You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stanbol.apache.org by re...@apache.org on 2012/08/23 21:50:09 UTC
svn commit: r1376665 [2/2] - in /incubator/stanbol/trunk: commons/
commons/authentication.basic/ commons/authentication.basic/.settings/
commons/authentication.basic/src/ commons/authentication.basic/src/main/
commons/authentication.basic/src/main/appe...
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Comparator;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
+import javax.security.auth.Subject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.stanbol.commons.security.UserUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+@Component(immediate=true)
+@Service(Filter.class)
+@Property(name="pattern",value=".*")
+@Reference(name="weightedAuthenticationMethod",
+ cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ referenceInterface=WeightedAuthenticationMethod.class)
+public class AuthenticatingFilter implements Filter {
+
+
+ private final Logger logger = LoggerFactory.getLogger(AuthenticatingFilter.class);
+ private SortedSet<WeightedAuthenticationMethod> methodList =
+ new TreeSet<WeightedAuthenticationMethod>(new WeightedAuthMethodComparator());
+
+
+ private Subject getSubject() {
+ Subject subject = UserUtil.getCurrentSubject();
+ if (subject== null) {
+ subject = new Subject();
+ }
+ return subject;
+ }
+
+ /**
+ * Registers a <code>WeightedAuthenticationMethod</code>
+ *
+ * @param method the method to be registered
+ */
+ protected void bindWeightedAuthenticationMethod(WeightedAuthenticationMethod method) {
+ methodList.add(method);
+ }
+
+ /**
+ * Unregister a <code>WeightedAuthenticationMethod</code>
+ *
+ * @param method the method to be unregistered
+ */
+ protected void unbindWeightedAuthenticationMethod(WeightedAuthenticationMethod method) {
+ methodList.remove(method);
+ }
+
+ /**
+ * Compares the WeightedAuthenticationMethods, descending for weight and ascending by name
+ */
+ static class WeightedAuthMethodComparator
+ implements Comparator<WeightedAuthenticationMethod> {
+
+ @Override
+ public int compare(WeightedAuthenticationMethod o1,
+ WeightedAuthenticationMethod o2) {
+ int o1Weight = o1.getWeight();
+ int o2Weight = o2.getWeight();
+ if (o1Weight != o2Weight) {
+ return o2Weight - o1Weight;
+ }
+ return o1.getClass().toString().compareTo(o2.getClass().toString());
+ }
+ }
+
+ private void writeLoginResponse(final HttpServletRequest request, final HttpServletResponse response, Throwable e) throws ServletException, IOException {
+ for (AuthenticationMethod authMethod : methodList) {
+ if (authMethod.writeLoginResponse(request, response, e)) {
+ break;
+ }
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
+ final FilterChain chain) throws IOException, ServletException {
+
+ logger.debug("filtering request");
+ final HttpServletRequest request = (HttpServletRequest) servletRequest;
+ final HttpServletResponse response = (HttpServletResponse) servletResponse;
+ final Subject subject = getSubject();
+ AuthenticationMethod authenticationMethod = null;
+ try {
+ for (Iterator<WeightedAuthenticationMethod> it = methodList.iterator(); it.hasNext();) {
+ authenticationMethod = it.next();
+ if (authenticationMethod.authenticate(request,subject)) {
+ break;
+ }
+ }
+ } catch (LoginException ex) {
+ if (!authenticationMethod.writeLoginResponse(request, response, ex)) {
+ writeLoginResponse(request, response, ex);
+ }
+ return;
+ }
+
+ Set<Principal> principals = subject.getPrincipals();
+ if (principals.size() == 0) {
+ principals.add(UserUtil.ANONYMOUS);
+ }
+ try {
+ Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Object>() {
+
+ @Override
+ public Object run() throws Exception {
+ chain.doFilter(request, response);
+ return null;
+ }
+ }, null);
+
+ } catch (PrivilegedActionException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof ServletException) {
+ throw (ServletException) cause;
+ }
+ if (cause instanceof RuntimeException) {
+ throw (RuntimeException) cause;
+ }
+ throw new RuntimeException(e);
+ } catch (SecurityException e) {
+ logger.debug("SecurityException: {}", e);
+ writeLoginResponse(request, response, e);
+ }
+
+ }
+
+ @Override
+ public void destroy() {
+ // TODO Auto-generated method stub
+
+ }
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationChecker.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationChecker.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationChecker.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationChecker.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.stanbol.commons.security.auth;
+
+/**
+ * A service that checks if a provided username and password matches a
+ * username and password in a credentials store.
+ *
+ * @author mir
+ */
+public interface AuthenticationChecker {
+
+ /**
+ * Checks if the provided username and password matches a username and
+ * password in a credentials store.
+ * @param userName
+ * The name of the user to authenticate. The name uniquely identifies
+ * the user.
+ * @param password
+ * The password used to authenticate the user identified by the user
+ * name.
+ * @return true is the user has been authenticated, false if the user can
+ * not be authenticated
+ * @throws NoSuchAgent if no user could be found for the provided user name
+ */
+ boolean authenticate(String userName, String password) throws NoSuchAgent;
+
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationCheckerImpl.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationCheckerImpl.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationCheckerImpl.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationCheckerImpl.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+import java.security.AccessController;
+import java.util.Iterator;
+import java.util.concurrent.locks.Lock;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.stanbol.commons.security.PasswordUtil;
+import org.apache.clerezza.rdf.core.Literal;
+import org.apache.clerezza.rdf.core.NonLiteral;
+import org.apache.clerezza.rdf.core.Triple;
+import org.apache.clerezza.rdf.core.impl.PlainLiteralImpl;
+import org.apache.clerezza.rdf.ontologies.PERMISSION;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.apache.clerezza.platform.config.SystemConfig;
+import org.apache.clerezza.rdf.core.access.LockableMGraph;
+import org.apache.clerezza.rdf.ontologies.PLATFORM;
+
+/**
+ * A service that checks if a provided username and password matches a
+ * username and password stored in the system graph
+ *
+ * @author mir
+ */
+@Component
+@Service(value=AuthenticationChecker.class)
+public class AuthenticationCheckerImpl implements AuthenticationChecker {
+
+ private final static Logger logger = LoggerFactory.getLogger(AuthenticationCheckerImpl.class);
+
+ @Reference(target=SystemConfig.SYSTEM_GRAPH_FILTER)
+ private LockableMGraph systemGraph;
+
+ /**
+ * Checks if the provided username and password matches a username and
+ * password stored in the system graph
+ *
+ * @param userName
+ * @param password
+ * @return true if the password matched, false otherwise
+ * @throws org.apache.stanbol.commons.security.auth.NoSuchAgent
+ */
+ @Override
+ public boolean authenticate(String userName, String password) throws NoSuchAgent
+ {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ AccessController.checkPermission(new CheckAuthenticationPermission());
+ }
+ NonLiteral agent = getAgentFromGraph(userName);
+ String storedPassword = getPasswordOfAgent(agent);
+ if (storedPassword.equals(PasswordUtil.convertPassword(password))) {
+ logger.debug("user {} successfully authenticated", userName);
+ return true;
+ } else {
+ logger.debug("unsuccessful authentication attempt as user {}", userName);
+ return false;
+ }
+ }
+
+ private NonLiteral getAgentFromGraph(String userName) throws NoSuchAgent {
+ NonLiteral agent;
+ Lock l = systemGraph.getLock().readLock();
+ l.lock();
+ try {
+ Iterator<Triple> agents = systemGraph.filter(null, PLATFORM.userName, new PlainLiteralImpl(userName));
+ if (agents.hasNext()) {
+ agent = agents.next().getSubject();
+ } else {
+ logger.debug("unsuccessful authentication attempt as non-existent user {}", userName);
+ throw new NoSuchAgent();
+ }
+ } finally {
+ l.unlock();
+ }
+ return agent;
+ }
+
+ private String getPasswordOfAgent(NonLiteral agent) {
+ String storedPassword = "";
+ Lock l = systemGraph.getLock().readLock();
+ l.lock();
+ try {
+ Iterator<Triple> agentPassword = systemGraph.filter(agent, PERMISSION.passwordSha1, null);
+ if (agentPassword.hasNext()) {
+ storedPassword = ((Literal) agentPassword.next().getObject()).getLexicalForm();
+ }
+ } finally {
+ l.unlock();
+ }
+ return storedPassword;
+ }
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationMethod.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationMethod.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationMethod.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationMethod.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Classes implementing this interface provide a method to authenticate a
+ * a user with the information provided in a http request.
+ */
+public interface AuthenticationMethod {
+
+ /**
+ * Returns the Subject of the authenticate user containing the principal
+ * of the authentication and possibly some credentials. If the authentication failed, an
+ * <code>LoginException</code> will be thrown. If no authentication
+ * information are available null is returned.
+ * @param request containing the information to authenticate a subject
+ * @param subject to add authentication information to
+ * @return true if this method did authenticate, false otherwise
+ * @throws LoginException This exception is thrown in case
+ * the login procedure failed.
+ * @throws HandlerException
+ */
+ public boolean authenticate(HttpServletRequest request, Subject subject)
+ throws LoginException, ServletException;
+
+ /**
+ * Modifies the specified <code>Response</code> according the specified
+ * <code>Request</code> and <code>Throwable</code>
+ * (e.g. <code>LoginException</code> or <code>AccessControllException</code>.
+ * The response leads to or provides further instructions for a client to
+ * log in.
+ * @return true, iff the response was modified
+ */
+ public boolean writeLoginResponse(HttpServletRequest request,HttpServletResponse response,
+ Throwable cause) throws ServletException, IOException;
+
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationService.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationService.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationService.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticationService.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Provides user authentication given the user credentials.
+ *
+ * This service considers all enabled {@link AuthenticationChecker} services to
+ * authenticate a user. If multiple AuthenticationCheckers are present,
+ * only one needs to positively authenticate the user for the authentication
+ * process to succeed.
+ *
+ * @author daniel
+ */
+@Component
+@Service(AuthenticationService.class)
+@Reference(name = "restrictionElement",
+cardinality = ReferenceCardinality.MANDATORY_MULTIPLE,
+policy = ReferencePolicy.DYNAMIC,
+referenceInterface = AuthenticationChecker.class)
+public class AuthenticationService {
+ private final static Logger logger =
+ LoggerFactory.getLogger(AuthenticationCheckerImpl.class);
+
+ private List<AuthenticationChecker> authenticationCheckers =
+ new ArrayList<AuthenticationChecker>();
+
+
+ /**
+ * Authenticates a user given its user name and password credentials.
+ *
+ * @param userName
+ * The name of the user to authenticate. The name uniquely identifies
+ * the user.
+ * @param password
+ * The password used to authenticate the user identified by the user
+ * name.
+ * @return true is the user has been authenticated, false if the user can
+ * not be authenticated
+ * @throws NoSuchAgent if no user could be found for the provided user name
+ */
+ public boolean authenticateUser(String userName, String password)
+ throws NoSuchAgent {
+
+ boolean userNameExists = false;
+ for(AuthenticationChecker checker : authenticationCheckers) {
+ try {
+ if(checker.authenticate(userName, password)) {
+ return true;
+ }
+ userNameExists = true;
+ } catch (NoSuchAgent ex) {
+ continue;
+ }
+ }
+
+ if(!userNameExists) {
+ logger.info("No service could unsuccessfully authenticate user {}. Reason: user does not exist", userName);
+ throw new NoSuchAgent();
+ }
+ return false;
+ }
+
+ /**
+ * Called when new {@link AuthenticationChecker} services are registered in
+ * the OSGi environment.
+ *
+ * @param service the AuthenticationChecker
+ */
+ protected void bindAuthenticationChecker(AuthenticationChecker service) {
+ authenticationCheckers.add(service);
+ }
+
+ /**
+ * Called when {@link AuthenticationChecker} services are unregistered
+ * in the OSGi environment.
+ *
+ * @param service the AuthenticationChecker
+ */
+ protected void unbindAuthenticationChecker(AuthenticationChecker service) {
+ authenticationCheckers.remove(service);
+ }
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/CheckAuthenticationPermission.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/CheckAuthenticationPermission.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/CheckAuthenticationPermission.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/CheckAuthenticationPermission.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+import java.security.Permission;
+
+/*@PermissionInfo(value="Authentication Checker Permission", description=" Grants permission " +
+ "to use the AuthenticationChecker service which checks if a provided username " +
+ "and password matches a username and password stored in the system graph")*/
+public class CheckAuthenticationPermission extends Permission {
+
+ public CheckAuthenticationPermission() {
+ super(null);
+ }
+
+ public CheckAuthenticationPermission(String name, String actions) {
+ super(null);
+ }
+
+ @Override
+ public boolean implies(Permission permission) {
+ if (permission instanceof CheckAuthenticationPermission) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
+ if (obj instanceof CheckAuthenticationPermission) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ return 0;
+ }
+
+ @Override
+ public String getActions() {
+ return "authenticate";
+ }
+
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginException.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginException.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginException.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginException.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+/**
+ * This exception is thrown when information needed for authentication is
+ * missing or invalid.
+ *
+ * @author mir
+ */
+public class LoginException extends Exception {
+
+ public static final String USER_NOT_EXISTING = "user not existing";
+ public static final String PASSWORD_NOT_MATCHING = "password did not match";
+ private String type;
+
+ public LoginException(String type) {
+ this.type = type;
+ }
+
+ public String getType() {
+ return type;
+ }
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginListener.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginListener.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginListener.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/LoginListener.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+/**
+ * A Service interface whose implementations will be notified when a user has
+ * successfully logged in.
+ *
+ * @author tio
+ */
+public interface LoginListener {
+
+ /**
+ * Notifies when a user is logged in successfully.
+ *
+ * @param userName of the user who has successfully logged in
+ */
+ public void userLoggedIn(String userName);
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/NoSuchAgent.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/NoSuchAgent.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/NoSuchAgent.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/NoSuchAgent.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+public class NoSuchAgent extends Exception {
+
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/PrincipalImpl.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/PrincipalImpl.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/PrincipalImpl.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/PrincipalImpl.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+import java.security.Principal;
+
+/**
+ *
+ * @author clemens
+ */
+public class PrincipalImpl implements Principal {
+ private String name;
+
+ public PrincipalImpl(String name){
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (!(obj instanceof PrincipalImpl)) {
+ return false;
+ }
+ return getName().equals(((PrincipalImpl)obj).getName());
+ }
+
+ @Override
+ public int hashCode() {
+ return getName().hashCode();
+ }
+
+}
Added: incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/WeightedAuthenticationMethod.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/WeightedAuthenticationMethod.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/WeightedAuthenticationMethod.java (added)
+++ incubator/stanbol/trunk/commons/security/src/main/java/org/apache/stanbol/commons/security/auth/WeightedAuthenticationMethod.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security.auth;
+
+/**
+ *
+ * @author mir
+ */
+public interface WeightedAuthenticationMethod extends AuthenticationMethod{
+
+ /**
+ * Get the weight of this method. {@link AuthenticatingFilter}
+ * will prioritize <code>AuthenticationMethod</code>s with greater weight.
+ *
+ * @return a positive number indicating the weight of the method
+ */
+ public int getWeight();
+}
Added: incubator/stanbol/trunk/commons/security/src/main/resources/META-INF/documentation.nt
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/main/resources/META-INF/documentation.nt?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/main/resources/META-INF/documentation.nt (added)
+++ incubator/stanbol/trunk/commons/security/src/main/resources/META-INF/documentation.nt Thu Aug 23 19:50:06 2012
@@ -0,0 +1,69 @@
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db6 <http://discobits.org/ontology#holds> <bundle:///security-content-el/3-content> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db6 <http://discobits.org/ontology#pos> "1" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db6 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db5 <http://discobits.org/ontology#holds> <bundle:///security-content> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db5 <http://discobits.org/ontology#pos> "1" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db5 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db4 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db4 <http://discobits.org/ontology#pos> "3" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db4 <http://discobits.org/ontology#holds> <bundle:///security-content-el/1> .
+<bundle:///security-content-el/3-title> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-content-el/3-title> <http://discobits.org/ontology#infoBit> "Permission Management"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db3 <http://discobits.org/ontology#holds> <bundle:///security-content-el/1-content> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db3 <http://discobits.org/ontology#pos> "1" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db3 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db2 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db2 <http://discobits.org/ontology#pos> "0" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db2 <http://discobits.org/ontology#holds> <bundle:///security-content-el/2-title> .
+<bundle:///security-content> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#OrderedContent> .
+<bundle:///security-content> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db1 .
+<bundle:///security-content> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db0 .
+<bundle:///security-content> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7daf .
+<bundle:///security-content> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db4 .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dae <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dae <http://discobits.org/ontology#pos> "1" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dae <http://discobits.org/ontology#holds> <bundle:///security-content-el/2-content> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dad <http://discobits.org/ontology#holds> <bundle:///security-content-el/3-title> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dad <http://discobits.org/ontology#pos> "0" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dad <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dac <http://discobits.org/ontology#holds> <bundle:///security-content-el/1-title> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dac <http://discobits.org/ontology#pos> "0" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dac <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+<bundle:///security-content-el/2-title> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-content-el/2-title> <http://discobits.org/ontology#infoBit> "User Authentication"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+<bundle:///security-content-el/3-content> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-content-el/3-content> <http://discobits.org/ontology#infoBit> "Permissions can be assigned to any user as well as to any role.\nA permission is defined by three attributes:\n<ul xmlns=\"http://www.w3.org/1999/xhtml\">\n<li>tpye: the qualified class name, e.g., java.io.FilePermission</li>\n<li>name: the name of the permission, e.g., the path in case of java.io.FilePermission</li>\n<li>actions: the actions that the permission allows, e.g., read, write</li>\n</ul>\n"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dab <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dab <http://discobits.org/ontology#holds> <bundle:///security-title> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7dab <http://discobits.org/ontology#pos> "0" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db0 <http://discobits.org/ontology#holds> <bundle:///security-content-el/2> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db0 <http://discobits.org/ontology#pos> "1" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+<bundle:///security-content-el/2> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#TitledContent> .
+<bundle:///security-content-el/2> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db2 .
+<bundle:///security-content-el/2> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7dae .
+<bundle:///security-content-el/1> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#TitledContent> .
+<bundle:///security-content-el/1> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7dac .
+<bundle:///security-content-el/1> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db3 .
+<bundle:///security-content-el/3> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db6 .
+<bundle:///security-content-el/3> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7dad .
+<bundle:///security-content-el/3> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#TitledContent> .
+<bundle:///security-title> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-title> <http://discobits.org/ontology#infoBit> "Security"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+<bundle:///security-content-el/0> <http://discobits.org/ontology#infoBit> "The following functionalities are provided by the platform with respect to security\n<ul xmlns=\"http://www.w3.org/1999/xhtml\">\n<li>User Authentication</li>\n<li>Permission Management</li>\n<li>Permission Check Service</li>\n<li>User Authorization</li>\n</ul>\n"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+<bundle:///security-content-el/0> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-content-el/1-title> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-content-el/1-title> <http://discobits.org/ontology#infoBit> "Permission Check Service"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+<bundle:///security-content-el/1-content> <http://discobits.org/ontology#infoBit> "<p xmlns=\"http://www.w3.org/1999/xhtml\">The platform provides a web service to check whether the current user owns a certain permission. This service is invoked with a GET-request specifying the resource path /security/check and the query parameter permission. The parameter has the format: \n</p>\n<p xmlns=\"http://www.w3.org/1999/xhtml\">\n'(' <permission class name> <double-quoted name> <double-quoted actions> ')'.\n</p>\n<p xmlns=\"http://www.w3.org/1999/xhtml\">\nAn example of a valid URL would be: http://localhost:8282/security/check?permission=(java.io.FilePermission \"/tmp/*\" \"read\")\n</p>\n<p xmlns=\"http://www.w3.org/1999/xhtml\">As a result of this check the platform returns a response with the code 204, if the user has this permission.\n</p>"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
+<bundle:///security-content-el/1-content> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db1 <http://discobits.org/ontology#holds> <bundle:///security-content-el/0> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db1 <http://discobits.org/ontology#pos> "0" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7db1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7daf <http://discobits.org/ontology#pos> "2" .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7daf <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#Entry> .
+_:A6993a12aX3aX123939e7c92X3aXX2dX7daf <http://discobits.org/ontology#holds> <bundle:///security-content-el/3> .
+<bundle:///security> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7db5 .
+<bundle:///security> <http://discobits.org/ontology#contains> _:A6993a12aX3aX123939e7c92X3aXX2dX7dab .
+<bundle:///security> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#TitledContent> .
+<bundle:///security-content-el/2-content> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://discobits.org/ontology#XHTMLInfoDiscoBit> .
+<bundle:///security-content-el/2-content> <http://discobits.org/ontology#infoBit> "The platform supports two types of authentication:\n<ul xmlns=\"http://www.w3.org/1999/xhtml\">\n<li>HTTP Basic Authentication</li>\n<li>Cookie-based Authentication</li>\n</ul>\n"^^<http://www.w3.org/1999/02/22-rdf-syntax-ns#XMLLiteral> .
Added: incubator/stanbol/trunk/commons/security/src/test/java/org/apache/stanbol/commons/security/PermissionDefinitionsTest.java
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/test/java/org/apache/stanbol/commons/security/PermissionDefinitionsTest.java?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/test/java/org/apache/stanbol/commons/security/PermissionDefinitionsTest.java (added)
+++ incubator/stanbol/trunk/commons/security/src/test/java/org/apache/stanbol/commons/security/PermissionDefinitionsTest.java Thu Aug 23 19:50:06 2012
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stanbol.commons.security;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.*;
+import org.osgi.service.permissionadmin.PermissionInfo;
+import org.apache.clerezza.rdf.core.Graph;
+import org.apache.clerezza.rdf.core.impl.SimpleMGraph;
+import org.apache.clerezza.rdf.core.serializedform.Parser;
+import org.apache.stanbol.commons.security.PermissionDefinitions;
+
+/**
+ *
+ * @author clemens
+ */
+public class PermissionDefinitionsTest {
+
+ private PermissionDefinitions permissionDefinitions;
+ private PermissionInfo[] allPermissions;
+ private PermissionInfo[] nullPermission;
+
+ public PermissionDefinitionsTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ }
+
+ @AfterClass
+ public static void tearDownClass() throws Exception {
+ }
+
+ @Before
+ public void setUp() {
+
+ final Graph graph = Parser.getInstance()
+ .parse(getClass().getResourceAsStream("systemgraph.nt"),
+ "text/rdf+n3");
+ this.permissionDefinitions = new PermissionDefinitions(
+ new SimpleMGraph(graph.iterator()));
+
+ this.allPermissions = new PermissionInfo[] {
+ new PermissionInfo(
+ "(java.io.FilePermission \"file:///home/foo/-\" \"read,write,delete\")"),
+ new PermissionInfo(
+ "(java.io.FilePermission \"file:///home/foo/*\" \"read,write\")"),
+ new PermissionInfo(
+ "(java.io.FilePermission \"file:///home/*\" \"read,write\")") };
+ this.nullPermission = null;
+ }
+
+ @Test
+ public void testAllowedBundle() {
+ PermissionInfo[] permInfos = this.permissionDefinitions
+ .retrievePermissions("file:///home/foo/foobar/testbundle-1.0-SNAPSHOT.jar");
+ List<PermissionInfo> permInfoList = Arrays.asList(permInfos);
+ List<PermissionInfo> expectedPermInfos = Arrays.asList(allPermissions);
+
+ Assert.assertTrue(permInfoList.containsAll(expectedPermInfos));
+ Assert.assertTrue(expectedPermInfos.containsAll(permInfoList));
+ }
+
+ @Test
+ public void testUnknownBundle() {
+ Assert.assertNotSame(allPermissions, this.permissionDefinitions
+ .retrievePermissions("file:///foo.jar"));
+ Assert.assertArrayEquals(nullPermission, this.permissionDefinitions
+ .retrievePermissions("file:///foo.jar"));
+ }
+}
\ No newline at end of file
Added: incubator/stanbol/trunk/commons/security/src/test/resources/org/apache/stanbol/commons/security/systemgraph.nt
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/security/src/test/resources/org/apache/stanbol/commons/security/systemgraph.nt?rev=1376665&view=auto
==============================================================================
--- incubator/stanbol/trunk/commons/security/src/test/resources/org/apache/stanbol/commons/security/systemgraph.nt (added)
+++ incubator/stanbol/trunk/commons/security/src/test/resources/org/apache/stanbol/commons/security/systemgraph.nt Thu Aug 23 19:50:06 2012
@@ -0,0 +1,12 @@
+<file:///home/foo/foobar/testbundle-1.0-SNAPSHOT.jar> <http://clerezza.org/2008/11/osgi#owner> _:genid10 .
+<file:///home/testbundle-1.0-SNAPSHOT.jar> <http://clerezza.org/2008/11/osgi#owner> _:genid10 .
+<file:///home/foo/testbundle-1.0-SNAPSHOT.jar> <http://clerezza.org/2008/11/osgi#owner> _:genid10 .
+_:genid10 <http://rdfs.org/sioc/ns#has_function> _:genid20 .
+_:genid20 <http://rdfs.org/sioc/ns#has_function> _:genid22 .
+_:genid22 <http://rdfs.org/sioc/ns#has_function> _:genid23 .
+_:genid23 <http://rdfs.org/sioc/ns#has_function> _:genid24 .
+_:genid24 <http://rdfs.org/sioc/ns#has_function> _:genid21 .
+_:genid21 <http://clerezza.org/2008/10/permission#hasPermission> _:genid30 .
+_:genid30 <http://clerezza.org/2008/10/permission#javaPermissionEntry> "(java.io.FilePermission \"file:///home/foo/-\" \"read,write,delete\")" .
+_:genid30 <http://clerezza.org/2008/10/permission#javaPermissionEntry> "(java.io.FilePermission \"file:///home/foo/*\" \"read,write\")" .
+_:genid30 <http://clerezza.org/2008/10/permission#javaPermissionEntry> "(java.io.FilePermission \"file:///home/*\" \"read,write\")" .
\ No newline at end of file
Modified: incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
URL: http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1376665&r1=1376664&r2=1376665&view=diff
==============================================================================
--- incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml (original)
+++ incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml Thu Aug 23 19:50:06 2012
@@ -123,9 +123,9 @@
</bundle>
<bundle> <!-- Bundle for org.json -->
<!-- this bundle was suggested in the release vote of felix.webconsole 4.0.0 -->
- <groupId>org.apache.geronimo.bundles</groupId>
- <artifactId>json</artifactId>
- <version>20090211_1</version>
+ <groupId>org.apache.geronimo.bundles</groupId>
+ <artifactId>json</artifactId>
+ <version>20090211_1</version>
</bundle>
<!-- not a bundle (need to be embedded)
<bundle>
@@ -293,6 +293,35 @@
</bundle>
</startLevel>
+ <!-- authentication -->
+ <startLevel level="27">
+ <bundle>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>platform.config</artifactId>
+ <version>0.3-incubating</version>
+ </bundle>
+ <bundle>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>permissiondescriptions</artifactId>
+ <version>0.1-incubating</version>
+ </bundle>
+ <bundle>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>platform</artifactId>
+ <version>0.1-incubating</version>
+ </bundle>
+ <bundle>
+ <groupId>org.apache.stanbol</groupId>
+ <artifactId>org.apache.stanbol.commons.security</artifactId>
+ <version>0.10.0-incubating-SNAPSHOT</version>
+ </bundle>
+ <bundle>
+ <groupId>org.apache.stanbol</groupId>
+ <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
+ <version>0.10.0-incubating-SNAPSHOT</version>
+ </bundle>
+ </startLevel>
+
<!-- Stanbol Commons -->
<startLevel level="27">
<!-- Allows to run Stanbol in offline mode -->
@@ -317,10 +346,10 @@
</bundle>
<!-- OWL libraries and utilities -->
<bundle>
- <groupId>org.apache.stanbol</groupId>
- <artifactId>org.apache.stanbol.commons.owl</artifactId>
- <version>0.10.0-incubating-SNAPSHOT</version>
- </bundle>
+ <groupId>org.apache.stanbol</groupId>
+ <artifactId>org.apache.stanbol.commons.owl</artifactId>
+ <version>0.10.0-incubating-SNAPSHOT</version>
+ </bundle>
<!-- support for JSON-LD -->
<bundle>
<groupId>org.apache.stanbol</groupId>
Propchange: incubator/stanbol/trunk/launchers/full/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Thu Aug 23 19:50:06 2012
@@ -6,3 +6,4 @@ sling
factstore
RuleConf
stanbol
+.pom.xml.swp