You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by do...@apache.org on 2002/02/14 17:12:41 UTC
cvs commit: jakarta-turbine-3/proposals/eric/security Scope.java JNDIPrincipal.java PermissionCollection.java Policy.java Principal.java Subject.java TurbinePermissionCollection.java TurbinePolicy.java BasePermissionCollection.java BasePolicy.java BasePrincipal.java Project.java SubjectImpl.java TurbineProject.java
dobbs 02/02/14 08:12:41
Modified: proposals/eric/security Tag: rundata_security_changes
JNDIPrincipal.java PermissionCollection.java
Policy.java Principal.java Subject.java
TurbinePermissionCollection.java TurbinePolicy.java
Added: proposals/eric/security Tag: rundata_security_changes
Scope.java
Removed: proposals/eric/security Tag: rundata_security_changes
BasePermissionCollection.java BasePolicy.java
BasePrincipal.java Project.java SubjectImpl.java
TurbineProject.java
Log:
removing empty interfaces
renaming Project to Scope
Revision Changes Path
No revision
No revision
1.1.2.2 +3 -11 jakarta-turbine-3/proposals/eric/security/Attic/JNDIPrincipal.java
Index: JNDIPrincipal.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/JNDIPrincipal.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- JNDIPrincipal.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ JNDIPrincipal.java 14 Feb 2002 16:12:40 -0000 1.1.2.2
@@ -54,26 +54,18 @@
* <http://www.apache.org/>.
*/
-import org.apache.turbine.security.turbine.BasePrincipal;
+import org.apache.turbine.security.turbine.Principal;
/**
* A JNDI specific Principal.
- * @see org.apache.turbine.security.turbine.BasePrincipal
+ * @see org.apache.turbine.security.turbine.Principal
*
* @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
*/
-public class JNDIPrincipal extends BasePrincipal
+public class JNDIPrincipal extends Principal
{
/**
* The name of this Principal.
*/
protected static String name = "JNDIPrincipal";
-
- /**
- * Return the String name of the Principal.
- */
- public String getName()
- {
- return name;
- }
}
1.1.2.2 +29 -3 jakarta-turbine-3/proposals/eric/security/Attic/PermissionCollection.java
Index: PermissionCollection.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/PermissionCollection.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- PermissionCollection.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ PermissionCollection.java 14 Feb 2002 16:12:40 -0000 1.1.2.2
@@ -1,4 +1,4 @@
-package org.apache.turbine.security;
+package org.apache.turbine.security.turbine;
/* ====================================================================
* The Apache Software License, Version 1.1
@@ -54,11 +54,37 @@
* <http://www.apache.org/>.
*/
+import org.apache.turbine.security.turbine.Permission;
+
/**
- * An object to aggregate Permissions.
+ * An object to aggregate related Permissions. The contained
+ * Permissions should all belong to the same family of permissions.
+ * For example, a FilePermissionCollection could contain
+ * ReadFilePermission, but would not contain
+ * OpenSocketPermission. Modeled on
+ * java.security.PermissionCollection.
*
* @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
*/
-public interface PermissionCollection
+public abstract class PermissionCollection
{
+ public abstract void add(Permission p);
+
+ public abstract void add(PermissionCollection p);
+
+ // TODO: need a better example. In Java Security one would
+ // probably prefer something like this in the policy file:
+ // DatabasePermission "droptable" (instead of DropTablePermission)
+ // DatabasePermission "modifyschema" ...
+
+ /**
+ * Return true if the given Permission is implied by this
+ * PermissionCollection. This allows one to create a
+ * DBAPermissionCollection which aggregates
+ * ModifySchemaPermission, DropTablePermission,
+ * ModifyTablePermission. Then a user may be granted the
+ * DBAPermissionCollection and implicitly be granted all of the
+ * contained Permissions.
+ */
+ public abstract boolean implies(Permission p);
}
1.1.2.2 +13 -3 jakarta-turbine-3/proposals/eric/security/Attic/Policy.java
Index: Policy.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/Policy.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Policy.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ Policy.java 14 Feb 2002 16:12:40 -0000 1.1.2.2
@@ -1,4 +1,4 @@
-package org.apache.turbine.security;
+package org.apache.turbine.security.turbine;
/* ====================================================================
* The Apache Software License, Version 1.1
@@ -54,6 +54,10 @@
* <http://www.apache.org/>.
*/
+import org.apache.turbine.security.turbine.Subject;
+import org.apache.turbine.security.turbine.PermissionCollection;
+import org.apache.turbine.security.turbine.Scope;
+
/**
* This is a purposely empty interface that defines a Policy object.
* This is an alternative name which I suggest would replace
@@ -67,7 +71,13 @@
* relationship explicit.
*
* @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
- * @version $Id: Policy.java,v 1.1.2.1 2002/02/08 01:52:15 dobbs Exp $ */
-public interface Policy
+ */
+public abstract class Policy
{
+ /**
+ * Return the PermissionCollection for the given Subject when
+ * using the given Scope.
+ */
+ public abstract PermissionCollection getPermissions(Subject subject,
+ Scope scope);
}
1.1.2.2 +15 -3 jakarta-turbine-3/proposals/eric/security/Attic/Principal.java
Index: Principal.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/Principal.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Principal.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ Principal.java 14 Feb 2002 16:12:40 -0000 1.1.2.2
@@ -1,4 +1,4 @@
-package org.apache.turbine.security;
+package org.apache.turbine.security.turbine;
/* ====================================================================
* The Apache Software License, Version 1.1
@@ -55,11 +55,23 @@
*/
/**
- * Anything that has a name. A Subject will contain an array of
+ * Anything that has a name. A Subject will contain a Set of
* Principals. Permissions get mapped to Principals.
*
* @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
*/
-public interface Principal
+public abstract class Principal
{
+ /**
+ * The name of this Principal. Subclasses should set this.
+ */
+ protected String name;
+
+ /**
+ * Return the String name of the Principal.
+ */
+ public String getName()
+ {
+ return name;
+ }
}
1.1.2.2 +46 -6 jakarta-turbine-3/proposals/eric/security/Attic/Subject.java
Index: Subject.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/Subject.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Subject.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ Subject.java 14 Feb 2002 16:12:40 -0000 1.1.2.2
@@ -1,4 +1,4 @@
-package org.apache.turbine.security;
+package org.apache.turbine.security.turbine;
/* ====================================================================
* The Apache Software License, Version 1.1
@@ -54,13 +54,53 @@
* <http://www.apache.org/>.
*/
+import java.util.Set;
+
/**
- * This interface defines a Subject. A Subject is a user, a file, a
- * printer, etc., anything that can be associated with permissions.
+ * A user of the system who's access will be controlled by permission.
+ * A collection of Principals and Credentials. Loosly models
+ * javax.security.auth.Subject.
+ *
+ * During authentication, one or more Principals and Credentials
+ * should be added to the subject as follows:
+ * subject.getPrincipals().add(Principal);
+ * subject.getCredentials().add(Object);
*
- * @author <a href="mailto:gonzalo.diethelm@apache.org">Gonzalo Diethelm</a>
- * @version $Id: Subject.java,v 1.1.2.1 2002/02/08 01:52:15 dobbs Exp $
+ * @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
*/
-public interface Subject
+public class Subject
{
+ /**
+ * A Set of Principals used to identify the Subject
+ */
+ private Set principals;
+
+ /**
+ * A Set of Objects used to authenticate the Subject
+ */
+ private Set credentials;
+
+ /**
+ * Construct a Subject.
+ * @param principals Set a collection of Principals with which to
+ * identify this Subject.
+ * @param credentials Set a collection of Objects which can be
+ * used to authenticate this Subject.
+ */
+ public Subject(Set principals, Set credentials)
+ {
+ this.principals = principals;
+ this.credentials = credentials;
+ }
+
+ public Set getPrincipals()
+ {
+ return this.principals;
+ }
+
+ public Set getCredentials()
+ {
+ return this.credentials;
+ }
+
}
1.1.2.2 +9 -10 jakarta-turbine-3/proposals/eric/security/Attic/TurbinePermissionCollection.java
Index: TurbinePermissionCollection.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/TurbinePermissionCollection.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- TurbinePermissionCollection.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ TurbinePermissionCollection.java 14 Feb 2002 16:12:40 -0000 1.1.2.2
@@ -54,18 +54,22 @@
* <http://www.apache.org/>.
*/
-import org.apache.turbine.security.Permission;
-import org.apache.turbine.security.PermissionCollection;
-import org.apache.turbine.security.turbine.BasePermissionCollection;
+import org.apache.turbine.security.turbine.Permission;
+import org.apache.turbine.security.turbine.PermissionCollection;
+
+// TODO: need a better example. In Java Security one would
+// probably prefer something like this in the policy file:
+// DatabasePermission "droptable" (instead of DropTablePermission)
+// DatabasePermission "modifyschema" ...
/**
* An object to aggregate Turbine Permissions.
*
- * @see org.apache.turbine.security.turbine.BasePermissionCollection
+ * @see org.apache.turbine.security.turbine.PermissionCollection
* @see java.security.PermissionCollection
* @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
*/
-public class TurbinePermissionCollection extends BasePermissionCollection
+public class TurbinePermissionCollection extends PermissionCollection
{
public void add(Permission p)
{
@@ -76,11 +80,6 @@
{
// implement me
}
-
- // TODO: need a better example. In Java Security one would
- // probably prefer something like this in the policy file:
- // DatabasePermission "droptable" (instead of DropTablePermission)
- // DatabasePermission "modifyschema" ...
public boolean implies(Permission p)
{
1.1.2.2 +14 -27 jakarta-turbine-3/proposals/eric/security/Attic/TurbinePolicy.java
Index: TurbinePolicy.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-3/proposals/eric/security/Attic/TurbinePolicy.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- TurbinePolicy.java 8 Feb 2002 01:52:15 -0000 1.1.2.1
+++ TurbinePolicy.java 14 Feb 2002 16:12:41 -0000 1.1.2.2
@@ -54,16 +54,12 @@
* <http://www.apache.org/>.
*/
-import org.apache.turbine.security.PermissionCollection;
-import org.apache.turbine.security.Principal;
-import org.apache.turbine.security.Project;
-import org.apache.turbine.security.Subject;
-import org.apache.turbine.security.turbine.BasePermissionCollection;
-import org.apache.turbine.security.turbine.BasePolicy;
-import org.apache.turbine.security.turbine.BasePrincipal;
-import org.apache.turbine.security.turbine.SubjectImpl;
+import org.apache.turbine.security.turbine.PermissionCollection;
+import org.apache.turbine.security.turbine.Policy;
+import org.apache.turbine.security.turbine.Principal;
+import org.apache.turbine.security.turbine.Scope;
+import org.apache.turbine.security.turbine.Subject;
import org.apache.turbine.security.turbine.TurbinePermissionCollection;
-import org.apache.turbine.security.turbine.TurbineProject;
import java.util.Hashtable;
import java.util.Iterator;
@@ -74,13 +70,13 @@
*
* @author <a href="mailto:dobbs@apache.org">Eric Dobbs</a>
*/
-public class TurbinePolicy extends BasePolicy
+public class TurbinePolicy extends Policy
{
/**
* A set of PermissionCollection objects indexed by Principal and
- * Project. Keys should take the form:
- * Principal.getName() + Project.getName()
+ * Scope. Keys should take the form:
+ * Principal.getName() + Scope.getName()
*/
private Hashtable permissions;
@@ -92,26 +88,17 @@
/**
* Return the PermissionCollection for the given Subject when
- * using the given Project.
+ * using the given Scope.
*/
public PermissionCollection getPermissions(Subject subject,
- Project project)
+ Scope scope)
{
- if (!(project instanceof TurbineProject) ||
- !(subject instanceof SubjectImpl))
- {
- //TODO: find exact name for UnsupportedArgument or
- //whatever it is. Assuming that's the right thing to do.
-
- //throw new SomeException("");
- }
-
- Iterator iterator = ((SubjectImpl)subject).getPrincipals().iterator();
- BasePermissionCollection pc = new TurbinePermissionCollection();
+ Iterator iterator = subject.getPrincipals().iterator();
+ PermissionCollection pc = new TurbinePermissionCollection();
while (iterator.hasNext())
{
- BasePrincipal principal = (BasePrincipal) iterator.next();
- String key = principal.getName() + ((TurbineProject)project).getName();
+ Principal principal = (Principal) iterator.next();
+ String key = principal.getName() + scope.getName();
pc.add((PermissionCollection)permissions.get(key));
}
return pc;
No revision
No revision
1.1.2.1 +89 -0 jakarta-turbine-3/proposals/eric/security/Attic/Scope.java
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>