Hello,
This is a patch for the security component that enables hierarchical roles and groups.
The patch contains implementation of generalization and agrregation strategies. The
default strategy is generalization. It's possible to set different strategies for
groups and roles.
The group/role hierarchy is resolved by adding grope/role principals dependend on
strategy to the user's subject.
Regards,
Artem
> -----Urspr�ngliche Nachricht-----
> Von: David Le Strat [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 8. Juni 2004 03:27
> An: Jetspeed Developers List
> Betreff: Re: [J2] group and role hierarchy
>
>
> Artem,
>
> You are absolutely correct. We need to tackle this,
> The current implementation does not do a good job at
> this yet. Patches are welcome ;)
>
> I believe that the most common implementation is the
> generalization strategy. This should be the default
> in my mind. Supporting multiple strategies is I
> believe a nice to have for now. Thoughts?
>
> Regards,
>
> David.
>
> --- "Grinshtein, Artem"
> <[EMAIL PROTECTED]> wrote:
> > Hello All,
> >
> > IMHO, the term "hierarchical" is not clearly defined
> > in jetspeed. There is more than one meaning for
> > hierarchical roles/groups according to
> > http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf.
> > For example, there're 3 hierarchical roles:
> > -R1
> > --R1.1
> > --R1.2
> > with persmissions:
> > grand R1 { permission P1 }
> > grand R1.1 { permission P2 }
> > grand R1.2 { permission P3 }
> >
> > By a generalisation hierarchy ("is a"-hierarchy):
> > R1 has [P1]
> > R1 has [P1,P2]
> > R1 has [P1,P3]
> >
> > and by a agrregation hierarchy ("part of")
> > R1 has [P1,P2,P3]
> > R1 has [P2]
> > R1 has [P3].
> >
> > What type of hierarchy will be supported? Does it
> > make any sence to support different types?
> >
> > Regards,
> > Artem
> >
> >
> >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> >
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends. Fun. Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Index:
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
===================================================================
RCS File:
/home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/AbstractSecurityTestcase.java
retrieving revision 1.1
diff -u -r1.1
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
---
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
+++
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
16 Jun 2004 14:19:37 -0000
@@ -6,6 +6,13 @@
*/
package org.apache.jetspeed.security;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
import
org.apache.jetspeed.components.persistence.store.util.PersistenceSupportedTestCase;
import org.apache.jetspeed.security.impl.GroupManagerImpl;
import org.apache.jetspeed.security.impl.PermissionManagerImpl;
@@ -54,5 +61,24 @@
{
super(arg0);
}
+
+ /**
+ * Returns subject's principals of type claz
+ *
+ * @param subject
+ * @param claz
+ * @return Returns subject's principals of type claz
+ */
+ protected Collection getPrincipals( Subject subject, Class claz){
+ List principals=new ArrayList();
+ for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();)
+ {
+ Object element = iter.next();
+ if ( claz.isInstance(element) )
+ principals.add(element);
+
+ }
+ return principals;
+ }
}
Index:
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
===================================================================
RCS File:
/home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestGroupManager.java
retrieving revision 1.4
diff -u -r1.4
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
---
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
+++
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
16 Jun 2004 14:38:02 -0000
@@ -14,13 +14,9 @@
*/
package org.apache.jetspeed.security;
-import java.security.Principal;
import java.util.Collection;
-import java.util.HashSet;
import java.util.prefs.Preferences;
-import javax.security.auth.Subject;
-
import junit.framework.Test;
import junit.framework.TestSuite;
@@ -123,15 +119,10 @@
try
{
gms.addUserToGroup("anonuser1", "testusertogroup1.group1");
- Collection principals =
ums.getUser("anonuser1").getSubject().getPrincipals();
- Principal found =
- SecurityHelper.getPrincipal(
- new Subject(false, new HashSet(principals), new HashSet(), new
HashSet()),
- GroupPrincipal.class);
- assertNotNull("found principal is null", found);
+ Collection principals =
ums.getUser("anonuser1").getSubject().getPrincipals();
assertTrue(
- "found principal should be testusertogroup1.group1, " +
found.getName(),
- found.getName().equals("testusertogroup1.group1"));
+ "anonuser1 should contain testusertogroup1.group1",
+ principals.contains(new
GroupPrincipalImpl("testusertogroup1.group1")));
}
catch (SecurityException sex)
{
@@ -208,10 +199,12 @@
{
gms.removeGroup("testgroup1.group1");
Collection principals =
ums.getUser("anonuser2").getSubject().getPrincipals();
- assertEquals(
- "principal size should be == 3 after removing testgroup1.group1, for
principals: " + principals.toString(),
- 3,
- principals.size());
+ // because of hierarchical groups
+ //
+ //assertEquals(
+ // "principal size should be == 3 after removing testgroup1.group1,
for principals: " + principals.toString(),
+ // 3,
+ // principals.size());
assertFalse(
"anonuser2 should not contain testgroup1.group1",
principals.contains(new GroupPrincipalImpl("testgroup1.group1")));
Index:
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
===================================================================
RCS File:
/home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRoleManager.java
retrieving revision 1.4
diff -u -r1.4
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
---
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
+++
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
16 Jun 2004 14:33:39 -0000
@@ -14,13 +14,9 @@
*/
package org.apache.jetspeed.security;
-import java.security.Principal;
import java.util.Collection;
-import java.util.HashSet;
import java.util.prefs.Preferences;
-import javax.security.auth.Subject;
-
import junit.framework.Test;
import junit.framework.TestSuite;
@@ -121,15 +117,11 @@
try
{
rms.addRoleToUser("anonuser1", "testusertorole1.role1");
+
Collection principals =
ums.getUser("anonuser1").getSubject().getPrincipals();
- Principal found =
- SecurityHelper.getPrincipal(
- new Subject(false, new HashSet(principals), new HashSet(), new
HashSet()),
- RolePrincipal.class);
- assertNotNull("found principal is null", found);
assertTrue(
- "found principal should be testusertorole1.role1, " + found.getName(),
- found.getName().equals("testusertorole1.role1"));
+ "anonuser1 should contain testusertorole1.role1",
+ principals.contains(new RolePrincipalImpl("testusertorole1.role1")));
}
catch (SecurityException sex)
{
@@ -207,10 +199,12 @@
{
rms.removeRole("testrole1.role1");
Collection principals =
ums.getUser("anonuser2").getSubject().getPrincipals();
- assertEquals(
- "principal size should be == 3 after removing testrole1.role1, for
principals: " + principals.toString(),
- 3,
- principals.size());
+ // because of hierarchical roles
+ //
+ // assertEquals(
+ // "principal size should be == 3 after removing testrole1.role1, for
principals: " + principals.toString(),
+ // 3,
+ // principals.size());
assertFalse(
"anonuser2 should not contain testrole1.role1",
principals.contains(new RolePrincipalImpl("testrole1.role1")));
@@ -636,6 +630,7 @@
rms.removeRole("testgetrole");
rms.removeRole("testuserrolemapping");
gms.removeGroup("testrolegroupmapping");
+ rms.removeRole("testusertorole1");
}
catch (SecurityException sex)
{
Index:
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\BaseSecurityImpl.java
===================================================================
RCS File:
/home/cvspublic/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/BaseSecurityImpl.java
retrieving revision 1.2
diff -u -r1.2
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\BaseSecurityImpl.java
---
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\BaseSecurityImpl.java
+++
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\BaseSecurityImpl.java
16 Jun 2004 10:50:30 -0000
@@ -46,6 +46,9 @@
{
PersistenceStore persistenceStore;
+
+ HierarchyResolver roleHierarchyResolver=new GeneralizationHierarchyResolver();
+ HierarchyResolver groupHierarchyResolver=new GeneralizationHierarchyResolver();
/**
* <p>Constructor providing access to the persistence component.</p>
@@ -59,6 +62,16 @@
this.persistenceStore = persistenceStore;
}
+
+ /**
+ * <p>Constructor providing access to the persistence component and role/group
hierarchy resolvers</p>
+ */
+ public BaseSecurityImpl(PersistenceStore persistenceStore, HierarchyResolver
roleHierarchyResolver,HierarchyResolver groupHierarchyResolver)
+ {
+ this(persistenceStore);
+ this.roleHierarchyResolver=roleHierarchyResolver;
+ this.groupHierarchyResolver=groupHierarchyResolver;
+ }
/**
* <p>Returns the [EMAIL PROTECTED] JetspeedGroupPrincipal} from the group full
path name.</p>
@@ -294,7 +307,12 @@
while (omRolesIter.hasNext())
{
JetspeedRolePrincipal omRole = (JetspeedRolePrincipal)
omRolesIter.next();
- rolePrincipals.add(new
RolePrincipalImpl(RolePrincipalImpl.getPrincipalNameFromFullPath(omRole.getFullPath())));
+ Preferences preferences =
Preferences.userRoot().node(omRole.getFullPath());
+ String [] fullPaths=roleHierarchyResolver.resolve(preferences);
+ for (int i = 0; i < fullPaths.length; i++)
+ {
+ rolePrincipals.add(new
RolePrincipalImpl(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[i])));
+ }
}
}
return rolePrincipals;
@@ -316,7 +334,13 @@
while (omGroupsIter.hasNext())
{
JetspeedGroupPrincipal omGroup = (JetspeedGroupPrincipal)
omGroupsIter.next();
- groupPrincipals.add(new
GroupPrincipalImpl(GroupPrincipalImpl.getPrincipalNameFromFullPath(omGroup.getFullPath())));
+
+ Preferences preferences =
Preferences.userRoot().node(omGroup.getFullPath());
+ String [] fullPaths=groupHierarchyResolver.resolve(preferences);
+ for (int i = 0; i < fullPaths.length; i++)
+ {
+ groupPrincipals.add(new
GroupPrincipalImpl(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPaths[i])));
+ }
}
}
return groupPrincipals;
Index:
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\UserManagerImpl.java
===================================================================
RCS File:
/home/cvspublic/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
retrieving revision 1.5
diff -u -r1.5
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\UserManagerImpl.java
---
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\UserManagerImpl.java
+++
jakarta-jetspeed-2\components\security\src\java\org\apache\jetspeed\security\impl\UserManagerImpl.java
15 Jun 2004 16:47:58 -0000
@@ -52,7 +52,17 @@
super(persistenceStore);
}
+
/**
+ * @param persistenceStore
+ */
+ public UserManagerImpl( PersistenceStore persistenceStore , HierarchyResolver
roleHierarchyResolver,HierarchyResolver groupHierarchyResolver)
+ {
+ super(persistenceStore,roleHierarchyResolver,groupHierarchyResolver);
+
+ }
+
+ /**
* @see org.apache.jetspeed.security.UserManager#authenticate(java.lang.String,
java.lang.String)
*/
public boolean authenticate(String username, String password)
Index:
security/src/java/org/apache/jetspeed/security/impl/AggregationHierarchyResolver.java
===================================================================
RCS file: N/A
diff -u /dev/null
security/src/java/org/apache/jetspeed/security/impl/AggregationHierarchyResolver.java
--- /dev/null 2004-06-16 16:13:57.549000000 +0200
+++
security/src/java/org/apache/jetspeed/security/impl/AggregationHierarchyResolver.java
2004-06-15 18:19:31.554568000 +0200
@@ -0,0 +1,78 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.prefs.BackingStoreException;
+import java.util.prefs.Preferences;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.util.ArgUtil;
+
+/**
+ * <p>Implementation for "part of" hierarchy. For Example:
+ * There're roles:
+ * <ul>
+ * <li>roleA</li>
+ * <li>roleA.roleB</li>
+ * <li>roleA.roleB.roleC</li>
+ * </ul>
+ * if a user has the role [roleA] than</p>
+ * <code>user.getSubject().getPrincipals()</code>
+ * returns:
+ * <ul>
+ * <li>/role/roleA</li>
+ * <li>/role/roleA/roleB</li>
+ * <li>/role/roleA/roleB/roleC</li>
+ * </ul>
+ * @author <a href="mailto:[EMAIL PROTECTED]">Artem Grinshtein</a>
+ */
+public class AggregationHierarchyResolver implements HierarchyResolver
+{
+ private static final Log log =
LogFactory.getLog(AggregationHierarchyResolver.class);
+
+ /**
+ * @see org.apache.jetspeed.security.impl.HierarchyResolver#resolve()
+ */
+ public String[] resolve( Preferences prefs ) {
+ ArgUtil.notNull(
+ new Object[] { prefs },
+ new String[] { "preferences" },
+ "resolve(java.util.prefs.Preferences)");
+
+ List list=new ArrayList();
+ processPreferences(prefs,list);
+ return (String [])list.toArray(new String[0]) ;
+ }
+
+
+ protected void processPreferences(Preferences prefs,List list) {
+ list.add(prefs.absolutePath());
+ try
+ {
+ String [] names=prefs.childrenNames();
+ for (int i = 0; i < names.length; i++)
+ {
+ processPreferences(prefs.node(names[i]),list);
+ }
+ }catch(BackingStoreException bse) {
+ log.warn("can't find children of "+prefs.absolutePath(),bse);
+ }
+
+ }
+
+}
Index:
security/src/java/org/apache/jetspeed/security/impl/GeneralizationHierarchyResolver.java
===================================================================
RCS file: N/A
diff -u /dev/null
security/src/java/org/apache/jetspeed/security/impl/GeneralizationHierarchyResolver.java
--- /dev/null 2004-06-16 16:13:57.749000000 +0200
+++
security/src/java/org/apache/jetspeed/security/impl/GeneralizationHierarchyResolver.java
2004-06-15 17:52:04.946862400 +0200
@@ -0,0 +1,56 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.prefs.Preferences;
+
+import org.apache.jetspeed.util.ArgUtil;
+
+/**
+ * <p>Implementation for "is a" hierarchy. For Example:
+ * if a user has the role [roleA.roleB.roleC] than</p>
+ * <code>user.getSubject().getPrincipals()</code>
+ * returns:
+ * <ul>
+ * <li>/role/roleA</li>
+ * <li>/role/roleA/roleB</li>
+ * <li>/role/roleA/roleB/roleC</li>
+ * </ul>
+ * @author <a href="mailto:[EMAIL PROTECTED]">Artem Grinshtein</a>
+ */
+public class GeneralizationHierarchyResolver implements HierarchyResolver
+{
+
+ /**
+ * @see org.apache.jetspeed.security.impl.HierarchyResolver#resolve()
+ */
+ public String[] resolve( Preferences prefs ) {
+ ArgUtil.notNull(
+ new Object[] { prefs },
+ new String[] { "preferences" },
+ "resolve(java.util.prefs.Preferences)");
+
+ List list=new ArrayList();
+ Preferences preferences=prefs;
+ while( (preferences.parent()!=null) && (preferences.parent().parent()!=null)
) {
+ list.add(preferences.absolutePath());
+ preferences=preferences.parent();
+ }
+ return (String [])list.toArray(new String[0]) ;
+ }
+
+}
Index: security/src/java/org/apache/jetspeed/security/impl/HierarchyResolver.java
===================================================================
RCS file: N/A
diff -u /dev/null
security/src/java/org/apache/jetspeed/security/impl/HierarchyResolver.java
--- /dev/null 2004-06-16 16:13:57.799000000 +0200
+++ security/src/java/org/apache/jetspeed/security/impl/HierarchyResolver.java
2004-06-09 23:27:48.409307200 +0200
@@ -0,0 +1,33 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.impl;
+
+import java.util.prefs.Preferences;
+
+/**
+ * <p>This class allows to implement different types of groups/roles hierarchy.</p>
+ * @author <a href="mailto:[EMAIL PROTECTED]">Artem Grinshtein</a>
+ */
+public interface HierarchyResolver
+{
+
+ /**
+ * <p>Returns absolute path names of the dependcy roles/groups.</p>
+ * @param prefs Preferences for the role/group
+ * @return Returns absolute path names of the dependcy roles/groups.
+ */
+ public String[] resolve( Preferences prefs );
+
+}
Index: security/src/test/org/apache/jetspeed/security/TestAggregationHierarchy.java
===================================================================
RCS file: N/A
diff -u /dev/null
security/src/test/org/apache/jetspeed/security/TestAggregationHierarchy.java
--- /dev/null 2004-06-16 16:13:57.859000000 +0200
+++ security/src/test/org/apache/jetspeed/security/TestAggregationHierarchy.java
2004-06-16 14:50:38.751172800 +0200
@@ -0,0 +1,193 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+import java.util.Collection;
+
+import javax.security.auth.Subject;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.jetspeed.security.impl.AggregationHierarchyResolver;
+import org.apache.jetspeed.security.impl.GroupManagerImpl;
+import org.apache.jetspeed.security.impl.PermissionManagerImpl;
+import org.apache.jetspeed.security.impl.RdbmsPolicy;
+import org.apache.jetspeed.security.impl.RoleManagerImpl;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+import org.apache.jetspeed.security.impl.SecurityProviderImpl;
+import org.apache.jetspeed.security.impl.UserManagerImpl;
+
+/**
+ * <p>Unit testing for [EMAIL PROTECTED] AggregationHierarchyResolver}.</p>
+ *
+ * @author <a href="mailto:[EMAIL PROTECTED]">Artem Grinshtein</a>
+ */
+public class TestAggregationHierarchy extends AbstractSecurityTestcase
+{
+
+ /**
+ * <p>Defines the test case name for junit.</p>
+ * @param testName The test case name.
+ */
+ public TestAggregationHierarchy(String testName)
+ {
+ super(testName);
+ }
+
+ /**
+ * @see junit.framework.TestCase#setUp()
+ */
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ ums = new UserManagerImpl(persistenceStore, new
AggregationHierarchyResolver(),new AggregationHierarchyResolver());
+ gms = new GroupManagerImpl(persistenceStore);
+ rms =new RoleManagerImpl(persistenceStore);
+ pms = new PermissionManagerImpl(persistenceStore);
+ new SecurityProviderImpl("login.conf", new RdbmsPolicy(pms), ums);
+ }
+
+
+ /**
+ * @see junit.framework.TestCase#tearDown()
+ */
+ public void tearDown() throws Exception
+ {
+ destroyUserObject();
+ super.tearDown();
+ }
+
+
+
+ public static Test suite()
+ {
+ return new TestSuite(TestAggregationHierarchy.class);
+ }
+
+
+ /**
+ * <p>Test RoleManager.</p>
+ */
+ public void testRoleMenager()
+ {
+
+ User user = null;
+ try
+ {
+ ums.addUser("test", "password");
+ user = ums.getUser("test");
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("user exists. should not have thrown an exception.", false);
+ }
+ assertNotNull("user is null", user);
+
+ try
+ {
+ rms.addRole("rootrole");
+ rms.addRole("rootrole.childrole1");
+ rms.addRole("rootrole.childrole2");
+
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("add roles. should not have thrown an exception.", false);
+ }
+
+ try
+ {
+ rms.addRoleToUser("test","rootrole");
+
+ user = ums.getUser("test");
+ Subject subject = user.getSubject();
+ assertNotNull("subject is null", subject);
+ Collection principals=getPrincipals(subject,RolePrincipal.class);
+ assertEquals("should have 3 principals;", 3,principals.size());
+ assertTrue(
+ "should contain rootrole",
+ principals.contains(new RolePrincipalImpl("rootrole")));
+ assertTrue(
+ "should contain rootrole.childrole1",
+ principals.contains(new
RolePrincipalImpl("rootrole.childrole1")));
+ assertTrue(
+ "should contain rootrole.childrole2",
+ principals.contains(new
RolePrincipalImpl("rootrole.childrole2")));
+
+
+ rms.removeRoleFromUser("test","rootrole");
+
+ user = ums.getUser("test");
+ principals= getPrincipals(user.getSubject(),RolePrincipal.class);
+ assertEquals("should not have any principals;", 0,principals.size());
+
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("test with parent role "+sex.getMessage(), false);
+ }
+
+ try
+ {
+ rms.addRoleToUser("test","rootrole.childrole1");
+
+ user = ums.getUser("test");
+ Subject subject = user.getSubject();
+ assertNotNull("subject is null", subject);
+ Collection principals=getPrincipals(subject,RolePrincipal.class);
+ assertEquals("shoud have 1 principal;", 1,principals.size());
+
+ assertTrue(
+ "should contain rootrole.childrole1",
+ principals.contains(new
RolePrincipalImpl("rootrole.childrole1")));
+
+
+ rms.removeRoleFromUser("test","rootrole.childrole1");
+
+ user = ums.getUser("test");
+ principals=getPrincipals(user.getSubject(),RolePrincipal.class);
+ assertEquals("should not have any principals;", 0,principals.size());
+
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("test with child role "+sex.getMessage(), false);
+ }
+
+
+ }
+
+
+ /**
+ * <p>Destroy user test object.</p>
+ */
+ protected void destroyUserObject()
+ {
+ try
+ {
+
+ if (ums.userExists("test")) ums.removeUser("test");
+ if (rms.roleExists("rootrole")) rms.removeRole("rootrole");
+
+
+ }
+ catch (SecurityException sex)
+ {
+ System.out.println("could not remove test users. exception caught: " +
sex);
+ }
+ }
+
+}
Index: security/src/test/org/apache/jetspeed/security/TestGeneralizationHierarchy.java
===================================================================
RCS file: N/A
diff -u /dev/null
security/src/test/org/apache/jetspeed/security/TestGeneralizationHierarchy.java
--- /dev/null 2004-06-16 16:13:57.909000000 +0200
+++ security/src/test/org/apache/jetspeed/security/TestGeneralizationHierarchy.java
2004-06-16 14:59:50.474512000 +0200
@@ -0,0 +1,173 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+import java.util.Collection;
+
+import javax.security.auth.Subject;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.jetspeed.security.impl.GeneralizationHierarchyResolver;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+
+/**
+ * <p>Unit testing for [EMAIL PROTECTED] GeneralizationHierarchyResolver}.</p>
+ *
+ * @author <a href="mailto:[EMAIL PROTECTED]">Artem Grinshtein</a>
+ */
+public class TestGeneralizationHierarchy extends AbstractSecurityTestcase
+{
+
+ /**
+ * <p>Defines the test case name for junit.</p>
+ * @param testName The test case name.
+ */
+ public TestGeneralizationHierarchy(String testName)
+ {
+ super(testName);
+ }
+
+
+ /**
+ * @see junit.framework.TestCase#tearDown()
+ */
+ public void tearDown() throws Exception
+ {
+ destroyUserObject();
+ super.tearDown();
+ }
+
+
+
+ public static Test suite()
+ {
+ return new TestSuite(TestGeneralizationHierarchy.class);
+ }
+
+
+ /**
+ * <p>Test RoleManager.</p>
+ */
+ public void testRoleMenager()
+ {
+
+ User user = null;
+ try
+ {
+ ums.addUser("test", "password");
+ user = ums.getUser("test");
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("user exists. should not have thrown an exception.", false);
+ }
+ assertNotNull("user is null", user);
+
+ try
+ {
+ rms.addRole("rootrole");
+ rms.addRole("rootrole.childrole1");
+ rms.addRole("rootrole.childrole2");
+
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("add roles. should not have thrown an exception.", false);
+ }
+
+ try
+ {
+ rms.addRoleToUser("test","rootrole");
+
+ user = ums.getUser("test");
+ Subject subject = user.getSubject();
+ assertNotNull("subject is null", subject);
+ Collection principals=getPrincipals(subject,RolePrincipal.class);
+ assertEquals("shoud have one principal;", 1,principals.size());
+
+ assertTrue(
+ "should contain rootrole",
+ principals.contains(new RolePrincipalImpl("rootrole")));
+
+ rms.removeRoleFromUser("test","rootrole");
+
+ user = ums.getUser("test");
+ principals= getPrincipals(user.getSubject(),RolePrincipal.class);
+ assertEquals("shoud not have any principals;", 0,principals.size());
+
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("test with parent role "+sex.getMessage(), false);
+ }
+
+ try
+ {
+ rms.addRoleToUser("test","rootrole.childrole1");
+
+ user = ums.getUser("test");
+ Subject subject = user.getSubject();
+ assertNotNull("subject is null", subject);
+ Collection principals=getPrincipals(subject,RolePrincipal.class);
+ assertEquals("expected 2 principals;", 2,principals.size());
+
+ assertTrue(
+ "should contain rootrole",
+ principals.contains(new RolePrincipalImpl("rootrole")));
+
+ assertTrue(
+ "should contain rootrole",
+ principals.contains(new
RolePrincipalImpl("rootrole.childrole1")));
+
+ rms.removeRoleFromUser("test","rootrole.childrole1");
+
+ user = ums.getUser("test");
+ principals=getPrincipals(user.getSubject(),RolePrincipal.class);
+ assertEquals("shoud not have any principals;", 0,principals.size());
+
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("test with child role "+sex.getMessage(), false);
+ }
+
+
+ }
+
+
+
+
+ /**
+ * <p>Destroy user test object.</p>
+ */
+ protected void destroyUserObject()
+ {
+ try
+ {
+
+ if (ums.userExists("test")) ums.removeUser("test");
+ if (rms.roleExists("rootrole")) rms.removeRole("rootrole");
+
+
+ }
+ catch (SecurityException sex)
+ {
+ System.out.println("could not remove test users. exception caught: " +
sex);
+ }
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
