Author: vtence Date: Fri Dec 17 12:18:58 2004 New Revision: 122673 URL: http://svn.apache.org/viewcvs?view=rev&rev=122673 Log: Completed XML frontend for Policies/RuleSets. Simplified and improved syntax too. That's is a good chunk done. Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java - copied, changed from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java - copied, changed from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java Removed: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml
Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r1=122672&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java Fri Dec 17 12:18:58 2004 @@ -19,6 +19,7 @@ import org.apache.janus.authorization.effect.Effects; import org.apache.janus.authorization.predicate.Predicates; import org.apache.janus.authorization.predicate.AndPredicate; +import org.apache.janus.authorization.predicate.OrPredicate; import javax.security.auth.Subject; @@ -40,8 +41,8 @@ public DefaultRule( Effect effect ) { m_effect = effect; - m_subjectPredicate = Predicates.TRUE; - m_permissionPredicate = Predicates.TRUE; + m_subjectPredicate = Predicates.FALSE; + m_permissionPredicate = Predicates.FALSE; } public void setEffect( Effect effect ) @@ -51,12 +52,12 @@ public void matchSubjects( Predicate condition ) { - m_subjectPredicate = new AndPredicate( m_subjectPredicate, condition ); + m_subjectPredicate = new OrPredicate( m_subjectPredicate, condition ); } public void matchPermissions( Predicate condition ) { - m_permissionPredicate = new AndPredicate( m_permissionPredicate, condition ); + m_permissionPredicate = new OrPredicate( m_permissionPredicate, condition ); } public Effect evaluate( Subject s, Permission p ) Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r1=122672&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java (original) +++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java Fri Dec 17 12:18:58 2004 @@ -50,13 +50,24 @@ assertEquals( Effects.DENY, m_rule.evaluate( Subjects.john(), new SomePermission() ) ); } - public void testSubsequentConditionsAreCombinedIntoAnAndOperation() + public void testSubjectConditionsAreCombinedIntoAnOrOperation() { m_rule.setEffect( Effects.GRANT ); m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) ); m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) ); m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) ); - assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.joe(), new SomePermission() ) ); + assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new SomePermission() ) ); + assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.joe(), new SomePermission() ) ); + } + + public void testPermissionConditionsAreCombinedIntoAnOrOperation() + { + m_rule.setEffect( Effects.GRANT ); + m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) ); + m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "foo" ) ) ); + m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "bar" ) ) ); + assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission( "foo" ) ) ); + assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission( "bar" ) ) ); } public void testIsNotApplicableIfSubjectConditionIsNotVerified() Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java?view=auto&rev=122673 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java Fri Dec 17 12:18:58 2004 @@ -0,0 +1,6 @@ +package org.apache.janus.script.xml; + +public interface BuildingContext extends ElementBuilder +{ + void registerBuilder( ElementBuilder builder ); +} Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java Fri Dec 17 12:18:58 2004 @@ -27,6 +27,8 @@ import org.apache.janus.script.xml.builder.HasRolePredicateBuilder; import org.apache.janus.script.xml.builder.AndPredicateBuilder; import org.apache.janus.script.xml.builder.OrPredicateBuilder; +import org.apache.janus.script.xml.builder.GrantRuleBuilder; +import org.apache.janus.script.xml.builder.DenyRuleBuilder; import org.dom4j.Document; import org.dom4j.DocumentException; import org.dom4j.Element; @@ -45,8 +47,8 @@ */ public class Dom4JRuleSetBuilder implements RuleSetBuilder { - private final Element m_element; - private NodeBuildingContext m_buildingContext; + private final Element m_root; + private BuildingContext m_buildingContext; public static Dom4JRuleSetBuilder fromReader( Reader reader ) throws DocumentException { @@ -55,7 +57,7 @@ public Dom4JRuleSetBuilder( Element element ) { - m_element = element; + m_root = element; m_buildingContext = new ReverseBuildingContext(); registerBuilders(); } @@ -65,14 +67,14 @@ this( doc.getRootElement() ); } - public void registerBuilder( NodeBuilder builder ) + public void registerBuilder( ElementBuilder builder ) { m_buildingContext.registerBuilder( builder ); } public void buildRuleSet( RuleSet ruleSet ) { - List rules = m_element.elements( "rule" ); + List rules = m_root.elements(); addAllRules( ruleSet, rules ); } @@ -88,7 +90,10 @@ private void registerBuilders() { + m_buildingContext.registerBuilder( new GrantRuleBuilder() ); + m_buildingContext.registerBuilder( new DenyRuleBuilder() ); m_buildingContext.registerBuilder( new DefaultRuleBuilder() ); + m_buildingContext.registerBuilder( new AndPredicateBuilder( "subject" ) ); m_buildingContext.registerBuilder( new TruePredicateBuilder() ); m_buildingContext.registerBuilder( new FalsePredicateBuilder() ); m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() ); Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java (from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java) Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r1=121134&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java Fri Dec 17 12:18:58 2004 @@ -25,7 +25,7 @@ * </pre> * to recursively validates an element tree. */ -public interface NodeBuilder +public interface ElementBuilder { /** * Checks whether this builder can handle the specified element. @@ -34,7 +34,7 @@ */ boolean canBuild( Element e ); - void setParent( NodeBuilder parent ); + void setParent( ElementBuilder parent ); Object buildFrom( Element e ); } Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java?view=auto&rev=122672 ============================================================================== Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java?view=auto&rev=122672 ============================================================================== Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java Fri Dec 17 12:18:58 2004 @@ -18,13 +18,13 @@ import org.dom4j.Element; import org.apache.janus.script.ScriptInterpretationException; -import org.apache.janus.script.xml.builder.AbstractNodeBuilder; +import org.apache.janus.script.xml.builder.AbstractElementBuilder; import java.util.List; import java.util.ArrayList; -public class ReverseBuildingContext extends AbstractNodeBuilder - implements NodeBuildingContext +public class ReverseBuildingContext extends AbstractElementBuilder + implements BuildingContext { private final List m_builders; @@ -38,7 +38,7 @@ return lookupBuilder( e ) != null; } - public void registerBuilder( NodeBuilder builder ) + public void registerBuilder( ElementBuilder builder ) { builder.setParent( this ); m_builders.add( builder ); @@ -46,17 +46,17 @@ public Object buildFrom( Element e ) { - NodeBuilder builder = lookupBuilder( e ); - if (builder == null) throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e); + ElementBuilder builder = lookupBuilder( e ); + if (builder == null) throw new ScriptInterpretationException( "Don't know how to handle element: " + e.getName()); return builder.buildFrom( e ); } - private NodeBuilder lookupBuilder( Element e ) + private ElementBuilder lookupBuilder( Element e ) { for ( int i = m_builders.size() - 1; i >= 0 ; i-- ) { - NodeBuilder builder = ( NodeBuilder ) m_builders.get( i ); + ElementBuilder builder = ( ElementBuilder ) m_builders.get( i ); if ( builder.canBuild( e ) ) return builder; } Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java (from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java) Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java&r1=121134&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java Fri Dec 17 12:18:58 2004 @@ -16,18 +16,18 @@ */ package org.apache.janus.script.xml.builder; -import org.apache.janus.script.xml.NodeBuilder; +import org.apache.janus.script.xml.ElementBuilder; -public abstract class AbstractNodeBuilder implements NodeBuilder +public abstract class AbstractElementBuilder implements ElementBuilder { - private NodeBuilder m_parent; + private ElementBuilder m_parent; - public void setParent( NodeBuilder parent ) + public void setParent( ElementBuilder parent ) { m_parent = parent; } - protected final NodeBuilder getParent() + protected final ElementBuilder getParent() { return m_parent; } Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java?view=auto&rev=122672 ============================================================================== Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java?view=auto&rev=122673 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java Fri Dec 17 12:18:58 2004 @@ -0,0 +1,80 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + +import org.apache.janus.authorization.DefaultRule; +import org.apache.janus.authorization.Effect; +import org.apache.janus.authorization.Predicate; +import org.dom4j.Element; + +import java.util.Iterator; +import java.util.List; + +public abstract class AbstractRuleBuilder extends AbstractElementBuilder +{ + private final String m_elementName; + private final Effect m_effect; + + public AbstractRuleBuilder( String elementName, Effect effect ) + { + m_elementName = elementName; + m_effect = effect; + } + + public boolean canBuild( Element e ) + { + return m_elementName.equals( e.getName() ); + } + + public Object buildFrom( Element e ) + { + DefaultRule rule = new DefaultRule( m_effect ); + setSubjectPredicate( rule, e ); + setPermissionPredicate( rule, e ); + return rule; + } + + private Predicate predicate( Element e ) + { + return ( Predicate ) getParent().buildFrom( e ); + } + + private void setPermissionPredicate( DefaultRule rule, Element element ) + { + Element permissions = element.element( "permissions" ); + List predicates = permissions.elements(); + + for ( Iterator it = predicates.iterator(); it.hasNext(); ) + { + Element e = ( Element ) it.next(); + rule.matchPermissions( predicate( e ) ); + } + } + + private void setSubjectPredicate( DefaultRule rule, Element element ) + { + Element subjects = element.element( "subjects" ); + List predicates = subjects.elements(); + + for ( Iterator it = predicates.iterator(); it.hasNext(); ) + { + Element e = ( Element ) it.next(); + rule.matchSubjects( predicate( e ) ); + } + } +} + Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -16,8 +16,9 @@ */ package org.apache.janus.script.xml.builder; +import org.apache.janus.authorization.Predicate; import org.apache.janus.authorization.predicate.AndPredicate; -import org.dom4j.Element; +import org.apache.janus.authorization.predicate.Predicates; public class AndPredicateBuilder extends LogicalPredicateBuilder @@ -32,8 +33,13 @@ super( elementName ); } - public Object buildFrom( Element e ) + protected Predicate getSeed() { - return new AndPredicate( left( e ), right( e ) ); + return Predicates.TRUE; + } + + public Predicate compute( Predicate left, Predicate right ) + { + return new AndPredicate( left, right ); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java Fri Dec 17 12:18:58 2004 @@ -19,11 +19,7 @@ import org.apache.janus.authorization.DefaultRule; import org.apache.janus.authorization.Effect; import org.apache.janus.authorization.Predicate; -import org.apache.janus.authorization.effect.DenyOverridesEffect; import org.apache.janus.authorization.effect.Effects; -import org.apache.janus.authorization.effect.FirstApplicableEffect; -import org.apache.janus.authorization.effect.LastApplicableEffect; -import org.apache.janus.authorization.effect.PermitOverridesEffect; import org.dom4j.Element; import java.util.HashMap; @@ -31,7 +27,7 @@ import java.util.List; import java.util.Map; -public class DefaultRuleBuilder extends AbstractNodeBuilder +public class DefaultRuleBuilder extends AbstractElementBuilder { private final String m_elementName; private final Map m_effects; @@ -76,11 +72,6 @@ { m_effects.put( "grant", Effects.GRANT ); m_effects.put( "deny", Effects.DENY ); - m_effects.put( "not-applicable", Effects.NOT_APPLICABLE ); - m_effects.put( "permit-overrides", new PermitOverridesEffect() ); - m_effects.put( "deny-overrides", new DenyOverridesEffect() ); - m_effects.put( "first-applicable", new FirstApplicableEffect() ); - m_effects.put( "last-applicable", new LastApplicableEffect() ); } private void setPermissionPredicate( DefaultRule rule, Element element ) Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java?view=auto&rev=122673 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java Fri Dec 17 12:18:58 2004 @@ -0,0 +1,32 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + +import org.apache.janus.authorization.effect.Effects; + +public class DenyRuleBuilder extends AbstractRuleBuilder +{ + public DenyRuleBuilder() + { + this( "deny" ); + } + + public DenyRuleBuilder( String elementName ) + { + super( elementName, Effects.DENY ); + } +} Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -19,7 +19,7 @@ import org.apache.janus.authorization.predicate.Predicates; import org.dom4j.Element; -public class FalsePredicateBuilder extends AbstractNodeBuilder +public class FalsePredicateBuilder extends AbstractElementBuilder { private final String m_elementName; Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java?view=auto&rev=122673 ============================================================================== --- (empty file) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java Fri Dec 17 12:18:58 2004 @@ -0,0 +1,33 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.janus.script.xml.builder; + + +import org.apache.janus.authorization.effect.Effects; + +public class GrantRuleBuilder extends AbstractRuleBuilder +{ + public GrantRuleBuilder() + { + this( "grant" ); + } + + public GrantRuleBuilder( String elementName ) + { + super( elementName, Effects.GRANT ); + } +} Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -20,7 +20,7 @@ import org.apache.janus.authorization.predicate.HasPrincipalPredicate; import org.dom4j.Element; -public class HasGroupPredicateBuilder extends AbstractNodeBuilder +public class HasGroupPredicateBuilder extends AbstractElementBuilder { private final String m_elementName; Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -20,7 +20,7 @@ import org.apache.janus.authorization.predicate.HasPrincipalPredicate; import org.dom4j.Element; -public class HasRolePredicateBuilder extends AbstractNodeBuilder +public class HasRolePredicateBuilder extends AbstractElementBuilder { private final String m_elementName; Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -20,7 +20,7 @@ import org.apache.janus.authorization.predicate.HasPrincipalPredicate; import org.dom4j.Element; -public class HasUsernamePredicateBuilder extends AbstractNodeBuilder +public class HasUsernamePredicateBuilder extends AbstractElementBuilder { private final String m_elementName; Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -18,8 +18,12 @@ import org.dom4j.Element; import org.apache.janus.authorization.Predicate; +import org.apache.janus.authorization.predicate.Predicates; +import org.apache.janus.authorization.predicate.AndPredicate; -public abstract class LogicalPredicateBuilder extends AbstractNodeBuilder +import java.util.Iterator; + +public abstract class LogicalPredicateBuilder extends AbstractElementBuilder { protected final String m_elementName; @@ -30,46 +34,33 @@ public boolean canBuild( Element e ) { - return hasProperName( e ) && hasProperOperands( e ); + return hasProperName( e ); } - private boolean hasProperName( Element e ) + public Object buildFrom( Element e ) { - return m_elementName.equals( e.getName() ); - } + Predicate p = Predicates.TRUE; - private boolean hasProperOperands( Element e ) - { - return e.elements().size() == 2; - } + for ( Iterator it = e.elementIterator(); it.hasNext(); ) + { + Element next = ( Element ) it.next(); + p = compute( p, predicate( next ) ); + } - protected Predicate left( Element e ) - { - return predicate( leftOperand( e ) ); + return p; } - protected Predicate right( Element e ) - { - return predicate( rightOperand( e ) ); - } + protected abstract Predicate getSeed(); + + protected abstract Predicate compute( Predicate left, Predicate right ); - private Predicate predicate( Element e ) - { - return ( Predicate ) getParent().buildFrom( e ); - } - - protected Element leftOperand( Element e ) - { - return child( e, 0 ); - } - - protected Element rightOperand( Element e ) + private boolean hasProperName( Element e ) { - return child( e, 1 ); + return m_elementName.equals( e.getName() ); } - private Element child( Element e, int index ) + protected Predicate predicate( Element e ) { - return ( Element ) e.elements().get( index ); + return ( Predicate ) getParent().buildFrom( e ); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -16,8 +16,9 @@ */ package org.apache.janus.script.xml.builder; -import org.dom4j.Element; +import org.apache.janus.authorization.Predicate; import org.apache.janus.authorization.predicate.OrPredicate; +import org.apache.janus.authorization.predicate.Predicates; public class OrPredicateBuilder extends LogicalPredicateBuilder { @@ -31,8 +32,13 @@ super( elementName ); } - public Object buildFrom( Element e ) + protected Predicate getSeed() { - return new OrPredicate( left( e ), right( e )); + return Predicates.FALSE; + } + + public Predicate compute( Predicate left, Predicate right ) + { + return new OrPredicate( left, right); } } Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -19,7 +19,7 @@ import org.apache.janus.authorization.predicate.Predicates; import org.dom4j.Element; -public class TruePredicateBuilder extends AbstractNodeBuilder +public class TruePredicateBuilder extends AbstractElementBuilder { private final String m_elementName; Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java Fri Dec 17 12:18:58 2004 @@ -16,6 +16,7 @@ */ package org.apache.janus.script.xml; +import junit.framework.TestCase; import org.apache.janus.authorization.Policy; import org.apache.janus.authorization.effect.DenyOverridesEffect; import org.apache.janus.authorization.effect.Effects; @@ -26,32 +27,35 @@ import org.apache.janus.script.testmodel.Subjects; import org.apache.janus.script.testmodel.Usernames; import org.apache.janus.script.xml.builder.FalsePredicateBuilder; -import org.jmock.MockObjectTestCase; import java.io.StringReader; -public class Dom4JRuleSetBuilderTest extends MockObjectTestCase +/** + * TODO: change or & and element to accept more than 2 children + * TODO: introduce subject element alias for and operation + */ +public class Dom4JRuleSetBuilderTest extends TestCase { public void testParsesDocumentAndAddsRulesToPolicy() throws Exception { String samplePolicy = "<policy>\n" + - " <rule effect=\"deny\">\n" + + " <deny>\n" + " <subjects>\n" + " <any/>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + - " <rule effect=\"grant\">\n" + + " </deny>\n" + + " <grant>\n" + " <subjects>\n" + " <any/>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy ) ); @@ -65,14 +69,14 @@ { String grantToJoe = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <username>joeblow</username>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe ) ); @@ -86,14 +90,14 @@ { String grantToCanadians = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <group>canadians</group>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians ) ); @@ -107,14 +111,14 @@ { String grantToDevelopers = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <role>developer</role>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers ) ); @@ -124,18 +128,18 @@ assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); } - public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception + public void testPredicatesCanBeRegisteredToExtendRuling() throws Exception { String grantToGreenEyes = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <eye-color>green</eye-color>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes ) ); builder.registerBuilder( new HasEyeColorPredicateBuilder() ); @@ -150,14 +154,14 @@ { String grantEveryone = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <any/>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone ) ); builder.registerBuilder( new FalsePredicateBuilder( "any" ) ); @@ -168,45 +172,47 @@ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() ); } - public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception + public void testMultiplePredicatesAreCombinedWithAnOrOperation() throws Exception { String multiplePredicates = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <username>joeblow</username>\n" + + " <group>canadians</group>\n" + " <role>developer</role>\n" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates ) ); Policy policy = new Policy( new PermitOverridesEffect() ); builder.buildRuleSet( policy ); - assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); - assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); - assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); } public void testHasBuiltinSupportForAndOperationOnPredicates() throws Exception { String andPredicateCombination = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <and>" + " <username>joeblow</username>\n" + + " <group>geeks</group>\n" + " <role>developer</role>\n" + " </and>" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( andPredicateCombination ) ); @@ -214,25 +220,27 @@ builder.buildRuleSet( policy ); assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything() ).reduce() ); assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); - assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Groups.geeks(), Roles.developer() ), Permissions.anything() ).reduce() ); } public void testHasBuiltinSupportForOrOperationOnPredicates() throws Exception { String orPredicateCombination = "<policy>\n" + - " <rule effect=\"grant\">\n" + + " <grant>\n" + " <subjects>\n" + " <or>" + " <username>joeblow</username>\n" + + " <group>geeks</group>\n" + " <role>developer</role>\n" + " </or>" + " </subjects>\n" + " <permissions>\n" + " <any/>\n" + " </permissions>\n" + - " </rule>\n" + + " </grant>\n" + "</policy>"; Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( orPredicateCombination ) ); @@ -240,6 +248,33 @@ builder.buildRuleSet( policy ); assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything() ).reduce() ); assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); + } + + public void testSubjectIsAnAliasForAndOperation() throws Exception + { + String andPredicateCombination = + "<policy>\n" + + " <grant>\n" + + " <subjects>\n" + + " <subject>" + + " <username>joeblow</username>\n" + + " <role>developer</role>\n" + + " </subject>" + + " </subjects>\n" + + " <permissions>\n" + + " <any/>\n" + + " </permissions>\n" + + " </grant>\n" + + "</policy>"; + Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( andPredicateCombination ) ); + + Policy policy = new Policy( new PermitOverridesEffect() ); + builder.buildRuleSet( policy ); + + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() ); + assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() ); } } Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java Fri Dec 17 12:18:58 2004 @@ -18,10 +18,10 @@ import org.apache.janus.authorization.predicate.HasPrincipalPredicate; import org.apache.janus.script.testmodel.EyeColorPrincipal; -import org.apache.janus.script.xml.builder.AbstractNodeBuilder; +import org.apache.janus.script.xml.builder.AbstractElementBuilder; import org.dom4j.Element; -public class HasEyeColorPredicateBuilder extends AbstractNodeBuilder +public class HasEyeColorPredicateBuilder extends AbstractElementBuilder { public boolean canBuild( Element e ) { Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml&r1=122672&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml&r2=122673 ============================================================================== --- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml (original) +++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml Fri Dec 17 12:18:58 2004 @@ -1,23 +1,31 @@ <policy> - <rule effect="grant"> - <subject> - <or> + <grant> + <subjects> + <subject> <role>admin</role> <group>developer</group> <username>joeblow</username> - </or> - </subject> - <permission> + </subject> + <subject> + <group>canadians</group> + </subject> + </subjects> + <permissions> <file path="/protected/*" action="read, write"/> <file path="/private/*" action="read"/> - </permission> - </rule> - <rule effect="deny"> - <subject> - <any/> - </subject> - <permission> - <any/> - </permission> - </rule> + </permissions> + </grant> + <deny> + <subjects> + <subject> + <role>admin</role> + <group>developer</group> + <username>joeblow</username> + </subject> + </subjects> + <permissions> + <file path="/protected/*" action="read, write"/> + <file path="/private/*" action="read, write"/> + </permissions> + </deny> </policy>
