You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2004/11/10 17:03:32 UTC
svn commit: rev 57162 - in incubator/directory/janus/trunk/sandbox/src: java/org/apache/janus/authorization test/org/apache/janus/authorization
Author: vtence
Date: Wed Nov 10 08:03:31 2004
New Revision: 57162
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
Log:
Added more control on behavior
Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java Wed Nov 10 08:03:31 2004
@@ -17,6 +17,7 @@
package org.apache.janus.authorization;
import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
import javax.security.auth.Subject;
import java.util.HashMap;
@@ -27,11 +28,19 @@
*/
public class DefaultAuthorizationController implements AuthorizationController
{
+ private boolean m_defaultDecision;
private final Map m_decisions;
- private Rule m_rule;
+ private RuleSet m_ruleSet;
public DefaultAuthorizationController()
{
+ this( new Policy( new PermitOverridesEffect() ) );
+ }
+
+ public DefaultAuthorizationController( RuleSet ruleSet )
+ {
+ m_ruleSet = ruleSet;
+ m_defaultDecision = true;
m_decisions = new HashMap();
m_decisions.put( Effects.GRANT, Boolean.TRUE );
m_decisions.put( Effects.NOT_APPLICABLE, Boolean.TRUE );
@@ -40,15 +49,15 @@
public boolean authorize( Subject s, Permission p )
{
- Effect effect = m_rule.evaluate( s, p );
+ Effect effect = m_ruleSet.evaluate( s, p ).reduce();
Boolean decision = ( Boolean ) m_decisions.get( effect );
- return decision.booleanValue();
+ return decision != null ? decision.booleanValue() : m_defaultDecision;
}
- public void setRuleBase( Rule rule )
+ public void setRuleSet( RuleSet ruleSet )
{
- m_rule = rule;
+ m_ruleSet = ruleSet;
}
public void grantOn( Effect effect )
@@ -59,5 +68,20 @@
public void denyOn( Effect effect )
{
m_decisions.put( effect, Boolean.FALSE );
+ }
+
+ public void addRule( Rule rule )
+ {
+ m_ruleSet.addRule( rule );
+ }
+
+ public void grantIfUnsure()
+ {
+ m_defaultDecision = true;
+ }
+
+ public void denyIfUnsure()
+ {
+ m_defaultDecision = false;
}
}
Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java (original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java Wed Nov 10 08:03:31 2004
@@ -18,6 +18,7 @@
import junit.framework.TestCase;
import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
import javax.security.auth.Subject;
@@ -37,33 +38,58 @@
public void testTakesPositiveDecisionIfRuleSuggestsPermission()
{
- m_authorizer.setRuleBase( new PrimitiveRule( Effects.GRANT ) );
+ m_authorizer.setRuleSet( new Policy( Effects.GRANT ) );
+ m_authorizer.denyIfUnsure();
assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
}
public void testTakesPositiveDecisionIfRuleIsNotApplicable()
{
- m_authorizer.setRuleBase( new PrimitiveRule( Effects.NOT_APPLICABLE ) );
+ m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+ m_authorizer.denyIfUnsure();
assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
}
public void testTakesNegativeDecisionIfRuleSuggestDenial()
{
- m_authorizer.setRuleBase( new PrimitiveRule( Effects.DENY ) );
+ m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
+ m_authorizer.grantIfUnsure();
assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
}
+ public void testTakesPositiveDecisionByDefault()
+ {
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
public void testCanForceEffectToGrantDecision()
{
- m_authorizer.setRuleBase( new PrimitiveRule( Effects.DENY ) );
+ m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
m_authorizer.grantOn( Effects.DENY );
assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
}
public void testCanForceEffectToDenyDecision()
{
- m_authorizer.setRuleBase( new PrimitiveRule( Effects.NOT_APPLICABLE ) );
+ m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+ m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+ assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testEffectsAreReducedBeforeTakingDecision()
+ {
+ m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+ m_authorizer.grantIfUnsure();
m_authorizer.denyOn( Effects.NOT_APPLICABLE );
assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ }
+
+ public void testRulesCanBeAdded()
+ {
+ m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+ m_authorizer.addRule( new PrimitiveRule( Effects.GRANT ) );
+ m_authorizer.denyIfUnsure();
+ m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+ assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
}
}