You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2004/02/19 00:19:38 UTC
svn commit: rev 6732 - in incubator/directory/janus/trunk/authorization: api api/src api/src/java api/src/java/org api/src/java/org/apache api/src/java/org/apache/janus api/src/java/org/apache/janus/authorization api/src/java/org/apache/janus/authorization/policy api/src/java/org/apache/janus/authorization/role impl impl/src impl/src/java impl/src/java/org impl/src/java/org/apache impl/src/java/org/apache/janus impl/src/java/org/apache/janus/authorization impl/src/java/org/apache/janus/authorization/policy impl/src/java/org/apache/janus/authorization/role impl/src/test impl/src/test/org impl/src/test/org/apache impl/src/test/org/apache/janus impl/src/test/org/apache/janus/authorization impl/src/test/org/apache/janus/authorization/policy impl/src/test/org/apache/janus/authorization/role xml
Author: vtence
Date: Wed Feb 18 15:19:37 2004
New Revision: 6732
Added:
incubator/directory/janus/trunk/authorization/api/
incubator/directory/janus/trunk/authorization/api/project.xml (contents, props changed)
incubator/directory/janus/trunk/authorization/api/src/
incubator/directory/janus/trunk/authorization/api/src/java/
incubator/directory/janus/trunk/authorization/api/src/java/org/
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Authorizer.java (contents, props changed)
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Permission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java (contents, props changed)
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/Grant.java (contents, props changed)
incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/RoleManager.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/
incubator/directory/janus/trunk/authorization/impl/project.xml (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/
incubator/directory/janus/trunk/authorization/impl/src/java/
incubator/directory/janus/trunk/authorization/impl/src/java/org/
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AbstractPermission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AccessPermission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/BasicPermission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/PermissionGrant.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/
incubator/directory/janus/trunk/authorization/impl/src/test/org/
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/CheckedPermission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Interdiction.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Right.java (contents, props changed)
incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java (contents, props changed)
incubator/directory/janus/trunk/authorization/xml/
Log:
o Implemented DIR-8
Added: incubator/directory/janus/trunk/authorization/api/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/project.xml Wed Feb 18 15:19:37 2004
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+ <extend>${basedir}/../../project.xml</extend>
+
+ <name>Janus Authorization API</name>
+ <id>janus-authorization-api</id>
+ <package>org.apache.janus.authorization</package>
+
+ <shortDescription>Janus Authorization API</shortDescription>
+
+ <description>
+ Authorization API for the Janus Security Framework
+ </description>
+
+ <dependencies>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>janus-authentication-api</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file
Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Authorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Authorizer.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.Subject;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Authorizer
+{
+ boolean checkAuthorization( Subject subject, Permission permission );
+}
Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Permission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Permission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Permission
+{
+ String getResource();
+
+ String[] actions();
+
+ /**
+ * Checks if the specified permission's actions are "implied by" this object's actions.
+ */
+ boolean implies( Permission permission );
+}
\ No newline at end of file
Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface PolicyContext
+{
+ /**
+ * This method is used to determine if a role has a given permission.
+ */
+ boolean checkPermission( String roleName, Permission permission );
+
+ boolean requiresPriviledges( Permission permission );
+}
Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/Grant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/Grant.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Grant
+{
+ boolean given( String roleName );
+}
Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/RoleManager.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/RoleManager.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface RoleManager
+{
+ boolean isPrincipalInRole( Principal p, Grant grant );
+}
Added: incubator/directory/janus/trunk/authorization/impl/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/project.xml Wed Feb 18 15:19:37 2004
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+ <extend>${basedir}/../../project.xml</extend>
+
+ <name>Janus Authorization API Implementation</name>
+ <id>janus-authorization-impl</id>
+ <package>org.apache.janus.authorization</package>
+
+ <shortDescription>Janus Authorization API Implementation</shortDescription>
+
+ <description>
+ Implementation of the Janus Security Framework Authorization API
+ </description>
+
+ <dependencies>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>janus-authentication-api</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>janus-authentication-impl</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>janus-authorization-api</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AbstractPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AbstractPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public abstract class AbstractPermission implements Permission
+{
+ private final String m_resource;
+
+ protected AbstractPermission( String resource )
+ {
+ if ( resource == null )
+ {
+ throw new NullPointerException( "resource can't be null" );
+ }
+
+ if ( resource.length() == 0 )
+ {
+ throw new IllegalArgumentException( "resource can't be empty" );
+ }
+ m_resource = resource;
+ }
+
+ public String getResource()
+ {
+ return m_resource;
+ }
+
+ public boolean equals( Object o )
+ {
+ if ( this == o ) return true;
+ if ( !( o instanceof AbstractPermission ) ) return false;
+
+ final AbstractPermission abstractPermission = (AbstractPermission) o;
+
+ if ( !m_resource.equals( abstractPermission.m_resource ) ) return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ return m_resource.hashCode();
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AccessPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AccessPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class AccessPermission extends BasicPermission
+{
+ public AccessPermission( String resource )
+ {
+ super( resource );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/BasicPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/BasicPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class BasicPermission extends AbstractPermission
+{
+ private static final String[] NO_ACTIONS = new String[0];
+
+ public BasicPermission( String resource )
+ {
+ super( resource );
+ }
+
+ public String[] actions()
+ {
+ return NO_ACTIONS;
+ }
+
+ public boolean implies( Permission permission )
+ {
+ return equals( permission );
+ }
+
+ public boolean equals( Object o )
+ {
+ if (!(o instanceof BasicPermission)) return false;
+
+ return super.equals( o );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.Subject;
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.RoleManager;
+
+import java.util.Set;
+import java.util.Iterator;
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthorizer implements Authorizer
+{
+ private final PolicyContext m_policyContext;
+ private final RoleManager m_roleManager;
+
+ public DefaultAuthorizer( PolicyContext policyContext,
+ RoleManager roleManager )
+ {
+ m_policyContext = policyContext;
+ m_roleManager = roleManager;
+ }
+
+ public boolean checkAuthorization( Subject subject, Permission permission )
+ {
+ if ( !m_policyContext.requiresPriviledges( permission ) ) return true;
+
+ Set principals = subject.getPrincipals();
+ for ( Iterator it = principals.iterator(); it.hasNext(); )
+ {
+ final Principal p = (Principal) it.next();
+ if ( m_roleManager.isPrincipalInRole( p,
+ new PermissionGrant( m_policyContext, permission ) ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/PermissionGrant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/PermissionGrant.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.Grant;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class PermissionGrant implements Grant
+{
+ private final PolicyContext m_policyContext;
+ private final Permission m_permission;
+
+ public PermissionGrant( PolicyContext policyContext,
+ Permission permission )
+ {
+ m_permission = permission;
+ m_policyContext = policyContext;
+ }
+
+ public boolean given( String roleName )
+ {
+ return m_policyContext.checkPermission( roleName, m_permission );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+
+public class DefaultPolicyContext implements PolicyContext
+{
+ private final PermissionCollection m_excludedPermissions;
+ private final Set m_roles;
+
+ public DefaultPolicyContext( Set roles, Collection excludedPermissions )
+ {
+ m_roles = new HashSet( roles );
+ m_excludedPermissions = new PermissionCollection( excludedPermissions );
+ }
+
+ public boolean checkPermission( String roleName, Permission permission )
+ {
+ if (m_excludedPermissions.dependsOn( permission )) return false;
+
+ for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+ {
+ final RoleEntry role = (RoleEntry) it.next();
+ if (role.is( roleName )) return role.implies( permission );
+ }
+
+ return true;
+ }
+
+ public boolean requiresPriviledges( Permission permission )
+ {
+ if (m_excludedPermissions.implies( permission )) return true;
+
+ for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+ {
+ final RoleEntry role = (RoleEntry) it.next();
+ if (role.implies( permission )) return true;
+ }
+
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class PermissionCollection
+{
+ private final Collection m_permissions;
+
+ public PermissionCollection( Collection permissions )
+ {
+ m_permissions = new HashSet( permissions );
+ }
+
+ public boolean implies( Permission permission )
+ {
+ for ( Iterator it = m_permissions.iterator(); it.hasNext(); )
+ {
+ Permission p = (Permission) it.next();
+ if (p.implies( permission )) return true;
+ }
+
+ return false;
+ }
+
+ public boolean dependsOn( Permission permission )
+ {
+ for ( Iterator it = m_permissions.iterator(); it.hasNext(); )
+ {
+ Permission p = (Permission) it.next();
+ if (permission.implies( p )) return true;
+ }
+
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleEntry
+{
+ private final String m_roleName;
+ private final PermissionCollection m_permissions;
+
+ public RoleEntry( String roleName, Set permissions )
+ {
+ m_roleName = roleName;
+ m_permissions = new PermissionCollection( permissions );
+ }
+
+ public boolean is( String roleName )
+ {
+ return m_roleName.equals( roleName );
+ }
+
+ public boolean implies( Permission permission )
+ {
+ return m_permissions.implies( permission );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRoleManager implements RoleManager
+{
+ private final Collection m_roles;
+
+ public DefaultRoleManager( Collection roles )
+ {
+ m_roles = new ArrayList( roles );
+ }
+
+ public boolean isPrincipalInRole( Principal p, Grant grant )
+ {
+ for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+ {
+ RoleMapping mapping = (RoleMapping) it.next();
+ if ( mapping.inRole( p ) && mapping.given( grant ) ) return true;
+ }
+
+ return false;
+ }
+
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+import java.util.Collection;
+import java.util.HashSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleMapping
+{
+ private final String m_roleName;
+ private final Collection m_principals;
+
+ public RoleMapping( String roleName, Collection principals )
+ {
+ m_roleName = roleName;
+ m_principals = new HashSet( principals );
+ }
+
+ public boolean inRole( Principal p )
+ {
+ return m_principals.contains( p );
+ }
+
+ public boolean given( Grant g )
+ {
+ return g.given( m_roleName );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/CheckedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/CheckedPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class CheckedPermission extends BasicPermission
+{
+ public CheckedPermission()
+ {
+ super( "protected" );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import com.mockobjects.dynamic.C;
+import com.mockobjects.dynamic.Mock;
+import junit.framework.TestCase;
+import org.apache.janus.DefaultSubject;
+import org.apache.janus.Subject;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.authentication.realm.GroupPrincipal;
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.RoleManager;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthorizerTest extends TestCase
+{
+ private DefaultAuthorizer m_authorizer;
+ private Mock m_mockPolicyContext;
+ private Mock m_mockRoleManager;
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( DefaultAuthorizerTest.class );
+ }
+
+ protected void setUp() throws Exception
+ {
+ m_mockPolicyContext = new Mock( PolicyContext.class );
+ m_mockRoleManager = new Mock( RoleManager.class );
+ m_authorizer = new DefaultAuthorizer( (PolicyContext) m_mockPolicyContext.proxy(),
+ (RoleManager) m_mockRoleManager.proxy() );
+
+ }
+
+ public void testUncheckedPermissionsAreGrantedToAnyone()
+ {
+ m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+ new UncheckedPermission(), false );
+ assertTrue( "Unchecked permission was not granted",
+ m_authorizer.checkAuthorization( user( "johnDoe" ),
+ new UncheckedPermission() ) );
+ }
+
+ public void testSubjectWithoutPrincipalIsNotAuthorized()
+ {
+ m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+ new CheckedPermission(), true );
+
+ assertFalse( "Authorization given to subject with no role",
+ m_authorizer.checkAuthorization( new DefaultSubject(),
+ new CheckedPermission() ) );
+ }
+
+ public void testSubjectWithASinglePrincipalIsAuthorizedIfPrincipalIsInRole()
+ {
+ m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+ new CheckedPermission(), true );
+ m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+ C.args( C.eq( new UsernamePrincipal( "johnDoe" ) ), C.isA( PermissionGrant.class ) ),
+ true );
+ m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+ C.args( C.eq( new UsernamePrincipal( "janeDoe" ) ), C.isA( PermissionGrant.class ) ),
+ false );
+
+ assertTrue( "Principal in role did not get authorization",
+ m_authorizer.checkAuthorization( user( "johnDoe" ),
+ new CheckedPermission() ) );
+ assertFalse( "Principal not in role did get authorization",
+ m_authorizer.checkAuthorization( user( "janeDoe" ),
+ new CheckedPermission() ) );
+ }
+
+ public void testSubjectWithSeveralPrincipalsIsAuthorizedIfOnePrincipalIsInRole()
+ {
+ m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+ new CheckedPermission(), true );
+ m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+ C.args( C.eq( new GroupPrincipal( "women" ) ), C.isA( PermissionGrant.class ) ),
+ false );
+ m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+ C.args( C.eq( new UsernamePrincipal( "janeDoe" ) ), C.isA( PermissionGrant.class ) ),
+ true );
+
+ assertTrue( "Subject with principal in role did not get authorization",
+ m_authorizer.checkAuthorization( member( "janeDoe", "women" ),
+ new CheckedPermission() ) );
+ }
+
+ private Subject user( String username )
+ {
+ DefaultSubject subject = new DefaultSubject();
+ subject.addPrincipal( new UsernamePrincipal( username ) );
+ return subject;
+ }
+
+ private Subject member( String username, String groupName )
+ {
+ DefaultSubject subject = new DefaultSubject();
+ subject.addPrincipal( new UsernamePrincipal( username ) );
+ subject.addPrincipal( new GroupPrincipal( groupName ) );
+ return subject;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class ExcludedPermission extends BasicPermission
+{
+ public ExcludedPermission()
+ {
+ super( "private" );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class UncheckedPermission extends BasicPermission
+{
+ public UncheckedPermission()
+ {
+ super( "public" );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.CheckedPermission;
+import org.apache.janus.authorization.ExcludedPermission;
+import org.apache.janus.authorization.UncheckedPermission;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultPolicyContextTest extends TestCase
+{
+ private DefaultPolicyContext m_policyContext;
+ private Set m_excludedPermissions;
+ private Set m_roles;
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( DefaultPolicyContextTest.class );
+ }
+
+ protected void setUp() throws Exception
+ {
+ m_excludedPermissions = new HashSet();
+ m_roles = new HashSet();
+ }
+
+ public void testUncheckedPermissionRequiresNoPriviledge()
+ {
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertFalse( "Permission is unchecked but requires priviledges", m_policyContext.requiresPriviledges( new UncheckedPermission() ) );
+ }
+
+ public void testExcludedPermissionRequiresPriviledges()
+ {
+ m_excludedPermissions.add( new ExcludedPermission() );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertTrue( "Permission is excluded but requires no priviledge", m_policyContext.requiresPriviledges( new ExcludedPermission() ) );
+ }
+
+ public void testCheckedPermissionRequiresPriviledges()
+ {
+ Set permissions = new HashSet();
+ permissions.add( new CheckedPermission() );
+ RoleEntry role = new RoleEntry( "member", permissions );
+ m_roles.add( role );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertTrue( "Permission is checked but requires no priviledge", m_policyContext.requiresPriviledges( new CheckedPermission() ) );
+ }
+
+ public void testUncheckedPermissionIsGranted()
+ {
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertTrue( "Permission is unchecked yet was denied", m_policyContext.checkPermission( "guest", new UncheckedPermission() ) );
+ }
+
+ public void testExcludedPermissionIsDenied()
+ {
+ m_excludedPermissions.add( new ExcludedPermission() );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertFalse( "Permission is excluded yet was granted", m_policyContext.checkPermission( "admin", new ExcludedPermission() ) );
+ }
+
+ public void testRoleWithNoPermissionGrantsNothing()
+ {
+ RoleEntry role = new RoleEntry( "member", new HashSet() );
+ m_roles.add( role );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertFalse( "Role has no permission yet it granted one", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+ }
+
+ public void testPermissionGrantedIfInRole()
+ {
+ Set permissions = new HashSet();
+ permissions.add( new CheckedPermission() );
+ RoleEntry role = new RoleEntry( "member", permissions );
+ m_roles.add( role );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertTrue( "Role has permission yet it denied it", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+ }
+
+ public void testExcludedStatementHasPrecedenceOverRoleStatement()
+ {
+ m_excludedPermissions.add( new CheckedPermission() );
+ Set permissions = new HashSet();
+ permissions.add( new CheckedPermission() );
+ RoleEntry role = new RoleEntry( "member", permissions );
+ m_roles.add( role );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertFalse( "Excluded statement did not overrule role statement", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+
+ }
+
+ public void testImpliedPermissionIsGranted()
+ {
+ Set permissions = new HashSet();
+ permissions.add( new FullPermission() );
+ RoleEntry role = new RoleEntry( "member", permissions );
+ m_roles.add( role );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertTrue( "Permission is implied by role permission yet it was denied", m_policyContext.checkPermission( "member", new ReadPermission() ) );
+ }
+
+ public void testImpliyingPermissionIsDenied()
+ {
+ m_excludedPermissions.add( new ReadPermission() );
+ m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+ assertFalse( "Permission implies excluded permission yet it was granted", m_policyContext.checkPermission( "member", new FullPermission() ) );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class FullPermission extends BasicPermission
+{
+ public FullPermission()
+ {
+ super( "resource" );
+ }
+
+ public boolean implies( Permission permission )
+ {
+ return true;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class ReadPermission extends BasicPermission
+{
+ public ReadPermission()
+ {
+ super( "resource" );
+ }
+
+ public boolean implies( Permission permission )
+ {
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import junit.framework.TestCase;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRoleManagerTest extends TestCase
+{
+ private DefaultRoleManager m_roleManager;
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( DefaultRoleManagerTest.class );
+ }
+
+ public void testPrincipalWithNoRoleIsNeverInRole()
+ {
+ m_roleManager = new DefaultRoleManager( Collections.EMPTY_SET );
+ assertFalse( "Principal with no role was in role", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Right() ) );
+ }
+
+ public void testSingleRole()
+ {
+ RoleMapping role = new RoleMapping( "member", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) );
+ m_roleManager = new DefaultRoleManager( Collections.singletonList( role ) );
+
+ assertTrue( "Principal did not get right", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Right() ) );
+ assertFalse( "Principal did not get interdiction", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Interdiction() ) );
+ }
+
+ public void testMultipleRole()
+ {
+ Collection roles = new ArrayList();
+ roles.add( new RoleMapping( "guest", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) ) );
+ roles.add( new RoleMapping( "member", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) ) );
+ m_roleManager = new DefaultRoleManager( roles );
+
+ assertTrue( "Role was not matched", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new RoleGrant( "member" ) ) );
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Interdiction.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Interdiction.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Interdiction implements Grant
+{
+ public boolean given( String roleName )
+ {
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Right.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Right.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Right implements Grant
+{
+ public boolean given( String roleName )
+ {
+ return true;
+ }
+}
Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java Wed Feb 18 15:19:37 2004
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleGrant implements Grant
+{
+ private final String m_roleName;
+
+ public RoleGrant( String roleName )
+ {
+ m_roleName = roleName;
+ }
+
+ public boolean given( String roleName )
+ {
+ return m_roleName.equals( roleName );
+ }
+}