You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2004/11/20 04:18:03 UTC
svn commit: r105928 - in incubator/directory/janus/trunk: core/api/src/java/org/apache/janus/authentication/attribute core/api/src/java/org/apache/janus/authentication/group core/api/src/java/org/apache/janus/authorization core/api/src/java/org/apache/janus/authorization/policy core/api/src/java/org/apache/janus/authorization/role core/impl core/impl/src/java/org/apache/janus/authentication core/impl/src/java/org/apache/janus/authentication/attribute core/impl/src/java/org/apache/janus/authentication/group core/impl/src/java/org/apache/janus/authorization core/impl/src/java/org/apache/janus/authorization/effect core/impl/src/java/org/apache/janus/authorization/policy core/impl/src/java/org/apache/janus/authorization/predicate core/impl/src/java/org/apache/janus/authorization/role core/impl/src/test/org/apache/janus/authentication core/impl/src/test/org/apache/janus/authentication/attribute core/impl/src/test/org/apache/janus/authentication/group core/impl/src/test/org/apache/janus/authorization core/impl/src/test/org/apache/janus/authorization/effect core/impl/src/test/org/apache/janus/authorization/policy core/impl/src/test/org/apache/janus/authorization/role core/impl/src/test/org/apache/janus/testmodel sandbox/src/java/org/apache/janus/authentication sandbox/src/java/org/apache/janus/authentication/attribute sandbox/src/java/org/apache/janus/authorization sandbox/src/java/org/apache/janus/script sandbox/src/java/org/apache/janus/script/xml sandbox/src/test/org/apache/janus/authentication/attribute sandbox/src/test/org/apache/janus/authorization sandbox/src/test/org/apache/janus/script/xml script/src/java/org/apache/janus/script script/src/java/org/apache/janus/script/xml script/src/test/org/apache/janus/script/xml
Author: vtence
Date: Fri Nov 19 19:18:02 2004
New Revision: 105928
Added:
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/InformationProvider.java
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Effect.java
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Rule.java
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/RuleSet.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributePrincipal.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/GroupPrincipal.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/RolePrincipal.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionCollection.java
- copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Policy.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Predicate.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PrimitiveRule.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/AbstractCombinedEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/Effects.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/GrantEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/FullPermission.java
- copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/PolicyTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ReadPermission.java
- copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SomePermission.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/DenyOverridesEffectTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/FirstApplicableEffectTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/LastApplicableEffectTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/PermitOverridesEffectTest.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Attributes.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Creds.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitCredential.java
- copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitPrincipal.java
- copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Fruits.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Groups.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Roles.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java
- copied, changed from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/InformationProvider.java
- copied, changed from r57529, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java
- copied, changed from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JUtils.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java
Removed:
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/group/
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/policy/
incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/group/
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/group/
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/PolicyContextBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RoleManagerBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JPolicyContextBuilder.java
incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JPolicyContextBuilderTest.java
incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java
Modified:
incubator/directory/janus/trunk/core/impl/project.xml
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java
incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
Log:
Moved new authentication and authorization code out of sandbox
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import java.security.Principal;
+
+public class CyclicAssociationException extends RuntimeException
+{
+ private final Principal m_principal;
+ private final Principal m_attribute;
+
+ public CyclicAssociationException( Principal principal, Principal attribute )
+ {
+ m_principal = principal;
+ m_attribute = attribute;
+ }
+
+ public String getMessage()
+ {
+ final StringBuffer sb = new StringBuffer();
+ sb.append( "Cyclic association detected between [" ).append( m_principal ).append( "] and [" ).append( m_attribute ).append( "]" );
+ return sb.toString();
+ }
+
+ public Principal getPrincipal()
+ {
+ return m_principal;
+ }
+
+ public Principal getAttribute()
+ {
+ return m_attribute;
+ }
+}
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/InformationProvider.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/InformationProvider.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import javax.security.auth.Subject;
+
+public interface InformationProvider
+{
+ void populate( Subject s );
+}
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.attribute.InformationProvider;
+
+import java.security.Principal;
+import java.util.Collection;
+
+public interface MutableInformationProvider extends InformationProvider
+{
+ boolean addAllAttributes( Principal principal, Collection attributes );
+
+ boolean addAttribute( Principal principal, Principal attribute );
+}
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+public interface Authorizer
+{
+ boolean authorize( Subject s, Permission p );
+}
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Effect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Effect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Effect
+{
+ Effect add( Effect effect );
+
+ Effect applyTo( Effect effect );
+
+ Effect permit();
+
+ Effect deny();
+
+ Effect reduce();
+}
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Rule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Rule.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Rule
+{
+ Effect evaluate( Subject s, Permission p );
+}
Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/RuleSet.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/RuleSet.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface RuleSet extends Rule
+{
+ void addRule( Rule rule );
+}
Modified: incubator/directory/janus/trunk/core/impl/project.xml
==============================================================================
--- incubator/directory/janus/trunk/core/impl/project.xml (original)
+++ incubator/directory/janus/trunk/core/impl/project.xml Fri Nov 19 19:18:02 2004
@@ -17,6 +17,12 @@
<groupId>${pom.groupId}</groupId>
<artifactId>janus-api</artifactId>
<version>${pom.currentVersion}</version>
+ </dependency>
+ <!-- Test dependencies -->
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.1</version>
</dependency>
</dependencies>
</project>
Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java Fri Nov 19 19:18:02 2004
@@ -16,12 +16,14 @@
*/
package org.apache.janus.authentication;
+import org.apache.janus.authentication.attribute.InformationProvider;
import org.apache.janus.authentication.realm.Realm;
-import org.apache.janus.authentication.group.GroupManager;
import javax.security.auth.Subject;
import java.security.Principal;
-import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
/**
* An implementation of an authenticator that uses a single realm to perform authentication.
@@ -31,12 +33,12 @@
public class DefaultAuthenticator implements Authenticator
{
private final Realm m_realm;
- private final GroupManager m_groupManager;
+ private final Collection m_providers;
- public DefaultAuthenticator( Realm realm, GroupManager groupManager )
+ public DefaultAuthenticator( Realm realm )
{
m_realm = realm;
- m_groupManager = groupManager;
+ m_providers = new ArrayList();
}
public Subject authenticate( CredentialSet credentials )
@@ -51,9 +53,17 @@
Subject subject = new Subject();
subject.getPrincipals().add( p );
- Principal[] groups = m_groupManager.getGroupsFor( p );
- subject.getPrincipals().addAll( Arrays.asList( groups ));
+ for ( Iterator it = m_providers.iterator(); it.hasNext(); )
+ {
+ InformationProvider provider = ( InformationProvider ) it.next();
+ provider.populate( subject );
+ }
return subject;
+ }
+
+ public void addInformationProvider( InformationProvider provider )
+ {
+ m_providers.add( provider );
}
}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributePrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributePrincipal.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class AttributePrincipal extends AbstractPrincipal
+{
+ private final Object m_value;
+
+ public AttributePrincipal( String name, Object value )
+ {
+ super( name );
+ if ( value == null ) throw new NullPointerException( "value" );
+ m_value = value;
+ }
+
+ public Object getValue()
+ {
+ return m_value;
+ }
+
+ public boolean equals( Object o )
+ {
+ if ( this == o ) return true;
+ if ( !( o instanceof AttributePrincipal ) ) return false;
+ if ( !super.equals( o ) ) return false;
+
+ final AttributePrincipal other = ( AttributePrincipal ) o;
+
+ if ( !m_value.equals( other.m_value ) ) return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ int result = super.hashCode();
+ result = 29 * result + m_value.hashCode();
+ return result;
+ }
+
+ public String toString()
+ {
+ return "AttributePrincipal: " + super.toString();
+ }
+
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+
+public class AttributeProvider implements MutableInformationProvider
+{
+ private final Map m_attributes;
+
+ public AttributeProvider()
+ {
+ this( new HashMap() );
+ }
+
+ public AttributeProvider( Map attributes )
+ {
+ m_attributes = attributes;
+ }
+
+ public void populate( Subject s )
+ {
+ Principal[] principals = ( Principal[] ) s.getPrincipals().toArray( new Principal[s.getPrincipals().size()] );
+ for ( int i = 0; i < principals.length; i++ )
+ {
+ final Principal p = principals[i];
+ fillWithAttributes( s.getPrincipals(), p );
+ }
+ }
+
+ public boolean addAllAttributes( Principal principal, Collection attributes )
+ {
+ boolean modified = false;
+ for ( Iterator it = attributes.iterator(); it.hasNext(); )
+ {
+ Principal attribute = ( Principal ) it.next();
+ modified |= addAttribute( principal, attribute );
+ }
+
+ return modified;
+ }
+
+ public boolean addAttribute( Principal principal, Principal attribute )
+ {
+ detectCyclicAssociation( attribute, principal );
+ return attributes( principal ).add( attribute );
+ }
+
+ private void detectCyclicAssociation( Principal attribute, Principal principal )
+ {
+ Collection attributes = getAllAttributes( attribute );
+ if ( attributes.contains( principal ) ) throw new CyclicAssociationException( principal, attribute );
+ }
+
+ private Collection getAllAttributes( Principal principal )
+ {
+ final Collection attributes = new HashSet();
+ fillWithAttributes( attributes, principal );
+ return attributes;
+ }
+
+ private void fillWithAttributes( Collection principals, Principal p )
+ {
+ final Collection attributes = attributes( p );
+
+ for ( Iterator it = attributes.iterator(); it.hasNext(); )
+ {
+ Principal attribute = ( Principal ) it.next();
+ principals.add( attribute );
+ fillWithAttributes( principals, attribute );
+ }
+ }
+
+ private Collection attributes( Principal principal )
+ {
+ Collection attributes = ( Collection ) m_attributes.get( principal );
+ if ( attributes == null)
+ {
+ attributes = new HashSet();
+ m_attributes.put( principal, attributes );
+ }
+ return attributes;
+ }
+}
+
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/GroupPrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/GroupPrincipal.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class GroupPrincipal extends AbstractPrincipal
+{
+ public GroupPrincipal( String name )
+ {
+ super( name );
+ }
+
+ public boolean equals( Object o )
+ {
+ if ( this == o ) return true;
+ if ( !(o instanceof GroupPrincipal) ) return false;
+ if ( !super.equals( o ) ) return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ public String toString()
+ {
+ return "GroupPrincipal: " + super.toString();
+ }
+
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/RolePrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/RolePrincipal.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class RolePrincipal extends AbstractPrincipal
+{
+ public RolePrincipal( String name )
+ {
+ super( name );
+ }
+
+ public boolean equals( Object o )
+ {
+ if ( this == o ) return true;
+ if ( !(o instanceof RolePrincipal) ) return false;
+ if ( !super.equals( o ) ) return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ public String toString()
+ {
+ return "RolePrincipal: " + super.toString();
+ }
+
+}
Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java Fri Nov 19 19:18:02 2004
@@ -1,60 +1,87 @@
-/*
- * Copyright 2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.apache.janus.authorization;
-
-import org.apache.janus.authorization.policy.PolicyContext;
-import org.apache.janus.authorization.role.RoleManager;
-
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
- */
-public class DefaultAuthorizer implements Authorizer
-{
- private final PolicyContext m_policyContext;
- private final RoleManager m_roleManager;
-
- public DefaultAuthorizer( PolicyContext policyContext,
- RoleManager roleManager )
- {
- m_policyContext = policyContext;
- m_roleManager = roleManager;
- }
-
- public boolean checkAuthorization( Subject subject, Permission permission )
- {
- if ( !m_policyContext.requiresPriviledges( permission ) ) return true;
-
- Set principals = subject.getPrincipals();
- for ( Iterator it = principals.iterator(); it.hasNext(); )
- {
- final Principal p = ( Principal ) it.next();
- String[] roles = m_roleManager.getRoles( p );
- for ( int i = 0; i < roles.length; i++ )
- {
- final String role = roles[i];
- if ( m_policyContext.checkPermission( role, permission ) ) return true;
- }
- }
-
- return false;
- }
-}
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+
+import javax.security.auth.Subject;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Warning: to be renamed to DefaultAuthorizer when moved out of sandbox
+ */
+public class DefaultAuthorizer implements Authorizer
+{
+ private boolean m_defaultDecision;
+ private final Map m_decisions;
+ private RuleSet m_ruleSet;
+
+ public DefaultAuthorizer()
+ {
+ this( new Policy( new PermitOverridesEffect() ) );
+ }
+
+ public DefaultAuthorizer( RuleSet ruleSet )
+ {
+ m_ruleSet = ruleSet;
+ m_defaultDecision = true;
+ m_decisions = new HashMap();
+ m_decisions.put( Effects.GRANT, Boolean.TRUE );
+ m_decisions.put( Effects.NOT_APPLICABLE, Boolean.TRUE );
+ m_decisions.put( Effects.DENY, Boolean.FALSE );
+ }
+
+ public boolean authorize( Subject s, Permission p )
+ {
+ Effect effect = m_ruleSet.evaluate( s, p ).reduce();
+ Boolean decision = ( Boolean ) m_decisions.get( effect );
+
+ return decision != null ? decision.booleanValue() : m_defaultDecision;
+ }
+
+ public void setRuleSet( RuleSet ruleSet )
+ {
+ m_ruleSet = ruleSet;
+ }
+
+ public void grantOn( Effect effect )
+ {
+ m_decisions.put( effect, Boolean.TRUE );
+ }
+
+ public void denyOn( Effect effect )
+ {
+ m_decisions.put( effect, Boolean.FALSE );
+ }
+
+ public void addRule( Rule rule )
+ {
+ m_ruleSet.addRule( rule );
+ }
+
+ public void grantIfUnsure()
+ {
+ m_defaultDecision = true;
+ }
+
+ public void denyIfUnsure()
+ {
+ m_defaultDecision = false;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.predicate.Predicates;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultRule
+{
+ private Effect m_effect;
+ private Predicate m_subjectPredicate;
+ private Predicate m_permissionPredicate;
+
+ public DefaultRule()
+ {
+ this( Effects.GRANT );
+ }
+
+ public DefaultRule( Effect effect )
+ {
+ m_effect = effect;
+ m_subjectPredicate = Predicates.TRUE;
+ m_permissionPredicate = Predicates.TRUE;
+ }
+
+ public void setEffect( Effect effect )
+ {
+ m_effect = effect;
+ }
+
+ public void matchSubjects( Predicate condition )
+ {
+ m_subjectPredicate = condition;
+ }
+
+ public void matchPermissions( Predicate condition )
+ {
+ m_permissionPredicate = condition;
+ }
+
+ public Effect evaluate( Subject s, Permission p )
+ {
+ return matches( s, p ) ? m_effect : Effects.NOT_APPLICABLE;
+ }
+
+ private boolean matches( Subject s, Permission p )
+ {
+ return m_subjectPredicate.evaluate( s ) && m_permissionPredicate.evaluate( p );
+ }
+}
Copied: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionCollection.java (from r57529, incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionCollection.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authorization.policy;
+package org.apache.janus.authorization;
import org.apache.janus.authorization.Permission;
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Policy.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Policy.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class Policy implements RuleSet
+{
+ private final Effect m_effect;
+ private final Collection m_rules;
+
+ public Policy( Effect effect )
+ {
+ m_effect = effect;
+ m_rules = new ArrayList();
+ }
+
+ public void addRule( Rule rule )
+ {
+ m_rules.add( rule );
+ }
+
+ public Effect evaluate( Subject s, Permission p )
+ {
+ Effect decision = m_effect;
+
+ for ( Iterator it = m_rules.iterator(); it.hasNext(); )
+ {
+ Rule rule = ( Rule ) it.next();
+ Effect effect = rule.evaluate( s, p );
+ decision = decision.add( effect );
+ }
+
+ return decision;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Predicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Predicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Predicate
+{
+ boolean evaluate( Object o );
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PrimitiveRule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PrimitiveRule.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+public class PrimitiveRule implements Rule
+{
+ private final Effect effect;
+
+ public PrimitiveRule( Effect effect )
+ {
+ this.effect = effect;
+ }
+
+ public Effect evaluate( Subject s, Permission p )
+ {
+ return effect;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/AbstractCombinedEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/AbstractCombinedEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+public abstract class AbstractCombinedEffect implements Effect
+{
+ protected final Effect m_effect;
+
+ protected AbstractCombinedEffect( Effect effect )
+ {
+ m_effect = effect;
+ }
+
+ public Effect add( Effect effect )
+ {
+ return effect.applyTo( this );
+ }
+
+ public Effect reduce()
+ {
+ return m_effect;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class DenyEffect implements Effect
+{
+ DenyEffect()
+ {
+ }
+
+ public Effect add( Effect effect )
+ {
+ return this;
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return effect.deny();
+ }
+
+ public Effect permit()
+ {
+ return this;
+ }
+
+ public Effect deny()
+ {
+ return this;
+ }
+
+ public Effect reduce()
+ {
+ return this;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DenyOverridesEffect extends AbstractCombinedEffect
+{
+ public DenyOverridesEffect()
+ {
+ this( Effects.NOT_APPLICABLE );
+ }
+
+ public DenyOverridesEffect( Effect effect )
+ {
+ super( effect );
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return m_effect.applyTo( effect );
+ }
+
+ public Effect permit()
+ {
+ return new DenyOverridesEffect( Effects.GRANT );
+ }
+
+ public Effect deny()
+ {
+ return Effects.DENY;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/Effects.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/Effects.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+public class Effects
+{
+ public static final Effect GRANT = new GrantEffect();
+ public static final Effect DENY = new DenyEffect();
+ public static final Effect NOT_APPLICABLE = new NotApplicableEffect();
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FirstApplicableEffect extends AbstractCombinedEffect
+{
+ public FirstApplicableEffect()
+ {
+ this( Effects.NOT_APPLICABLE );
+ }
+
+ protected FirstApplicableEffect( Effect effect )
+ {
+ super( effect );
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return m_effect.applyTo( effect );
+ }
+
+ public Effect permit()
+ {
+ return Effects.GRANT;
+ }
+
+ public Effect deny()
+ {
+ return Effects.DENY;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/GrantEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/GrantEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class GrantEffect implements Effect
+{
+ GrantEffect()
+ {
+ }
+
+ public Effect add( Effect effect )
+ {
+ return this;
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return effect.permit();
+ }
+
+ public Effect permit()
+ {
+ return this;
+ }
+
+ public Effect deny()
+ {
+ return this;
+ }
+
+ public Effect reduce()
+ {
+ return this;
+ }
+}
\ No newline at end of file
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class LastApplicableEffect extends AbstractCombinedEffect
+{
+ public LastApplicableEffect()
+ {
+ this( Effects.NOT_APPLICABLE );
+ }
+
+ protected LastApplicableEffect( Effect effect )
+ {
+ super( effect );
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return m_effect.applyTo( effect );
+ }
+
+ public Effect permit()
+ {
+ return new LastApplicableEffect( Effects.GRANT );
+ }
+
+ public Effect deny()
+ {
+ return new LastApplicableEffect( Effects.DENY );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class NotApplicableEffect implements Effect
+{
+ NotApplicableEffect()
+ {
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return effect;
+ }
+
+ public Effect add( Effect effect )
+ {
+ return this;
+ }
+
+ public Effect permit()
+ {
+ return this;
+ }
+
+ public Effect deny()
+ {
+ return this;
+ }
+
+ public Effect reduce()
+ {
+ return this;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class PermitOverridesEffect extends AbstractCombinedEffect
+{
+ public PermitOverridesEffect()
+ {
+ this( Effects.NOT_APPLICABLE );
+ }
+
+ protected PermitOverridesEffect( Effect effect )
+ {
+ super( effect );
+ }
+
+ public Effect applyTo( Effect effect )
+ {
+ return m_effect.applyTo( effect );
+ }
+
+ public Effect permit()
+ {
+ return Effects.GRANT;
+ }
+
+ public Effect deny()
+ {
+ return new PermitOverridesEffect( Effects.DENY );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DependedUponPermissionPredicate implements Predicate
+{
+ private final Permission m_permission;
+
+ public DependedUponPermissionPredicate( Permission permission )
+ {
+ m_permission = permission;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ Permission p = ( Permission ) o;
+ return p.implies( m_permission );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class EqualPredicate implements Predicate
+{
+ private final Object m_obj;
+
+ public EqualPredicate( Object obj )
+ {
+ m_obj = obj;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ return m_obj.equals( o );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FalsePredicate implements Predicate
+{
+ public boolean evaluate( Object o )
+ {
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class HasPrincipalPredicate implements Predicate
+{
+ private final Principal m_principal;
+
+ public HasPrincipalPredicate( Principal principal )
+ {
+ m_principal = principal;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ Subject s = ( Subject ) o;
+
+ for ( Iterator it = s.getPrincipals().iterator(); it.hasNext(); )
+ {
+ Principal p = ( Principal ) it.next();
+ if ( m_principal.equals( p ) ) return true;
+ }
+
+ return false;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class ImpliedPermissionPredicate implements Predicate
+{
+ private final Permission m_permission;
+
+ public ImpliedPermissionPredicate( Permission permission )
+ {
+ m_permission = permission;
+ }
+
+ public boolean evaluate( Object o )
+ {
+ Permission p = ( Permission ) o;
+ return m_permission.implies( p );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+import java.security.Principal;
+
+public final class Predicates
+{
+ public static final Predicate TRUE = new TruePredicate();
+ public static final Predicate FALSE = new FalsePredicate();
+
+ private Predicates()
+ {
+ }
+
+ public static Predicate isImplied( Permission p )
+ {
+ return new ImpliedPermissionPredicate( p );
+ }
+
+ public static Predicate isDependedUpon( Permission p )
+ {
+ return new DependedUponPermissionPredicate( p );
+ }
+
+ public static Predicate is( Object o )
+ {
+ return new EqualPredicate( o );
+ }
+
+ public static Predicate hasPrincipal( Principal p )
+ {
+ return new HasPrincipalPredicate( p );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/TruePredicate.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class TruePredicate implements Predicate
+{
+ public boolean evaluate( Object o )
+ {
+ return true;
+ }
+}
Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java Fri Nov 19 19:18:02 2004
@@ -16,16 +16,19 @@
*/
package org.apache.janus.authentication;
-import org.apache.janus.authentication.group.GroupManager;
-import org.apache.janus.authentication.group.GroupPrincipal;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.janus.authentication.attribute.AttributeProvider;
import org.apache.janus.authentication.realm.Realm;
+import org.apache.janus.testmodel.Attributes;
+import org.apache.janus.testmodel.Creds;
+import org.apache.janus.testmodel.Fruits;
+import org.apache.janus.testmodel.Groups;
import org.jmock.Mock;
import org.jmock.MockObjectTestCase;
import javax.security.auth.Subject;
-import java.security.Principal;
+import java.util.Collection;
import java.util.HashSet;
-import java.util.Set;
/**
* @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
@@ -34,55 +37,38 @@
{
private DefaultAuthenticator m_authenticator;
private Mock m_mockRealm;
- private Mock m_mockGroupManager;
-
- public static void main( String[] args )
- {
- junit.textui.TestRunner.run( DefaultAuthenticatorTest.class );
- }
protected void setUp() throws Exception
{
- m_mockRealm
- = new Mock( Realm.class );
- m_mockGroupManager = new Mock( GroupManager.class );
- m_authenticator
- = new DefaultAuthenticator( ( Realm ) m_mockRealm.proxy(), (GroupManager) m_mockGroupManager.proxy() );
+ m_mockRealm = new Mock( Realm.class );
+ m_authenticator = new DefaultAuthenticator( ( Realm ) m_mockRealm.proxy() );
}
- private CredentialSet bananaCreds()
+ public void testAuthenticatesEntityAgainstRealm() throws Exception
{
- CredentialSet credentials = new CredentialSet();
- credentials.add( new FruitCredential( "banana" ) );
- return credentials;
+ m_mockRealm.expects( once() ).method( "validateCredentials" ).with( eq( Creds.banana() ) ).will( returnValue( Fruits.banana() ) );
+ m_authenticator.authenticate( Creds.banana() );
+ m_mockRealm.verify();
}
- public void testAuthentication()
+ public void testBuildsUpSubjectWithEntityPrincipal()
{
- m_mockRealm.expects( once() ).method( "validateCredentials" ).with( eq( bananaCreds() ) ).will( returnValue( banana() ) );
- m_mockGroupManager.stubs().method( "getGroupsFor" ).will( returnValue( new GroupPrincipal[] {} ) );
+ m_mockRealm.stubs().method( "validateCredentials" ).with( eq( Creds.banana() ) ).will( returnValue( Fruits.banana() ) );
Subject subject = null;
try
{
- subject = m_authenticator.authenticate( bananaCreds() );
+ subject = m_authenticator.authenticate( Creds.banana() );
}
catch ( AuthenticationException e )
{
fail( "Login failed" );
}
assertTrue( "Principal was not added to subject",
- subject.getPrincipals().contains( banana() ) );
-
- m_mockRealm.verify();
- }
-
- private FruitPrincipal banana()
- {
- return new FruitPrincipal( "banana" );
+ subject.getPrincipals().contains( Fruits.banana() ) );
}
- public void testAuthenticationFailure()
+ public void testThrowsAuthenticationExceptionIfAuthenticationFails()
{
m_mockRealm.stubs().method( "validateCredentials" ).will( returnValue( null ) );
@@ -97,36 +83,31 @@
}
}
- public void testPrincipalGroupsAreAddedToSubject() throws Exception
+ public void testBuildsUpSubjectWithEntityAttributes() throws Exception
{
- m_mockRealm.stubs().method( "validateCredentials" ).will( returnValue( banana() ) );
- m_mockGroupManager.expects( once() ).method( "getGroupsFor" ).with( eq( banana() ) ).will( returnValue( bananaGroups() ) );
+ m_mockRealm.stubs().method( "validateCredentials" ).will( returnValue( Fruits.banana() ) );
- Subject s = m_authenticator.authenticate( bananaCreds() );
+ AttributeProvider groupProvider = new AttributeProvider();
+ groupProvider.addAttribute( Fruits.banana(), Groups.fruits() );
+ m_authenticator.addInformationProvider( groupProvider );
+ AttributeProvider attributeProvider = new AttributeProvider();
+ attributeProvider.addAttribute( Fruits.banana(), Attributes.yellow() );
+ attributeProvider.addAttribute( Groups.fruits(), Attributes.tasty() );
+ m_authenticator.addInformationProvider( attributeProvider );
+
+ Subject s = m_authenticator.authenticate( Creds.banana() );
+
+ Collection expectedAttributes = new HashSet( );
+ expectedAttributes.add( Groups.fruits() );
+ expectedAttributes.add( Attributes.tasty() );
+ expectedAttributes.add( Attributes.yellow() );
- Set expected = new HashSet( );
- expected.add( tasty() );
- expected.add( yellow() );
- Set actual = s.getPrincipals( GroupPrincipal.class );
- assertEquals( expected, actual );
-
- m_mockGroupManager.verify();
- }
-
- private Principal[] bananaGroups()
- {
- return new GroupPrincipal[]{tasty(), yellow()};
- }
-
- private GroupPrincipal yellow()
- {
- GroupPrincipal yellow = new GroupPrincipal( "yellow" );
- return yellow;
+ assertTrue( CollectionUtils.isProperSubCollection( expectedAttributes, s.getPrincipals() ) );
}
- private GroupPrincipal tasty()
+ public static void main( String[] args )
{
- GroupPrincipal tasty = new GroupPrincipal( "tasty" );
- return tasty;
+ junit.textui.TestRunner.run( DefaultAuthenticatorTest.class );
}
}
+
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import junit.framework.TestCase;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.janus.testmodel.Groups;
+import org.apache.janus.testmodel.Subjects;
+import org.apache.janus.testmodel.Usernames;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+
+public class AttributeProviderTest extends TestCase
+{
+ AttributeProvider m_provider;
+
+ protected void setUp() throws Exception
+ {
+ m_provider = new AttributeProvider();
+ }
+
+ public void testPopulatesSubjectWithAttributesOfSubjectPrincipal()
+ {
+ Collection groups = Arrays.asList( new Principal[] { Groups.geeks(), Groups.men() });
+ m_provider.addAllAttributes( Usernames.joe(), groups );
+
+ Subject joe = Subjects.joe();
+ m_provider.populate( joe );
+ assertTrue( CollectionUtils.isSubCollection( groups, joe.getPrincipals() ) );
+ }
+
+ public void testLooksAtAllSubjectPrincipalsWhenPopulating()
+ {
+ m_provider.addAttribute( Usernames.joe(), Groups.geeks() );
+ m_provider.addAttribute( Groups.canadians(), Groups.men() );
+
+ Subject joe = Subjects.with( Usernames.joe(), Groups.canadians() );
+ m_provider.populate( joe );
+
+ Collection groups = Arrays.asList( new Principal[] { Groups.geeks(), Groups.men() });
+ assertTrue( CollectionUtils.isSubCollection( groups, joe.getPrincipals() ) );
+ }
+
+ public void testPrincipalHasNoAttributeByDefault()
+ {
+ Subject joe = Subjects.joe();
+ m_provider.populate( joe );
+
+ Collection expectedPrincipals = Collections.singleton( Usernames.joe() );
+ Collection actualPrincipals = joe.getPrincipals();
+ assertTrue( CollectionUtils.isEqualCollection( expectedPrincipals, actualPrincipals ) );
+ }
+
+ public void testDuplicateAttributesAreIgnored()
+ {
+ assertTrue( m_provider.addAttribute( Usernames.joe(), Groups.geeks() ) );
+ assertFalse( m_provider.addAttribute( Usernames.joe(), Groups.geeks() ) );
+
+ Subject joe = Subjects.joe();
+ m_provider.populate( joe );
+
+ Collection expectedPrincipals = Collections.singleton( Groups.geeks() );
+ Collection actualPrincipals = joe.getPrincipals( GroupPrincipal.class );
+ assertTrue( CollectionUtils.isEqualCollection( expectedPrincipals, actualPrincipals ) );
+ }
+
+ public void testAttributesAreInheritedFromOtherAttributes()
+ {
+ m_provider.addAttribute( Usernames.joe(), Groups.canadians() );
+ m_provider.addAttribute( Groups.canadians(), Groups.geeks() );
+ m_provider.addAttribute( Groups.geeks(), Groups.men() );
+
+ Subject joe = Subjects.joe();
+ m_provider.populate( joe );
+
+ Collection expectedPrincipals = Arrays.asList( new Principal[] { Groups.canadians(), Groups.geeks(), Groups.men() } );
+ assertTrue( CollectionUtils.isSubCollection( expectedPrincipals, joe.getPrincipals()));
+ }
+
+ public void testForbidsCyclicAttributesAssociations()
+ {
+ m_provider.addAttribute( Groups.canadians(), Groups.men() );
+ m_provider.addAttribute( Groups.men(), Groups.geeks() );
+ try
+ {
+ m_provider.addAttribute( Groups.geeks(), Groups.canadians() );
+ fail("Cyclic associations are allowed");
+ }
+ catch ( CyclicAssociationException e )
+ {
+ assertTrue( true );
+ }
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+
+import javax.security.auth.Subject;
+
+public class DefaultAuthorizerTest extends TestCase
+{
+ private DefaultAuthorizer m_authorizer;
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( DefaultAuthorizerTest.class );
+ }
+
+ protected void setUp() throws Exception
+ {
+ m_authorizer = new DefaultAuthorizer();
+ }
+
+ public void testTakesPositiveDecisionIfRuleSuggestsPermission()
+ {
+ m_authorizer.setRuleSet( new Policy( Effects.GRANT ) );
+ m_authorizer.denyIfUnsure();
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testTakesPositiveDecisionIfRuleIsNotApplicable()
+ {
+ m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+ m_authorizer.denyIfUnsure();
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testTakesNegativeDecisionIfRuleSuggestDenial()
+ {
+ m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
+ m_authorizer.grantIfUnsure();
+ assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testTakesPositiveDecisionByDefault()
+ {
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testCanForceEffectToGrantDecision()
+ {
+ m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
+ m_authorizer.grantOn( Effects.DENY );
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testCanForceEffectToDenyDecision()
+ {
+ m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+ m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+ assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testEffectsAreReducedBeforeTakingDecision()
+ {
+ m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+ m_authorizer.grantIfUnsure();
+ m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+ assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testRulesCanBeAdded()
+ {
+ m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+ m_authorizer.addRule( new PrimitiveRule( Effects.GRANT ) );
+ m_authorizer.denyIfUnsure();
+ m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.predicate.FalsePredicate;
+import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
+import org.apache.janus.authorization.predicate.ImpliedPermissionPredicate;
+import org.apache.janus.authorization.predicate.TruePredicate;
+import org.jmock.MockObjectTestCase;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultRuleTest extends MockObjectTestCase
+{
+ private DefaultRule m_rule;
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( DefaultRuleTest.class );
+ }
+
+ protected void setUp() throws Exception
+ {
+ m_rule = new DefaultRule();
+ }
+
+ public void testEvaluatesToRuleEffectIfTargetVerifiesCondition()
+ {
+ m_rule.setEffect( Effects.DENY );
+ m_rule.matchSubjects( new HasPrincipalPredicate( new UsernamePrincipal( "johnDoe" ) ) );
+ m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
+ assertEquals( Effects.DENY, m_rule.evaluate( john(), new SomePermission() ) );
+ }
+
+ public void testIsNotApplicableIfSubjectConditionIsNotVerified()
+ {
+ m_rule.matchSubjects( new FalsePredicate() );
+ m_rule.matchPermissions( new TruePredicate() );
+ assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) );
+ }
+
+ public void testIsNotApplicableIfPermissionConditionIsNotVerified()
+ {
+ m_rule.matchSubjects( new TruePredicate() );
+ m_rule.matchPermissions( new FalsePredicate() );
+ assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) );
+ }
+
+ private Subject john()
+ {
+ Subject subject = new Subject();
+ subject.getPrincipals().add( new UsernamePrincipal( "johnDoe" ) );
+ return subject;
+ }
+}
Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/FullPermission.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/FullPermission.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authorization.policy;
+package org.apache.janus.authorization;
import org.apache.janus.authorization.BasicPermission;
import org.apache.janus.authorization.Permission;
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/PolicyTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/PolicyTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+
+import javax.security.auth.Subject;
+
+public class PolicyTest extends TestCase
+{
+ public void testRendersDefaultDecisionWhenEmpty()
+ {
+ Policy policy = new Policy( new PermitOverridesEffect() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new Subject(), new SomePermission() ).reduce() );
+ }
+
+ public void testCombinesResultOfContainedRulesEvaluation()
+ {
+ Policy policy = new Policy( new PermitOverridesEffect() );
+ policy.addRule( new PrimitiveRule( Effects.DENY ) );
+ policy.addRule( new PrimitiveRule( Effects.GRANT ) );
+
+ assertEquals( Effects.GRANT, policy.evaluate( new Subject(), new SomePermission() ).reduce() );
+ }
+}
Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ReadPermission.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ReadPermission.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authorization.policy;
+package org.apache.janus.authorization;
import org.apache.janus.authorization.BasicPermission;
import org.apache.janus.authorization.Permission;
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SomePermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SomePermission.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+public class SomePermission extends BasicPermission
+{
+ public SomePermission()
+ {
+ super( "something" );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/DenyOverridesEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/DenyOverridesEffectTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class DenyOverridesEffectTest extends MockObjectTestCase
+{
+ public void testDefaultsToNotApplicable()
+ {
+ Effect effect = new DenyOverridesEffect();
+ assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+ }
+
+ public void testCombinedResultIsDenyIfSingleDenyIsEncountered()
+ {
+ Effect effect = new DenyOverridesEffect();
+ effect = effect.deny();
+ effect = effect.permit();
+ assertEquals( Effects.DENY, effect.reduce() );
+ }
+
+ public void testCombinedResultIsPermitIfNoDenyAndAtLeastAPermitIsEncountered()
+ {
+ Effect effect = new DenyOverridesEffect();
+ effect = effect.permit();
+ assertEquals( Effects.GRANT, effect.reduce() );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/FirstApplicableEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/FirstApplicableEffectTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class FirstApplicableEffectTest extends MockObjectTestCase
+{
+ public void testDefaultsToNotApplicable()
+ {
+ Effect effect = new FirstApplicableEffect();
+ assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+ }
+
+ public void testCombinedResultIsFirstApplicableEffect()
+ {
+ Effect effect = new FirstApplicableEffect();
+ effect = effect.deny();
+ effect = effect.permit();
+ effect = effect.deny();
+ assertEquals( Effects.DENY, effect.reduce() );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/LastApplicableEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/LastApplicableEffectTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class LastApplicableEffectTest extends MockObjectTestCase
+{
+ public void testDefaultsToNotApplicable()
+ {
+ Effect effect = new LastApplicableEffect();
+ assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+ }
+
+ public void testCombinedResultIsLastApplicableEffect()
+ {
+ Effect effect = new LastApplicableEffect();
+ effect = effect.deny();
+ effect = effect.permit();
+ effect = effect.deny();
+ assertEquals( Effects.DENY, effect.reduce() );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/PermitOverridesEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/PermitOverridesEffectTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class PermitOverridesEffectTest extends MockObjectTestCase
+{
+ public void testDefaultsToNotApplicable()
+ {
+ Effect effect = new PermitOverridesEffect();
+ assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+ }
+
+ public void testCombinedResultIsPermitIfSinglePermitIsEncountered()
+ {
+ Effect effect = new PermitOverridesEffect();
+ effect = effect.permit();
+ effect = effect.deny();
+ assertEquals( Effects.GRANT, effect.reduce() );
+ }
+
+ public void testCombinedResultIsDenyIfNoPermitAndAtLeastADenyIsEncountered()
+ {
+ Effect effect = new PermitOverridesEffect();
+ effect = effect.deny();
+ assertEquals( Effects.DENY, effect.reduce() );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Attributes.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Attributes.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.attribute.AttributePrincipal;
+
+import java.security.Principal;
+
+public class Attributes
+{
+ public static Principal tasty()
+ {
+ return new AttributePrincipal( "taste", "tasty" );
+ }
+
+ public static Principal yellow()
+ {
+ return new AttributePrincipal( "color", "yellow" );
+ }
+
+ private Attributes() {}
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Creds.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Creds.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.CredentialSet;
+
+public class Creds
+{
+ public static CredentialSet banana()
+ {
+ CredentialSet credentials = new CredentialSet();
+ credentials.add( new FruitCredential( "banana" ) );
+ return credentials;
+ }
+
+ private Creds() {}
+}
Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitCredential.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitCredential.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authentication;
+package org.apache.janus.testmodel;
import java.io.Serializable;
Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitPrincipal.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java (original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitPrincipal.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authentication;
+package org.apache.janus.testmodel;
import org.apache.janus.authentication.AbstractPrincipal;
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Fruits.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Fruits.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import java.security.Principal;
+
+public class Fruits
+{
+
+ public static Principal banana()
+ {
+ return new FruitPrincipal( "banana" );
+ }
+
+ private Fruits() {}
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Groups.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Groups.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+
+public class Groups
+{
+ public static GroupPrincipal canadians()
+ {
+ return new GroupPrincipal( "canadians" );
+ }
+
+ public static GroupPrincipal geeks()
+ {
+ return new GroupPrincipal( "geeks" );
+ }
+
+ public static GroupPrincipal men()
+ {
+ return new GroupPrincipal( "men" );
+ }
+
+ public static GroupPrincipal fruits()
+ {
+ return new GroupPrincipal( "fruits" );
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Roles.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Roles.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.attribute.RolePrincipal;
+
+import java.security.Principal;
+
+public class Roles
+{
+ public static Principal user()
+ {
+ return new RolePrincipal( "user" );
+ }
+
+ public static Principal developer()
+ {
+ return new RolePrincipal( "developer" );
+ }
+
+ public static Principal tester()
+ {
+ return new RolePrincipal( "tester" );
+ }
+
+ public static Principal manager()
+ {
+ return new RolePrincipal( "manager" );
+ }
+
+ private Roles() {}
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+public class Subjects
+{
+ public static Subject joe()
+ {
+ return with( Usernames.joe() );
+ }
+
+ public static Subject with( Principal p )
+ {
+ Subject s = new Subject();
+ s.getPrincipals().add( p );
+ return s;
+ }
+
+ public static Subject with( Principal p1, Principal p2 )
+ {
+ Subject s = new Subject();
+ s.getPrincipals().add( p1 );
+ s.getPrincipals().add( p2 );
+ return s;
+ }
+
+ public static Subject with( Principal p1, Principal p2, Principal p3 )
+ {
+ Subject s = new Subject();
+ s.getPrincipals().add( p1 );
+ s.getPrincipals().add( p2 );
+ s.getPrincipals().add( p3 );
+ return s;
+ }
+
+ public static Subject with( Principal[] principals )
+ {
+ Subject s = new Subject();
+ for ( int i = 0; i < principals.length; i++ )
+ {
+ Principal p = principals[i];
+ s.getPrincipals().add( p );
+ }
+ return s;
+ }
+}
Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+public class Usernames
+{
+ public static UsernamePrincipal joe()
+ {
+ return new UsernamePrincipal( "joeblow" );
+ }
+}
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java Fri Nov 19 19:18:02 2004
@@ -16,9 +16,6 @@
*/
package org.apache.janus.authentication.attribute;
-import org.apache.janus.authentication.CyclicAssociationException;
-import org.apache.janus.authentication.MutableInformationProvider;
-
import javax.security.auth.Subject;
import java.security.Principal;
import java.util.Collection;
Copied: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java (from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java)
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authentication;
+package org.apache.janus.authentication.attribute;
import java.security.Principal;
Copied: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/InformationProvider.java (from r57529, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java)
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/InformationProvider.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
* limitations under the License.
*
*/
-package org.apache.janus.authentication;
+package org.apache.janus.authentication.attribute;
import javax.security.auth.Subject;
Copied: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java (from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java)
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java Fri Nov 19 19:18:02 2004
@@ -14,7 +14,9 @@
* limitations under the License.
*
*/
-package org.apache.janus.authentication;
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.attribute.InformationProvider;
import java.security.Principal;
import java.util.Collection;
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java Fri Nov 19 19:18:02 2004
@@ -26,7 +26,7 @@
/**
* Warning: to be renamed to DefaultAuthorizer when moved out of sandbox
*/
-public class DefaultAuthorizationController implements AuthorizationController
+public class DefaultAuthorizationController implements Authorizer
{
private boolean m_defaultDecision;
private final Map m_decisions;
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java Fri Nov 19 19:18:02 2004
@@ -16,7 +16,8 @@
*/
package org.apache.janus.script;
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
public interface InformationProviderBuilder
{
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java Fri Nov 19 19:18:02 2004
@@ -16,7 +16,7 @@
*/
package org.apache.janus.script;
-import org.apache.janus.authentication.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
import java.security.Principal;
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java Fri Nov 19 19:18:02 2004
@@ -16,7 +16,7 @@
*/
package org.apache.janus.script;
-import org.apache.janus.authentication.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
import java.security.Principal;
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java Fri Nov 19 19:18:02 2004
@@ -16,9 +16,10 @@
*/
package org.apache.janus.script.xml;
-import org.apache.janus.authentication.MutableInformationProvider;
-import org.apache.janus.authentication.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
import org.apache.janus.authentication.realm.UsernamePrincipal;
import org.apache.janus.script.InformationProviderBuilderMonitor;
import org.apache.janus.script.InformationProviderBuilder;
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java Fri Nov 19 19:18:02 2004
@@ -16,8 +16,9 @@
*/
package org.apache.janus.script.xml;
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.script.InformationProviderBuilderMonitor;
import org.apache.janus.script.NullInformationProviderMonitor;
import org.dom4j.Document;
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java Fri Nov 19 19:18:02 2004
@@ -16,8 +16,9 @@
*/
package org.apache.janus.script.xml;
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.authentication.attribute.RolePrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.script.InformationProviderBuilderMonitor;
import org.apache.janus.script.NullInformationProviderMonitor;
import org.dom4j.Document;
Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java Fri Nov 19 19:18:02 2004
@@ -21,7 +21,6 @@
import org.apache.janus.testmodel.Groups;
import org.apache.janus.testmodel.Subjects;
import org.apache.janus.testmodel.Usernames;
-import org.apache.janus.authentication.CyclicAssociationException;
import javax.security.auth.Subject;
import java.security.Principal;
Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java Fri Nov 19 19:18:02 2004
@@ -24,7 +24,7 @@
public class DefaultAuthorizationControllerTest extends TestCase
{
- private DefaultAuthorizationController m_authorizer;
+ private DefaultAuthorizer m_authorizer;
public static void main( String[] args )
{
@@ -33,7 +33,7 @@
protected void setUp() throws Exception
{
- m_authorizer = new DefaultAuthorizationController();
+ m_authorizer = new DefaultAuthorizer();
}
public void testTakesPositiveDecisionIfRuleSuggestsPermission()
Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java Fri Nov 19 19:18:02 2004
@@ -16,9 +16,9 @@
*/
package org.apache.janus.script.xml;
-import org.apache.janus.authentication.CyclicAssociationException;
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.authentication.attribute.AttributeProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
import org.apache.janus.script.InformationProviderBuilderMonitor;
import org.apache.janus.testmodel.Groups;
import org.apache.janus.testmodel.Usernames;
Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java Fri Nov 19 19:18:02 2004
@@ -16,7 +16,8 @@
*/
package org.apache.janus.script.xml;
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
import org.apache.janus.testmodel.Groups;
import org.apache.janus.testmodel.Roles;
import org.apache.janus.testmodel.Usernames;
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilder.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+
+public interface InformationProviderBuilder
+{
+ void buildProvider( MutableInformationProvider groupProvider );
+}
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+
+import java.security.Principal;
+
+public interface InformationProviderBuilderMonitor
+{
+ void cyclicAssociation( CyclicAssociationException e );
+
+ void duplicateAttribute( Principal principal, Principal attribute );
+}
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/NullInformationProviderMonitor.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+
+import java.security.Principal;
+
+public class NullInformationProviderMonitor implements InformationProviderBuilderMonitor
+{
+ public void cyclicAssociation( CyclicAssociationException e )
+ {
+ }
+
+ public void duplicateAttribute( Principal principal, Principal attribute )
+ {
+ }
+}
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.InformationProviderBuilder;
+import org.dom4j.Element;
+
+import java.security.Principal;
+
+public abstract class AbstractDom4JInformationProviderBuilder implements InformationProviderBuilder
+{
+ protected final Element m_root;
+ protected final InformationProviderBuilderMonitor m_monitor;
+
+ public AbstractDom4JInformationProviderBuilder( Element root, InformationProviderBuilderMonitor monitor )
+ {
+ m_root = root;
+ m_monitor = monitor;
+ }
+
+ protected void addAttribute( MutableInformationProvider groupProvider, Principal principal, Principal attribute )
+ {
+ boolean added = false;
+ try
+ {
+ added = groupProvider.addAttribute( principal, attribute );
+ if (!added) m_monitor.duplicateAttribute( principal, attribute );
+ }
+ catch ( CyclicAssociationException e )
+ {
+ m_monitor.cyclicAssociation( e );
+ }
+ }
+
+ protected Principal getUserPrincipal( Element element )
+ {
+ String username = element.attributeValue( "username" );
+ Principal usernamePrincipal = new UsernamePrincipal( username );
+ return usernamePrincipal;
+ }
+
+ protected Principal getGroupPrincipal( Element element )
+ {
+ String groupName = element.attributeValue( "groupname" );
+ Principal groupPrincipal = new GroupPrincipal( groupName );
+ return groupPrincipal;
+ }
+}
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.NullInformationProviderMonitor;
+import org.dom4j.Document;
+import org.dom4j.DocumentException;
+import org.dom4j.Element;
+
+import java.io.Reader;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.List;
+
+public class Dom4JGroupBuilder extends AbstractDom4JInformationProviderBuilder
+{
+ public static Dom4JGroupBuilder fromReader( Reader reader ) throws DocumentException
+ {
+ return fromReader( reader, new NullInformationProviderMonitor() );
+ }
+
+ public static Dom4JGroupBuilder fromReader( Reader reader, InformationProviderBuilderMonitor monitor ) throws DocumentException
+ {
+ Document doc = Dom4JUtils.readDocument( reader );
+ return new Dom4JGroupBuilder( doc, monitor );
+ }
+
+ public Dom4JGroupBuilder( Document doc )
+ {
+ this( doc.getRootElement() );
+ }
+
+ public Dom4JGroupBuilder( Document doc, InformationProviderBuilderMonitor monitor )
+ {
+ this( doc.getRootElement(), monitor );
+ }
+
+ public Dom4JGroupBuilder( Element root )
+ {
+ this( root, new NullInformationProviderMonitor() );
+ }
+
+ public Dom4JGroupBuilder( Element root, InformationProviderBuilderMonitor monitor )
+ {
+ super( root, monitor );
+ }
+
+ public void buildProvider( MutableInformationProvider provider )
+ {
+ addGroupsToUsers( provider, m_root.elements( "user" ) );
+ addGroupsToGroups( provider, m_root.elements( "group" ) );
+ }
+
+ private void addGroupsToUsers( MutableInformationProvider provider, List users )
+ {
+ for ( Iterator it = users.iterator(); it.hasNext(); )
+ {
+ Element element = ( Element ) it.next();
+ Principal user = getUserPrincipal( element );
+ Principal group = getGroupAttribute( element );
+
+ addAttribute( provider, user, group );
+ }
+ }
+
+ private void addGroupsToGroups( MutableInformationProvider provider, List groups )
+ {
+ for ( Iterator it = groups.iterator(); it.hasNext(); )
+ {
+ Element element = ( Element ) it.next();
+ Principal subGroup = getGroupPrincipal( element );
+ Principal group = getGroupAttribute( element );
+
+ addAttribute( provider, subGroup, group );
+ }
+ }
+
+ private Principal getGroupAttribute( Element element )
+ {
+ String groupName = element.attributeValue( "group" );
+ Principal groupPrincipal = new GroupPrincipal( groupName );
+ return groupPrincipal;
+ }
+}
+
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.RolePrincipal;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.NullInformationProviderMonitor;
+import org.dom4j.Document;
+import org.dom4j.DocumentException;
+import org.dom4j.Element;
+
+import java.io.Reader;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.List;
+
+public class Dom4JRoleBuilder extends AbstractDom4JInformationProviderBuilder
+{
+ public static Dom4JRoleBuilder fromReader( Reader reader ) throws DocumentException
+ {
+ return fromReader( reader, new NullInformationProviderMonitor() );
+ }
+
+ public static Dom4JRoleBuilder fromReader( Reader reader, InformationProviderBuilderMonitor monitor ) throws DocumentException
+ {
+ Document doc = Dom4JUtils.readDocument( reader );
+ return new Dom4JRoleBuilder( doc, monitor );
+ }
+
+ public Dom4JRoleBuilder( Document doc )
+ {
+ this( doc.getRootElement() );
+ }
+
+ public Dom4JRoleBuilder( Document doc, InformationProviderBuilderMonitor monitor )
+ {
+ this( doc.getRootElement(), monitor );
+ }
+
+ public Dom4JRoleBuilder( Element root )
+ {
+ this( root, new NullInformationProviderMonitor() );
+ }
+
+ public Dom4JRoleBuilder( Element root, InformationProviderBuilderMonitor monitor )
+ {
+ super( root, monitor );
+ }
+
+ public void buildProvider( MutableInformationProvider provider )
+ {
+ addRolesToUsers( provider, m_root.elements( "user" ) );
+ addRolesToGroups( provider, m_root.elements( "group" ) );
+ addRolesToRoles( provider, m_root.elements( "role" ) );
+ }
+
+ private void addRolesToUsers( MutableInformationProvider provider, List users )
+ {
+ for ( Iterator it = users.iterator(); it.hasNext(); )
+ {
+ Element element = ( Element ) it.next();
+ Principal user = getUserPrincipal( element );
+ Principal role = getRoleAttribute( element );
+
+ addAttribute( provider, user, role );
+ }
+ }
+
+ private void addRolesToGroups( MutableInformationProvider provider, List groups )
+ {
+ for ( Iterator it = groups.iterator(); it.hasNext(); )
+ {
+ Element element = ( Element ) it.next();
+ Principal group = getGroupPrincipal( element );
+ Principal role = getRoleAttribute( element );
+
+ addAttribute( provider, group, role );
+ }
+ }
+
+ private void addRolesToRoles( MutableInformationProvider provider, List groups )
+ {
+ for ( Iterator it = groups.iterator(); it.hasNext(); )
+ {
+ Element element = ( Element ) it.next();
+ Principal subRole = getRolePrincipal( element );
+ Principal role = getRoleAttribute( element );
+
+ addAttribute( provider, subRole, role );
+ }
+ }
+
+ private Principal getRolePrincipal( Element element )
+ {
+ String roleName = element.attributeValue( "rolename" );
+ Principal rolePrincipal = new RolePrincipal( roleName );
+ return rolePrincipal;
+ }
+
+ private Principal getRoleAttribute( Element element )
+ {
+ String roleName = element.attributeValue( "role" );
+ Principal rolePrincipal = new RolePrincipal( roleName );
+ return rolePrincipal;
+ }
+}
Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JUtils.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JUtils.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.dom4j.Document;
+import org.dom4j.DocumentException;
+import org.dom4j.io.SAXReader;
+
+import java.io.Reader;
+
+public final class Dom4JUtils
+{
+ public static Document readDocument( Reader reader ) throws DocumentException
+ {
+ final SAXReader parser = new SAXReader();
+ return parser.read( reader );
+ }
+
+ private Dom4JUtils() {}
+}
Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.AttributeProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.jmock.Mock;
+import org.jmock.MockObjectTestCase;
+import org.jmock.core.Constraint;
+
+import java.io.StringReader;
+
+/**
+ * TODO: Move some tests to abstract test class
+ */
+public class Dom4JGroupBuilderTest extends MockObjectTestCase
+{
+ public void testParsesUsersFromXMLDocumentAndAddsGroupAttributesToProvider() throws Exception
+ {
+ Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( userWithTwoGroups() ) );
+
+ Mock mockProvider = new Mock( MutableInformationProvider.class );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+
+ builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+ mockProvider.verify();
+ }
+
+ private String userWithTwoGroups()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<groups>\n"
+ + " <user username=\"joeblow\" group=\"men\"/>\n"
+ + " <user username=\"joeblow\" group=\"geeks\"/>\n"
+ + "</groups>";
+ return content;
+ }
+
+ public void testParsesGroupsFromXMLDocumentAndAddsGroupAttributesToProvider() throws Exception
+ {
+ Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( groupWithTwoGroups() ) );
+
+ Mock mockProvider = new Mock( MutableInformationProvider.class );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.men() ) ).will( returnValue( true ) );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+
+ builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+ mockProvider.verify();
+ }
+
+ private String groupWithTwoGroups()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<groups>\n"
+ + " <group groupname=\"canadians\" group=\"men\"/>\n"
+ + " <group groupname=\"canadians\" group=\"geeks\"/>\n"
+ + "</groups>";
+ return content;
+ }
+
+ public void testNotifiesMonitorWhenDuplicateAttributesAreFound() throws Exception
+ {
+ Mock mockMonitor = new Mock( InformationProviderBuilderMonitor.class );
+ Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( twiceSameAttribute() ),
+ ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
+ AttributeProvider provider = new AttributeProvider();
+
+ mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) );
+
+ builder.buildProvider( provider );
+ mockMonitor.verify();
+ }
+
+ private String twiceSameAttribute()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<groups>\n"
+ + " <user username=\"joeblow\" group=\"men\"/>\n"
+ + " <user username=\"joeblow\" group=\"men\"/>\n"
+ + "</groups>";
+ return content;
+ }
+
+ public void testNotifiesMonitorWhenCyclicAssociationsAreFound() throws Exception
+ {
+ Mock mockMonitor = new Mock( InformationProviderBuilderMonitor.class );
+ Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( withCyclicAssociation() ),
+ ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
+ AttributeProvider provider = new AttributeProvider();
+
+ CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), Groups.canadians() );
+ mockMonitor.expects( once() ).method( "cyclicAssociation" ).with( new CyclicAssociationExceptionConstraint( expected ) );
+
+ builder.buildProvider( provider );
+ mockMonitor.verify();
+ }
+
+ private String withCyclicAssociation()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<groups>\n"
+ + " <group groupname=\"canadians\" group=\"men\"/>\n"
+ + " <group groupname=\"men\" group=\"canadians\"/>\n"
+ + "</groups>";
+ return content;
+ }
+
+ public static class CyclicAssociationExceptionConstraint implements Constraint
+ {
+ private final CyclicAssociationException m_exception;
+
+ public CyclicAssociationExceptionConstraint( CyclicAssociationException exception )
+ {
+ m_exception = exception;
+ }
+
+ public boolean eval( Object o )
+ {
+ if (!(o instanceof CyclicAssociationException)) return false;
+
+ CyclicAssociationException other = (CyclicAssociationException) o;
+ if (!m_exception.getPrincipal().equals( other.getPrincipal()) ) return false;
+ if (!m_exception.getAttribute().equals( other.getAttribute()) ) return false;
+
+ return true;
+ }
+
+ public StringBuffer describeTo( StringBuffer buffer )
+ {
+ buffer.append( m_exception.toString() );
+
+ return buffer;
+ }
+
+ }
+}
Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.jmock.Mock;
+import org.jmock.MockObjectTestCase;
+
+import java.io.StringReader;
+
+public class Dom4JRoleBuilderTest extends MockObjectTestCase
+{
+ public void testParsesUsersFromXMLDocumentAndAddRoleAttributesToUsers() throws Exception
+ {
+ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( userWithTwoRoles() ) );
+
+ Mock mockProvider = new Mock( MutableInformationProvider.class );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.user() ) ).will( returnValue( true ) );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.developer() ) ).will( returnValue( true ) );
+
+ builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+ mockProvider.verify();
+ }
+
+ private String userWithTwoRoles()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<roles>\n"
+ + " <user username=\"joeblow\" role=\"user\"/>\n"
+ + " <user username=\"joeblow\" role=\"developer\"/>\n"
+ + "</roles>";
+ return content;
+ }
+
+ public void testParsesGroupsFromXMLDocumentAndAddsRoleAttributesToGroups() throws Exception
+ {
+ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( groupsWithRoles() ) );
+
+ Mock mockProvider = new Mock( MutableInformationProvider.class );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.developer() ) ).will( returnValue( true ) );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.tester() ) ).will( returnValue( true ) );
+
+ builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+ mockProvider.verify();
+ }
+
+ private String groupsWithRoles()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<roles>\n"
+ + " <group groupname=\"men\" role=\"user\"/>\n"
+ + " <group groupname=\"geeks\" role=\"developer\"/>\n"
+ + " <group groupname=\"geeks\" role=\"tester\"/>\n"
+ + "</roles>";
+ return content;
+ }
+
+ public void testParsesRolesFromXMLDocumentAndAddsRoleAttributesToRoles() throws Exception
+ {
+ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( roleWithTwoRoles() ) );
+
+ Mock mockProvider = new Mock( MutableInformationProvider.class );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.user() ) ).will( returnValue( true ) );
+ mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.tester() ) ).will( returnValue( true ) );
+
+ builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+ mockProvider.verify();
+ }
+
+ private String roleWithTwoRoles()
+ {
+ String content = "<?xml version=\"1.0\"?>\n"
+ + "<roles>\n"
+ + " <role rolename=\"developer\" role=\"user\"/>\n"
+ + " <role rolename=\"developer\" role=\"tester\"/>\n"
+ + "</roles>";
+ return content;
+ }
+}
Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+
+public class Groups
+{
+ public static GroupPrincipal canadians()
+ {
+ return new GroupPrincipal( "canadians" );
+ }
+
+ public static GroupPrincipal geeks()
+ {
+ return new GroupPrincipal( "geeks" );
+ }
+
+ public static GroupPrincipal men()
+ {
+ return new GroupPrincipal( "men" );
+ }
+}
Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.RolePrincipal;
+
+import java.security.Principal;
+
+public class Roles
+{
+ public static Principal user()
+ {
+ return new RolePrincipal( "user" );
+ }
+
+ public static Principal developer()
+ {
+ return new RolePrincipal( "developer" );
+ }
+
+ public static Principal tester()
+ {
+ return new RolePrincipal( "tester" );
+ }
+
+ public static Principal manager()
+ {
+ return new RolePrincipal( "manager" );
+ }
+
+ private Roles() {}
+}
Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java Fri Nov 19 19:18:02 2004
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+public class Usernames
+{
+ public static UsernamePrincipal joe()
+ {
+ return new UsernamePrincipal( "joeblow" );
+ }
+}