Author: vtence Date: Tue Dec 14 20:01:45 2004 New Revision: 111933 URL: http://svn.apache.org/viewcvs?view=rev&rev=111933 Log: Major cut at xml policy builder, including support for role, username and group based rules. A pluggable mechanism is also in place for hooking up custom rules. Next to tackle is some out-of-the-box support for permissions. Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java - copied, changed from r111503, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Removed: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/parser/ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Permissions.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Subjects.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java
Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java Tue Dec 14 20:01:45 2004 @@ -62,7 +62,7 @@ public String toString() { - return "name=" + m_name; + return m_name; } } Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java Tue Dec 14 20:01:45 2004 @@ -41,9 +41,4 @@ { return super.hashCode(); } - - public String toString() - { - return "UsernamePrincipal: " + super.toString() + ""; - } } Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Tue Dec 14 20:01:45 2004 @@ -22,6 +22,7 @@ import javax.security.auth.Subject; /** + * TODO: consider adding predicates into an And operation instead of replacing * @author <a href="mailto:[EMAIL PROTECTED]">Vincent Tence</a> */ public class DefaultRule implements Rule Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,36 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.authorization.predicate; + +import org.apache.janus.authorization.Predicate; + +public class AndPredicate implements Predicate +{ + private final Predicate m_left; + private final Predicate m_right; + + public AndPredicate( Predicate left, Predicate right ) + { + m_left = left; + m_right = right; + } + + public boolean evaluate( Object o ) + { + return m_left.evaluate( o ) && m_right.evaluate( o ); + } +} Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java Tue Dec 14 20:01:45 2004 @@ -49,4 +49,9 @@ { return new HasPrincipalPredicate( p ); } + + public static Predicate and( Predicate p1, Predicate p2 ) + { + return new AndPredicate( p1, p2 ); + } } Modified: incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java&r1=111932&p2=incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java (original) +++ incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java Tue Dec 14 20:01:45 2004 @@ -19,6 +19,7 @@ import org.apache.janus.authentication.Credential; import java.sql.ResultSet; +import java.sql.SQLException; public class Column { @@ -84,9 +85,13 @@ value = (Credential) m_type.newInstance(); value.setValue( rs.getString( m_name )); } + catch ( SQLException e ) + { + throw new JDBCException( e ); + } catch ( Exception e ) { - throw new RuntimeException(); + throw new InstantiationException( "Cannot create credential instance: " + m_type.getName(), e ); } return value; } Added: incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,35 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.authentication.realm; + +public class InstantiationException extends RuntimeException +{ + public InstantiationException( String message ) + { + super( message ); + } + + public InstantiationException( Throwable cause ) + { + super( cause ); + } + + public InstantiationException( String message, Throwable cause ) + { + super( message, cause ); + } +} Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,39 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script; + +public class ScriptInterpretationException extends ScriptingException +{ + public ScriptInterpretationException() + { + } + + public ScriptInterpretationException( String message ) + { + super( message ); + } + + public ScriptInterpretationException( Throwable cause ) + { + super( cause ); + } + + public ScriptInterpretationException( String message, Throwable cause ) + { + super( message, cause ); + } +} Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,41 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script; + +import org.apache.janus.JanusException; + +public class ScriptingException extends JanusException +{ + public ScriptingException() + { + } + + public ScriptingException( String message ) + { + super( message ); + } + + public ScriptingException( Throwable cause ) + { + super( cause ); + } + + public ScriptingException( String message, Throwable cause ) + { + super( message, cause ); + } +} Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java Tue Dec 14 20:01:45 2004 @@ -16,31 +16,33 @@ */ package org.apache.janus.script.xml; -import org.apache.janus.authorization.DefaultRule; -import org.apache.janus.authorization.Effect; -import org.apache.janus.authorization.Predicate; +import org.apache.janus.authorization.Rule; import org.apache.janus.authorization.RuleSet; -import org.apache.janus.authorization.effect.DenyOverridesEffect; -import org.apache.janus.authorization.effect.Effects; -import org.apache.janus.authorization.effect.FirstApplicableEffect; -import org.apache.janus.authorization.effect.LastApplicableEffect; -import org.apache.janus.authorization.effect.PermitOverridesEffect; import org.apache.janus.script.RuleSetBuilder; -import org.apache.janus.script.xml.parser.TruePredicateNodeParser; +import org.apache.janus.script.xml.builder.HasUsernamePredicateBuilder; +import org.apache.janus.script.xml.builder.TruePredicateBuilder; +import org.apache.janus.script.xml.builder.DefaultRuleBuilder; +import org.apache.janus.script.xml.builder.FalsePredicateBuilder; +import org.apache.janus.script.xml.builder.HasGroupPredicateBuilder; +import org.apache.janus.script.xml.builder.HasRolePredicateBuilder; import org.dom4j.Document; import org.dom4j.DocumentException; import org.dom4j.Element; import java.io.Reader; -import java.util.HashMap; +import java.util.Iterator; import java.util.List; -import java.util.Map; + +/** + * No validation of any sort is implemented yet. At some point, validation will need to be added. + * <p> + * <i>Warning: implementation not threadsafe</i> + */ public class Dom4JRuleSetBuilder implements RuleSetBuilder { private final Element m_element; - private final Map m_parsers; - private final Map m_effects; + private NodeBuilderLookup m_lookup; public static Dom4JRuleSetBuilder fromReader( Reader reader ) throws DocumentException { @@ -50,27 +52,8 @@ public Dom4JRuleSetBuilder( Element element ) { m_element = element; - m_parsers = new HashMap(); - m_effects = new HashMap(); - - registerParsers(); - registerEffects(); - } - - private void registerParsers() - { - m_parsers.put( "any", new TruePredicateNodeParser() ); - } - - private void registerEffects() - { - m_effects.put( "grant", Effects.GRANT ); - m_effects.put( "deny", Effects.DENY ); - m_effects.put( "not-applicable", Effects.NOT_APPLICABLE ); - m_effects.put( "permit-overrides", new PermitOverridesEffect() ); - m_effects.put( "deny-overrides", new DenyOverridesEffect() ); - m_effects.put( "first-applicable", new FirstApplicableEffect() ); - m_effects.put( "last-applicable", new LastApplicableEffect() ); + m_lookup = new ReverseBuilderLookup(); + registerBuilders(); } public Dom4JRuleSetBuilder( Document doc ) @@ -78,46 +61,37 @@ this( doc.getRootElement() ); } - public void buildRuleSet( RuleSet ruleSet ) + public void registerBuilder( NodeBuilder builder ) { - Element rule = m_element.element( "rule" ); - addRule( ruleSet, rule ); + m_lookup.registerBuilder( builder ); } - private void addRule( RuleSet ruleSet, Element element ) - { - String effectName = element.attributeValue( "effect" ); - DefaultRule rule = new DefaultRule( effect( effectName ) ); - setSubjectPredicate( rule, element ); - setPermissionPredicate( rule, element ); - ruleSet.addRule( rule ); - } - - private Effect effect( String name ) - { - return (Effect) m_effects.get( name ); - } - - private void setSubjectPredicate( DefaultRule rule, Element element ) - { - Element subjects = element.element( "subjects" ); - List predicates = subjects.elements(); - Element e = (Element) predicates.get( 0 ); - rule.matchSubjects( predicate( e ) ); - } - - private Predicate predicate( Element e ) + public void buildRuleSet( RuleSet ruleSet ) { - NodeParser nodeParser = (NodeParser) m_parsers.get( e.getName() ); - return (Predicate) nodeParser.parse( e ); + List rules = m_element.elements( "rule" ); + addAllRules( ruleSet, rules ); } - private void setPermissionPredicate( DefaultRule rule, Element element ) + private void addAllRules( RuleSet ruleSet, List rules ) { - Element permissions = element.element( "permissions" ); - List predicates = permissions.elements(); - Element e = (Element) predicates.get( 0 ); - rule.matchPermissions( predicate( e ) ); + for ( Iterator it = rules.iterator(); it.hasNext(); ) + { + Element e = (Element) it.next(); + NodeBuilder builder = m_lookup.lookupBuilder( e ); + Rule rule = (Rule) builder.buildFrom( e, m_lookup ); + ruleSet.addRule( rule ); + } + } + + private void registerBuilders() + { + m_lookup.registerBuilder( new DefaultRuleBuilder() ); + m_lookup.registerBuilder( new TruePredicateBuilder() ); + m_lookup.registerBuilder( new FalsePredicateBuilder() ); + m_lookup.registerBuilder( new HasUsernamePredicateBuilder() ); + m_lookup.registerBuilder( new HasUsernamePredicateBuilder() ); + m_lookup.registerBuilder( new HasGroupPredicateBuilder() ); + m_lookup.registerBuilder( new HasRolePredicateBuilder() ); } } Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java (from r111503, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java) Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java&r1=111503&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java Tue Dec 14 20:01:45 2004 @@ -18,7 +18,9 @@ import org.dom4j.Element; -public interface NodeParser +public interface NodeBuilder { - Object parse( Element e ); + boolean canBuild( Element e ); + + Object buildFrom( Element e, NodeBuilderLookup lookup ); } Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,10 @@ +package org.apache.janus.script.xml; + +import org.dom4j.Element; + +public interface NodeBuilderLookup +{ + void registerBuilder( NodeBuilder builder ); + + NodeBuilder lookupBuilder( Element e ); +} Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java?view=auto&rev=111932 ============================================================================== Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,49 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml; + +import org.dom4j.Element; +import org.apache.janus.script.ScriptInterpretationException; + +import java.util.List; +import java.util.ArrayList; + +public class ReverseBuilderLookup implements NodeBuilderLookup +{ + private final List m_builders; + + public ReverseBuilderLookup() + { + m_builders = new ArrayList(); + } + + public void registerBuilder( NodeBuilder builder ) + { + m_builders.add( builder ); + } + + public NodeBuilder lookupBuilder( Element e ) + { + for ( int i = m_builders.size() - 1; i >= 0 ; i-- ) + { + NodeBuilder builder = ( NodeBuilder ) m_builders.get( i ); + if ( builder.canBuild( e ) ) return builder; + } + + throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e); + } +} Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,41 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.testmodel; + +import org.apache.janus.authentication.AbstractPrincipal; + +public class EyeColorPrincipal extends AbstractPrincipal +{ + public EyeColorPrincipal( String name ) + { + super( name ); + } + + public boolean equals( Object o ) + { + if ( this == o ) return true; + if ( !( o instanceof EyeColorPrincipal ) ) return false; + if ( !super.equals( o ) ) return false; + + return true; + } + + public int hashCode() + { + return super.hashCode(); + } +} Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,37 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.testmodel; + +import org.apache.janus.authentication.attribute.GroupPrincipal; + +public class Groups +{ + public static GroupPrincipal canadians() + { + return new GroupPrincipal( "canadians" ); + } + + public static GroupPrincipal geeks() + { + return new GroupPrincipal( "geeks" ); + } + + public static GroupPrincipal men() + { + return new GroupPrincipal( "men" ); + } +} Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,28 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.testmodel; + +import org.apache.janus.authorization.BasicPermission; +import org.apache.janus.authorization.Permission; + +public class Permissions +{ + public static Permission anything() + { + return new BasicPermission( "anything" ); + } +} Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,48 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.testmodel; + +import org.apache.janus.authentication.attribute.RolePrincipal; + +import java.security.Principal; + +public class Roles +{ + public static Principal user() + { + return new RolePrincipal( "user" ); + } + + public static Principal developer() + { + return new RolePrincipal( "developer" ); + } + + public static Principal tester() + { + return new RolePrincipal( "tester" ); + } + + public static Principal manager() + { + return new RolePrincipal( "manager" ); + } + + private Roles() + { + } +} Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,73 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.testmodel; + +import javax.security.auth.Subject; +import java.security.Principal; + +public class Subjects +{ + public static Subject joe() + { + return with( Usernames.joe() ); + } + + public static Subject with( Principal p ) + { + Subject s = new Subject(); + s.getPrincipals().add( p ); + return s; + } + + public static Subject with( Principal p1, Principal p2 ) + { + Subject s = new Subject(); + s.getPrincipals().add( p1 ); + s.getPrincipals().add( p2 ); + return s; + } + + public static Subject with( Principal p1, Principal p2, Principal p3 ) + { + Subject s = new Subject(); + s.getPrincipals().add( p1 ); + s.getPrincipals().add( p2 ); + s.getPrincipals().add( p3 ); + return s; + } + + public static Subject with( Principal[] principals ) + { + Subject s = new Subject(); + for ( int i = 0; i < principals.length; i++ ) + { + Principal p = principals[i]; + s.getPrincipals().add( p ); + } + return s; + } + + public static Subject anybody() + { + return new Subject(); + } + + public static Subject withGreenEyes() + { + return with( new EyeColorPrincipal( "green" ) ); + } +} Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,27 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.testmodel; + +import org.apache.janus.authentication.realm.UsernamePrincipal; + +public class Usernames +{ + public static UsernamePrincipal joe() + { + return new UsernamePrincipal( "joeblow" ); + } +} Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java Tue Dec 14 20:01:45 2004 @@ -16,10 +16,11 @@ */ package org.apache.janus.script.xml; -import org.apache.janus.authentication.attribute.MutableInformationProvider; import org.apache.janus.authentication.attribute.AttributeProvider; import org.apache.janus.authentication.attribute.CyclicAssociationException; +import org.apache.janus.authentication.attribute.MutableInformationProvider; import org.apache.janus.script.InformationProviderBuilderMonitor; +import org.apache.janus.script.testmodel.Groups; import org.jmock.Mock; import org.jmock.MockObjectTestCase; import org.jmock.core.Constraint; @@ -36,8 +37,8 @@ Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( userWithTwoGroups() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.geeks() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.geeks() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -60,7 +61,7 @@ Mock mockProvider = new Mock( MutableInformationProvider.class ); mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.men() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -84,7 +85,7 @@ ( InformationProviderBuilderMonitor ) mockMonitor.proxy() ); AttributeProvider provider = new AttributeProvider(); - mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ); + mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.men() ) ); builder.buildProvider( provider ); mockMonitor.verify(); @@ -107,7 +108,7 @@ ( InformationProviderBuilderMonitor ) mockMonitor.proxy() ); AttributeProvider provider = new AttributeProvider(); - CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), Groups.canadians() ); + CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), org.apache.janus.script.testmodel.Groups.canadians() ); mockMonitor.expects( once() ).method( "cyclicAssociation" ).with( new CyclicAssociationExceptionConstraint( expected ) ); builder.buildProvider( provider ); @@ -135,11 +136,11 @@ public boolean eval( Object o ) { - if (!(o instanceof CyclicAssociationException)) return false; + if ( !( o instanceof CyclicAssociationException ) ) return false; - CyclicAssociationException other = (CyclicAssociationException) o; - if (!m_exception.getPrincipal().equals( other.getPrincipal()) ) return false; - if (!m_exception.getAttribute().equals( other.getAttribute()) ) return false; + CyclicAssociationException other = ( CyclicAssociationException ) o; + if ( !m_exception.getPrincipal().equals( other.getPrincipal() ) ) return false; + if ( !m_exception.getAttribute().equals( other.getAttribute() ) ) return false; return true; } Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java Tue Dec 14 20:01:45 2004 @@ -17,6 +17,9 @@ package org.apache.janus.script.xml; import org.apache.janus.authentication.attribute.MutableInformationProvider; +import org.apache.janus.script.testmodel.Groups; +import org.apache.janus.script.testmodel.Roles; +import org.apache.janus.script.testmodel.Usernames; import org.jmock.Mock; import org.jmock.MockObjectTestCase; @@ -29,8 +32,8 @@ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( userWithTwoRoles() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.user() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.developer() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -52,9 +55,9 @@ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( groupsWithRoles() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.developer() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.tester() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -77,8 +80,8 @@ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( roleWithTwoRoles() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.user() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.tester() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r2=111933 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java Tue Dec 14 20:01:45 2004 @@ -19,29 +19,206 @@ import org.apache.janus.authorization.Policy; import org.apache.janus.authorization.effect.DenyOverridesEffect; import org.apache.janus.authorization.effect.Effects; +import org.apache.janus.authorization.effect.PermitOverridesEffect; +import org.apache.janus.script.testmodel.Groups; +import org.apache.janus.script.testmodel.Permissions; +import org.apache.janus.script.testmodel.Roles; +import org.apache.janus.script.testmodel.Subjects; +import org.apache.janus.script.testmodel.Usernames; +import org.apache.janus.script.xml.builder.FalsePredicateBuilder; import org.jmock.MockObjectTestCase; import java.io.StringReader; public class Dom4JRuleSetBuilderTest extends MockObjectTestCase { + /** + * TODO Several predicates (defaults to and operation) + */ public void testParsesDocumentAndAddsRulesToPolicy() throws Exception { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( policyWithSingleRule() ) ); + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy() ) ); Policy policy = new Policy( new DenyOverridesEffect() ); builder.buildRuleSet( policy ); - assertEquals( Effects.GRANT, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() ); + assertEquals( Effects.DENY, policy.evaluate( org.apache.janus.script.testmodel.Subjects.anybody(), Permissions.anything() ).reduce() ); } - private String policyWithSingleRule() + public void testHasBuiltInSupportForRulingOnUsernames() throws Exception + { + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe() ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.joe(), Permissions.anything() ).reduce() ); + } + + public void testHasBuiltInSupportForRulingOnGroups() throws Exception + { + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians() ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() ); + } + + public void testHasBuiltInSupportForRulingOnRoles() throws Exception + { + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers() ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); + } + + public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception + { + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes() ) ); + builder.registerBuilder( new HasEyeColorPredicateBuilder() ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() ); + } + + public void testLastRegisteredBuilderWins() throws Exception + { + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone() ) ); + builder.registerBuilder( new FalsePredicateBuilder( "any" ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() ); + } + + public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception + { + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates() ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); + } + + private String samplePolicy() + { + String content = + "<policy>\n" + + " <rule effect=\"deny\">\n" + + " <subjects>\n" + + " <any/>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <any/>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + return content; + } + + private String grantToJoe() + { + String content = + "<policy>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <username>joeblow</username>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + return content; + } + + private String grantToCanadians() + { + String content = + "<policy>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <group>canadians</group>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + return content; + } + + private String grantToDevelopers() + { + String content = + "<policy>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <role>developer</role>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + return content; + } + + private String grantToGreenEyes() + { + String content = + "<policy>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <eye-color>green</eye-color>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + return content; + } + + private String grantEveryone() { String content = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + " <any/>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + return content; + } + + private String multiplePredicates() + { + String content = + "<policy>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <username>joeblow</username>\n" + + " <role>developer</role>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java?view=auto&rev=111932 ============================================================================== Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java?view=auto&rev=111933 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Tue Dec 14 20:01:45 2004 @@ -0,0 +1,34 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml; + +import org.apache.janus.authorization.predicate.HasPrincipalPredicate; +import org.apache.janus.script.testmodel.EyeColorPrincipal; +import org.dom4j.Element; + +public class HasEyeColorPredicateBuilder implements NodeBuilder +{ + public boolean canBuild( Element e ) + { + return "eye-color".equals( e.getName() ); + } + + public Object buildFrom( Element e, NodeBuilderLookup lookup ) + { + return new HasPrincipalPredicate( new EyeColorPrincipal( e.getTextTrim() ) ); + } +} Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Permissions.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Permissions.java?view=auto&rev=111932 ============================================================================== Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java?view=auto&rev=111932 ============================================================================== Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Subjects.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Subjects.java?view=auto&rev=111932 ============================================================================== Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java?view=auto&rev=111932 ==============================================================================
