You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2005/02/23 18:14:36 UTC
svn commit: r155029 [2/2] - in incubator/directory/authx/trunk:
api/src/java/org/apache/authx/authorization/
example/src/java/org/apache/authx/example/web/ example/src/webapp/WEB-INF/
impl/src/java/org/apache/authx/authorization/
impl/src/java/org/apache/authx/authorization/condition/
impl/src/java/org/apache/authx/authorization/effect/
impl/src/java/org/apache/authx/authorization/predicate/
impl/src/test/org/apache/authx/authorization/
impl/src/test/org/apache/authx/authorization/effect/
script/src/java/org/apache/authx/script/xml/
script/src/java/org/apache/authx/script/xml/builder/
script/src/test/org/apache/authx/script/xml/
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.Condition;
+import org.dom4j.Element;
+
+import java.util.Iterator;
+
+public abstract class LogicalConditionBuilder extends AbstractElementBuilder
+{
+ protected final String m_elementName;
+
+ protected LogicalConditionBuilder( String elementName )
+ {
+ m_elementName = elementName;
+ }
+
+ public boolean canBuild( Element e )
+ {
+ return hasProperName( e );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ Condition p = getSeed();
+
+ for ( Iterator it = e.elementIterator(); it.hasNext(); )
+ {
+ Element next = ( Element ) it.next();
+ p = compute( p, predicate( next ) );
+ }
+
+ return p;
+ }
+
+ protected abstract Condition getSeed();
+
+ protected abstract Condition compute( Condition left, Condition right );
+
+ private boolean hasProperName( Element e )
+ {
+ return m_elementName.equals( e.getName() );
+ }
+
+ protected Condition predicate( Element e )
+ {
+ return ( Condition ) getParent().buildFrom( e );
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.Condition;
+import org.apache.authx.authorization.condition.OrCondition;
+import org.apache.authx.authorization.condition.Predicates;
+
+public class OrConditionBuilder extends LogicalConditionBuilder
+{
+ public OrConditionBuilder()
+ {
+ this( "or" );
+ }
+
+ public OrConditionBuilder( String elementName )
+ {
+ super( elementName );
+ }
+
+ protected Condition getSeed()
+ {
+ return Predicates.FALSE;
+ }
+
+ public Condition compute( Condition left, Condition right )
+ {
+ return new OrCondition( left, right);
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.condition.Predicates;
+import org.dom4j.Element;
+
+public class TrueConditionBuilder extends AbstractElementBuilder
+{
+ private final String m_elementName;
+
+ public TrueConditionBuilder()
+ {
+ this( "any" );
+ }
+
+ public TrueConditionBuilder( String elementName )
+ {
+ m_elementName = elementName;
+ }
+
+ public boolean canBuild( Element e )
+ {
+ return m_elementName.equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ return Predicates.TRUE;
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java (original)
+++ incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java Wed Feb 23 09:14:19 2005
@@ -18,16 +18,17 @@
import junit.framework.TestCase;
import org.apache.authx.authorization.Policy;
-import org.apache.authx.authorization.SimpleAuthorizationRequest;
+import org.apache.authx.authorization.AuthorizationRequest;
import org.apache.authx.authorization.effect.DenyOverridesEffect;
import org.apache.authx.authorization.effect.Effects;
import org.apache.authx.authorization.effect.PermitOverridesEffect;
+import org.apache.authx.authorization.effect.LastApplicableEffect;
import org.apache.authx.script.testmodel.Groups;
import org.apache.authx.script.testmodel.Permissions;
import org.apache.authx.script.testmodel.Roles;
import org.apache.authx.script.testmodel.Subjects;
import org.apache.authx.script.testmodel.Usernames;
-import org.apache.authx.script.xml.builder.FalsePredicateBuilder;
+import org.apache.authx.script.xml.builder.FalseConditionBuilder;
import java.io.StringReader;
@@ -59,7 +60,9 @@
Policy policy = new Policy( new DenyOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.DENY, policy.evaluate( new SimpleAuthorizationRequest( Subjects.anybody(), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.anybody(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.DENY, request.outcome() );
}
public void testHasBuiltInSupportForRulingOnUsernames() throws Exception
@@ -80,7 +83,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.joe(), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.joe(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testHasBuiltInSupportForRulingOnGroups() throws Exception
@@ -101,7 +106,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Groups.canadians() ), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.with( Groups.canadians() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testHasBuiltInSupportForRulingOnRoles() throws Exception
@@ -122,7 +129,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() )) .reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testPredicatesCanBeRegisteredToExtendRuling() throws Exception
@@ -139,12 +148,14 @@
" </grant>\n" +
"</policy>";
Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes ) );
- builder.registerBuilder( new HasEyeColorPredicateBuilder() );
+ builder.registerBuilder( new HasEyeColorConditionBuilder() );
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.withGreenEyes(), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.withGreenEyes(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testLastRegisteredBuilderWins() throws Exception
@@ -161,12 +172,14 @@
" </grant>\n" +
"</policy>";
Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone ) );
- builder.registerBuilder( new FalsePredicateBuilder( "any" ) );
+ builder.registerBuilder( new FalseConditionBuilder( "any" ) );
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.anybody(), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.anybody(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
}
public void testMultiplePredicatesAreCombinedWithAnOrOperation() throws Exception
@@ -188,9 +201,17 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Groups.canadians() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.joe(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Groups.canadians() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
}
public void testHasBuiltInSupportForAndOperationOnPredicates() throws Exception
@@ -201,7 +222,6 @@
" <subjects>\n" +
" <and>" +
" <username>joeblow</username>\n" +
- " <group>geeks</group>\n" +
" <role>developer</role>\n" +
" </and>" +
" </subjects>\n" +
@@ -215,10 +235,17 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Groups.geeks() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Usernames.joe(), Groups.geeks(), Roles.developer() ), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.joe(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
public void testHasBuiltInSupportForOrOperationOnPredicates() throws Exception
@@ -242,9 +269,17 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Groups.geeks() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.joe(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Groups.geeks() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
}
public void testSubjectIsAnAliasForAndOperation() throws Exception
@@ -268,8 +303,16 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ) ).reduce() );
+ AuthorizationRequest request = new AuthorizationRequest( Subjects.joe(), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
+
+ request = new AuthorizationRequest( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything(), new LastApplicableEffect() );
+ policy.evaluate( request );
+ assertEquals( Effects.GRANT, request.outcome() );
}
}
Added: incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml;
+
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.apache.authx.script.testmodel.EyeColorPrincipal;
+import org.apache.authx.script.xml.builder.AbstractElementBuilder;
+import org.dom4j.Element;
+
+public class HasEyeColorConditionBuilder extends AbstractElementBuilder
+{
+ public boolean canBuild( Element e )
+ {
+ return "eye-color".equals( e.getName() );
+ }
+
+ public Object buildFrom( Element e )
+ {
+ return new HasPrincipalCondition( new EyeColorPrincipal( e.getTextTrim() ) );
+ }
+}
Propchange: incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java
------------------------------------------------------------------------------
svn:executable = *