You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2006/12/28 05:48:33 UTC
svn commit: r490646 [1/8] - in /directory/trunks/triplesec: ./ admin-api/
admin-api/src/main/java/org/safehaus/triplesec/admin/
admin-api/src/main/java/org/safehaus/triplesec/admin/dao/
admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/ adm...
Author: djencks
Date: Wed Dec 27 20:48:29 2006
New Revision: 490646
URL: http://svn.apache.org/viewvc?view=rev&rev=490646
Log:
Commit my local jacc changes preparatory to moving them to sandbox
Added:
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java (with props)
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java (with props)
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java (with props)
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java
- copied, changed from r489699, directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java (with props)
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java
- copied, changed from r489699, directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionDao.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java (with props)
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java
directory/trunks/triplesec/itest-data/
- copied from r489699, directory/trunks/triplesec/store/
directory/trunks/triplesec/itest-data/pom.xml
- copied, changed from r490645, directory/trunks/triplesec/store/pom.xml
directory/trunks/triplesec/itest-data/src/
- copied from r490645, directory/trunks/triplesec/store/src/
directory/trunks/triplesec/itest-data/src/main/resources/
- copied from r489699, directory/trunks/triplesec/store/src/test/resources/
directory/trunks/triplesec/itest-data/src/main/resources/log4j.properties
- copied unchanged from r490645, directory/trunks/triplesec/store/src/test/resources/log4j.properties
directory/trunks/triplesec/itest-data/src/main/resources/server.ldif
Removed:
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Permission.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionModifier.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionDao.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permissions.java
directory/trunks/triplesec/guardian-ldap/src/test/resources/server.ldif
directory/trunks/triplesec/itest-data/src/main/java/
directory/trunks/triplesec/itest-data/src/main/resources/interceptor.ldif
directory/trunks/triplesec/itest-data/src/main/resources/safehaus.ldif
directory/trunks/triplesec/itest-data/src/main/schema/
directory/trunks/triplesec/itest-data/src/test/
directory/trunks/triplesec/store/src/test/resources/
Modified:
directory/trunks/triplesec/admin-api/pom.xml
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapProfileDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUserDao.java
directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/EntryModifierTest.java
directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
directory/trunks/triplesec/admin-api/src/test/resources/server.xml
directory/trunks/triplesec/configuration-io/src/test/java/org/safehaus/triplesec/configuration/WebappConfigurationTest.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java
directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/AbstractEntityTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionsTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java
directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java
directory/trunks/triplesec/guardian-ldap/pom.xml
directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java
directory/trunks/triplesec/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
directory/trunks/triplesec/guardian-ldap/src/test/resources/server.xml
directory/trunks/triplesec/guardian-ldif/pom.xml
directory/trunks/triplesec/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicy.java
directory/trunks/triplesec/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
directory/trunks/triplesec/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
directory/trunks/triplesec/guardian-ldif/src/test/resources/server.ldif
directory/trunks/triplesec/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
directory/trunks/triplesec/integration/src/test/resources/server.xml
directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java
directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java
directory/trunks/triplesec/pom.xml
directory/trunks/triplesec/store/pom.xml
directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java
directory/trunks/triplesec/store/src/main/schema/safehaus.schema
directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java
directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewRolePanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/PermissionDependentsPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/PermissionPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ProfilePanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ProfilePermissionsPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ProfileRolesPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/RoleGrantsPanel.java
directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/RolePanel.java
directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java
directory/trunks/triplesec/tools/src/main/java/org/safehaus/triplesec/tools/Tools.java
directory/trunks/triplesec/webapp-config/src/test/java/org/safehaus/triplesec/configui/util/TriplesecConfigBuilderTest.java
directory/trunks/triplesec/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java
Modified: directory/trunks/triplesec/admin-api/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/pom.xml?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/pom.xml (original)
+++ directory/trunks/triplesec/admin-api/pom.xml Wed Dec 27 20:48:29 2006
@@ -45,6 +45,13 @@
<artifactId>triplesec-integration</artifactId>
<version>${pom.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
@@ -119,6 +126,35 @@
<activation>
<property><name>integration</name></property>
</activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>dependency-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-itest-data</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+ </configuration>
+ </execution>
+
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
</profile>
</profiles>
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java Wed Dec 27 20:48:29 2006
@@ -24,7 +24,6 @@
import java.util.Iterator;
import org.safehaus.triplesec.admin.dao.ApplicationDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
import org.safehaus.triplesec.admin.dao.ProfileDao;
import org.safehaus.triplesec.admin.dao.RoleDao;
@@ -33,30 +32,28 @@
{
private final RoleDao roleDao;
private final ProfileDao profileDao;
- private final PermissionDao permissionDao;
private final String name;
private final String description;
private final String password;
private final ApplicationDao dao;
- public Application( String creatorsName, Date creationTimestamp, ApplicationDao dao, String name,
- String description, String password, PermissionDao permissionDao, RoleDao roleDao, ProfileDao profileDao )
+ public Application(String creatorsName, Date creationTimestamp, ApplicationDao dao, String name,
+ String description, String password, RoleDao roleDao, ProfileDao profileDao)
{
this( creatorsName, creationTimestamp, null, null, dao, name, description, password,
- permissionDao, roleDao, profileDao );
+ roleDao, profileDao );
}
- public Application( String creatorsName, Date creationTimestamp, String modifiersName, Date modifyTimestamp,
- ApplicationDao dao, String name, String description, String userPassword, PermissionDao permissionDao,
- RoleDao roleDao, ProfileDao profileDao )
+ public Application(String creatorsName, Date creationTimestamp, String modifiersName, Date modifyTimestamp,
+ ApplicationDao dao, String name, String description, String userPassword,
+ RoleDao roleDao, ProfileDao profileDao)
{
super( creatorsName, creationTimestamp, modifiersName, modifyTimestamp );
this.name = name;
this.dao = dao;
this.description = description;
- this.permissionDao = permissionDao;
this.profileDao = profileDao;
this.roleDao = roleDao;
this.password = userPassword;
@@ -68,12 +65,6 @@
// -----------------------------------------------------------------------
- PermissionDao getPermissionDao()
- {
- return permissionDao;
- }
-
-
RoleDao getRoleDao()
{
return roleDao;
@@ -114,12 +105,6 @@
// -----------------------------------------------------------------------
- public Permission getPermission( String permName ) throws DataAccessException
- {
- return permissionDao.load( name, permName );
- }
-
-
public Role getRole( String roleName ) throws DataAccessException
{
return roleDao.load( name, roleName );
@@ -135,12 +120,6 @@
// -----------------------------------------------------------------------
// ReadOnly Iterator methods
// -----------------------------------------------------------------------
-
-
- public Iterator permissionIterator() throws DataAccessException
- {
- return new ReadOnlyIterator( permissionDao.permissionIterator( name ) );
- }
public Iterator roleIterator() throws DataAccessException
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java Wed Dec 27 20:48:29 2006
@@ -27,7 +27,6 @@
import javax.naming.directory.ModificationItem;
import org.safehaus.triplesec.admin.dao.ApplicationDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
import org.safehaus.triplesec.admin.dao.ProfileDao;
import org.safehaus.triplesec.admin.dao.RoleDao;
@@ -37,7 +36,6 @@
private final String name;
private final SingleValuedField description;
private final SingleValuedField password;
- private final PermissionDao permissionDao;
private final RoleDao roleDao;
private final ProfileDao profileDao;
private final ApplicationDao dao;
@@ -51,13 +49,12 @@
// -----------------------------------------------------------------------
- ApplicationModifier( ApplicationDao dao, String name, PermissionDao permissionDao,
- RoleDao roleDao, ProfileDao profileDao )
+ ApplicationModifier(ApplicationDao dao, String name,
+ RoleDao roleDao, ProfileDao profileDao)
{
this.name = name;
this.dao = dao;
this.archetype = null;
- this.permissionDao = permissionDao;
this.roleDao = roleDao;
this.profileDao = profileDao;
this.password = new SingleValuedField( PASSWORD_ID, null );
@@ -70,7 +67,6 @@
this.name = archetype.getName();
this.dao = dao;
this.archetype = archetype;
- this.permissionDao = archetype.getPermissionDao();
this.roleDao = archetype.getRoleDao();
this.profileDao = archetype.getProfileDao();
this.password = new SingleValuedField( PASSWORD_ID, archetype.getPassword() );
@@ -104,18 +100,7 @@
return this;
}
-
- public PermissionModifier newPermission( String permName )
- {
- if ( persisted )
- {
- throw new IllegalStateException( "This modifier has persisted changes and is no longer valid." );
- }
- return new PermissionModifier( permissionDao, name, permName );
- }
-
-
- public RoleModifier newRole( String roleName )
+ public RoleModifier newRole( String roleName )
{
if ( persisted )
{
@@ -138,12 +123,6 @@
// -----------------------------------------------------------------------
// Mutable Iterator access methods
// -----------------------------------------------------------------------
-
-
- public Iterator permissionIterator() throws DataAccessException
- {
- return permissionDao.permissionIterator( name );
- }
public Iterator roleIterator() throws DataAccessException
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java Wed Dec 27 20:48:29 2006
@@ -26,8 +26,11 @@
public interface Constants
{
String POLICY_PROFILE_OC = "policyProfile";
- String POLICY_PERMISSION_OC = "policyPermission";
+// String POLICY_PERMISSION_OC = "policyPermission";
String POLICY_ROLE_OC = "policyRole";
+ String PERM_CLASS_OC = "permClass";
+ String PERM_GRANT_OC = "permGrant";
+ String PERM_DENY_OC = "permDeny";
String SAFEHAUS_PROFILE_OC = "safehausProfile";
String GROUP_OF_UNIQUE_NAMES_OC = "groupOfUniqueNames";
String UID_OBJECT_OC = "uidObject";
@@ -76,8 +79,12 @@
String MOVING_FACTOR_ID = "safehausFactor";
String UNIQUE_MEMBER_ID = "uniqueMember";
String REF_ID = "ref";
- String GRANTS_ID = "grants";
- String DENIALS_ID = "denials";
+ String PERM_CLASS_NAME_ID = "permClassName";
+ String GRANT_ID = "grant";
+ String DENY_ID = "deny";
+ String ACTION_ID = "action";
+// String GRANTS_ID = "grants";
+// String DENIALS_ID = "denials";
String ROLES_ID = "roles";
String USER_ID = "user";
String DOMAIN_COMPONENT_ID = "dc";
@@ -85,7 +92,7 @@
String MODIFY_TIMESTAMP_ID = "modifyTimestamp";
String MODIFIERS_NAME_ID = "modifiersName";
String APP_NAME_ID = "appName";
- String PERM_NAME_ID = "permName";
+// String PERM_NAME_ID = "permName";
String ROLE_NAME_ID = "roleName";
String PROFILEID_ID = "profileId";
String SAFEHAUS_ID = "safehausUid";
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java Wed Dec 27 20:48:29 2006
@@ -22,7 +22,6 @@
import java.util.Collections;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.Set;
import javax.naming.directory.BasicAttribute;
@@ -30,26 +29,26 @@
import javax.naming.directory.ModificationItem;
-public class MultiValuedField
+public class MultiValuedField<T>
{
private final String id;
- private final Set initial;
- private Set added;
- private Set deleted;
- private Set current;
+ private final Set<T> initial;
+ private Set<T> added;
+ private Set<T> deleted;
+ private Set<T> current;
- public MultiValuedField( String id, Set initial )
+ public MultiValuedField( String id, Set<T> initial )
{
this.id = id;
- this.initial = Collections.unmodifiableSet( new HashSet( initial ) );
- this.current = new HashSet( initial );
- this.deleted = new HashSet();
- this.added = new HashSet();
+ this.initial = Collections.unmodifiableSet( new HashSet<T>( initial ) );
+ this.current = new HashSet<T>( initial );
+ this.deleted = new HashSet<T>();
+ this.added = new HashSet<T>();
}
- public boolean addValue( String value )
+ public boolean addValue( T value )
{
// if we have the value then exit and return false
if ( current.contains( value ) )
@@ -72,7 +71,7 @@
}
- public boolean removeValue( String value )
+ public boolean removeValue( T value )
{
// if we don't have the value then return false
if ( ! current.contains( value ) )
@@ -101,13 +100,13 @@
}
- public Set getInitialValues()
+ public Set<T> getInitialValues()
{
return initial;
}
- public Set getCurrentValues()
+ public Set<T> getCurrentValues()
{
return Collections.unmodifiableSet( current );
}
@@ -123,25 +122,22 @@
BasicAttribute attr = new BasicAttribute( id );
if ( added.size() == 0 && deleted.size() > 0 )
{
- for ( Iterator ii = deleted.iterator(); ii.hasNext(); /**/ )
- {
- attr.add( ii.next() );
+ for (T aDeleted : deleted) {
+ attr.add(aDeleted);
}
return new ModificationItem( DirContext.REMOVE_ATTRIBUTE, attr );
}
if ( added.size() > 0 && deleted.size() == 0 )
{
- for ( Iterator ii = added.iterator(); ii.hasNext(); /**/ )
- {
- attr.add( ii.next() );
+ for (T anAdded : added) {
+ attr.add(anAdded);
}
return new ModificationItem( DirContext.ADD_ATTRIBUTE, attr );
}
-
- for ( Iterator ii = current.iterator(); ii.hasNext(); /**/ )
- {
- attr.add( ii.next() );
+
+ for (T aCurrent : current) {
+ attr.add(aCurrent);
}
return new ModificationItem( DirContext.REPLACE_ATTRIBUTE, attr );
}
Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin;
+
+import java.util.Set;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Date;
+
+import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PermissionActions extends AdministeredEntity implements Constants {
+
+ private final String permissionName;
+ private final Set<String> actions;
+
+ public PermissionActions( String creatorsName, Date createTimestamp, String modifiersName,
+ Date modifyTimestamp, PermissionActionsDao dao, String permissionName, Set<String> actions) {
+ super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
+ this.permissionName = permissionName;
+ this.actions = new HashSet<String>(actions);
+ }
+
+ public String getPermissionName() {
+ return permissionName;
+ }
+
+ public Set<String> getActions() {
+ return Collections.unmodifiableSet(actions);
+ }
+
+}
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin;
+
+import java.util.Set;
+import java.util.Date;
+
+import org.safehaus.triplesec.admin.dao.PermissionClassDao;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PermissionClass extends AdministeredEntity {
+
+ private final String permissionClassName;
+ private final Set<PermissionActions> grants;
+ private final Set<PermissionActions> denials;
+ private final PermissionClassDao dao;
+
+ public PermissionClass( String creatorsName, Date createTimestamp, String modifiersName,
+ Date modifyTimestamp, PermissionClassDao dao, String permissionClassName, Set<PermissionActions> grants, Set<PermissionActions> denials) {
+ super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
+ this.dao = dao;
+ this.permissionClassName = permissionClassName;
+ this.grants = grants;
+ this.denials = denials;
+ }
+
+ public String getPermissionClassName() {
+ return permissionClassName;
+ }
+
+ public Set<PermissionActions> getGrants() {
+ return grants;
+ }
+
+ public Set<PermissionActions> getDenials() {
+ return denials;
+ }
+}
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java Wed Dec 27 20:48:29 2006
@@ -31,9 +31,8 @@
public class Profile extends AdministeredEntity
{
private final ProfileDao dao;
- private final Set grants;
- private final Set denials;
- private final Set roles;
+ private final Set<PermissionClass> permissionClasses;
+ private final Set<String> roles;
private final String id;
private final String user;
private final String description;
@@ -42,43 +41,37 @@
public Profile( String creatorsName, Date createTimestamp, ProfileDao dao, String applicationName,
- String id, String user, String description, Set grants, Set denials, Set roles )
+ String id, String user, String description, Set<PermissionClass> permissionClasses, Set<String> roles )
{
this( creatorsName, createTimestamp, null, null, dao, applicationName, id,
- user, description, grants, denials, roles, false );
+ user, description, permissionClasses, roles, false );
}
public Profile( String creatorsName, Date createTimestamp, String modifiersName, Date modifyTimestamp,
ProfileDao dao, String applicationName, String id, String user, String description,
- Set grants, Set denials, Set roles, boolean disabled )
+ Set<PermissionClass> permissionClasses, Set<String> roles, boolean disabled )
{
super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
this.dao = dao;
this.applicationName = applicationName;
this.id = id;
this.user = user;
- this.grants = new HashSet( grants );
- this.denials = new HashSet( denials );
- this.roles = new HashSet( roles );
+ this.permissionClasses = new HashSet<PermissionClass>( permissionClasses );
+ this.roles = new HashSet<String>( roles );
this.description = description;
this.disabled = disabled;
}
- public Set getGrants()
+ public Set<PermissionClass> getPermissionClasses()
{
- return Collections.unmodifiableSet( grants );
+ return Collections.unmodifiableSet( permissionClasses );
}
- public Set getDenials()
- {
- return Collections.unmodifiableSet( denials );
- }
-
- public Set getRoles()
+ public Set<String> getRoles()
{
return Collections.unmodifiableSet( roles );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java Wed Dec 27 20:48:29 2006
@@ -39,9 +39,8 @@
private final SingleValuedField description;
private final SingleValuedField user;
private final SingleValuedField disabled;
- private final MultiValuedField grants;
- private final MultiValuedField denials;
- private final MultiValuedField roles;
+ private final MultiValuedField<PermissionClass> permissionClasses;
+ private final MultiValuedField<String> roles;
private boolean persisted = false;
@@ -54,9 +53,8 @@
this.id = id;
this.description = new SingleValuedField( DESCRIPTION_ID, null );
this.user = new SingleValuedField( USER_ID, user );
- this.grants = new MultiValuedField( GRANTS_ID, Collections.EMPTY_SET );
- this.denials = new MultiValuedField( DENIALS_ID, Collections.EMPTY_SET );
- this.roles = new MultiValuedField( ROLES_ID, Collections.EMPTY_SET );
+ this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, Collections.EMPTY_SET );
+ this.roles = new MultiValuedField<String>( ROLES_ID, Collections.EMPTY_SET );
this.disabled = new SingleValuedField( SAFEHAUS_DISABLED_ID, "FALSE" );
}
@@ -70,9 +68,8 @@
this.description = new SingleValuedField( DESCRIPTION_ID, archetype.getDescription() );
this.disabled = new SingleValuedField( SAFEHAUS_DISABLED_ID, String.valueOf( archetype.isDisabled() ) );
this.user = new SingleValuedField( USER_ID, archetype.getUser() );
- this.grants = new MultiValuedField( GRANTS_ID, archetype.getGrants() );
- this.denials = new MultiValuedField( DENIALS_ID, archetype.getDenials() );
- this.roles = new MultiValuedField( ROLES_ID, archetype.getRoles() );
+ this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, archetype.getPermissionClasses() );
+ this.roles = new MultiValuedField<String>( ROLES_ID, archetype.getRoles() );
}
@@ -109,70 +106,36 @@
}
- public ProfileModifier addGrant( String grant )
+ public ProfileModifier addPermissionClass( PermissionClass permissionClass )
{
if ( persisted )
{
throw new IllegalStateException( INVALID_MSG );
}
- if ( grant == null )
+ if ( permissionClass == null )
{
return this;
}
- grants.addValue( grant );
+ permissionClasses.addValue( permissionClass );
return this;
}
- public ProfileModifier removeGrant( String grant )
+ public ProfileModifier removePermissionClass( PermissionClass permissionClass )
{
if ( persisted )
{
throw new IllegalStateException( INVALID_MSG );
}
- if ( grant == null )
+ if ( permissionClass == null )
{
return this;
}
- grants.removeValue( grant );
- return this;
- }
-
-
- public ProfileModifier addDenial( String denial )
- {
- if ( persisted )
- {
- throw new IllegalStateException( INVALID_MSG );
- }
-
- if ( denial == null )
- {
- return this;
- }
-
- denials.addValue( denial );
- return this;
- }
-
-
- public ProfileModifier removeDenial( String denial )
- {
- if ( persisted )
- {
- throw new IllegalStateException( INVALID_MSG );
- }
-
- if ( denial == null )
- {
- return this;
- }
-
- denials.removeValue( denial );
+ permissionClasses.removeValue( permissionClass );
return this;
}
@@ -210,7 +173,7 @@
return this;
}
-
+ //TODO changes to permissionClasses not tracked here!
private ModificationItem[] getModificationItems()
{
if ( ! isUpdateNeeded() )
@@ -219,14 +182,6 @@
}
List mods = new ArrayList();
- if ( grants.isUpdateNeeded() )
- {
- mods.add( grants.getModificationItem() );
- }
- if ( denials.isUpdateNeeded() )
- {
- mods.add( denials.getModificationItem() );
- }
if ( roles.isUpdateNeeded() )
{
mods.add( roles.getModificationItem() );
@@ -262,7 +217,7 @@
public boolean isUpdateNeeded()
{
- return disabled.isUpdateNeeded() || grants.isUpdateNeeded() || denials.isUpdateNeeded() ||
+ return disabled.isUpdateNeeded() || permissionClasses.isUpdateNeeded() ||
roles.isUpdateNeeded() || description.isUpdateNeeded() || user.isUpdateNeeded();
}
@@ -280,7 +235,7 @@
throw new IllegalStateException( INVALID_MSG );
}
Profile profile = dao.add( applicationName, id, user.getCurrentValue(), description.getCurrentValue(),
- grants.getCurrentValues(), denials.getCurrentValues(), roles.getCurrentValues() );
+ permissionClasses.getCurrentValues(), roles.getCurrentValues() );
persisted = true;
return profile;
}
@@ -313,7 +268,7 @@
}
Profile profile = dao.modify( archetype.getCreatorsName(), archetype.getCreateTimestamp(),
applicationName, id, user.getCurrentValue(), description.getCurrentValue(),
- grants.getCurrentValues(), denials.getCurrentValues(), roles.getCurrentValues(),
+ permissionClasses.getCurrentValues(), roles.getCurrentValues(),
parseBoolean( disabled.getCurrentValue().toLowerCase() ), getModificationItems() );
persisted = true;
return profile;
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java Wed Dec 27 20:48:29 2006
@@ -33,32 +33,32 @@
private final RoleDao dao;
private final String applicationName;
private final String name;
- private final Set grants;
+ private final Set<PermissionClass> permissionClasses;
private final String description;
public Role( String creatorsName, Date createTimestamp, RoleDao dao, String applicationName,
- String name, String description, Set grants )
+ String name, String description, Set<PermissionClass> permissionClasses )
{
- this( creatorsName, createTimestamp, null, null, dao, applicationName, name, description, grants );
+ this( creatorsName, createTimestamp, null, null, dao, applicationName, name, description, permissionClasses );
}
public Role( String creatorsName, Date createTimestamp, String modifiersName, Date modifyTimestamp,
- RoleDao dao, String applicationName, String name, String description, Set grants )
+ RoleDao dao, String applicationName, String name, String description, Set<PermissionClass> permissionClasses )
{
super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
this.dao = dao;
this.applicationName = applicationName;
this.name = name;
this.description = description;
- this.grants = new HashSet( grants );
+ this.permissionClasses = new HashSet<PermissionClass>( permissionClasses );
}
- public Set getGrants()
+ public Set<PermissionClass> getPermissionClasses()
{
- return Collections.unmodifiableSet( grants );
+ return Collections.unmodifiableSet( permissionClasses );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java Wed Dec 27 20:48:29 2006
@@ -37,7 +37,7 @@
private final String name;
private final String applicationName;
private SingleValuedField description;
- private MultiValuedField grants;
+ private MultiValuedField<PermissionClass> permissionClasses;
private boolean persisted = false;
@@ -48,7 +48,7 @@
this.applicationName = applicationName;
this.name = name;
this.description = new SingleValuedField( DESCRIPTION_ID, null );
- this.grants = new MultiValuedField( GRANTS_ID, Collections.EMPTY_SET );
+ this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, Collections.EMPTY_SET );
}
@@ -59,7 +59,7 @@
this.applicationName = archetype.getApplicationName();
this.name = archetype.getName();
this.description = new SingleValuedField( DESCRIPTION_ID, archetype.getDescription() );
- this.grants = new MultiValuedField( GRANTS_ID, archetype.getGrants() );
+ this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, archetype.getPermissionClasses() );
}
@@ -70,26 +70,26 @@
}
- public RoleModifier addGrant( String grant )
+ public RoleModifier addPermissionClass( PermissionClass permissionClass )
{
- if ( grant == null )
+ if ( permissionClass == null )
{
return this;
}
- grants.addValue( grant );
+ permissionClasses.addValue( permissionClass );
return this;
}
- public RoleModifier removeGrant( String grant )
+ public RoleModifier removePermissionClass( PermissionClass permissionClass )
{
- if ( grant == null )
+ if ( permissionClass == null )
{
return this;
}
- grants.removeValue( grant );
+ permissionClasses.removeValue( permissionClass );
return this;
}
@@ -108,9 +108,9 @@
}
List mods = new ArrayList();
- if ( grants.isUpdateNeeded() )
+ if ( permissionClasses.isUpdateNeeded() )
{
- mods.add( grants.getModificationItem() );
+ mods.add( permissionClasses.getModificationItem() );
}
if ( description.isUpdateNeeded() )
{
@@ -135,7 +135,7 @@
public boolean isUpdateNeeded()
{
- return grants.isUpdateNeeded() || description.isUpdateNeeded();
+ return permissionClasses.isUpdateNeeded() || description.isUpdateNeeded();
}
@@ -151,7 +151,7 @@
{
throw new IllegalStateException( INVALID_MSG );
}
- Role role = dao.add( applicationName, name, description.getCurrentValue(), grants.getCurrentValues() );
+ Role role = dao.add( applicationName, name, description.getCurrentValue(), permissionClasses.getCurrentValues() );
persisted = true;
return role;
}
@@ -183,7 +183,7 @@
throw new IllegalStateException( INVALID_MSG );
}
Role role = dao.modify( archetype.getCreatorsName(), archetype.getCreateTimestamp(), applicationName,
- name, description.getCurrentValue(), grants.getCurrentValues(), getModificationItems() );
+ name, description.getCurrentValue(), permissionClasses.getCurrentValues(), getModificationItems() );
persisted = true;
return role;
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java Wed Dec 27 20:48:29 2006
@@ -31,7 +31,7 @@
import org.safehaus.triplesec.admin.dao.GroupDao;
import org.safehaus.triplesec.admin.dao.HauskeysUserDao;
import org.safehaus.triplesec.admin.dao.LocalUserDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
+import org.safehaus.triplesec.admin.dao.PermissionClassDao;
import org.safehaus.triplesec.admin.dao.ProfileDao;
import org.safehaus.triplesec.admin.dao.RoleDao;
import org.safehaus.triplesec.admin.dao.UserDao;
@@ -43,7 +43,7 @@
private ApplicationDao applicationDao;
private RoleDao roleDao;
private ProfileDao profileDao;
- private PermissionDao permissionDao;
+ private PermissionClassDao permissionClassDao;
private GroupDao groupDao;
private ExternalUserDao externalUserDao;
private LocalUserDao localUserDao;
@@ -55,7 +55,7 @@
{
factory = DaoFactory.createInstance( props );
applicationDao = factory.getApplicationDao();
- permissionDao = factory.getPermissionDao();
+ permissionClassDao = factory.getPermissionClassDao();
roleDao = factory.getRoleDao();
profileDao = factory.getProfileDao();
groupDao = factory.getGroupDao();
@@ -114,8 +114,8 @@
public ApplicationModifier newApplication( String name )
{
- return new ApplicationModifier( applicationDao, name,
- permissionDao, roleDao, profileDao );
+ return new ApplicationModifier( applicationDao, name,
+ roleDao, profileDao );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java Wed Dec 27 20:48:29 2006
@@ -140,8 +140,10 @@
}
- public abstract PermissionDao getPermissionDao() throws DataAccessException;
+ public abstract PermissionClassDao getPermissionClassDao() throws DataAccessException;
+ public abstract PermissionActionsDao getPermissionActionsDao() throws DataAccessException;
+
public abstract ApplicationDao getApplicationDao() throws DataAccessException;
public abstract RoleDao getRoleDao() throws DataAccessException;
Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin.dao;
+
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Date;
+
+import javax.naming.directory.ModificationItem;
+
+import org.safehaus.triplesec.admin.PermissionActions;
+import org.safehaus.triplesec.admin.DataAccessException;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface PermissionActionsDao {
+ Iterator<PermissionActions> permissionActionsIterator( String contextDn, boolean isGrant ) throws DataAccessException;
+
+ PermissionActions load( String contextDn, boolean isGrant, String permName ) throws DataAccessException;
+
+ PermissionActions add( String contextDn, boolean isGrant, String permName, Set<String> actions )
+ throws DataAccessException;
+
+ PermissionActions rename( String contextDn, boolean isGrant, String newPermissionName, PermissionActions permissionActions ) throws DataAccessException;
+
+ PermissionActions modify( String creatorsName, Date createTimestamp, String contextDn, boolean isGrant, String permissionName,
+ Set<String> actions, ModificationItem[] mods )
+ throws DataAccessException;
+
+ void delete( String contextDn, boolean isGrant, String permissionName ) throws DataAccessException;
+}
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java (from r489699, directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java)
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java?view=diff&rev=490646&p1=directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java&r1=489699&p2=directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java Wed Dec 27 20:48:29 2006
@@ -22,37 +22,35 @@
import java.util.Date;
import java.util.Iterator;
-
-import javax.naming.directory.ModificationItem;
+import java.util.Set;
import org.safehaus.triplesec.admin.DataAccessException;
-import org.safehaus.triplesec.admin.Permission;
+import org.safehaus.triplesec.admin.PermissionActions;
+import org.safehaus.triplesec.admin.PermissionClass;
-public interface PermissionDao
+public interface PermissionClassDao
{
- public abstract Permission add( String applicationName, String name, String description )
+ PermissionClass add( String contextDn, String permClassName, Set<PermissionActions> grants, Set<PermissionActions> denials )
throws DataAccessException;
- public abstract void delete( String applicationName, String name )
+ void delete( String contextDn, String permClassName )
throws DataAccessException;
- public abstract Permission modify( String creatorsName, Date createTimestamp, String applicationName,
- String name, String description, ModificationItem[] mods )
+ PermissionClass modify( String creatorsName, Date createTimestamp, String contextDn,
+ String permClassName )
throws DataAccessException;
- public abstract Permission rename( String newName, Permission permission )
+ PermissionClass rename( String contextDn, String newPermClassName, PermissionClass permClass )
throws DataAccessException;
- public abstract Permission load( String applicationName, String name )
+ PermissionClass load( String applicationName, String name )
throws DataAccessException;
- public abstract boolean has( String applicationName, String name )
+ boolean has( String applicationName, String name )
throws DataAccessException;
- public abstract Iterator permissionNameIterator( String applicationName )
- throws DataAccessException;
-
- public abstract Iterator permissionIterator( String applicationName )
+ Iterator permissionClassNameIterator( String applicationName )
throws DataAccessException;
+
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java Wed Dec 27 20:48:29 2006
@@ -28,26 +28,27 @@
import org.safehaus.triplesec.admin.DataAccessException;
import org.safehaus.triplesec.admin.Profile;
+import org.safehaus.triplesec.admin.PermissionClass;
public interface ProfileDao
{
- Iterator profileIterator( String applicationName )
+ Iterator profileIterator( String applicationName )
throws DataAccessException;
- Iterator profileIterator( String applicationName, String user )
+ Iterator profileIterator( String applicationName, String user )
throws DataAccessException;
- Profile load( String applicationName, String id )
+ Profile load( String applicationName, String id )
throws DataAccessException;
- Profile add( String applicationName, String id, String user, String description,
- Set grants, Set denials, Set roles ) throws DataAccessException;
+ Profile add( String applicationName, String id, String user, String description,
+ Set<PermissionClass> permissionClasses, Set<String> roles ) throws DataAccessException;
Profile rename( String newId, Profile archetype ) throws DataAccessException;
- Profile modify( String creatorsName, Date createTimestamp, String applicationName, String id,
- String user, String description, Set grants, Set denials, Set roles, boolean disabled, ModificationItem[] mods )
+ Profile modify( String creatorsName, Date createTimestamp, String applicationName, String id,
+ String user, String description, Set<PermissionClass> permissionClasses, Set<String> roles, boolean disabled, ModificationItem[] mods )
throws DataAccessException;
void delete( String name, String id ) throws DataAccessException;
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java Wed Dec 27 20:48:29 2006
@@ -28,25 +28,26 @@
import org.safehaus.triplesec.admin.DataAccessException;
import org.safehaus.triplesec.admin.Role;
+import org.safehaus.triplesec.admin.PermissionClass;
public interface RoleDao
{
- Iterator roleIterator( String applicationName )
+ Iterator roleIterator( String applicationName )
throws DataAccessException;
- Role load( String applicationName, String name )
+ Role load( String applicationName, String name )
throws DataAccessException;
- Role add( String applicationName, String name, String currentValue, Set currentValues )
+ Role add( String applicationName, String name, String currentValue, Set<PermissionClass> permissionClasses )
throws DataAccessException;
- Role rename( String newName, Role archetype )
+ Role rename( String newName, Role archetype )
throws DataAccessException;
- Role modify( String creatorsName, Date createTimestamp, String applicationName, String name,
- String description, Set grants, ModificationItem[] mods ) throws DataAccessException;
+ Role modify( String creatorsName, Date createTimestamp, String applicationName, String name,
+ String description, Set<PermissionClass> permissionClasses, ModificationItem[] mods ) throws DataAccessException;
- void delete( String applicationName, String name )
+ void delete( String applicationName, String name )
throws DataAccessException;
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java Wed Dec 27 20:48:29 2006
@@ -28,7 +28,6 @@
import org.safehaus.triplesec.admin.EntryAlreadyExistsException;
import org.safehaus.triplesec.admin.NoSuchEntryException;
import org.safehaus.triplesec.admin.dao.ApplicationDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
import org.safehaus.triplesec.admin.dao.ProfileDao;
import org.safehaus.triplesec.admin.dao.RoleDao;
import org.slf4j.Logger;
@@ -56,20 +55,18 @@
private static final String[] ATTRIBUTES = new String[] {
DESCRIPTION_ID, APP_NAME_ID, PASSWORD_ID, CREATORS_NAME_ID , MODIFIERS_NAME_ID,
CREATE_TIMESTAMP_ID, MODIFY_TIMESTAMP_ID };
- private static final Logger log = LoggerFactory.getLogger( LdapPermissionDao.class );
+ private static final Logger log = LoggerFactory.getLogger( LdapPermissionClassDao.class );
private final String principalName;
private final DirContext ctx;
private final String baseUrl;
- private final PermissionDao permissionDao;
private final RoleDao roleDao;
private final ProfileDao profileDao;
- public LdapApplicationDao( DirContext ctx, PermissionDao permissionDao,
+ public LdapApplicationDao( DirContext ctx,
RoleDao roleDao, ProfileDao profileDao ) throws DataAccessException
{
this.ctx = ctx;
- this.permissionDao = permissionDao;
this.roleDao = roleDao;
this.profileDao = profileDao;
@@ -130,7 +127,7 @@
appCtx.createSubcontext( "ou=Profiles", attrs );
return new Application( principalName, new Date( System.currentTimeMillis() ),
this, appName, description, userPassword,
- permissionDao, roleDao, profileDao );
+ roleDao, profileDao );
}
catch ( NameAlreadyBoundException e )
{
@@ -181,14 +178,14 @@
public Application load( String appName ) throws DataAccessException
{
- String description = null;
- String userPassword = null;
- String creatorsName = null;
- Date createTimestamp = null;
- String modifiersName = null;
- Date modifyTimestamp = null;
+ String description;
+ String userPassword;
+ String creatorsName;
+ Date createTimestamp;
+ String modifiersName;
+ Date modifyTimestamp;
String rdn = getRelativeDn( appName );
- Attributes attrs = null;
+ Attributes attrs;
try
{
@@ -214,14 +211,14 @@
}
return new Application( creatorsName, createTimestamp, modifiersName, modifyTimestamp,
- this, appName, description, userPassword, permissionDao, roleDao, profileDao );
+ this, appName, description, userPassword, roleDao, profileDao );
}
public boolean has( String appName ) throws DataAccessException
{
String rdn = getRelativeDn( appName );
- Attributes attrs = null;
+ Attributes attrs;
try
{
@@ -339,7 +336,7 @@
return new Application( app.getCreatorsName(), app.getCreateTimestamp(), app.getModifiersName(),
app.getModifyTimestamp(), this, newName, app.getDescription(), app.getPassword(),
- permissionDao, roleDao, profileDao );
+ roleDao, profileDao );
}
@@ -347,7 +344,7 @@
{
StringBuffer buf = new StringBuffer();
buf.append( "appName=" ).append( appName );
- buf.append( ",ou=Applications" );
+ buf.append( ",ou=applications" );
return buf.toString();
}
@@ -379,8 +376,8 @@
}
return new Application( creatorsName, createTimestamp, modifiersName, modifyTimestamp,
- this, appName, description, userPassword,
- permissionDao, roleDao, profileDao );
+ this, appName, description, userPassword,
+ roleDao, profileDao );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java Wed Dec 27 20:48:29 2006
@@ -33,10 +33,11 @@
import org.safehaus.triplesec.admin.dao.GroupDao;
import org.safehaus.triplesec.admin.dao.HauskeysUserDao;
import org.safehaus.triplesec.admin.dao.LocalUserDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
+import org.safehaus.triplesec.admin.dao.PermissionClassDao;
import org.safehaus.triplesec.admin.dao.ProfileDao;
import org.safehaus.triplesec.admin.dao.RoleDao;
import org.safehaus.triplesec.admin.dao.UserDao;
+import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -62,27 +63,31 @@
}
- public PermissionDao getPermissionDao() throws DataAccessException
+ public PermissionClassDao getPermissionClassDao() throws DataAccessException
{
- return new LdapPermissionDao( ctx );
+ return new LdapPermissionClassDao( ctx, getPermissionActionsDao() );
}
-
-
+
+ public PermissionActionsDao getPermissionActionsDao() throws DataAccessException {
+ return new LdapPermissionActionsDao(ctx);
+ }
+
+
public ApplicationDao getApplicationDao() throws DataAccessException
{
- return new LdapApplicationDao( ctx, getPermissionDao(), getRoleDao(), getProfileDao() );
+ return new LdapApplicationDao( ctx, getRoleDao(), getProfileDao() );
}
public RoleDao getRoleDao() throws DataAccessException
{
- return new LdapRoleDao( ctx );
+ return new LdapRoleDao( ctx, getPermissionClassDao() );
}
public ProfileDao getProfileDao() throws DataAccessException
{
- return new LdapProfileDao( ctx );
+ return new LdapProfileDao( ctx, getPermissionClassDao() );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java Wed Dec 27 20:48:29 2006
@@ -119,7 +119,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Rename failed. Permission denied.";
+ String msg = "Rename failed. StringPermission denied.";
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
@@ -159,7 +159,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Modify failed. Permission denied to " + rdn + " under " + baseUrl;
+ String msg = "Modify failed. StringPermission denied to " + rdn + " under " + baseUrl;
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
@@ -192,7 +192,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Delete failed. Permission denied to delete " + rdn + " under " + baseUrl;
+ String msg = "Delete failed. StringPermission denied to delete " + rdn + " under " + baseUrl;
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java Wed Dec 27 20:48:29 2006
@@ -302,7 +302,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Rename failed. Permission denied.";
+ String msg = "Rename failed. StringPermission denied.";
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
@@ -402,7 +402,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Modify failed. Permission denied to " + rdn + " under " + baseUrl;
+ String msg = "Modify failed. StringPermission denied to " + rdn + " under " + baseUrl;
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
@@ -438,7 +438,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Delete failed. Permission denied to delete " + rdn + " under " + baseUrl;
+ String msg = "Delete failed. StringPermission denied to delete " + rdn + " under " + baseUrl;
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java Wed Dec 27 20:48:29 2006
@@ -205,7 +205,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Rename failed. Permission denied.";
+ String msg = "Rename failed. StringPermission denied.";
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
@@ -298,7 +298,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Modify failed. Permission denied to " + rdn + " under " + baseUrl;
+ String msg = "Modify failed. StringPermission denied to " + rdn + " under " + baseUrl;
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
@@ -333,7 +333,7 @@
}
catch ( NoPermissionException e )
{
- String msg = "Delete failed. Permission denied to delete " + rdn + " under " + baseUrl;
+ String msg = "Delete failed. StringPermission denied to delete " + rdn + " under " + baseUrl;
log.error( msg, e );
throw new PermissionDeniedException( msg );
}
Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,365 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin.dao.ldap;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NameAlreadyBoundException;
+import javax.naming.NameNotFoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SchemaViolationException;
+import javax.naming.directory.SearchControls;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.safehaus.triplesec.admin.Constants;
+import org.safehaus.triplesec.admin.ConstraintViolationException;
+import org.safehaus.triplesec.admin.DataAccessException;
+import org.safehaus.triplesec.admin.EntryAlreadyExistsException;
+import org.safehaus.triplesec.admin.NoSuchEntryException;
+import org.safehaus.triplesec.admin.PermissionActions;
+import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LdapPermissionActionsDao implements LdapDao, Constants, PermissionActionsDao {
+ private static final Logger log = LoggerFactory.getLogger( LdapPermissionActionsDao.class );
+ private static final String[] ATTRIBUTES = new String[] {
+ GRANT_ID, DENY_ID, ACTION_ID, CREATORS_NAME_ID, CREATE_TIMESTAMP_ID,
+ MODIFIERS_NAME_ID, MODIFY_TIMESTAMP_ID
+ };
+ private final DirContext ctx;
+ private final String baseUrl;
+ private final String principalName;
+
+
+ public LdapPermissionActionsDao( DirContext ctx ) throws DataAccessException
+ {
+ this.ctx = ctx;
+
+ String name = null;
+ String principal = null;
+ try
+ {
+ name = ctx.getNameInNamespace();
+ String principalDn = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
+ if ( principalDn.equalsIgnoreCase( "uid=admin,ou=system" ) )
+ {
+ principal = "admin";
+ }
+ else
+ {
+ principal = ( String ) new LdapDN( principalDn ).getRdn().getValue();
+ }
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to get name in namespace for base context.";
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new DataAccessException( msg );
+
+ }
+ finally
+ {
+ baseUrl = name;
+ principalName = principal;
+ }
+ }
+
+
+ public Iterator<PermissionActions> permissionActionsIterator( String contextDn, boolean isGrant ) throws DataAccessException
+ {
+ SearchControls controls = new SearchControls();
+ controls.setReturningAttributes( LdapPermissionActionsDao.ATTRIBUTES );
+ controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+ String query = isGrant? "(& (grant=*) (objectClass=permGrant) )": "(& (deny=*) (objectClass=permDeny) )";
+ try
+ {
+ return new JndiIterator( this, ctx.search( contextDn,
+ query, controls ), contextDn );
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to search " + contextDn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new DataAccessException( msg );
+ }
+ }
+
+
+ public PermissionActions load( String contextDn, boolean isGrant, String permName ) throws DataAccessException
+ {
+ Set<String> actions = new HashSet<String>();
+ String rdn = getRelativeDn( contextDn, isGrant, permName );
+ Attributes attrs;
+
+ String creatorsName;
+ String modifiersName;
+ Date createTimestamp;
+ Date modifyTimestamp;
+
+ try
+ {
+ attrs = ctx.getAttributes( rdn, LdapPermissionActionsDao.ATTRIBUTES );
+ creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+ modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+ createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+ modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+
+ if ( attrs.get( ACTION_ID ) != null )
+ {
+ for ( NamingEnumeration ii = attrs.get( GRANT_ID ).getAll(); ii.hasMore(); /**/ )
+ {
+ actions.add( (String)ii.next() );
+ }
+ }
+ }
+ catch ( NameNotFoundException e )
+ {
+ String msg = "Could not find " + rdn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new NoSuchEntryException( msg );
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to lookup " + rdn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new DataAccessException( msg );
+ }
+
+ return new PermissionActions( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this, permName, Collections.unmodifiableSet(actions) );
+ }
+
+
+ public PermissionActions add( String contextDn, boolean isGrant, String permName, Set<String> actions )
+ throws DataAccessException
+ {
+ BasicAttributes attrs = new BasicAttributes( OBJECT_CLASS_ID, isGrant? PERM_GRANT_OC: PERM_DENY_OC, true );
+ attrs.put( isGrant? GRANT_ID: DENY_ID, permName );
+ if ( ! actions.isEmpty() )
+ {
+ BasicAttribute attr = new BasicAttribute( ACTION_ID );
+ for (String action : actions) {
+ attr.add(action);
+ }
+ attrs.put( attr );
+ }
+
+ String rdn = getRelativeDn( contextDn, isGrant, permName );
+ try
+ {
+ ctx.createSubcontext( rdn, attrs );
+ return new PermissionActions( principalName, new Date( System.currentTimeMillis() ), null, null,
+ this, permName, Collections.unmodifiableSet(actions) );
+ }
+ catch ( NameAlreadyBoundException e )
+ {
+ LdapPermissionActionsDao.log.error( "Cannot create role " + rdn, e );
+ EntryAlreadyExistsException eaee = new EntryAlreadyExistsException();
+ eaee.initCause( e );
+ throw eaee;
+ }
+ catch ( NamingException e )
+ {
+ LdapPermissionActionsDao.log.error( "Unexpected failure", e );
+ throw new DataAccessException( e.getMessage() );
+ }
+ }
+
+
+ public PermissionActions rename( String contextDn, boolean isGrant, String newPermissionName, PermissionActions permissionActions ) throws DataAccessException
+ {
+ String oldRdn = getRelativeDn( contextDn, isGrant, permissionActions.getPermissionName() );
+ String newRdn = getRelativeDn( contextDn, isGrant, newPermissionName );
+
+ try
+ {
+ ctx.rename( oldRdn, newRdn );
+ }
+ catch ( NameNotFoundException e )
+ {
+ String msg = "Rename failed. Could not find " + oldRdn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new NoSuchEntryException( msg );
+ }
+ catch ( NameAlreadyBoundException e )
+ {
+ String msg = "Rename failed. Another permissionActions already exists at " + newRdn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new EntryAlreadyExistsException( msg );
+ }
+ catch ( SchemaViolationException e )
+ {
+ String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " is required by other entities";
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new ConstraintViolationException( msg );
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " could not be renamed to " + newRdn;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new DataAccessException( msg );
+ }
+
+ return new PermissionActions( permissionActions.getCreatorsName(), permissionActions.getCreateTimestamp(), principalName,
+ new Date( System.currentTimeMillis() ), this, newPermissionName,
+ permissionActions.getActions() );
+ }
+
+
+ public PermissionActions modify( String creatorsName, Date createTimestamp, String contextDn, boolean isGrant, String permissionName,
+ Set<String> actions, ModificationItem[] mods )
+ throws DataAccessException
+ {
+ String rdn = getRelativeDn( contextDn, isGrant, permissionName );
+
+ try
+ {
+ ctx.modifyAttributes( rdn, mods );
+ }
+ catch ( SchemaViolationException e )
+ {
+ String msg = "Could not modify " + rdn + " under " + baseUrl;
+ msg += " The modification violates constraints.";
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new ConstraintViolationException( msg );
+ }
+ catch ( NameNotFoundException e )
+ {
+ String msg = "Entry " + rdn + " under " + baseUrl + " does not exist";
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new NoSuchEntryException( msg );
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Could not modify " + rdn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new NoSuchEntryException( msg );
+ }
+
+ return new PermissionActions( creatorsName, createTimestamp, principalName, new Date( System.currentTimeMillis() ),
+ this, permissionName, actions );
+ }
+
+
+ public void delete( String contextDn, boolean isGrant, String permissionName ) throws DataAccessException
+ {
+ String rdn = getRelativeDn( contextDn, isGrant, permissionName );
+
+ try
+ {
+ ctx.destroySubcontext( rdn );
+ }
+ catch ( SchemaViolationException e )
+ {
+ String msg = "Could not delete " + rdn + " under " + baseUrl;
+ msg += ". Other entities depend on " + permissionName;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new ConstraintViolationException( msg );
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Could not delete " + rdn + " under " + baseUrl;
+ LdapPermissionActionsDao.log.error( msg, e );
+ throw new DataAccessException( msg );
+ }
+ }
+
+
+ // -----------------------------------------------------------------------
+ // Private utility methods
+ // -----------------------------------------------------------------------
+
+
+ private String getRelativeDn( String contextDn, boolean isGrant, String permName )
+ {
+ StringBuffer buf = new StringBuffer();
+ buf.append(isGrant? GRANT_ID: DENY_ID).append( "=" ).append( permName );
+ buf.append( "," ).append( contextDn );
+ return buf.toString();
+ }
+
+ // -----------------------------------------------------------------------
+ // LdapDao method implementations
+ // -----------------------------------------------------------------------
+
+
+ public Object getEntryObject( Object extra, Attributes attrs )
+ {
+ String permissionName = null;
+ Set<String> actions = new HashSet<String>();
+
+ String creatorsName = null;
+ String modifiersName = null;
+ Date createTimestamp = null;
+ Date modifyTimestamp = null;
+
+ try
+ {
+ permissionName = ( String ) attrs.get( GRANT_ID ).get();
+ if (permissionName == null) {
+ permissionName = (String) attrs.get(DENY_ID).get();
+ }
+ creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+ modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+ createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+ modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+ if ( attrs.get( ACTION_ID ) != null )
+ {
+ for ( NamingEnumeration ii = attrs.get( ACTION_ID ).getAll(); ii.hasMore(); /**/ )
+ {
+ actions.add( (String) ii.next() );
+ }
+ }
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to produce object for attributes: " + attrs;
+ LdapPermissionActionsDao.log.error( msg, e );
+ }
+
+ return new PermissionActions( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this,
+ permissionName, Collections.unmodifiableSet( actions ) );
+ }
+
+
+ public void deleteEntry( String rdn )
+ {
+ try
+ {
+ ctx.destroySubcontext( rdn );
+ }
+ catch ( NamingException e )
+ {
+ LdapPermissionActionsDao.log.error( "Failed to delete " + rdn + " under " + baseUrl, e );
+ }
+ }
+}