Author: vtence
Date: Mon Feb 21 10:45:08 2005
New Revision: 154703
URL: http://svn.apache.org/viewcvs?view=rev&rev=154703
Log:
AuthorizationRequest no longer exposed through Authorizer
Added:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
(with props)
Removed:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
Modified:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
incubator/directory/authx/trunk/example/src/webapp/shop.groovy
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
Modified:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
(original)
+++
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
Mon Feb 21 10:45:08 2005
@@ -5,7 +5,7 @@
public interface AuthorizationRequest
{
- boolean affectsSubject( Predicate subjectPredicate );
+ boolean affectsSubjectMatching( Predicate predicate );
- boolean targetsPermission( Predicate permissionPredicate );
+ boolean targetsPermissionMatching( Predicate predicate );
}
Modified:
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
(original)
+++
incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
Mon Feb 21 10:45:08 2005
@@ -16,6 +16,7 @@
*/
package org.apache.authx.authorization;
+import javax.security.auth.Subject;
/**
@@ -37,9 +38,10 @@
* Renders an authorization decision in response
* to the given authorization request.
*
- * @param request The authorization request to evaluate
+ * @param s The subject requesting a permission
+ * @param p The targeted permission
* @return true if case of a positive decision,
* false otherwise
*/
- boolean renderDecision( AuthorizationRequest request );
+ boolean renderDecision( Subject s, Permission p );
}
Modified: incubator/directory/authx/trunk/example/src/webapp/shop.groovy
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/example/src/webapp/shop.groovy?view=diff&r1=154702&r2=154703
==============================================================================
--- incubator/directory/authx/trunk/example/src/webapp/shop.groovy (original)
+++ incubator/directory/authx/trunk/example/src/webapp/shop.groovy Mon Feb 21
10:45:08 2005
@@ -34,7 +34,7 @@
purchase = new PurchasePermission( item.getPrice() )
me = context.getSubject()
username = context.getUsername()
- if ( !authorizer.authorize( me, purchase ) ) return "denied"
+ if ( !authorizer.renderDecision( me, purchase ) ) return "denied"
return "receipt"
}
Modified:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
(original)
+++
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
Mon Feb 21 10:45:08 2005
@@ -18,6 +18,7 @@
import org.apache.authx.authorization.effect.Effects;
+import javax.security.auth.Subject;
import java.util.HashMap;
import java.util.Map;
@@ -37,8 +38,9 @@
m_decisions.put( Effects.DENY, Boolean.FALSE );
}
- public boolean renderDecision( AuthorizationRequest request )
+ public boolean renderDecision( Subject s, Permission p )
{
+ AuthorizationRequest request = new SimpleAuthorizationRequest( s, p );
Effect effect = m_ruleSet.evaluate( request ).reduce();
Boolean decision = ( Boolean ) m_decisions.get( effect );
Modified:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
(original)
+++
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
Mon Feb 21 10:45:08 2005
@@ -70,7 +70,7 @@
private boolean isApplicableTo( AuthorizationRequest request )
{
- return request.affectsSubject( m_subjectPredicate ) &&
request.targetsPermission( m_permissionPredicate );
+ return request.affectsSubjectMatching( m_subjectPredicate ) &&
request.targetsPermissionMatching( m_permissionPredicate );
}
public Effect evaluate( AuthorizationRequest request )
Added:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java?view=auto&rev=154703
==============================================================================
---
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
(added)
+++
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
Mon Feb 21 10:45:08 2005
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+import javax.security.auth.Subject;
+
+public class SimpleAuthorizationRequest implements AuthorizationRequest
+{
+ private final Subject m_subject;
+ private final Permission m_permission;
+
+ public SimpleAuthorizationRequest( Subject subject, Permission permission )
+ {
+ m_subject = subject;
+ m_permission = permission;
+ }
+
+ public boolean affectsSubjectMatching( Predicate subjectPredicate )
+ {
+ return subjectPredicate.evaluate( m_subject );
+ }
+
+ public boolean targetsPermissionMatching( Predicate permissionPredicate )
+ {
+ return permissionPredicate.evaluate( m_permission );
+ }
+
+ public boolean equals( Object value )
+ {
+ if ( this == value ) return true;
+ if ( !( value instanceof SimpleAuthorizationRequest ) ) return false;
+
+ final SimpleAuthorizationRequest simpleAuthorizationRequest = (
SimpleAuthorizationRequest ) value;
+
+ if ( !m_permission.equals( simpleAuthorizationRequest.m_permission ) )
return false;
+ if ( !m_subject.equals( simpleAuthorizationRequest.m_subject ) )
return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ int result;
+ result = m_subject.hashCode();
+ result = 29 * result + m_permission.hashCode();
+ return result;
+ }
+}
Propchange:
incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
------------------------------------------------------------------------------
svn:executable = *
Modified:
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
(original)
+++
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
Mon Feb 21 10:45:08 2005
@@ -35,35 +35,35 @@
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.GRANT ) );
m_authorizer.denyIfUnsure();
- assertTrue( m_authorizer.renderDecision( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
+ assertTrue( m_authorizer.renderDecision( new Subject(), new
SomePermission() ) );
}
public void testTakesPositiveDecisionIfRuleIsNotApplicable()
{
m_authorizer = new DefaultAuthorizer( new Policy(
Effects.NOT_APPLICABLE ) );
m_authorizer.denyIfUnsure();
- assertTrue( m_authorizer.renderDecision( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
+ assertTrue( m_authorizer.renderDecision( new Subject(), new
SomePermission() ) );
}
public void testTakesNegativeDecisionIfRuleSuggestDenial()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
m_authorizer.grantIfUnsure();
- assertFalse( m_authorizer.renderDecision( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
+ assertFalse( m_authorizer.renderDecision( new Subject(), new
SomePermission() ) );
}
public void testCanForceEffectToGrantDecision()
{
m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
m_authorizer.grantOn( Effects.DENY );
- assertTrue( m_authorizer.renderDecision( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
+ assertTrue( m_authorizer.renderDecision( new Subject(), new
SomePermission() ) );
}
public void testCanForceEffectToDenyDecision()
{
m_authorizer = new DefaultAuthorizer( new Policy(
Effects.NOT_APPLICABLE ) );
m_authorizer.denyOn( Effects.NOT_APPLICABLE );
- assertFalse( m_authorizer.renderDecision( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
+ assertFalse( m_authorizer.renderDecision( new Subject(), new
SomePermission() ) );
}
public void testEffectsAreReducedBeforeTakingDecision()
@@ -71,6 +71,6 @@
m_authorizer = new DefaultAuthorizer( new Policy( new
PermitOverridesEffect() ) );
m_authorizer.grantIfUnsure();
m_authorizer.denyOn( Effects.NOT_APPLICABLE );
- assertFalse( m_authorizer.renderDecision( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ) );
+ assertFalse( m_authorizer.renderDecision( new Subject(), new
SomePermission() ) );
}
}
Modified:
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
(original)
+++
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
Mon Feb 21 10:45:08 2005
@@ -47,7 +47,7 @@
m_rule.setEffect( Effects.DENY );
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new
SomePermission() ) );
- assertEquals( Effects.DENY, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ));
+ assertEquals( Effects.DENY, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ));
}
public void testSubjectConditionsAreCombinedIntoAnOrOperation()
@@ -56,8 +56,8 @@
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new
SomePermission() ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.joe(), new SomePermission() ) ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.joe(), new SomePermission() ) ) );
}
public void testPermissionConditionsAreCombinedIntoAnOrOperation()
@@ -66,21 +66,21 @@
m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new
BasicPermission( "foo" ) ) );
m_rule.matchPermissions( new ImpliedPermissionPredicate( new
BasicPermission( "bar" ) ) );
- assertEquals( Effects.GRANT, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ) ) )
);
- assertEquals( Effects.GRANT, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ) ) )
);
+ assertEquals( Effects.GRANT, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ) ) ) );
+ assertEquals( Effects.GRANT, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ) ) ) );
}
public void testIsNotApplicableIfSubjectConditionIsNotVerified()
{
m_rule.matchSubjects( new FalsePredicate() );
m_rule.matchPermissions( new TruePredicate() );
- assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+ assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
}
public void testIsNotApplicableIfPermissionConditionIsNotVerified()
{
m_rule.matchSubjects( new TruePredicate() );
m_rule.matchPermissions( new FalsePredicate() );
- assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new
DefaultAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+ assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new
SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
}
}
Modified:
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
(original)
+++
incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
Mon Feb 21 10:45:08 2005
@@ -27,7 +27,7 @@
public void testRendersDefaultDecisionWhenEmpty()
{
Policy policy = new Policy( new PermitOverridesEffect() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
}
public void testCombinesResultOfContainedRulesEvaluation()
@@ -36,6 +36,6 @@
policy.addRule( new PrimitiveRule( Effects.DENY ) );
policy.addRule( new PrimitiveRule( Effects.GRANT ) );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
}
}
Modified:
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&r1=154702&r2=154703
==============================================================================
---
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
(original)
+++
incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
Mon Feb 21 10:45:08 2005
@@ -18,7 +18,7 @@
import junit.framework.TestCase;
import org.apache.authx.authorization.Policy;
-import org.apache.authx.authorization.DefaultAuthorizationRequest;
+import org.apache.authx.authorization.SimpleAuthorizationRequest;
import org.apache.authx.authorization.effect.DenyOverridesEffect;
import org.apache.authx.authorization.effect.Effects;
import org.apache.authx.authorization.effect.PermitOverridesEffect;
@@ -59,7 +59,7 @@
Policy policy = new Policy( new DenyOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.DENY, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.anybody(), Permissions.anything() )
).reduce() );
+ assertEquals( Effects.DENY, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.anybody(), Permissions.anything() )
).reduce() );
}
public void testHasBuiltInSupportForRulingOnUsernames() throws Exception
@@ -80,7 +80,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.joe(), Permissions.anything() )
).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.joe(), Permissions.anything() ) ).reduce()
);
}
public void testHasBuiltInSupportForRulingOnGroups() throws Exception
@@ -101,7 +101,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Groups.canadians() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Groups.canadians() ),
Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForRulingOnRoles() throws Exception
@@ -122,7 +122,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() )) .reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() )) .reduce() );
}
public void testPredicatesCanBeRegisteredToExtendRuling() throws Exception
@@ -144,7 +144,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.withGreenEyes(), Permissions.anything() )
).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.withGreenEyes(), Permissions.anything() )
).reduce() );
}
public void testLastRegisteredBuilderWins() throws Exception
@@ -166,7 +166,7 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.anybody(), Permissions.anything() )
).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.anybody(), Permissions.anything() )
).reduce() );
}
public void testMultiplePredicatesAreCombinedWithAnOrOperation() throws
Exception
@@ -188,9 +188,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Groups.canadians() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Groups.canadians() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForAndOperationOnPredicates() throws
Exception
@@ -215,10 +215,10 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Groups.geeks() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Usernames.joe(), Groups.geeks(),
Roles.developer() ), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Groups.geeks() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Usernames.joe(), Groups.geeks(),
Roles.developer() ), Permissions.anything() ) ).reduce() );
}
public void testHasBuiltInSupportForOrOperationOnPredicates() throws
Exception
@@ -242,9 +242,9 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Groups.geeks() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Groups.geeks() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
}
public void testSubjectIsAnAliasForAndOperation() throws Exception
@@ -268,8 +268,8 @@
Policy policy = new Policy( new PermitOverridesEffect() );
builder.buildRuleSet( policy );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
- assertEquals( Effects.GRANT, policy.evaluate( new
DefaultAuthorizationRequest( Subjects.with( Usernames.joe(), Roles.developer()
), Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Usernames.joe() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Roles.developer() ),
Permissions.anything() ) ).reduce() );
+ assertEquals( Effects.GRANT, policy.evaluate( new
SimpleAuthorizationRequest( Subjects.with( Usernames.joe(), Roles.developer()
), Permissions.anything() ) ).reduce() );
}
}
