You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/01/07 06:36:15 UTC
svn commit: r493652 [2/3] - in /directory/sandbox/triplesec-jacc2:
guardian-api/src/main/java/org/safehaus/triplesec/guardian/
guardian-api/src/test/java/org/safehaus/triplesec/guardian/
guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/ ...
Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java Sat Jan 6 21:36:13 2007
@@ -19,12 +19,14 @@
*/
package org.safehaus.triplesec.guardian;
+import java.security.Permission;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.Map;
import java.util.Set;
-
import junit.framework.Assert;
@@ -45,25 +47,25 @@
protected Object newInstanceA1()
{
return new Roles( "app1", new Role[] {
- new Role( STORE1, "role1", null ),
- new Role( STORE1, "role2", null ),
- new Role( STORE1, "role3", null ),
+ new Role( STORE1, "role1", null, null ),
+ new Role( STORE1, "role2", null, null ),
+ new Role( STORE1, "role3", null, null ),
});
}
protected Object newInstanceA2()
{
return new Roles( "app1", new Role[] {
- new Role( STORE1, "role1", null ),
- new Role( STORE1, "role2", null ),
- new Role( STORE1, "role3", null ),
+ new Role( STORE1, "role1", null, null ),
+ new Role( STORE1, "role2", null, null ),
+ new Role( STORE1, "role3", null, null ),
});
}
protected Object newInstanceB1()
{
return new Roles( "app1", new Role[] {
- new Role( STORE1, "role1", null ),
+ new Role( STORE1, "role1", null, null ),
});
}
@@ -106,7 +108,7 @@
try
{
new Roles( "app1", new Role[] {
- new Role( STORE2, "role1", null ),
+ new Role( STORE2, "role1", null, null ),
});
Assert.fail( "Execption is not thrown." );
}
@@ -120,9 +122,9 @@
public void testProperties()
{
- Role r1 = new Role( STORE1, "role1", null );
- Role r2 = new Role( STORE1, "role2", null );
- Role r3 = new Role( STORE1, "role3", null );
+ Role r1 = new Role( STORE1, "role1", null, null );
+ Role r2 = new Role( STORE1, "role2", null, null );
+ Role r3 = new Role( STORE1, "role3", null, null );
Roles roles = new Roles( "app1", new Role[] {
r1, r2, r3,
});
@@ -155,14 +157,14 @@
public void testSetOperations()
{
Roles roles1 = new Roles( "app1", new Role[] {
- new Role( STORE1, "role1", null ),
+ new Role( STORE1, "role1", null, null ),
});
Roles roles2 = new Roles( "app1", new Role[] {
- new Role( STORE1, "role2", null ),
+ new Role( STORE1, "role2", null, null ),
});
Roles roles12 = new Roles( "app1", new Role[] {
- new Role( STORE1, "role1", null ),
- new Role( STORE1, "role2", null ),
+ new Role( STORE1, "role1", null, null ),
+ new Role( STORE1, "role2", null, null ),
});
Roles wrongRoles = new Roles( "wrongApp", null );
@@ -222,6 +224,7 @@
}
+/*
public void testGetDependentRoles()
{
Role role1 = new Role( STORE1, "role1", STORE1.getPermissions() );
@@ -239,19 +242,20 @@
dependents = roles12.getDependentRoles( "perm99" );
assertEquals( 0, dependents.size() );
- dependents = roles12.getDependentRoles( new Permission( "app1", "perm99" ) );
+ dependents = roles12.getDependentRoles( new StringPermission( "app1", "perm99" ) );
assertEquals( 0, dependents.size() );
try
{
- dependents = roles12.getDependentRoles( new Permission( "blah", "perm99" ) );
+ dependents = roles12.getDependentRoles( new StringPermission( "blah", "perm99" ) );
fail( "Should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
{
}
}
-
+*/
+
public static void main( String[] args )
{
@@ -277,14 +281,12 @@
return null;
}
- public Permissions getPermissions()
- {
- Permission[] perms = new Permission[] {
- new Permission( appName, "perm1" ),
- new Permission( appName, "perm2" ),
- new Permission( appName, "perm3" ),
- };
- return new Permissions( appName, perms );
+ public Map<String, Permission> getPermissions() {
+ Map<String,Permission> perms = new HashMap<String,Permission>();
+ perms.put( "perm1", new StringPermission("perm1"));
+ perms.put( "perm2", new StringPermission("perm2"));
+ perms.put( "perm3", new StringPermission("perm3"));
+ return perms;
}
public Profile getProfile( String userName )
@@ -314,7 +316,7 @@
return null;
}
- public Set getDependentProfileNames( Permission permission ) throws GuardianException
+ public Set getDependentProfileNames( String permissionID ) throws GuardianException
{
return null;
}
Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java Sat Jan 6 21:36:13 2007
@@ -20,9 +20,22 @@
package org.safehaus.triplesec.guardian.mock;
-import org.safehaus.triplesec.guardian.*;
-
-import java.util.*;
+import java.security.Permissions;
+import java.security.Permission;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.Roles;
+import org.safehaus.triplesec.guardian.StringPermission;
/**
@@ -34,7 +47,7 @@
class MockApplicationPolicy implements ApplicationPolicy
{
private final Roles roles;
- private final Permissions perms;
+ private final Map<String,Permission> perms = new HashMap<String,Permission>();
private final String name;
private final Map profileByName;
@@ -43,56 +56,74 @@
{
name = "mockApplication";
profileByName = new HashMap();
- Set permSet = new HashSet();
Set roleSet = new HashSet();
// --------------------------------------------------------------------------------
// add permissions
// --------------------------------------------------------------------------------
- Permission perm0 = new Permission( name, "mockPerm0" ); permSet.add( perm0 );
- Permission perm1 = new Permission( name, "mockPerm1" ); permSet.add( perm1 );
- Permission perm2 = new Permission( name, "mockPerm2" ); permSet.add( perm2 );
- Permission perm3 = new Permission( name, "mockPerm3" ); permSet.add( perm3 );
- Permission perm4 = new Permission( name, "mockPerm4" ); permSet.add( perm4 );
- Permission perm5 = new Permission( name, "mockPerm5" ); permSet.add( perm5 );
- Permission perm6 = new Permission( name, "mockPerm6" ); permSet.add( perm6 );
- Permission perm7 = new Permission( name, "mockPerm7" ); permSet.add( perm7 );
- Permission perm8 = new Permission( name, "mockPerm8" ); permSet.add( perm8 );
- Permission perm9 = new Permission( name, "mockPerm9" ); permSet.add( perm9 );
+ StringPermission perm0 = new StringPermission("mockPerm0" ); perms.put( "mockPerm0", perm0 );
+ StringPermission perm1 = new StringPermission("mockPerm1" ); perms.put( "mockPerm1", perm1 );
+ StringPermission perm2 = new StringPermission("mockPerm2" ); perms.put( "mockPerm2", perm2 );
+ StringPermission perm3 = new StringPermission("mockPerm3" ); perms.put( "mockPerm3", perm3 );
+ StringPermission perm4 = new StringPermission("mockPerm4" ); perms.put( "mockPerm4", perm4 );
+ StringPermission perm5 = new StringPermission("mockPerm5" ); perms.put( "mockPerm5", perm5 );
+ StringPermission perm6 = new StringPermission("mockPerm6" ); perms.put( "mockPerm6", perm6 );
+ StringPermission perm7 = new StringPermission("mockPerm7" ); perms.put( "mockPerm7", perm7 );
+ StringPermission perm8 = new StringPermission("mockPerm8" ); perms.put( "mockPerm8", perm8 );
+ StringPermission perm9 = new StringPermission("mockPerm9" ); perms.put( "mockPerm9", perm9 );
- Permission[] permArray = ( Permission[] ) permSet.toArray( new Permission[0] );
- perms = new Permissions( name, permArray );
// --------------------------------------------------------------------------------
// add roles
// --------------------------------------------------------------------------------
// role without any permissions toggled
- Permissions grants = new Permissions( name, new Permission[0] );
- Role role0 = new Role( this, "mockRole0", grants );
+ Permissions grants = new Permissions();
+ Role role0 = new Role( this, "mockRole0", grants, null);
roleSet.add( role0 );
// role with permission mockPerm0
- grants = new Permissions( name, new Permission[] {perm0});
- Role role1 = new Role( this, "mockRole1", grants );
+ grants = new Permissions();
+ grants.add(perm0);
+ Role role1 = new Role( this, "mockRole1", grants, null);
roleSet.add( role1 );
// role with permission mockPerm1
- grants = new Permissions( name, new Permission[] {perm1});
- Role role2 = new Role( this, "mockRole2", grants );
+ grants = new Permissions();
+ grants.add(perm1);
+ Role role2 = new Role( this, "mockRole2", grants, null);
roleSet.add( role2 );
// role with permission mockPerm2 and mochPerm3
- grants = new Permissions( name, new Permission[] {perm2, perm3});
- Role role3 = new Role( this, "mockRole3", grants );
+ grants = new Permissions();
+ grants.add(perm2);
+ grants.add(perm3);
+ Role role3 = new Role( this, "mockRole3", grants, null);
roleSet.add( role3 );
// role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
- grants = new Permissions( name, new Permission[] {perm4, perm5, perm6, perm7, perm9});
- Role role4 = new Role( this, "mockRole4", grants );
+ grants = new Permissions();
+ grants.add(perm4);
+ grants.add(perm5);
+ grants.add(perm6);
+ grants.add(perm7);
+ grants.add(perm9);
+ Role role4 = new Role( this, "mockRole4", grants, null);
roleSet.add( role4 );
+ // role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
+ grants = new Permissions();
+ grants.add(perm4);
+ grants.add(perm5);
+ grants.add(perm6);
+ grants.add(perm7);
+ grants.add(perm9);
+ Permissions denials = new Permissions();
+ denials.add(perm6);
+ Role role5 = new Role( this, "mockRole5", grants, denials);
+ roleSet.add( role5 );
+
Role[] rolesArray = ( Role [] ) roleSet.toArray( new Role[0] );
roles = new Roles( name, rolesArray );
@@ -101,40 +132,55 @@
// --------------------------------------------------------------------------------
// a profile that has no permissions at all, and no roles (basis case)
- grants = new Permissions( name, new Permission[0] );
- Permissions denials = new Permissions( name, new Permission[0] );
+ grants = new Permissions();
+ denials = new Permissions();
Roles roles = new Roles( name, new Role[0] );
Profile profile = new Profile( this, "mockProfile0", "trustin", roles, grants, denials, false );
profileByName.put( profile.getProfileId(), profile );
// a profile for checking union of role1 and role2 - inherits perm0 and perm1
- grants = new Permissions( name, new Permission[0] );
- denials = new Permissions( name, new Permission[0] );
+ grants = new Permissions();
+ denials = new Permissions();
roles = new Roles( name, new Role[] { role1, role2 } );
profile = new Profile( this, "mockProfile1", "trustin", roles, grants, denials, false );
profileByName.put( profile.getProfileId(), profile );
// a profile for checking union of roles with grants - granted perm0 and inherits perm1
- grants = new Permissions( name, new Permission[] { perm0 } );
- denials = new Permissions( name, new Permission[0] );
+ grants = new Permissions();
+ grants.add(perm0 );
+ denials = new Permissions();
roles = new Roles( name, new Role[] { role2 } );
profile = new Profile( this, "mockProfile2", "trustin", roles, grants, denials, false );
profileByName.put( profile.getProfileId(), profile );
// a profile for checking union of roles with grants - granted perm0, perm7 and inherits perm2 and perm3
- grants = new Permissions( name, new Permission[] { perm0, perm7 } );
- denials = new Permissions( name, new Permission[0] );
+ grants = new Permissions();
+ grants.add(perm0);
+ grants.add(perm7);
+ denials = new Permissions();
roles = new Roles( name, new Role[] { role3 } );
profile = new Profile( this, "mockProfile3", "trustin", roles, grants, denials, false );
profileByName.put( profile.getProfileId(), profile );
// a profile for checking union of roles with grants and denials
// granted perm0, in role3 and role4 but denied inherited perm7
- grants = new Permissions( name, new Permission[] { perm0 } );
- denials = new Permissions( name, new Permission[] { perm7 } );
+ grants = new Permissions();
+ grants.add(perm0);
+ denials = new Permissions();
+ denials.add(perm7);
roles = new Roles( name, new Role[] { role3, role4 } );
profile = new Profile( this, "mockProfile4", "trustin", roles, grants, denials, false );
profileByName.put( profile.getProfileId(), profile );
+
+ // a profile for checking union of roles with grants and denials
+ // granted perm0, in role3 and role4 but denied inherited perm7
+ grants = new Permissions();
+ grants.add(perm0);
+ denials = new Permissions();
+ denials.add(perm7);
+ roles = new Roles( name, new Role[] { role3, role4, role5 } );
+ profile = new Profile( this, "mockProfile5", "trustin", roles, grants, denials, false );
+ profileByName.put( profile.getProfileId(), profile );
}
@@ -150,7 +196,7 @@
}
- public Permissions getPermissions()
+ public Map<String,Permission> getPermissions()
{
return perms;
}
@@ -191,7 +237,7 @@
}
- public Set getDependentProfileNames( Permission permission ) throws GuardianException
+ public Set getDependentProfileNames( String permissionID ) throws GuardianException
{
return null;
}
Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java Sat Jan 6 21:36:13 2007
@@ -23,6 +23,8 @@
import junit.framework.TestCase;
import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.safehaus.triplesec.guardian.PermissionsUtil;
/**
@@ -34,6 +36,7 @@
public class MockApplicationPolicyTest extends TestCase
{
MockApplicationPolicy store;
+ private static final String APP_NAME = "mockApplication";
protected void setUp() throws Exception
{
@@ -53,29 +56,29 @@
public void testProfile0()
{
- assertEquals( 5, store.getRoles().size() );
+ assertEquals( 6, store.getRoles().size() );
Profile p = store.getProfile( "mockProfile0" );
- assertTrue( p.getEffectivePermissions().isEmpty() );
+ assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
assertTrue( p.getRoles().isEmpty() );
}
public void testProfile1()
{
Profile p = store.getProfile( "mockProfile1" );
- assertEquals( 2, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertTrue( p.hasPermission( "mockPerm1" ) );
- assertFalse( p.hasPermission( "mockPerm3") );
+ assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ assertTrue( p.implies( new StringPermission("mockPerm1" )));
+ assertFalse( p.implies( new StringPermission("mockPerm3")));
assertEquals( 2, p.getRoles().size() );
}
public void testProfile2()
{
Profile p = store.getProfile( "mockProfile2" );
- assertEquals( 2, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertTrue( p.hasPermission( "mockPerm1" ) );
- assertFalse( p.hasPermission( "mockPerm3") );
+ assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ assertTrue( p.implies( new StringPermission("mockPerm1" )));
+ assertFalse( p.implies( new StringPermission("mockPerm3")));
assertEquals( 1, p.getRoles().size() );
assertTrue( p.getRoles().contains( "mockRole2" ) );
}
@@ -83,12 +86,12 @@
public void testProfile3()
{
Profile p = store.getProfile( "mockProfile3" );
- assertEquals( 4, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertTrue( p.hasPermission( "mockPerm7" ) );
- assertTrue( p.hasPermission( "mockPerm2" ) );
- assertTrue( p.hasPermission( "mockPerm3" ) );
- assertFalse( p.hasPermission( "mockPerm4" ) );
+ assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ assertTrue( p.implies( new StringPermission("mockPerm7" )));
+ assertTrue( p.implies( new StringPermission("mockPerm2" )));
+ assertTrue( p.implies( new StringPermission("mockPerm3" )));
+ assertFalse( p.implies( new StringPermission("mockPerm4" )));
assertEquals( 1, p.getRoles().size() );
assertTrue( p.getRoles().contains( "mockRole3" ) );
}
@@ -96,21 +99,46 @@
public void testProfile4()
{
Profile p = store.getProfile( "mockProfile4" );
- assertEquals( 7, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertFalse( p.hasPermission( "mockPerm1" ) );
- assertTrue( p.hasPermission( "mockPerm2" ) );
- assertTrue( p.hasPermission( "mockPerm3" ) );
- assertTrue( p.hasPermission( "mockPerm4" ) );
- assertTrue( p.hasPermission( "mockPerm5" ) );
- assertTrue( p.hasPermission( "mockPerm6" ) );
- assertFalse( p.hasPermission( "mockPerm7" ) );
- assertFalse( p.hasPermission( "mockPerm8" ) );
- assertTrue( p.hasPermission( "mockPerm9" ) );
+ assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+ assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ assertFalse( p.implies( new StringPermission("mockPerm1" )));
+ assertTrue( p.implies( new StringPermission("mockPerm2" )));
+ assertTrue( p.implies( new StringPermission("mockPerm3" )));
+ assertTrue( p.implies( new StringPermission("mockPerm4" )));
+ assertTrue( p.implies( new StringPermission("mockPerm5" )));
+ assertTrue( p.implies( new StringPermission("mockPerm6" )));
+ assertFalse( p.implies( new StringPermission("mockPerm7" )));
+ assertFalse( p.implies( new StringPermission("mockPerm8" )));
+ assertTrue( p.implies( new StringPermission("mockPerm9" )));
- assertFalse( p.hasPermission( "mockPerm14" ) );
+ assertFalse( p.implies( new StringPermission("mockPerm14" )));
assertEquals( 2, p.getRoles().size() );
assertTrue( p.getRoles().contains( "mockRole3" ) );
assertTrue( p.getRoles().contains( "mockRole4" ) );
+ }
+
+ public void testProfile5()
+ {
+ Profile p = store.getProfile( "mockProfile5" );
+ assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+ assertTrue( p.implies( new StringPermission("mockPerm0" )));
+ assertFalse( p.implies( new StringPermission("mockPerm1" )));
+ assertTrue( p.implies( new StringPermission("mockPerm2" )));
+ assertTrue( p.implies( new StringPermission("mockPerm3" )));
+ assertTrue( p.implies( new StringPermission("mockPerm4" )));
+ assertTrue( p.implies( new StringPermission("mockPerm5" )));
+ //from denial in role5
+ assertFalse( p.implies( new StringPermission("mockPerm6" )));
+ assertFalse( p.implies( new StringPermission("mockPerm7" )));
+ assertFalse( p.implies( new StringPermission("mockPerm8" )));
+ assertTrue( p.implies( new StringPermission("mockPerm9" )));
+
+ assertFalse( p.implies( new StringPermission("mockPerm14" )));
+ assertEquals( 3, p.getRoles().size() );
+ assertTrue( p.getRoles().contains( "mockRole3" ) );
+ assertTrue( p.getRoles().contains( "mockRole4" ) );
+ assertTrue( p.getRoles().contains( "mockRole5" ) );
}
}
Modified: directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java Sat Jan 6 21:36:13 2007
@@ -20,19 +20,37 @@
package org.safehaus.triplesec.guardian.ldap;
-import org.safehaus.triplesec.guardian.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.security.Permission;
+import java.security.Permissions;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
-import javax.naming.directory.*;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
import javax.naming.event.EventDirContext;
import javax.naming.event.NamespaceChangeListener;
import javax.naming.event.NamingEvent;
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
-import javax.naming.NamingException;
-import javax.naming.NamingEnumeration;
-import java.util.*;
+
+import org.safehaus.triplesec.guardian.ChangeType;
+import org.safehaus.triplesec.guardian.EntryApplicationPolicy;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.Roles;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -41,22 +59,14 @@
* @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
* @version $Rev: 72 $
*/
-class LdapApplicationPolicy implements ApplicationPolicy
+class LdapApplicationPolicy extends EntryApplicationPolicy
{
private static final String[] PROF_ID = new String[] { "profileId" };
/** the logger interface for this class */
private static Logger log = LoggerFactory.getLogger( LdapApplicationPolicy.class );
- /** the name of the application this store is associated with */
- private final String applicationName;
/** the application base relative name to the context given: "appName=<applicationName\>,ou=applications" */
private final String baseRdn;
- /** a breif description of this application */
- private String description;
- /** the {@link Permission}s defined for this store's application */
- private Permissions permissions;
- /** the {@link Role}s defined for this store's application */
- private Roles roles;
/** the JNDI Context at the base under which ou=applications can be found */
private DirContext ctx;
/** the profile for the admin user with all rights in all roles */
@@ -76,9 +86,9 @@
{
throw new NullPointerException( "ctx cannot be null" );
}
-
+
this.ctx = ctx;
-
+
// extract the applicationName from the applicationPrincipalDN
applicationName = getApplicationName( info.getProperty( "applicationPrincipalDN" ) );
@@ -87,16 +97,16 @@
buf.append( applicationName );
buf.append( ",ou=applications" );
baseRdn = buf.toString();
-
+
// load the set of permissions associated with this application
loadPermissions();
// load the set of roles associated with this application
loadRoles();
-
+
// setup the administrator with all permissions and roles
- adminProfile = new Profile( this, "admin", "admin", roles, permissions,
- new Permissions( applicationName, new Permission[0] ), false );
+ adminProfile = new Profile( this, "admin", "admin", roles, getAllPermissions(),
+ new Permissions( ), false );
try
{
@@ -116,11 +126,11 @@
{
log.error( "failed to read application entry: appName=" + applicationName + ",ou=applications" );
}
-
+
initializeNotifications();
}
-
+
private boolean initializeNotifications()
{
// attempt to get an event context and register for notifications
@@ -140,7 +150,7 @@
}
}
-
+
private Role getRoleFromStore( String roleName ) throws NamingException
{
SearchControls ctrls = new SearchControls();
@@ -152,18 +162,18 @@
buf.append( roleName );
buf.append( ",ou=roles," );
buf.append( baseRdn );
-
+
try
{
- NamingEnumeration list = ctx.search( buf.toString(), "(objectClass=policyRole)", ctrls );
+ NamingEnumeration<SearchResult> list = ctx.search( buf.toString(), "(objectClass=policyRole)", ctrls );
if ( list.hasMore() )
{
- SearchResult result = ( SearchResult ) list.next();
+ SearchResult result = list.next();
Role role = getRole( result.getAttributes() );
log.debug( "fetching role '" + role.getName() + "' for application '" + applicationName + "'" );
return role;
}
-
+
return null;
}
catch ( NamingException e )
@@ -173,26 +183,26 @@
throw new GuardianException( msg, e );
}
}
-
-
+
+
/**
*
* @throws GuardianException
*/
private void loadRoles() throws GuardianException
{
- Set roleSet = new HashSet();
+ Set<Role> roleSet = new HashSet<Role>();
SearchControls ctrls = new SearchControls();
- ctrls.setReturningAttributes( new String[] { "roleName", "grants" } );
+ ctrls.setReturningAttributes( new String[] { "roleName", "grants", "denials" } );
ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
try
{
- NamingEnumeration list = ctx.search( "ou=roles," + baseRdn,
+ NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + baseRdn,
"(objectClass=policyRole)", ctrls );
while ( list.hasMore() )
{
- SearchResult result = ( SearchResult ) list.next();
+ SearchResult result = list.next();
Role role = getRole( result.getAttributes() );
roleSet.add( role );
log.debug( "loading role '" + role.getName() + "' for application '" + applicationName + "'" );
@@ -206,29 +216,27 @@
}
Role[] roleArray = new Role[roleSet.size()];
- roleArray = ( Role[] ) roleSet.toArray( roleArray );
+ roleArray = roleSet.toArray( roleArray );
this.roles = new Roles( applicationName, roleArray );
}
private void loadPermissions() throws GuardianException
{
- Set permSet = new HashSet();
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes( new String[] { "permName" } );
ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-
try
{
- NamingEnumeration list = ctx.search( "ou=permissions," + baseRdn,
+ NamingEnumeration<SearchResult> list = ctx.search( "ou=permissions," + baseRdn,
"(objectClass=policyPermission)", ctrls );
while ( list.hasMore() )
{
- SearchResult result = ( SearchResult ) list.next();
+ SearchResult result = list.next();
String permName = ( String ) result.getAttributes().get( "permName" ).get();
- Permission perm = getPermission( result.getAttributes() );
+ PermissionEntry permEntry = loadPermission( result.getAttributes());
+ permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
log.debug( "loading permission " + permName + " for application " + applicationName );
- permSet.add( perm );
}
}
catch ( NamingException e )
@@ -238,215 +246,8 @@
throw new GuardianException( msg, e );
}
- Permission[] permArray = new Permission[permSet.size()];
- permArray = ( Permission[] ) permSet.toArray( permArray );
- this.permissions = new Permissions( applicationName, permArray );
}
-
-
- private Permission getPermission( Attributes attrs ) throws NamingException
- {
- Permission perm;
- String permName = ( String ) attrs.get( "permName" ).get();
- Attribute description = attrs.get( "description" );
- if ( description != null )
- {
- perm = new Permission( applicationName, permName, ( String ) description.get() );
- }
- else
- {
- perm = new Permission( applicationName, permName );
- }
- return perm;
- }
-
-
- public String getApplicationName()
- {
- return this.applicationName;
- }
-
-
- public String getDescription()
- {
- return this.description;
- }
-
-
- public Roles getRoles()
- {
- return this.roles;
- }
-
-
- public Permissions getPermissions()
- {
- return permissions;
- }
-
-
- private Role getRole( Attributes attrs ) throws NamingException
- {
- String roleName = ( String ) attrs.get( "roleName" ).get();
- Set permSet = new HashSet();
- Attribute attributes = attrs.get( "grants" );
-
- if ( attributes != null )
- {
- NamingEnumeration grantsEnumeration = attrs.get( "grants" ).getAll();
- while ( grantsEnumeration.hasMore() )
- {
- String permName = ( String ) grantsEnumeration.next();
- permSet.add( permissions.get( permName ) );
- log.debug( "granting permission '" + permName + "' to role '" + roleName
- + " in application '" + applicationName + "'" );
- }
- }
- Permission[] permArray = new Permission[permSet.size()];
- Permissions grants = new Permissions( applicationName, ( Permission[] ) permSet.toArray( permArray ) );
-
- Attribute description = attrs.get( "description" );
- Role role;
- if ( description == null || description.size() == 0 )
- {
- role = new Role( this, roleName, grants );
- }
- else
- {
- role = new Role( this, roleName, grants, ( String ) description.get() );
- }
- return role;
- }
-
-
- private static boolean parseBoolean( String bool )
- {
- if ( bool.equals( "true" ) )
- {
- return true;
- }
-
- return false;
- }
-
-
- private Profile getProfile( Attributes attrs ) throws NamingException
- {
- Permissions grants;
- Permissions denials;
- Roles roles;
- String profileId;
- String userName;
- boolean disabled = false;
-
- Attribute profileIdAttr = attrs.get( "profileId" );
- if ( profileIdAttr == null )
- {
- return null;
- }
- else
- {
- profileId = ( String ) profileIdAttr.get();
- }
-
- Attribute userAttr = attrs.get( "user" );
- if ( userAttr == null )
- {
- return null;
- }
- else
- {
- userName = ( String ) userAttr.get();
- }
-
- Attribute disabledAttr = attrs.get( "safehausDisabled" );
- if ( disabledAttr != null )
- {
- disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
- }
-
- // -------------------------------------------------------------------------------
- // process and assemble the profile's granted permissions
- // -------------------------------------------------------------------------------
-
- Attribute grantsAttribute = attrs.get( "grants" );
- if ( grantsAttribute != null )
- {
- Set grantsSet = new HashSet();
- NamingEnumeration grantsEnumeration = grantsAttribute.getAll();
- while ( grantsEnumeration.hasMore() )
- {
- String grantedPermName = ( String ) grantsEnumeration.next();
- grantsSet.add( this.permissions.get( grantedPermName ) );
- }
- Permission[] grantsArray = new Permission[grantsSet.size()];
- grants = new Permissions( applicationName, ( Permission[] ) grantsSet.toArray( grantsArray ) );
- }
- else
- {
- grants = new Permissions( applicationName, new Permission[0] );
- }
-
- // -------------------------------------------------------------------------------
- // process and assemble the profile's granted permissions
- // -------------------------------------------------------------------------------
-
- Attribute denialsAttribute = attrs.get( "denials" );
- if ( denialsAttribute != null )
- {
- Set denialsSet = new HashSet();
- NamingEnumeration denialsEnumeration = denialsAttribute.getAll();
- while ( denialsEnumeration.hasMore() )
- {
- String deniedPermName = ( String ) denialsEnumeration.next();
- denialsSet.add( this.permissions.get( deniedPermName ) );
- }
- Permission[] denialsArray = new Permission[denialsSet.size()];
- denials = new Permissions( applicationName, ( Permission[] ) denialsSet.toArray( denialsArray ) );
- }
- else
- {
- denials = new Permissions( applicationName, new Permission[0] );
- }
-
- // -------------------------------------------------------------------------------
- // process and assemble the profile's assigned roles
- // -------------------------------------------------------------------------------
-
- Attribute rolesAttribute = attrs.get( "roles" );
- if ( rolesAttribute != null )
- {
- Set rolesSet = new HashSet();
- NamingEnumeration rolesEnumeration = rolesAttribute.getAll();
- while ( rolesEnumeration.hasMore() )
- {
- String assignedRoleName = ( String ) rolesEnumeration.next();
- rolesSet.add( this.roles.get( assignedRoleName ) );
- }
- Role[] rolesArray = new Role[rolesSet.size()];
- roles = new Roles( applicationName, ( Role[] ) rolesSet.toArray( rolesArray ) );
- }
- else
- {
- roles = new Roles( applicationName, new Role[0] );
- }
- Attribute description = attrs.get( "description" );
- Profile profile;
-
- if ( description == null || description.size() == 0 )
- {
- profile = new Profile( this, profileId, userName, roles, grants, denials, disabled );
- }
- else
- {
- profile = new Profile( this, profileId, userName, roles, grants,
- denials, ( String ) description.get(), disabled );
- }
-
- return profile;
- }
-
public Profile getProfile( String profileId )
{
@@ -459,23 +260,23 @@
{
return adminProfile;
}
-
+
/*
- * Searching via one level scope for a profile is better than base scope lookups because
- * if the profile is not present search will not fail but return zero entries. Base scope
- * searches will raise an exception since the search base will be missing. Plus profileId
- * shall be indexed by default.
- */
+ * Searching via one level scope for a profile is better than base scope lookups because
+ * if the profile is not present search will not fail but return zero entries. Base scope
+ * searches will raise an exception since the search base will be missing. Plus profileId
+ * shall be indexed by default.
+ */
SearchControls ctrls = new SearchControls();
ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
- NamingEnumeration list = null;
+ NamingEnumeration<SearchResult> list = null;
try
{
list = ctx.search( "ou=profiles," + baseRdn, "(profileId=" + profileId + ")", ctrls );
if ( list.hasMore() )
{
- SearchResult result = ( SearchResult ) list.next();
+ SearchResult result = list.next();
Profile profile = getProfile( result.getAttributes() );
if ( log.isDebugEnabled() )
@@ -525,7 +326,7 @@
{
return;
}
-
+
try
{
ctx.close();
@@ -538,23 +339,8 @@
}
- static String getApplicationName( String principalDN )
- {
- String rdn = principalDN.split( "," )[0].trim();
- String[] rdnPair = rdn.split( "=" );
-
- if ( ! rdnPair[0].trim().equalsIgnoreCase( "appName" ) )
- {
- throw new IllegalArgumentException( "Application principal name '" + principalDN
- + "' is not an application DN" );
- }
+ private List<PolicyChangeListener> listeners = new ArrayList<PolicyChangeListener>();
- return rdnPair[1].trim();
- }
-
-
- private List listeners = new ArrayList();
-
public boolean removePolicyListener( PolicyChangeListener listener )
{
@@ -568,105 +354,105 @@
{
return false;
}
-
+
listeners.add( listener );
return true;
}
- public Set getDependentProfileNames( Role role ) throws GuardianException
+ public Set<String> getDependentProfileNames( Role role ) throws GuardianException
{
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
controls.setReturningAttributes( PROF_ID );
-
+
String baseProfilesRdn = "ou=profiles," + this.baseRdn;
- NamingEnumeration results = null;
- Set profiles = new HashSet();
+ NamingEnumeration<SearchResult> results;
+ Set<String> profiles = new HashSet<String>();
profiles.add( "admin" );
-
+
StringBuffer filter = new StringBuffer();
filter.append( "(& (objectClass=policyProfile) (roles=" );
filter.append( role.getName() );
filter.append( ") )" );
-
+
try
{
results = ctx.search( baseProfilesRdn, filter.toString(), controls );
while ( results.hasMore() )
{
- SearchResult result = ( SearchResult ) results.next();
-
+ SearchResult result = results.next();
+
if ( result.getAttributes().get( "profileId" ) != null )
{
- profiles.add( result.getAttributes().get( "profileId" ).get() );
+ profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
}
}
}
catch ( NamingException e )
{
- throw new GuardianException( "Failed to lookup profiles dependent on role '" +
+ throw new GuardianException( "Failed to lookup profiles dependent on role '" +
role.getName() + "' while searching the directory" );
}
-
+
return profiles;
}
-
- public Set getDependentProfileNames( Permission permission ) throws GuardianException
+
+ public Set<String> getDependentProfileNames( String permissionID ) throws GuardianException
{
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
controls.setReturningAttributes( PROF_ID );
-
+
String baseProfilesRdn = "ou=profiles," + this.baseRdn;
- NamingEnumeration results = null;
- Set profiles = new HashSet();
+ NamingEnumeration<SearchResult> results;
+ Set<String> profiles = new HashSet<String>();
profiles.add( "admin" );
-
+
StringBuffer filter = new StringBuffer();
filter.append( "(& (objectClass=policyProfile) (| (grants=" );
- filter.append( permission.getName() );
+ filter.append( permissionID );
filter.append( ") (denials=" );
- filter.append( permission.getName() );
+ filter.append( permissionID );
filter.append( ") ) )" );
-
+
try
{
results = ctx.search( baseProfilesRdn, filter.toString(), controls );
while ( results.hasMore() )
{
- SearchResult result = ( SearchResult ) results.next();
-
+ SearchResult result = results.next();
+
if ( result.getAttributes().get( "profileId" ) != null )
{
- profiles.add( result.getAttributes().get( "profileId" ).get() );
+ profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
}
}
}
catch ( NamingException e )
{
- throw new GuardianException( "Failed to lookup profiles dependent on permission '" +
- permission.getName() + "' while searching the directory" );
+ throw new GuardianException( "Failed to lookup profiles dependent on permission '" +
+ permissionID + "' while searching the directory" );
}
-
+
return profiles;
}
-
+
private boolean hasObjectClass( Attribute oc, String value ) throws NamingException
{
if ( oc == null )
{
throw new NullPointerException( "expecting non-null object class (oc arg)" );
}
-
+
if ( value == null )
{
throw new NullPointerException( "expecting non-null object class value (value arg)" );
}
-
- NamingEnumeration all = oc.getAll();
+
+ NamingEnumeration<?> all = oc.getAll();
while( all.hasMore() )
{
String candidate = ( String ) all.next();
@@ -675,10 +461,10 @@
return true;
}
}
-
+
return false;
}
-
+
/**
* An event transducer that converts JNDI notifications of change into
@@ -707,7 +493,7 @@
buf.append( "\tentry = " ).append( entry ).append( "\n" );
}
log.debug( buf.toString() );
-
+
if ( evt.getNewBinding() != null )
{
log.debug( "Binding Class = " + evt.getNewBinding().getClass() );
@@ -717,18 +503,18 @@
public void objectChanged( NamingEvent evt )
{
- SearchResult result = null;
- Attributes entry = null;
- Attribute oc = null;
-
+ SearchResult result;
+ Attributes entry;
+ Attribute oc;
+
/*
- * Workaround until https://issues.apache.org/jira/browse/DIRSERVER-587
- * is fixed. We simply lookup the object on the server rather than use
- * the attributes delivered to us.
- */
+ * Workaround until https://issues.apache.org/jira/browse/DIRSERVER-587
+ * is fixed. We simply lookup the object on the server rather than use
+ * the attributes delivered to us.
+ */
result = ( SearchResult ) evt.getNewBinding();
String name = result.getName();
-
+
if ( name.indexOf( applicationName ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -738,7 +524,7 @@
}
return;
}
-
+
try
{
entry = ctx.getAttributes( name );
@@ -747,11 +533,12 @@
{
log.error( "Cannot deliver policy change notification. " +
"Failed to lookup entry attributes for " + name, e1 );
+ return;
}
logEvent( evt, entry );
oc = entry.get( "objectClass" );
-
+
try
{
if ( hasObjectClass( oc, "policyApplication" ) )
@@ -759,37 +546,40 @@
log.info( "Received notification that the policyApplication has changed." );
return;
}
-
+
if ( hasObjectClass( oc, "policyPermission" ) )
{
- String permName = ( String ) entry.get( "permName" ).get();
+ PermissionEntry newPermEntry = loadPermission(entry);
+ Permission oldPermission = permissions.put(newPermEntry.getPermissionName(), newPermEntry.getPermission());
if ( log.isDebugEnabled() )
{
- log.debug( "Received notification that a policyPermission " + permName + " has changed." );
+ log.debug( "Received notification that a policyPermission " + newPermEntry.getPermissionName() + " has changed." );
}
-
+
+ //TODO modify roles and profiles using this permission
/*
- * 1. Need to update/replace the permission itelf in Permissions.
- * 2. Need to update/replace all roles that now depend on this permission in Roles.
- * 3. Let user application know that the permission has changed.
- */
+ * 1. Need to update/replace the permission itelf in Permissions.
+ * 2. Need to update/replace all roles that now depend on this permission in Roles.
+ * 3. Let user application know that the permission has changed.
+ */
+/*
Permissions permissions = LdapApplicationPolicy.this.permissions;
- Permission newPermission = getPermission( entry );
- Permission oldPermission = permissions.get( newPermission.getName() );
+ StringPermission newPermission = getPermission( entry );
+ StringPermission oldPermission = permissions.get( newPermission.getName() );
Roles dependentRoles = LdapApplicationPolicy.this.roles.getDependentRoles( oldPermission );
- Permissions newPermissions = new Permissions( applicationName, new Permission[] { newPermission } );
- Permissions oldPermissions = new Permissions( applicationName, new Permission[] { oldPermission } );
+ Permissions newPermissions = new Permissions( applicationName, new StringPermission[] { newPermission } );
+ Permissions oldPermissions = new Permissions( applicationName, new StringPermission[] { oldPermission } );
permissions = permissions.removeAll( oldPermissions );
permissions = permissions.addAll( newPermissions );
LdapApplicationPolicy.this.permissions = permissions;
-
+
List oldRoleList = new ArrayList();
List newRoleList = new ArrayList();
- for ( Iterator ii = dependentRoles.iterator(); ii.hasNext(); /* */ )
+ for ( Iterator ii = dependentRoles.iterator(); ii.hasNext(); )
{
Role oldRole = ( Role ) ii.next();
oldRoleList.add( oldRole );
-
+
Role newRole = getRoleFromStore( oldRole.getName() );
newRoleList.add( newRole );
}
@@ -798,34 +588,32 @@
Roles oldRoles = new Roles( applicationName, oldRolesArray );
Roles roles = LdapApplicationPolicy.this.roles;
roles = roles.removeAll( oldRoles );
-
+
Role[] newRolesArray = new Role[newRoleList.size()];
newRolesArray = ( Role[] ) newRoleList.toArray( newRolesArray );
Roles newRoles = new Roles( applicationName, newRolesArray );
roles = roles.addAll( newRoles );
-
+
LdapApplicationPolicy.this.roles = roles;
-
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.permissionChanged( LdapApplicationPolicy.this, newPermission,
- ChangeType.MODIFY );
+ */
+ for (PolicyChangeListener listener : listeners) {
+ listener.permissionChanged(LdapApplicationPolicy.this, newPermEntry.getPermissionName(), newPermEntry.getPermission(),
+ ChangeType.MODIFY);
}
}
else if ( hasObjectClass( oc, "policyRole" ) )
{
String roleName = ( String ) entry.get( "roleName" ).get();
-
+
if ( log.isDebugEnabled() )
{
log.debug( "Received notification that a policyRole " + roleName + " has changed." );
}
-
+
/*
- * 1. Need to update/replace the role itelf in Roles.
- * 2. Let user application know that the Role has changed.
- */
+ * 1. Need to update/replace the role itelf in Roles.
+ * 2. Let user application know that the Role has changed.
+ */
Role newRole = getRole( entry );
Roles roles = LdapApplicationPolicy.this.roles;
@@ -834,34 +622,30 @@
Roles newRoles = new Roles( applicationName, new Role[] { newRole } );
roles = roles.addAll( newRoles );
LdapApplicationPolicy.this.roles = roles;
-
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.roleChanged( LdapApplicationPolicy.this, newRole, ChangeType.MODIFY );
+
+ for (PolicyChangeListener listener : listeners) {
+ listener.roleChanged(LdapApplicationPolicy.this, newRole, ChangeType.MODIFY);
}
}
else if ( hasObjectClass( oc, "policyProfile" ) )
{
String profileId = ( String ) entry.get( "profileId" ).get();
-
+
if ( log.isDebugEnabled() )
{
log.debug( "Received notification that a policyProfile " + profileId + " has changed." );
}
-
+
/*
- * 1. Let user application know that the Profile has changed.
- */
-
+ * 1. Let user application know that the Profile has changed.
+ */
+
Profile profile = getProfile( entry );
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.MODIFY );
+ for (PolicyChangeListener listener : listeners) {
+ listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.MODIFY);
}
}
- else
+ else
{
if ( log.isInfoEnabled() )
{
@@ -870,8 +654,8 @@
}
// setup the administrator with all permissions and roles
- adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
- new Permissions( applicationName, new Permission[0] ), false );
+ adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+ new Permissions( ), false );
}
catch ( NamingException e )
{
@@ -901,7 +685,7 @@
Attribute oc = entry.get( "objectClass" );
String name = result.getName();
logEvent( evt, entry );
-
+
if ( name.indexOf( applicationName ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -911,7 +695,7 @@
}
return;
}
-
+
try
{
if ( hasObjectClass( oc, "policyPermission" ) )
@@ -920,16 +704,11 @@
* 1. Need to add the permission to the permissions of the application
* 2. Need to notify of the permission's addition to all listeners
*/
- Permission permission = getPermission( entry );
- Permissions permissions = LdapApplicationPolicy.this.permissions;
- permissions = permissions.addAll( new Permissions( applicationName,
- new Permission[] { permission } ) );
- LdapApplicationPolicy.this.permissions = permissions;
-
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.permissionChanged( LdapApplicationPolicy.this, permission, ChangeType.ADD );
+ PermissionEntry permEntry = loadPermission( entry);
+ permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
+
+ for (PolicyChangeListener listener : listeners) {
+ listener.permissionChanged(LdapApplicationPolicy.this, permEntry.getPermissionName(), permEntry.getPermission(), ChangeType.ADD);
}
}
else if ( hasObjectClass( oc, "policyRole" ) )
@@ -941,10 +720,9 @@
Role role = getRole( entry );
add( role );
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.roleChanged( LdapApplicationPolicy.this, role, ChangeType.ADD );
+ for (Object listener1 : listeners) {
+ PolicyChangeListener listener = (PolicyChangeListener) listener1;
+ listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.ADD);
}
}
else if ( hasObjectClass( oc, "policyProfile" ) )
@@ -953,10 +731,9 @@
* 1. Need to notify of the profile's addition to all listeners
*/
Profile profile = getProfile( entry );
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.ADD );
+ for (Object listener1 : listeners) {
+ PolicyChangeListener listener = (PolicyChangeListener) listener1;
+ listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.ADD);
}
}
else
@@ -964,10 +741,10 @@
System.out.println( "Entry '" + name + "' ignored!" );
return;
}
-
+
// setup the administrator with all permissions and roles
- adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
- new Permissions( applicationName, new Permission[0] ), false );
+ adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+ new Permissions( ), false );
}
catch ( NamingException e )
{
@@ -983,7 +760,7 @@
Attribute oc = entry.get( "objectClass" );
String name = result.getName();
logEvent( evt, entry );
-
+
if ( name.indexOf( applicationName ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -993,7 +770,7 @@
}
return;
}
-
+
try
{
if ( hasObjectClass( oc, "policyPermission" ) )
@@ -1002,17 +779,10 @@
* 1. Need to remove the permission from the permissions of the application
* 2. Need to notify of the permission's removal to all listeners
*/
- String profileId = ( String ) entry.get( "permName" ).get();
- Permissions permissions = LdapApplicationPolicy.this.permissions;
- Permission permission = permissions.get( profileId );
- permissions = permissions.removeAll( new Permissions( applicationName,
- new Permission[] { permission } ) );
- LdapApplicationPolicy.this.permissions = permissions;
-
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.permissionChanged( LdapApplicationPolicy.this, permission, ChangeType.DEL );
+ String permName = ( String ) entry.get( "permName" ).get();
+ Permission permission = permissions.remove(permName);
+ for (PolicyChangeListener listener : listeners) {
+ listener.permissionChanged(LdapApplicationPolicy.this, permName, permission, ChangeType.DEL);
}
}
else if ( hasObjectClass( oc, "policyRole" ) )
@@ -1024,10 +794,8 @@
String roleName = ( String ) entry.get( "roleName" ).get();
Role role = removeRole( roleName );
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.roleChanged( LdapApplicationPolicy.this, role, ChangeType.DEL );
+ for (PolicyChangeListener listener : listeners) {
+ listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.DEL);
}
}
else if ( hasObjectClass( oc, "policyProfile" ) )
@@ -1036,10 +804,8 @@
* 1. Need to notify of the profile's addition to all listeners
*/
Profile profile = getProfile( entry );
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.DEL );
+ for (PolicyChangeListener listener : listeners) {
+ listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.DEL);
}
}
else
@@ -1049,8 +815,8 @@
}
// setup the administrator with all permissions and roles
- adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
- new Permissions( applicationName, new Permission[0] ), false );
+ adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+ new Permissions( ), false );
}
catch ( NamingException e )
{
@@ -1072,7 +838,7 @@
String newName = evt.getNewBinding().getName();
Attributes newEntry = ( ( SearchResult ) evt.getNewBinding() ).getAttributes();
Attribute oc = newEntry.get( "objectClass" );
-
+
if ( oldName.indexOf( applicationName ) == -1 )
{
if ( log.isWarnEnabled() )
@@ -1082,34 +848,31 @@
}
return;
}
-
+
try
{
String oldProfileId = getRdn( oldName );
oldProfileId = getRdnValue( oldProfileId );
-
+
if ( hasObjectClass( oc, "policyPermission" ) )
{
removePermission( oldProfileId );
- Permission newPermission = getPermission( newEntry );
- add( newPermission );
-
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.permissionRenamed( LdapApplicationPolicy.this, newPermission, oldProfileId );
+ PermissionEntry permEntry = loadPermission( newEntry );
+ add( permEntry );
+
+ for (Object listener1 : listeners) {
+ PolicyChangeListener listener = (PolicyChangeListener) listener1;
+ listener.permissionRenamed(LdapApplicationPolicy.this, permEntry.getPermission(), newName, oldProfileId);
}
- }
+ }
else if ( hasObjectClass( oc, "policyRole" ) )
{
removeRole( oldProfileId );
Role newRole = getRole( newEntry );
add( newRole );
-
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.roleRenamed( LdapApplicationPolicy.this, newRole, oldProfileId );
+
+ for (PolicyChangeListener listener : listeners) {
+ listener.roleRenamed(LdapApplicationPolicy.this, newRole, oldProfileId);
}
}
else if ( hasObjectClass( oc, "policyProfile" ) )
@@ -1118,10 +881,8 @@
* 1. Need to notify of the profile's addition to all listeners
*/
Profile profile = getProfile( newEntry );
- for ( int ii = 0; ii < listeners.size(); ii++ )
- {
- PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
- listener.profileRenamed( LdapApplicationPolicy.this, profile, oldProfileId );
+ for (PolicyChangeListener listener : listeners) {
+ listener.profileRenamed(LdapApplicationPolicy.this, profile, oldProfileId);
}
}
else
@@ -1131,8 +892,8 @@
}
// setup the administrator with all permissions and roles
- adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
- new Permissions( applicationName, new Permission[0] ), false );
+ adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+ new Permissions( ), false );
}
catch ( NamingException e )
{
@@ -1140,8 +901,8 @@
}
}
}
-
-
+
+
/**
* Gets the value of a single name component of a distinguished name.
*
@@ -1168,7 +929,7 @@
return null;
}
- int commaIndex = -1;
+ int commaIndex;
if ( ( commaIndex = name.indexOf( ',' ) ) == -1 )
{
return name;
@@ -1184,7 +945,7 @@
this.roles = this.roles.addAll( addedRoles );
}
-
+
private Role removeRole( String roleName )
{
Role role = this.roles.get( roleName );
@@ -1192,58 +953,54 @@
this.roles = this.roles.removeAll( removedRoles );
return role;
}
-
-
- private void add( Permission permission )
+
+
+ private void add( PermissionEntry permEntry )
{
- Permissions addedPermissions = new Permissions( applicationName, new Permission[] { permission } );
- this.permissions = this.permissions.addAll( addedPermissions );
+ permissions.put( permEntry.getPermissionName(), permEntry.getPermission() );
}
-
+
private Permission removePermission( String permName )
{
- Permission permission = this.permissions.get( permName );
- Permissions removedPermissions = new Permissions( applicationName, new Permission[] { permission } );
- this.permissions = this.permissions.removeAll( removedPermissions );
- return permission;
+ return permissions.remove( permName );
}
- public Set getUserProfileIds( String userName ) throws GuardianException
+ public Set<String> getUserProfileIds( String userName ) throws GuardianException
{
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
controls.setReturningAttributes( PROF_ID );
-
+
String baseProfilesRdn = "ou=profiles," + this.baseRdn;
- NamingEnumeration results = null;
- Set profiles = new HashSet();
-
+ NamingEnumeration<SearchResult> results;
+ Set<String> profiles = new HashSet<String>();
+
StringBuffer filter = new StringBuffer();
filter.append( "(& (objectClass=policyProfile) (user=" );
filter.append( userName );
filter.append( ") )" );
-
+
try
{
results = ctx.search( baseProfilesRdn, filter.toString(), controls );
while ( results.hasMore() )
{
- SearchResult result = ( SearchResult ) results.next();
-
+ SearchResult result = results.next();
+
if ( result.getAttributes().get( "profileId" ) != null )
{
- profiles.add( result.getAttributes().get( "profileId" ).get() );
+ profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
}
}
}
catch ( NamingException e )
{
- throw new GuardianException( "Failed to lookup profiles for user '" +
+ throw new GuardianException( "Failed to lookup profiles for user '" +
userName + "' while searching the directory" );
}
-
+
return profiles;
}
@@ -1253,9 +1010,9 @@
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
controls.setReturningAttributes( PROF_ID );
-
+
String baseProfilesRdn = "ou=profiles," + this.baseRdn;
- NamingEnumeration results = null;
+ NamingEnumeration<SearchResult> results;
try
{
results = ctx.search( baseProfilesRdn, "(objectClass=policyProfile)", controls );
@@ -1272,4 +1029,5 @@
{
return adminProfile;
}
+
}