You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2005/02/18 22:48:38 UTC
svn commit: r154356 - in incubator/directory/authx/trunk:
api/src/java/org/apache/authx/authorization/
impl/src/java/org/apache/authx/authorization/
impl/src/test/org/apache/authx/authorization/
script/src/test/org/apache/authx/script/xml/
Author: vtence
Date: Fri Feb 18 13:48:35 2005
New Revision: 154356
URL: http://svn.apache.org/viewcvs?view=rev&rev=154356
Log:
Introduced the concept of AuthorizationRequest
Added:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java (with props)
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java (with props)
Removed:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Predicate.java
Modified:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java?view=auto&rev=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java Fri Feb 18 13:48:35 2005
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+public interface AuthorizationRequest
+{
+ boolean affectsSubject( Predicate subjectPredicate );
+
+ boolean targetsPermission( Predicate permissionPredicate );
+}
Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java (original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java Fri Feb 18 13:48:35 2005
@@ -16,7 +16,7 @@
*/
package org.apache.authx.authorization;
-import javax.security.auth.Subject;
+
/**
* An <code>Authorizer</code> is a security
@@ -24,15 +24,9 @@
* responding to an authorization request
* by rendering an authorization decision.
* <p>
- * At this stage, no authorization request
- * abstraction exist yet, but that may change
- * soon. For the time being, an authorization request
- * is composed of a requested <code>Permission</code>
- * on behalf of a given subject.
- * <p>
- * No abstraction of authorization
- * decision exist either and a boolean representation
- * is used. That should change as well to support
+ * At this stage, no abstraction of authorization
+ * decision exist and a boolean representation
+ * is used. That could change at some point to support
* a richer authorization model that associates positive
* decisions to sets of obligations to which the client
* must compell.
@@ -43,10 +37,9 @@
* Renders an authorization decision in response
* to the given authorization request.
*
- * @param s The subject requesting a permission
- * @param p The targeted permission
+ * @param request The authorization request to evaluate
* @return true if case of a positive decision,
* false otherwise
*/
- boolean authorize( Subject s, Permission p );
+ boolean renderDecision( AuthorizationRequest request );
}
Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java?view=auto&rev=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java Fri Feb 18 13:48:35 2005
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.authx.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Predicate
+{
+ boolean evaluate( Object o );
+}
Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java (original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java Fri Feb 18 13:48:35 2005
@@ -23,5 +23,5 @@
*/
public interface Rule
{
- Effect evaluate( Subject s, Permission p );
+ Effect evaluate( AuthorizationRequest request );
}
Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java?view=auto&rev=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java Fri Feb 18 13:48:35 2005
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+import javax.security.auth.Subject;
+
+public class DefaultAuthorizationRequest implements AuthorizationRequest
+{
+ private final Subject m_subject;
+ private final Permission m_permission;
+
+ public DefaultAuthorizationRequest( Subject subject, Permission permission )
+ {
+ m_subject = subject;
+ m_permission = permission;
+ }
+
+ public boolean affectsSubject( Predicate subjectPredicate )
+ {
+ return subjectPredicate.evaluate( m_subject );
+ }
+
+ public boolean targetsPermission( Predicate permissionPredicate )
+ {
+ return permissionPredicate.evaluate( m_permission );
+ }
+
+ public boolean equals( Object value )
+ {
+ if ( this == value ) return true;
+ if ( !( value instanceof DefaultAuthorizationRequest ) ) return false;
+
+ final DefaultAuthorizationRequest defaultAuthorizationRequest = ( DefaultAuthorizationRequest ) value;
+
+ if ( !m_permission.equals( defaultAuthorizationRequest.m_permission ) ) return false;
+ if ( !m_subject.equals( defaultAuthorizationRequest.m_subject ) ) return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ int result;
+ result = m_subject.hashCode();
+ result = 29 * result + m_permission.hashCode();
+ return result;
+ }
+}
Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
------------------------------------------------------------------------------
svn:executable = *
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java Fri Feb 18 13:48:35 2005
@@ -18,7 +18,6 @@
import org.apache.authx.authorization.effect.Effects;
-import javax.security.auth.Subject;
import java.util.HashMap;
import java.util.Map;
@@ -38,9 +37,9 @@
m_decisions.put( Effects.DENY, Boolean.FALSE );
}
- public boolean authorize( Subject s, Permission p )
+ public boolean renderDecision( AuthorizationRequest request )
{
- Effect effect = m_ruleSet.evaluate( s, p ).reduce();
+ Effect effect = m_ruleSet.evaluate( request ).reduce();
Boolean decision = ( Boolean ) m_decisions.get( effect );
return decision != null ? decision.booleanValue() : m_defaultDecision;
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java Fri Feb 18 13:48:35 2005
@@ -67,4 +67,14 @@
{
return m_subjectPredicate.evaluate( s ) && m_permissionPredicate.evaluate( p );
}
+
+ private boolean isApplicableTo( AuthorizationRequest request )
+ {
+ return request.affectsSubject( m_subjectPredicate ) && request.targetsPermission( m_permissionPredicate );
+ }
+
+ public Effect evaluate( AuthorizationRequest request )
+ {
+ return isApplicableTo( request ) ? m_effect : Effects.NOT_APPLICABLE;
+ }
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java Fri Feb 18 13:48:35 2005
@@ -40,14 +40,14 @@
m_rules.add( rule );
}
- public Effect evaluate( Subject s, Permission p )
+ public Effect evaluate( AuthorizationRequest request )
{
Effect decision = m_effect;
for ( Iterator it = m_rules.iterator(); it.hasNext(); )
{
Rule rule = ( Rule ) it.next();
- Effect effect = rule.evaluate( s, p );
+ Effect effect = rule.evaluate( request );
decision = decision.add( effect );
}
Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java Fri Feb 18 13:48:35 2005
@@ -16,7 +16,7 @@
*/
package org.apache.authx.authorization;
-import javax.security.auth.Subject;
+
public class PrimitiveRule implements Rule
{
@@ -27,7 +27,7 @@
this.effect = effect;
}
- public Effect evaluate( Subject s, Permission p )
+ public Effect evaluate( AuthorizationRequest request )
{
return effect;
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java Fri Feb 18 13:48:35 2005
@@ -35,35 +35,35 @@
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.GRANT ) );
m_authorizer.denyIfUnsure();
- assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ assertTrue( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
}
public void testTakesPositiveDecisionIfRuleIsNotApplicable()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.NOT_APPLICABLE ) );
m_authorizer.denyIfUnsure();
- assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ assertTrue( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
}
public void testTakesNegativeDecisionIfRuleSuggestDenial()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
m_authorizer.grantIfUnsure();
- assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ assertFalse( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
}
public void testCanForceEffectToGrantDecision()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
m_authorizer.grantOn( Effects.DENY );
- assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ assertTrue( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
}
public void testCanForceEffectToDenyDecision()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.NOT_APPLICABLE ) );
m_authorizer.denyOn( Effects.NOT_APPLICABLE );
- assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ assertFalse( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
}
public void testEffectsAreReducedBeforeTakingDecision()
@@ -71,6 +71,6 @@
m_authorizer = new DefaultAuthorizer( new Policy( new PermitOverridesEffect() ) );
m_authorizer.grantIfUnsure();
m_authorizer.denyOn( Effects.NOT_APPLICABLE );
- assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+ assertFalse( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
}
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java Fri Feb 18 13:48:35 2005
@@ -47,7 +47,7 @@
m_rule.setEffect( Effects.DENY );
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
- assertEquals( Effects.DENY, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
+ assertEquals( Effects.DENY, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ));
}
public void testSubjectConditionsAreCombinedIntoAnOrOperation()
@@ -56,8 +56,8 @@
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.joe(), new SomePermission() ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.joe(), new SomePermission() ) ) );
}
public void testPermissionConditionsAreCombinedIntoAnOrOperation()
@@ -66,21 +66,21 @@
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "foo" ) ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "bar" ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission( "foo" ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission( "bar" ) ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ) ) ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ) ) ) );
}
public void testIsNotApplicableIfSubjectConditionIsNotVerified()
{
m_rule.matchSubjects( new FalsePredicate() );
m_rule.matchPermissions( new TruePredicate() );
- assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
+ assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
}
public void testIsNotApplicableIfPermissionConditionIsNotVerified()
{
m_rule.matchSubjects( new TruePredicate() );
m_rule.matchPermissions( new FalsePredicate() );
- assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
+ assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
}
}
Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java Fri Feb 18 13:48:35 2005
@@ -27,7 +27,7 @@
public void testRendersDefaultDecisionWhenEmpty()
{
Policy policy = new Policy( new PermitOverridesEffect() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new Subject(), new SomePermission() ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
}
public void testCombinesResultOfContainedRulesEvaluation()
@@ -36,6 +36,6 @@
policy.addRule( new PrimitiveRule( Effects.DENY ) );
policy.addRule( new PrimitiveRule( Effects.GRANT ) );
- assertEquals( Effects.GRANT, policy.evaluate( new Subject(), new SomePermission() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
}
}
Modified: incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java (original)
+++ incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java Fri Feb 18 13:48:35 2005
@@ -18,6 +18,7 @@
import junit.framework.TestCase;
import org.apache.authx.authorization.Policy;
+import org.apache.authx.authorization.DefaultAuthorizationRequest;
import org.apache.authx.authorization.effect.DenyOverridesEffect;
import org.apache.authx.authorization.effect.Effects;
import org.apache.authx.authorization.effect.PermitOverridesEffect;
@@ -62,7 +63,7 @@
Policy policy = new Policy( new DenyOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.DENY, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
+ assertEquals( Effects.DENY, policy.evaluate( new DefaultAuthorizationRequest( Subjects.anybody(), Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForRulingOnUsernames() throws Exception
@@ -83,7 +84,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.joe(), Permissions.anything() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.joe(), Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForRulingOnGroups() throws Exception
@@ -104,7 +105,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Groups.canadians() ), Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForRulingOnRoles() throws Exception
@@ -125,7 +126,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() )) .reduce() );
}
public void testPredicatesCanBeRegisteredToExtendRuling() throws Exception
@@ -147,7 +148,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.withGreenEyes(), Permissions.anything() ) ).reduce() );
}
public void testLastRegisteredBuilderWins() throws Exception
@@ -169,7 +170,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.anybody(), Permissions.anything() ) ).reduce() );
}
public void testMultiplePredicatesAreCombinedWithAnOrOperation() throws Exception
@@ -192,9 +193,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Groups.canadians() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForAndOperationOnPredicates() throws Exception
@@ -219,10 +220,10 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Groups.geeks(), Roles.developer() ), Permissions.anything() ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Groups.geeks() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Usernames.joe(), Groups.geeks(), Roles.developer() ), Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForOrOperationOnPredicates() throws Exception
@@ -246,9 +247,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Groups.geeks() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
}
public void testSubjectIsAnAliasForAndOperation() throws Exception
@@ -272,8 +273,8 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ) ).reduce() );
}
}