getName() ) );
+
+ // Test iterator integrity
+ Set allPerms = new HashSet();
+ allPerms.add( p1 );
+ allPerms.add( p2 );
+ allPerms.add( p3 );
+ for( Iterator i = perms.iterator(); i.hasNext(); )
+ {
+ Permission p = ( Permission ) i.next();
+ Assert.assertTrue( allPerms.contains( p ) );
+ allPerms.remove( p );
+ }
+ }
+
+ public void testSetOperations()
+ {
+ Permissions perms1 = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ });
+ Permissions perms2 = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm2" ),
+ });
+ Permissions perms12 = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ new Permission( "app1", "perm2" ),
+ });
+ Permissions wrongPerms = new Permissions( "wrongApp", null );
+
+
+ // addAll
+ Assert.assertEquals( perms12, perms1.addAll( perms2 ) );
+ Assert.assertEquals( perms1, perms1.addAll( perms1 ) );
+ try
+ {
+ perms1.addAll( wrongPerms );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+ // removeAll
+ Assert.assertEquals( perms1, perms12.removeAll( perms2 ) );
+ Assert.assertEquals( perms1, perms1.removeAll( perms2 ) );
+ try
+ {
+ perms1.removeAll( wrongPerms );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+ // retainAll
+ Assert.assertEquals( perms1, perms12.retainAll( perms1 ) );
+ Assert.assertEquals(
+ new Permissions( "app1", null ), perms1.retainAll( perms2 ) );
+ try
+ {
+ perms1.retainAll( wrongPerms );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+ // containsAll
+ Assert.assertTrue( perms12.containsAll( perms12 ) );
+ Assert.assertFalse( perms1.containsAll( perms12 ) );
+ try
+ {
+ perms1.containsAll( wrongPerms );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+ }
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( PermissionsTest.class );
+ }
+
+}
Added: directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ProfileTest.java
URL: http://svn.apache.org/viewvc/directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ProfileTest.java?view=auto&rev=558849
==============================================================================
--- directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ProfileTest.java (added)
+++ directory/triplesec/trunk/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ProfileTest.java Mon Jul 23 13:01:54 2007
@@ -0,0 +1,401 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.triplesec.guardian;
+
+import java.security.AccessControlException;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+
+import junit.framework.Assert;
+
+/**
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @version $Rev: 72 $
+ */
+public class ProfileTest extends AbstractEntityTest
+{
+ private static final ApplicationPolicy STORE1 = new TestApplicationPolicyStore(
+ "app1" );
+
+ private static final ApplicationPolicy STORE2 = new TestApplicationPolicyStore(
+ "app2" );
+
+ protected Object newInstanceA1()
+ {
+ return new Profile( STORE1, "trustin", "trustin", null, null, null, false );
+ }
+
+ protected Object newInstanceA2()
+ {
+ return new Profile( STORE1, "trustin", "trustin", null, null, null, false );
+ }
+
+ protected Object newInstanceB1()
+ {
+ return new Profile( STORE1, "alex", "alex", null, null, null, false );
+ }
+
+ protected Object newInstanceB2()
+ {
+ return new Profile( STORE2, "trustin", "trustin", null, null, null, false );
+ }
+
+ public void testInstantiation()
+ {
+ Roles roles = new Roles( "app1", new Role[] {
+ new Role( STORE1, "role1", new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ })),
+ });
+ Permissions grants = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ });
+ Permissions denials = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm2" ),
+ });
+
+ // Test null parameters
+ try
+ {
+ new Profile( null, "trustin", "trustin", roles, grants, denials, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Profile( STORE1, null, "trustin", roles, grants, denials, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+
+ // Test empty fields
+ try
+ {
+ new Profile( STORE1, "", "trustin", roles, grants, denials, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Profile( new TestApplicationPolicyStore( "" ), "role1", "trustin", roles, grants, denials, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+ // Test unknown permissions
+ Permissions wrongPerms = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "wrongPerm" ),
+ });
+ try
+ {
+
+ new Profile( STORE1, "trustin", "trustin", roles, wrongPerms, denials, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+ try
+ {
+
+ new Profile( STORE1, "trustin", "trustin", roles, grants, wrongPerms, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+
+ // Test mismatching application names.
+ try
+ {
+ new Profile( STORE2, "role1", "trustin", roles, null, null, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Profile( STORE2, "role1", "trustin", null, grants, null, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+ try
+ {
+ new Profile( STORE2, "role1", "trustin", null, null, denials, false );
+ Assert.fail( "Execption is not thrown." );
+ }
+ catch( IllegalArgumentException e )
+ {
+ // OK
+ }
+
+ Profile p = new Profile( STORE1, "role1", "trustin", null, null, null, false );
+ Assert.assertEquals( 0, p.getRoles().size() );
+ Assert.assertEquals( 0, p.getGrants().size() );
+ Assert.assertEquals( 0, p.getDenials().size() );
+ assertEquals( "trustin", p.getUserName() );
+ }
+
+ public void testProperties()
+ {
+ Roles roles = new Roles( "app1", new Role[] {
+ new Role( STORE1, "role1", new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm2" ),
+ new Permission( "app1", "perm3" ),
+ new Permission( "app1", "perm4" ),
+ })),
+ });
+ Permissions grants = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ new Permission( "app1", "perm2" ),
+ });
+ Permissions denials = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm3" ),
+ });
+
+ Profile p = new Profile( STORE1, "trustin", "trustin", roles, grants, denials, "test description", false );
+ assertEquals( "app1", p.getApplicationName() );
+ assertEquals( "trustin", p.getProfileId() );
+ assertEquals( roles, p.getRoles() );
+ assertEquals( grants, p.getGrants() );
+ assertEquals( denials, p.getDenials() );
+ assertEquals( "test description", p.getDescription() );
+
+ Permissions effectivePermissions = new Permissions( "app1", new Permission[] {
+ new Permission( "app1", "perm1" ),
+ new Permission( "app1", "perm2" ),
+ new Permission( "app1", "perm4" ),
+ });
+ assertEquals( effectivePermissions, p.getEffectivePermissions() );
+
+ assertTrue( p.isInRole( "role1" ) );
+ }
+
+ public void testRolePermissions()
+ {
+ Permission perm = new Permission( "app1", "perm1" );
+ Permission wrongPerm = new Permission( "app1", "perm2" );
+ Permissions perms = new Permissions( "app1", new Permission[] { perm, } );
+
+ // Effective permissions will be: 'perm1'
+ Profile p = new Profile(
+ STORE1, "trustin", "trustin",
+ new Roles( "app1", null ),
+ perms, null, false );
+
+ // Check existing permissions
+ p.checkPermission( perm );
+ p.checkPermission( perm, "unused" );
+ p.checkPermission( perm.getName() );
+ p.checkPermission( perm.getName(), "unused" );
+ assertTrue( p.hasPermission( perm ) );
+ assertTrue( p.hasPermission( perm.getName() ) );
+ assertFalse( p.hasPermission( "nonexistant" ) );
+
+ // Check null parameters
+ try
+ {
+ p.checkPermission( ( Permission ) null );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+ try
+ {
+ p.checkPermission( ( String ) null );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+ try
+ {
+ p.checkPermission( ( Permission ) null, "unused" );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+ try
+ {
+ p.checkPermission( ( String ) null, "unused" );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( NullPointerException e )
+ {
+ // OK
+ }
+
+ // Check non-existing permissions
+ try
+ {
+ p.checkPermission( wrongPerm );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( AccessControlException e )
+ {
+ // OK
+ }
+ try
+ {
+ p.checkPermission( wrongPerm, "unused" );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( AccessControlException e )
+ {
+ // OK
+ }
+ try
+ {
+ p.checkPermission( wrongPerm.getName() );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( AccessControlException e )
+ {
+ // OK
+ }
+ try
+ {
+ p.checkPermission( wrongPerm.getName(), "unused" );
+ Assert.fail( "Exception is not thrown." );
+ }
+ catch( AccessControlException e )
+ {
+ // OK
+ }
+ }
+
+
+ protected void _testClone( Object a, Object b )
+ {
+ Profile pa = ( Profile ) a;
+ Profile pb = ( Profile ) b;
+ Assert.assertEquals( pa.getRoles(), pb.getRoles() );
+ Assert.assertEquals( pa.getGrants(), pb.getGrants() );
+ Assert.assertEquals( pa.getDenials(), pb.getDenials() );
+ }
+
+ private static class TestApplicationPolicyStore implements
+ ApplicationPolicy
+ {
+ private final String appName;
+
+ public TestApplicationPolicyStore( String appName )
+ {
+ this.appName = appName;
+ }
+
+ public String getApplicationName()
+ {
+ return appName;
+ }
+
+ public Roles getRoles()
+ {
+ return null;
+ }
+
+ public Permissions getPermissions()
+ {
+ Permission[] perms = new Permission[] {
+ new Permission( appName, "perm1" ),
+ new Permission( appName, "perm2" ),
+ new Permission( appName, "perm3" ),
+ new Permission( appName, "perm4" ),
+ };
+ return new Permissions( appName, perms );
+ }
+
+ public Profile getProfile( String userName )
+ {
+ return null;
+ }
+
+
+ public String getDescription()
+ {
+ return null;
+ }
+
+
+ public void close() {}
+
+ public boolean removePolicyListener( PolicyChangeListener listener )
+ {
+ return false;
+ }
+
+ public boolean addPolicyListener( PolicyChangeListener listener )
+ {
+ return false;
+ }
+
+ public Set getDependentProfileNames( Role role ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Set getDependentProfileNames( Permission permission ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Set getUserProfileIds( String userName ) throws GuardianException
+ {
+ return Collections.EMPTY_SET;
+ }
+
+ public Iterator getProfileIdIterator() throws GuardianException
+ {
+ return null;
+ }
+
+ public Profile getAdminProfile()
+ {
+ return null;
+ }
+ }
+}