Author: vtence Date: Wed Dec 15 20:13:11 2004 New Revision: 121134 URL: http://svn.apache.org/viewcvs?view=rev&rev=121134 Log: Added and or or predicate support to xml ruleset definitions Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java - copied, changed from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java - copied, changed from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java Removed: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java
Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Wed Dec 15 20:13:11 2004 @@ -18,6 +18,7 @@ import org.apache.janus.authorization.effect.Effects; import org.apache.janus.authorization.predicate.Predicates; +import org.apache.janus.authorization.predicate.AndPredicate; import javax.security.auth.Subject; @@ -50,12 +51,12 @@ public void matchSubjects( Predicate condition ) { - m_subjectPredicate = condition; + m_subjectPredicate = new AndPredicate( m_subjectPredicate, condition ); } public void matchPermissions( Predicate condition ) { - m_permissionPredicate = condition; + m_permissionPredicate = new AndPredicate( m_permissionPredicate, condition ); } public Effect evaluate( Subject s, Permission p ) Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java?view=auto&rev=121134 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java Wed Dec 15 20:13:11 2004 @@ -0,0 +1,36 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.authorization.predicate; + +import org.apache.janus.authorization.Predicate; + +public class OrPredicate implements Predicate +{ + private final Predicate m_left; + private final Predicate m_right; + + public OrPredicate( Predicate left, Predicate right ) + { + m_left = left; + m_right = right; + } + + public boolean evaluate( Object o ) + { + return m_left.evaluate( o ) || m_right.evaluate( o ); + } +} Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java (original) +++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java Wed Dec 15 20:13:11 2004 @@ -16,16 +16,15 @@ */ package org.apache.janus.authorization; -import org.apache.janus.authentication.realm.UsernamePrincipal; import org.apache.janus.authorization.effect.Effects; import org.apache.janus.authorization.predicate.FalsePredicate; import org.apache.janus.authorization.predicate.HasPrincipalPredicate; import org.apache.janus.authorization.predicate.ImpliedPermissionPredicate; import org.apache.janus.authorization.predicate.TruePredicate; +import org.apache.janus.testmodel.Subjects; +import org.apache.janus.testmodel.Usernames; import org.jmock.MockObjectTestCase; -import javax.security.auth.Subject; - /** * @author <a href="mailto:[EMAIL PROTECTED]">Vincent Tence</a> */ @@ -46,29 +45,31 @@ public void testEvaluatesToRuleEffectIfTargetVerifiesCondition() { m_rule.setEffect( Effects.DENY ); - m_rule.matchSubjects( new HasPrincipalPredicate( new UsernamePrincipal( "johnDoe" ) ) ); + m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) ); + m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) ); + assertEquals( Effects.DENY, m_rule.evaluate( Subjects.john(), new SomePermission() ) ); + } + + public void testSubsequentConditionsAreCombinedIntoAnAndOperation() + { + m_rule.setEffect( Effects.GRANT ); + m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) ); + m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) ); m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) ); - assertEquals( Effects.DENY, m_rule.evaluate( john(), new SomePermission() ) ); + assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.joe(), new SomePermission() ) ); } public void testIsNotApplicableIfSubjectConditionIsNotVerified() { m_rule.matchSubjects( new FalsePredicate() ); m_rule.matchPermissions( new TruePredicate() ); - assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) ); + assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission() ) ); } public void testIsNotApplicableIfPermissionConditionIsNotVerified() { m_rule.matchSubjects( new TruePredicate() ); m_rule.matchPermissions( new FalsePredicate() ); - assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) ); - } - - private Subject john() - { - Subject subject = new Subject(); - subject.getPrincipals().add( new UsernamePrincipal( "johnDoe" ) ); - return subject; + assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission() ) ); } } Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java (original) +++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java Wed Dec 15 20:13:11 2004 @@ -26,6 +26,11 @@ return with( Usernames.joe() ); } + public static Subject john() + { + return with( Usernames.john() ); + } + public static Subject with( Principal p ) { Subject s = new Subject(); Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java (original) +++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java Wed Dec 15 20:13:11 2004 @@ -24,4 +24,9 @@ { return new UsernamePrincipal( "joeblow" ); } + + public static UsernamePrincipal john() + { + return new UsernamePrincipal( "johnDoe" ); + } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java Wed Dec 15 20:13:11 2004 @@ -25,6 +25,8 @@ import org.apache.janus.script.xml.builder.FalsePredicateBuilder; import org.apache.janus.script.xml.builder.HasGroupPredicateBuilder; import org.apache.janus.script.xml.builder.HasRolePredicateBuilder; +import org.apache.janus.script.xml.builder.AndPredicateBuilder; +import org.apache.janus.script.xml.builder.OrPredicateBuilder; import org.dom4j.Document; import org.dom4j.DocumentException; import org.dom4j.Element; @@ -35,14 +37,16 @@ /** - * No validation of any sort is implemented yet. At some point, validation will need to be added. + * No validation of any sort is implemented yet. At some point, validation will need to be added, + * possibly via a validate method on node builders, that would recursively check all elements in the + * DOM tree. * <p> * <i>Warning: implementation not threadsafe</i> */ public class Dom4JRuleSetBuilder implements RuleSetBuilder { private final Element m_element; - private NodeBuilderLookup m_lookup; + private NodeBuildingContext m_buildingContext; public static Dom4JRuleSetBuilder fromReader( Reader reader ) throws DocumentException { @@ -52,7 +56,7 @@ public Dom4JRuleSetBuilder( Element element ) { m_element = element; - m_lookup = new ReverseBuilderLookup(); + m_buildingContext = new ReverseBuildingContext(); registerBuilders(); } @@ -63,7 +67,7 @@ public void registerBuilder( NodeBuilder builder ) { - m_lookup.registerBuilder( builder ); + m_buildingContext.registerBuilder( builder ); } public void buildRuleSet( RuleSet ruleSet ) @@ -77,21 +81,22 @@ for ( Iterator it = rules.iterator(); it.hasNext(); ) { Element e = (Element) it.next(); - NodeBuilder builder = m_lookup.lookupBuilder( e ); - Rule rule = (Rule) builder.buildFrom( e, m_lookup ); + Rule rule = (Rule) m_buildingContext.buildFrom( e ); ruleSet.addRule( rule ); } } private void registerBuilders() { - m_lookup.registerBuilder( new DefaultRuleBuilder() ); - m_lookup.registerBuilder( new TruePredicateBuilder() ); - m_lookup.registerBuilder( new FalsePredicateBuilder() ); - m_lookup.registerBuilder( new HasUsernamePredicateBuilder() ); - m_lookup.registerBuilder( new HasUsernamePredicateBuilder() ); - m_lookup.registerBuilder( new HasGroupPredicateBuilder() ); - m_lookup.registerBuilder( new HasRolePredicateBuilder() ); + m_buildingContext.registerBuilder( new DefaultRuleBuilder() ); + m_buildingContext.registerBuilder( new TruePredicateBuilder() ); + m_buildingContext.registerBuilder( new FalsePredicateBuilder() ); + m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() ); + m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() ); + m_buildingContext.registerBuilder( new HasGroupPredicateBuilder() ); + m_buildingContext.registerBuilder( new HasRolePredicateBuilder() ); + m_buildingContext.registerBuilder( new AndPredicateBuilder() ); + m_buildingContext.registerBuilder( new OrPredicateBuilder() ); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java Wed Dec 15 20:13:11 2004 @@ -18,9 +18,23 @@ import org.dom4j.Element; +/** + * TODO: Consider having a tree validation method like + * <pre> + * <code>boolean validate(Element element)</code> + * </pre> + * to recursively validates an element tree. + */ public interface NodeBuilder { + /** + * Checks whether this builder can handle the specified element. + * This is not intended to be recursive, i.e. builders should not + * check if contained elements can in turn be built correctly. + */ boolean canBuild( Element e ); - Object buildFrom( Element e, NodeBuilderLookup lookup ); + void setParent( NodeBuilder parent ); + + Object buildFrom( Element e ); } Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java?view=auto&rev=121133 ============================================================================== Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java (from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java) Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java&r1=111968&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java Wed Dec 15 20:13:11 2004 @@ -1,10 +1,6 @@ package org.apache.janus.script.xml; -import org.dom4j.Element; - -public interface NodeBuilderLookup +public interface NodeBuildingContext extends NodeBuilder { void registerBuilder( NodeBuilder builder ); - - NodeBuilder lookupBuilder( Element e ); } Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java?view=auto&rev=121133 ============================================================================== Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java (from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java) Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java&r1=111968&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java Wed Dec 15 20:13:11 2004 @@ -18,25 +18,41 @@ import org.dom4j.Element; import org.apache.janus.script.ScriptInterpretationException; +import org.apache.janus.script.xml.builder.AbstractNodeBuilder; import java.util.List; import java.util.ArrayList; -public class ReverseBuilderLookup implements NodeBuilderLookup +public class ReverseBuildingContext extends AbstractNodeBuilder + implements NodeBuildingContext { private final List m_builders; - public ReverseBuilderLookup() + public ReverseBuildingContext() { m_builders = new ArrayList(); } + public boolean canBuild( Element e ) + { + return lookupBuilder( e ) != null; + } + public void registerBuilder( NodeBuilder builder ) { + builder.setParent( this ); m_builders.add( builder ); } - public NodeBuilder lookupBuilder( Element e ) + public Object buildFrom( Element e ) + { + NodeBuilder builder = lookupBuilder( e ); + if (builder == null) throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e); + + return builder.buildFrom( e ); + } + + private NodeBuilder lookupBuilder( Element e ) { for ( int i = m_builders.size() - 1; i >= 0 ; i-- ) { @@ -44,6 +60,7 @@ if ( builder.canBuild( e ) ) return builder; } - throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e); + return null; } } + Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java?view=auto&rev=121134 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java Wed Dec 15 20:13:11 2004 @@ -0,0 +1,34 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + +import org.apache.janus.script.xml.NodeBuilder; + +public abstract class AbstractNodeBuilder implements NodeBuilder +{ + private NodeBuilder m_parent; + + public void setParent( NodeBuilder parent ) + { + m_parent = parent; + } + + protected final NodeBuilder getParent() + { + return m_parent; + } +} Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java?view=auto&rev=121134 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -0,0 +1,39 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + +import org.apache.janus.authorization.predicate.AndPredicate; +import org.dom4j.Element; + +public class AndPredicateBuilder + extends LogicalPredicateBuilder +{ + public AndPredicateBuilder() + { + this( "and" ); + } + + public AndPredicateBuilder( String elementName ) + { + super( elementName ); + } + + public Object buildFrom( Element e ) + { + return new AndPredicate( left( e ), right( e ) ); + } +} Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java Wed Dec 15 20:13:11 2004 @@ -19,22 +19,19 @@ import org.apache.janus.authorization.DefaultRule; import org.apache.janus.authorization.Effect; import org.apache.janus.authorization.Predicate; -import org.apache.janus.authorization.predicate.Predicates; import org.apache.janus.authorization.effect.DenyOverridesEffect; import org.apache.janus.authorization.effect.Effects; import org.apache.janus.authorization.effect.FirstApplicableEffect; import org.apache.janus.authorization.effect.LastApplicableEffect; import org.apache.janus.authorization.effect.PermitOverridesEffect; -import org.apache.janus.script.xml.NodeBuilder; -import org.apache.janus.script.xml.NodeBuilderLookup; import org.dom4j.Element; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Iterator; -public class DefaultRuleBuilder implements NodeBuilder +public class DefaultRuleBuilder extends AbstractNodeBuilder { private final String m_elementName; private final Map m_effects; @@ -56,24 +53,23 @@ return m_elementName.equals( e.getName() ); } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { String effectName = e.attributeValue( "effect" ); DefaultRule rule = new DefaultRule( effect( effectName ) ); - setSubjectPredicate( rule, e, lookup ); - setPermissionPredicate( rule, e, lookup ); + setSubjectPredicate( rule, e ); + setPermissionPredicate( rule, e ); return rule; } private Effect effect( String name ) { - return (Effect) m_effects.get( name ); + return ( Effect ) m_effects.get( name ); } - private Predicate predicate( Element e, NodeBuilderLookup lookup ) + private Predicate predicate( Element e ) { - NodeBuilder builder = lookup.lookupBuilder( e ); - return (Predicate) builder.buildFrom( e, lookup ); + return ( Predicate ) getParent().buildFrom( e ); } private void registerEffects() @@ -87,34 +83,28 @@ m_effects.put( "last-applicable", new LastApplicableEffect() ); } - private void setPermissionPredicate( DefaultRule rule, Element element, NodeBuilderLookup lookup ) + private void setPermissionPredicate( DefaultRule rule, Element element ) { Element permissions = element.element( "permissions" ); List predicates = permissions.elements(); - Predicate p = Predicates.TRUE; for ( Iterator it = predicates.iterator(); it.hasNext(); ) { Element e = ( Element ) it.next(); - // Consider moving this logic to default rule - p = Predicates.and( p, predicate( e, lookup ) ); + rule.matchPermissions( predicate( e ) ); } - rule.matchPermissions( p ); } - private void setSubjectPredicate( DefaultRule rule, Element element, NodeBuilderLookup lookup ) + private void setSubjectPredicate( DefaultRule rule, Element element ) { Element subjects = element.element( "subjects" ); List predicates = subjects.elements(); - Predicate p = Predicates.TRUE; for ( Iterator it = predicates.iterator(); it.hasNext(); ) { Element e = ( Element ) it.next(); - // Consider moving this logic to default rule - p = Predicates.and( p, predicate( e, lookup ) ); + rule.matchSubjects( predicate( e ) ); } - rule.matchSubjects( p ); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -16,18 +16,16 @@ */ package org.apache.janus.script.xml.builder; -import org.apache.janus.script.xml.NodeBuilder; -import org.apache.janus.script.xml.NodeBuilderLookup; import org.apache.janus.authorization.predicate.Predicates; import org.dom4j.Element; -public class FalsePredicateBuilder implements NodeBuilder +public class FalsePredicateBuilder extends AbstractNodeBuilder { private final String m_elementName; public FalsePredicateBuilder() { - this( "none" ); + this( "none" ); } public FalsePredicateBuilder( String elementName ) @@ -40,7 +38,7 @@ return m_elementName.equals( e.getName() ); } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { return Predicates.FALSE; } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -18,11 +18,9 @@ import org.apache.janus.authentication.attribute.GroupPrincipal; import org.apache.janus.authorization.predicate.HasPrincipalPredicate; -import org.apache.janus.script.xml.NodeBuilder; -import org.apache.janus.script.xml.NodeBuilderLookup; import org.dom4j.Element; -public class HasGroupPredicateBuilder implements NodeBuilder +public class HasGroupPredicateBuilder extends AbstractNodeBuilder { private final String m_elementName; @@ -41,8 +39,8 @@ return m_elementName.equals( e.getName() ); } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { - return new HasPrincipalPredicate( new GroupPrincipal( e.getTextTrim() )); + return new HasPrincipalPredicate( new GroupPrincipal( e.getTextTrim() ) ); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -16,14 +16,11 @@ */ package org.apache.janus.script.xml.builder; -import org.apache.janus.authentication.attribute.GroupPrincipal; import org.apache.janus.authentication.attribute.RolePrincipal; import org.apache.janus.authorization.predicate.HasPrincipalPredicate; -import org.apache.janus.script.xml.NodeBuilder; -import org.apache.janus.script.xml.NodeBuilderLookup; import org.dom4j.Element; -public class HasRolePredicateBuilder implements NodeBuilder +public class HasRolePredicateBuilder extends AbstractNodeBuilder { private final String m_elementName; @@ -42,8 +39,8 @@ return m_elementName.equals( e.getName() ); } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { - return new HasPrincipalPredicate( new RolePrincipal( e.getTextTrim() )); + return new HasPrincipalPredicate( new RolePrincipal( e.getTextTrim() ) ); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -18,11 +18,9 @@ import org.apache.janus.authentication.realm.UsernamePrincipal; import org.apache.janus.authorization.predicate.HasPrincipalPredicate; -import org.apache.janus.script.xml.NodeBuilder; -import org.apache.janus.script.xml.NodeBuilderLookup; import org.dom4j.Element; -public class HasUsernamePredicateBuilder implements NodeBuilder +public class HasUsernamePredicateBuilder extends AbstractNodeBuilder { private final String m_elementName; @@ -41,8 +39,8 @@ return m_elementName.equals( e.getName() ); } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { - return new HasPrincipalPredicate( new UsernamePrincipal( e.getTextTrim() )); + return new HasPrincipalPredicate( new UsernamePrincipal( e.getTextTrim() ) ); } } Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java?view=auto&rev=121134 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -0,0 +1,75 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + +import org.dom4j.Element; +import org.apache.janus.authorization.Predicate; + +public abstract class LogicalPredicateBuilder extends AbstractNodeBuilder +{ + protected final String m_elementName; + + protected LogicalPredicateBuilder( String elementName ) + { + m_elementName = elementName; + } + + public boolean canBuild( Element e ) + { + return hasProperName( e ) && hasProperOperands( e ); + } + + private boolean hasProperName( Element e ) + { + return m_elementName.equals( e.getName() ); + } + + private boolean hasProperOperands( Element e ) + { + return e.elements().size() == 2; + } + + protected Predicate left( Element e ) + { + return predicate( leftOperand( e ) ); + } + + protected Predicate right( Element e ) + { + return predicate( rightOperand( e ) ); + } + + private Predicate predicate( Element e ) + { + return ( Predicate ) getParent().buildFrom( e ); + } + + protected Element leftOperand( Element e ) + { + return child( e, 0 ); + } + + protected Element rightOperand( Element e ) + { + return child( e, 1 ); + } + + private Element child( Element e, int index ) + { + return ( Element ) e.elements().get( index ); + } +} Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java?view=auto&rev=121134 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -0,0 +1,38 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + +import org.dom4j.Element; +import org.apache.janus.authorization.predicate.OrPredicate; + +public class OrPredicateBuilder extends LogicalPredicateBuilder +{ + public OrPredicateBuilder() + { + this( "or" ); + } + + public OrPredicateBuilder( String elementName ) + { + super( elementName ); + } + + public Object buildFrom( Element e ) + { + return new OrPredicate( left( e ), right( e )); + } +} Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -16,18 +16,16 @@ */ package org.apache.janus.script.xml.builder; -import org.apache.janus.script.xml.NodeBuilder; -import org.apache.janus.script.xml.NodeBuilderLookup; import org.apache.janus.authorization.predicate.Predicates; import org.dom4j.Element; -public class TruePredicateBuilder implements NodeBuilder +public class TruePredicateBuilder extends AbstractNodeBuilder { private final String m_elementName; public TruePredicateBuilder() { - this( "any" ); + this( "any" ); } public TruePredicateBuilder( String elementName ) @@ -38,9 +36,9 @@ public boolean canBuild( Element e ) { return m_elementName.equals( e.getName() ); - } + } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { return Predicates.TRUE; } Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java Wed Dec 15 20:13:11 2004 @@ -21,6 +21,7 @@ import org.apache.janus.authentication.attribute.MutableInformationProvider; import org.apache.janus.script.InformationProviderBuilderMonitor; import org.apache.janus.script.testmodel.Groups; +import org.apache.janus.script.testmodel.Usernames; import org.jmock.Mock; import org.jmock.MockObjectTestCase; import org.jmock.core.Constraint; @@ -37,8 +38,8 @@ Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( userWithTwoGroups() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.geeks() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.geeks() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -61,7 +62,7 @@ Mock mockProvider = new Mock( MutableInformationProvider.class ); mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.men() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -85,7 +86,7 @@ ( InformationProviderBuilderMonitor ) mockMonitor.proxy() ); AttributeProvider provider = new AttributeProvider(); - mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.men() ) ); + mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ); builder.buildProvider( provider ); mockMonitor.verify(); @@ -108,7 +109,7 @@ ( InformationProviderBuilderMonitor ) mockMonitor.proxy() ); AttributeProvider provider = new AttributeProvider(); - CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), org.apache.janus.script.testmodel.Groups.canadians() ); + CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), Groups.canadians() ); mockMonitor.expects( once() ).method( "cyclicAssociation" ).with( new CyclicAssociationExceptionConstraint( expected ) ); builder.buildProvider( provider ); Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java Wed Dec 15 20:13:11 2004 @@ -32,8 +32,8 @@ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( userWithTwoRoles() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.user() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.developer() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -55,9 +55,9 @@ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( groupsWithRoles() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.developer() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.tester() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); @@ -80,8 +80,8 @@ Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( roleWithTwoRoles() ) ); Mock mockProvider = new Mock( MutableInformationProvider.class ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) ); - mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.user() ) ).will( returnValue( true ) ); + mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.tester() ) ).will( returnValue( true ) ); builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() ); Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java Wed Dec 15 20:13:11 2004 @@ -32,22 +32,49 @@ public class Dom4JRuleSetBuilderTest extends MockObjectTestCase { - /** - * TODO Several predicates (defaults to and operation) - */ public void testParsesDocumentAndAddsRulesToPolicy() throws Exception { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy() ) ); + String samplePolicy = + "<policy>\n" + + " <rule effect=\"deny\">\n" + + " <subjects>\n" + + " <any/>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <any/>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy ) ); Policy policy = new Policy( new DenyOverridesEffect() ); builder.buildRuleSet( policy ); - assertEquals( Effects.DENY, policy.evaluate( org.apache.janus.script.testmodel.Subjects.anybody(), Permissions.anything() ).reduce() ); + assertEquals( Effects.DENY, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() ); } public void testHasBuiltInSupportForRulingOnUsernames() throws Exception { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe() ) ); + String grantToJoe = + "<policy>\n" + + " <rule effect=\"grant\">\n" + + " <subjects>\n" + + " <username>joeblow</username>\n" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </rule>\n" + + "</policy>"; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe ) ); Policy policy = new Policy( new PermitOverridesEffect() ); builder.buildRuleSet( policy ); @@ -57,174 +84,162 @@ public void testHasBuiltInSupportForRulingOnGroups() throws Exception { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians() ) ); - - Policy policy = new Policy( new PermitOverridesEffect() ); - builder.buildRuleSet( policy ); - - assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() ); - } - - public void testHasBuiltInSupportForRulingOnRoles() throws Exception - { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers() ) ); - - Policy policy = new Policy( new PermitOverridesEffect() ); - builder.buildRuleSet( policy ); - - assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); - } - - public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception - { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes() ) ); - builder.registerBuilder( new HasEyeColorPredicateBuilder() ); - - Policy policy = new Policy( new PermitOverridesEffect() ); - builder.buildRuleSet( policy ); - - assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() ); - } - - public void testLastRegisteredBuilderWins() throws Exception - { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone() ) ); - builder.registerBuilder( new FalsePredicateBuilder( "any" ) ); - - Policy policy = new Policy( new PermitOverridesEffect() ); - builder.buildRuleSet( policy ); - - assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() ); - } - - public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception - { - Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates() ) ); - - Policy policy = new Policy( new PermitOverridesEffect() ); - builder.buildRuleSet( policy ); - - assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); - } - - private String samplePolicy() - { - String content = + String grantToCanadians = "<policy>\n" + - " <rule effect=\"deny\">\n" + - " <subjects>\n" + - " <any/>\n" + - " </subjects>\n" + - " <permissions>\n" + - " <any/>\n" + - " </permissions>\n" + - " </rule>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <any/>\n" + + " <group>canadians</group>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() ); } - private String grantToJoe() + public void testHasBuiltInSupportForRulingOnRoles() throws Exception { - String content = + String grantToDevelopers = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <username>joeblow</username>\n" + + " <role>developer</role>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); } - private String grantToCanadians() + public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception { - String content = + String grantToGreenEyes = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <group>canadians</group>\n" + + " <eye-color>green</eye-color>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes ) ); + builder.registerBuilder( new HasEyeColorPredicateBuilder() ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() ); } - private String grantToDevelopers() + public void testLastRegisteredBuilderWins() throws Exception { - String content = + String grantEveryone = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <role>developer</role>\n" + + " <any/>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone ) ); + builder.registerBuilder( new FalsePredicateBuilder( "any" ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() ); } - private String grantToGreenEyes() + public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception { - String content = + String multiplePredicates = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <eye-color>green</eye-color>\n" + + " <username>joeblow</username>\n" + + " <role>developer</role>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); } - private String grantEveryone() + public void testHasBuiltinSupportForAndOperationOnPredicates() throws Exception { - String content = + String andPredicateCombination = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <any/>\n" + + " <and>" + + " <username>joeblow</username>\n" + + " <role>developer</role>\n" + + " </and>" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( andPredicateCombination ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); } - private String multiplePredicates() + public void testHasBuiltinSupportForOrOperationOnPredicates() throws Exception { - String content = + String orPredicateCombination = "<policy>\n" + " <rule effect=\"grant\">\n" + " <subjects>\n" + - " <username>joeblow</username>\n" + - " <role>developer</role>\n" + + " <or>" + + " <username>joeblow</username>\n" + + " <role>developer</role>\n" + + " </or>" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + " </rule>\n" + "</policy>"; - return content; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( orPredicateCombination ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); } } Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r2=121134 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Wed Dec 15 20:13:11 2004 @@ -18,16 +18,17 @@ import org.apache.janus.authorization.predicate.HasPrincipalPredicate; import org.apache.janus.script.testmodel.EyeColorPrincipal; +import org.apache.janus.script.xml.builder.AbstractNodeBuilder; import org.dom4j.Element; -public class HasEyeColorPredicateBuilder implements NodeBuilder +public class HasEyeColorPredicateBuilder extends AbstractNodeBuilder { public boolean canBuild( Element e ) { return "eye-color".equals( e.getName() ); } - public Object buildFrom( Element e, NodeBuilderLookup lookup ) + public Object buildFrom( Element e ) { return new HasPrincipalPredicate( new EyeColorPrincipal( e.getTextTrim() ) ); }
