Author: vtence
Date: Thu Sep 30 20:32:13 2004
New Revision: 47621
Added:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/PrimitiveRule.java
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/PolicyTest.java
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
Log:
Can't live without tests ...
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
Thu Sep 30 20:32:13 2004
@@ -21,6 +21,8 @@
*/
public interface Effect
{
+ Effect and( Effect effect );
+
Effect derive( Effect effect );
Effect permit();
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
Thu Sep 30 20:32:13 2004
@@ -47,8 +47,8 @@
for ( Iterator it = m_rules.iterator(); it.hasNext(); )
{
Rule rule = ( Rule ) it.next();
- Effect e = rule.evaluate( s, p );
- decision = e.derive( decision );
+ Effect effect = rule.evaluate( s, p );
+ decision = decision.and( effect );
}
return decision;
Added:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/PrimitiveRule.java
==============================================================================
--- (empty file)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/PrimitiveRule.java
Thu Sep 30 20:32:13 2004
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2004 Your Corporation. All Rights Reserved.
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+public class PrimitiveRule implements Rule
+{
+ private final Effect effect;
+
+ public PrimitiveRule( Effect effect )
+ {
+ this.effect = effect;
+ }
+
+ public Effect evaluate( Subject s, Permission p )
+ {
+ return effect;
+ }
+}
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
Thu Sep 30 20:32:13 2004
@@ -23,6 +23,11 @@
*/
public final class DenyEffect implements Effect
{
+ public Effect and( Effect effect )
+ {
+ return this;
+ }
+
public Effect derive( Effect effect )
{
return effect.deny();
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
Thu Sep 30 20:32:13 2004
@@ -35,6 +35,11 @@
m_effect = effect;
}
+ public Effect and( Effect effect )
+ {
+ return effect.derive( this );
+ }
+
public Effect derive( Effect effect )
{
return m_effect.derive( effect );
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
Thu Sep 30 20:32:13 2004
@@ -35,6 +35,11 @@
m_effect = effect;
}
+ public Effect and( Effect effect )
+ {
+ return effect.derive( this );
+ }
+
public Effect derive( Effect effect )
{
return m_effect.derive( effect );
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
Thu Sep 30 20:32:13 2004
@@ -23,6 +23,11 @@
*/
public final class GrantEffect implements Effect
{
+ public Effect and( Effect effect )
+ {
+ return this;
+ }
+
public Effect derive( Effect effect )
{
return effect.permit();
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
Thu Sep 30 20:32:13 2004
@@ -23,6 +23,11 @@
*/
public final class IndeterminateEffect implements Effect
{
+ public Effect and( Effect effect )
+ {
+ return this;
+ }
+
public Effect derive( Effect effect )
{
return effect.indeterminate();
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
Thu Sep 30 20:32:13 2004
@@ -35,6 +35,11 @@
m_effect = effect;
}
+ public Effect and( Effect effect )
+ {
+ return effect.derive( this );
+ }
+
public Effect derive( Effect effect )
{
return m_effect.derive( effect );
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
Thu Sep 30 20:32:13 2004
@@ -23,6 +23,11 @@
*/
public final class NotApplicableEffect implements Effect
{
+ public Effect and( Effect effect )
+ {
+ return this;
+ }
+
public Effect derive( Effect effect )
{
return effect;
Modified:
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
==============================================================================
---
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
(original)
+++
incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
Thu Sep 30 20:32:13 2004
@@ -35,6 +35,11 @@
m_effect = effect;
}
+ public Effect and( Effect effect )
+ {
+ return effect.derive( this );
+ }
+
public Effect derive( Effect effect )
{
return m_effect.derive( effect );
Added:
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/PolicyTest.java
==============================================================================
--- (empty file)
+++
incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/PolicyTest.java
Thu Sep 30 20:32:13 2004
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2004 Your Corporation. All Rights Reserved.
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.DenyEffect;
+import org.apache.janus.authorization.effect.GrantEffect;
+import org.jmock.Mock;
+import org.jmock.MockObjectTestCase;
+
+import javax.security.auth.Subject;
+
+public class PolicyTest extends MockObjectTestCase
+{
+ public void testEmptyPolicyResolvesToDefaultDecision()
+ {
+ Policy policy = new Policy( new GrantEffect() );
+ assertTrue( policy.evaluate( new Subject(), new
BasicPermission("doSomething") ) instanceof GrantEffect );
+ }
+
+ public void testPolicyIsEvaluatedByCombiningRuleDecisions()
+ {
+ Mock mockEffect = new Mock( Effect.class );
+ Policy policy = new Policy( effect(mockEffect) );
+
+ policy.addRule( new PrimitiveRule( new GrantEffect() ));
+ policy.addRule( new PrimitiveRule( new DenyEffect() ));
+
+ mockEffect.expects( once() ).method( "and" ).with(
isA(GrantEffect.class) ).will( returnValue( effect(mockEffect) ));
+ mockEffect.expects( once() ).method( "and" ).with(
isA(DenyEffect.class) ).will( returnValue( effect(mockEffect) ));
+
+ policy.evaluate( new Subject(), new BasicPermission( "doSomething" ) );
+ mockEffect.verify();
+ }
+
+ private Effect effect( Mock mock )
+ {
+ return (Effect) mock.proxy();
+ }
+}
