Artem, This is awesome. Thank you for the patch. I am leaving tonight and won't have time to apply the patch, does someone else have the time to take care of this?
Regards, David. --- "Grinshtein, Artem" <[EMAIL PROTECTED]> wrote: > Hello, > > This is a patch for the security component that > enables hierarchical roles and groups. The patch > contains implementation of generalization and > agrregation strategies. The default strategy is > generalization. It's possible to set different > strategies for groups and roles. > > The group/role hierarchy is resolved by adding > grope/role principals dependend on strategy to the > user's subject. > > Regards, > Artem > > > -----Urspr�ngliche Nachricht----- > > Von: David Le Strat [mailto:[EMAIL PROTECTED] > > Gesendet: Dienstag, 8. Juni 2004 03:27 > > An: Jetspeed Developers List > > Betreff: Re: [J2] group and role hierarchy > > > > > > Artem, > > > > You are absolutely correct. We need to tackle > this, > > The current implementation does not do a good job > at > > this yet. Patches are welcome ;) > > > > I believe that the most common implementation is > the > > generalization strategy. This should be the > default > > in my mind. Supporting multiple strategies is I > > believe a nice to have for now. Thoughts? > > > > Regards, > > > > David. > > > > --- "Grinshtein, Artem" > > <[EMAIL PROTECTED]> wrote: > > > Hello All, > > > > > > IMHO, the term "hierarchical" is not clearly > defined > > > in jetspeed. There is more than one meaning for > > > hierarchical roles/groups according to > > > http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf. > > > > For example, there're 3 hierarchical roles: > > > -R1 > > > --R1.1 > > > --R1.2 > > > with persmissions: > > > grand R1 { permission P1 } > > > grand R1.1 { permission P2 } > > > grand R1.2 { permission P3 } > > > > > > By a generalisation hierarchy ("is > a"-hierarchy): > > > R1 has [P1] > > > R1 has [P1,P2] > > > R1 has [P1,P3] > > > > > > and by a agrregation hierarchy ("part of") > > > R1 has [P1,P2,P3] > > > R1 has [P2] > > > R1 has [P3]. > > > > > > What type of hierarchy will be supported? Does > it > > > make any sence to support different types? > > > > > > Regards, > > > Artem > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Friends. Fun. Try the all-new Yahoo! Messenger. > > http://messenger.yahoo.com/ > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > Index: > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java > =================================================================== > RCS File: > /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/AbstractSecurityTestcase.java > retrieving revision 1.1 > diff -u -r1.1 > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java > --- > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java > +++ > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java > 16 Jun 2004 14:19:37 -0000 > @@ -6,6 +6,13 @@ > */ > package org.apache.jetspeed.security; > > +import java.util.ArrayList; > +import java.util.Collection; > +import java.util.Iterator; > +import java.util.List; > + > +import javax.security.auth.Subject; > + > import > org.apache.jetspeed.components.persistence.store.util.PersistenceSupportedTestCase; > import > org.apache.jetspeed.security.impl.GroupManagerImpl; > import > org.apache.jetspeed.security.impl.PermissionManagerImpl; > @@ -54,5 +61,24 @@ > { > super(arg0); > } > + > + /** > + * Returns subject's principals of type claz > + * > + * @param subject > + * @param claz > + * @return Returns subject's principals of type > claz > + */ > + protected Collection getPrincipals( Subject > subject, Class claz){ > + List principals=new ArrayList(); > + for (Iterator iter = > subject.getPrincipals().iterator(); iter.hasNext();) > + { > + Object element = iter.next(); > + if ( claz.isInstance(element) ) > + principals.add(element); > + > + } > + return principals; > + } > > } > Index: > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java > =================================================================== > RCS File: > /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestGroupManager.java > retrieving revision 1.4 > diff -u -r1.4 > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java > --- > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java > +++ > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java > 16 Jun 2004 14:38:02 -0000 > @@ -14,13 +14,9 @@ > */ > package org.apache.jetspeed.security; > > -import java.security.Principal; > import java.util.Collection; > -import java.util.HashSet; > import java.util.prefs.Preferences; > > -import javax.security.auth.Subject; > - > import junit.framework.Test; > import junit.framework.TestSuite; > > @@ -123,15 +119,10 @@ > try > { > gms.addUserToGroup("anonuser1", > "testusertogroup1.group1"); > - Collection principals = > ums.getUser("anonuser1").getSubject().getPrincipals(); > - Principal found = > - SecurityHelper.getPrincipal( > - new Subject(false, new > HashSet(principals), new HashSet(), new HashSet()), > - GroupPrincipal.class); > - assertNotNull("found principal is > null", found); > + Collection principals = > ums.getUser("anonuser1").getSubject().getPrincipals(); > > assertTrue( > - "found principal should be > testusertogroup1.group1, " + found.getName(), > - > found.getName().equals("testusertogroup1.group1")); > + "anonuser1 should contain > testusertogroup1.group1", > + principals.contains(new > GroupPrincipalImpl("testusertogroup1.group1"))); > } > catch (SecurityException sex) > { > @@ -208,10 +199,12 @@ > { > gms.removeGroup("testgroup1.group1"); > Collection principals = > ums.getUser("anonuser2").getSubject().getPrincipals(); > - assertEquals( > - "principal size should be == 3 > after removing testgroup1.group1, for principals: " > + principals.toString(), > - 3, > - principals.size()); > + // because of hierarchical groups > + // > + //assertEquals( > + // "principal size should be == 3 > after removing testgroup1.group1, for principals: " > + principals.toString(), > + // 3, > + // principals.size()); > assertFalse( > "anonuser2 should not contain > testgroup1.group1", > principals.contains(new > GroupPrincipalImpl("testgroup1.group1"))); > Index: > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java > =================================================================== > RCS File: > /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRoleManager.java > retrieving revision 1.4 > diff -u -r1.4 > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java > --- > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java > +++ > jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java > 16 Jun 2004 14:33:39 -0000 > @@ -14,13 +14,9 @@ > */ > package org.apache.jetspeed.security; > > -import java.security.Principal; > import java.util.Collection; > -import java.util.HashSet; > import java.util.prefs.Preferences; > > -import javax.security.auth.Subject; > - > import junit.framework.Test; > import junit.framework.TestSuite; > > @@ -121,15 +117,11 @@ > try > { > rms.addRoleToUser("anonuser1", > "testusertorole1.role1"); > + > Collection principals = > ums.getUser("anonuser1").getSubject().getPrincipals(); > - Principal found = > - SecurityHelper.getPrincipal( > - new Subject(false, new > HashSet(principals), new HashSet(), new HashSet()), > - RolePrincipal.class); > - assertNotNull("found principal is > null", found); > assertTrue( > - "found principal should be > testusertorole1.role1, " + found.getName(), > - > found.getName().equals("testusertorole1.role1")); > + "anonuser1 should contain > testusertorole1.role1", > + principals.contains(new > RolePrincipalImpl("testusertorole1.role1"))); > } > catch (SecurityException sex) > { > @@ -207,10 +199,12 @@ > { > rms.removeRole("testrole1.role1"); > Collection principals = > ums.getUser("anonuser2").getSubject().getPrincipals(); > - assertEquals( > - "principal size should be == 3 > after removing testrole1.role1, for principals: " + > principals.toString(), > === message truncated ===> --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
