directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: rev 6732 - in incubator/directory/janus/trunk/authorization: api api/src api/src/java api/src/java/org api/src/java/org/apache api/src/java/org/apache/janus api/src/java/org/apache/janus/authorization api/src/java/org/apache/janus/authorization/policy api/src/java/org/apache/janus/authorization/role impl impl/src impl/src/java impl/src/java/org impl/src/java/org/apache impl/src/java/org/apache/janus impl/src/java/org/apache/janus/authorization impl/src/java/org/apache/janus/authorization/policy impl/src/java/org/apache/janus/authorization/role impl/src/test impl/src/test/org impl/src/test/org/apache impl/src/test/org/apache/janus impl/src/test/org/apache/janus/authorization impl/src/test/org/apache/janus/authorization/policy impl/src/test/org/apache/janus/authorization/role xml
Date Wed, 18 Feb 2004 23:19:38 GMT
Author: vtence
Date: Wed Feb 18 15:19:37 2004
New Revision: 6732

Added:
   incubator/directory/janus/trunk/authorization/api/
   incubator/directory/janus/trunk/authorization/api/project.xml   (contents, props changed)
   incubator/directory/janus/trunk/authorization/api/src/
   incubator/directory/janus/trunk/authorization/api/src/java/
   incubator/directory/janus/trunk/authorization/api/src/java/org/
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Authorizer.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Permission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/Grant.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/RoleManager.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/
   incubator/directory/janus/trunk/authorization/impl/project.xml   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/
   incubator/directory/janus/trunk/authorization/impl/src/java/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AbstractPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AccessPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/BasicPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/PermissionGrant.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/CheckedPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Interdiction.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Right.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java   (contents, props changed)
   incubator/directory/janus/trunk/authorization/xml/
Log:
o Implemented DIR-8

Added: incubator/directory/janus/trunk/authorization/api/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/project.xml	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+    <extend>${basedir}/../../project.xml</extend>
+
+    <name>Janus Authorization API</name>
+    <id>janus-authorization-api</id>
+    <package>org.apache.janus.authorization</package>
+
+    <shortDescription>Janus Authorization API</shortDescription>
+
+    <description>
+    Authorization API for the Janus Security Framework
+    </description>
+
+    <dependencies>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-authentication-api</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Authorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Authorizer.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.Subject;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Authorizer
+{
+    boolean checkAuthorization( Subject subject, Permission permission );
+}

Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Permission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/Permission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,32 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Permission
+{
+    String getResource();
+
+    String[] actions();
+
+    /**
+     * Checks if the specified permission's actions are "implied by" this object's actions.
+     */
+    boolean implies( Permission permission );
+}
\ No newline at end of file

Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,32 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface PolicyContext
+{
+    /**
+     * This method is used to determine if a role has a given permission.
+     */
+    boolean checkPermission( String roleName, Permission permission );
+
+    boolean requiresPriviledges( Permission permission );
+}

Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/Grant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/Grant.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Grant
+{
+    boolean given( String roleName );
+}

Added: incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/RoleManager.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/api/src/java/org/apache/janus/authorization/role/RoleManager.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface RoleManager
+{
+    boolean isPrincipalInRole( Principal p, Grant grant );
+}

Added: incubator/directory/janus/trunk/authorization/impl/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/project.xml	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+    <extend>${basedir}/../../project.xml</extend>
+
+    <name>Janus Authorization API Implementation</name>
+    <id>janus-authorization-impl</id>
+    <package>org.apache.janus.authorization</package>
+
+    <shortDescription>Janus Authorization API Implementation</shortDescription>
+
+    <description>
+    Implementation of the Janus Security Framework Authorization API
+    </description>
+
+    <dependencies>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-authentication-api</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-authentication-impl</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-authorization-api</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AbstractPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AbstractPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,61 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public abstract class AbstractPermission implements Permission
+{
+    private final String m_resource;
+
+    protected AbstractPermission( String resource )
+    {
+        if ( resource == null )
+        {
+            throw new NullPointerException( "resource can't be null" );
+        }
+
+        if ( resource.length() == 0 )
+        {
+            throw new IllegalArgumentException( "resource can't be empty" );
+        }
+        m_resource = resource;
+    }
+
+    public String getResource()
+    {
+        return m_resource;
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof AbstractPermission ) ) return false;
+
+        final AbstractPermission abstractPermission = (AbstractPermission) o;
+
+        if ( !m_resource.equals( abstractPermission.m_resource ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return m_resource.hashCode();
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AccessPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/AccessPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class AccessPermission extends BasicPermission
+{
+    public AccessPermission( String resource )
+    {
+        super( resource );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/BasicPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/BasicPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,47 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class BasicPermission extends AbstractPermission
+{
+    private static final String[] NO_ACTIONS = new String[0];
+
+    public BasicPermission( String resource )
+    {
+        super( resource );
+    }
+
+    public String[] actions()
+    {
+        return NO_ACTIONS;
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return equals( permission );
+    }
+
+    public boolean equals( Object o )
+    {
+        if (!(o instanceof BasicPermission)) return false;
+
+        return super.equals( o );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,59 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.Subject;
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.RoleManager;
+
+import java.util.Set;
+import java.util.Iterator;
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthorizer implements Authorizer
+{
+    private final PolicyContext m_policyContext;
+    private final RoleManager m_roleManager;
+
+    public DefaultAuthorizer( PolicyContext policyContext,
+                              RoleManager roleManager )
+    {
+        m_policyContext = policyContext;
+        m_roleManager = roleManager;
+    }
+
+    public boolean checkAuthorization( Subject subject, Permission permission )
+    {
+        if ( !m_policyContext.requiresPriviledges( permission ) ) return true;
+
+        Set principals = subject.getPrincipals();
+        for ( Iterator it = principals.iterator(); it.hasNext(); )
+        {
+            final Principal p = (Principal) it.next();
+            if ( m_roleManager.isPrincipalInRole( p,
+                    new PermissionGrant( m_policyContext, permission ) ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/PermissionGrant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/PermissionGrant.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.Grant;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class PermissionGrant implements Grant
+{
+    private final PolicyContext m_policyContext;
+    private final Permission m_permission;
+
+    public PermissionGrant( PolicyContext policyContext,
+                            Permission permission )
+    {
+        m_permission = permission;
+        m_policyContext = policyContext;
+    }
+
+    public boolean given( String roleName )
+    {
+        return m_policyContext.checkPermission( roleName, m_permission );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,66 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+
+public class DefaultPolicyContext implements PolicyContext
+{
+    private final PermissionCollection m_excludedPermissions;
+    private final Set m_roles;
+
+    public DefaultPolicyContext( Set roles, Collection excludedPermissions )
+    {
+        m_roles = new HashSet( roles );
+        m_excludedPermissions = new PermissionCollection( excludedPermissions );
+    }
+
+    public boolean checkPermission( String roleName, Permission permission )
+    {
+        if (m_excludedPermissions.dependsOn( permission )) return false;
+
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            final RoleEntry role = (RoleEntry) it.next();
+            if (role.is( roleName )) return role.implies( permission );
+        }
+
+        return true;
+    }
+
+    public boolean requiresPriviledges( Permission permission )
+    {
+        if (m_excludedPermissions.implies( permission )) return true;
+
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            final RoleEntry role = (RoleEntry) it.next();
+            if (role.implies( permission )) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,58 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class PermissionCollection
+{
+    private final Collection m_permissions;
+
+    public PermissionCollection( Collection permissions )
+    {
+        m_permissions = new HashSet( permissions );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        for ( Iterator it = m_permissions.iterator(); it.hasNext(); )
+        {
+            Permission p = (Permission) it.next();
+            if (p.implies( permission )) return true;
+        }
+
+        return false;
+    }
+
+    public boolean dependsOn( Permission permission )
+    {
+        for ( Iterator it = m_permissions.iterator(); it.hasNext(); )
+        {
+            Permission p = (Permission) it.next();
+            if (permission.implies( p )) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleEntry
+{
+    private final String m_roleName;
+    private final PermissionCollection m_permissions;
+
+    public RoleEntry( String roleName, Set permissions )
+    {
+        m_roleName = roleName;
+        m_permissions = new PermissionCollection( permissions );
+    }
+
+    public boolean is( String roleName )
+    {
+        return m_roleName.equals( roleName );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return m_permissions.implies( permission );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,47 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRoleManager implements RoleManager
+{
+    private final Collection m_roles;
+
+    public DefaultRoleManager( Collection roles )
+    {
+        m_roles = new ArrayList( roles );
+    }
+
+    public boolean isPrincipalInRole( Principal p, Grant grant )
+    {
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            RoleMapping mapping = (RoleMapping) it.next();
+            if ( mapping.inRole( p ) && mapping.given( grant ) ) return true;
+        }
+
+        return false;
+    }
+
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+import java.util.Collection;
+import java.util.HashSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleMapping
+{
+    private final String m_roleName;
+    private final Collection m_principals;
+
+    public RoleMapping( String roleName, Collection principals )
+    {
+        m_roleName = roleName;
+        m_principals = new HashSet( principals );
+    }
+
+    public boolean inRole( Principal p )
+    {
+        return m_principals.contains( p );
+    }
+
+    public boolean given( Grant g )
+    {
+        return g.given( m_roleName );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/CheckedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/CheckedPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class CheckedPermission extends BasicPermission
+{
+    public CheckedPermission()
+    {
+        super( "protected" );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,120 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import com.mockobjects.dynamic.C;
+import com.mockobjects.dynamic.Mock;
+import junit.framework.TestCase;
+import org.apache.janus.DefaultSubject;
+import org.apache.janus.Subject;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.authentication.realm.GroupPrincipal;
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.RoleManager;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthorizerTest extends TestCase
+{
+    private DefaultAuthorizer m_authorizer;
+    private Mock m_mockPolicyContext;
+    private Mock m_mockRoleManager;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultAuthorizerTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_mockPolicyContext = new Mock( PolicyContext.class );
+        m_mockRoleManager = new Mock( RoleManager.class );
+        m_authorizer = new DefaultAuthorizer( (PolicyContext) m_mockPolicyContext.proxy(),
+                (RoleManager) m_mockRoleManager.proxy() );
+
+    }
+
+    public void testUncheckedPermissionsAreGrantedToAnyone()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new UncheckedPermission(), false );
+        assertTrue( "Unchecked permission was not granted",
+                m_authorizer.checkAuthorization( user( "johnDoe" ),
+                        new UncheckedPermission() ) );
+    }
+
+    public void testSubjectWithoutPrincipalIsNotAuthorized()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new CheckedPermission(), true );
+
+        assertFalse( "Authorization given to subject with no role",
+                m_authorizer.checkAuthorization( new DefaultSubject(),
+                        new CheckedPermission() ) );
+    }
+
+    public void testSubjectWithASinglePrincipalIsAuthorizedIfPrincipalIsInRole()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new CheckedPermission(), true );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new UsernamePrincipal( "johnDoe" ) ), C.isA( PermissionGrant.class ) ),
+                true );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new UsernamePrincipal( "janeDoe" ) ), C.isA( PermissionGrant.class ) ),
+                false );
+
+        assertTrue( "Principal in role did not get authorization",
+                m_authorizer.checkAuthorization( user( "johnDoe" ),
+                        new CheckedPermission() ) );
+        assertFalse( "Principal not in role did get authorization",
+                m_authorizer.checkAuthorization( user( "janeDoe" ),
+                        new CheckedPermission() ) );
+    }
+
+    public void testSubjectWithSeveralPrincipalsIsAuthorizedIfOnePrincipalIsInRole()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new CheckedPermission(), true );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new GroupPrincipal( "women" ) ), C.isA( PermissionGrant.class ) ),
+                false );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new UsernamePrincipal( "janeDoe" ) ), C.isA( PermissionGrant.class ) ),
+                true );
+
+        assertTrue( "Subject with principal in role did not get authorization",
+                m_authorizer.checkAuthorization( member( "janeDoe", "women" ),
+                        new CheckedPermission() ) );
+    }
+
+    private Subject user( String username )
+    {
+        DefaultSubject subject = new DefaultSubject();
+        subject.addPrincipal( new UsernamePrincipal( username ) );
+        return subject;
+    }
+
+    private Subject member( String username, String groupName )
+    {
+        DefaultSubject subject = new DefaultSubject();
+        subject.addPrincipal( new UsernamePrincipal( username ) );
+        subject.addPrincipal( new GroupPrincipal( groupName ) );
+        return subject;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class ExcludedPermission extends BasicPermission
+{
+    public ExcludedPermission()
+    {
+        super( "private" );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class UncheckedPermission extends BasicPermission
+{
+    public UncheckedPermission()
+    {
+        super( "public" );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,139 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.CheckedPermission;
+import org.apache.janus.authorization.ExcludedPermission;
+import org.apache.janus.authorization.UncheckedPermission;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultPolicyContextTest extends TestCase
+{
+    private DefaultPolicyContext m_policyContext;
+    private Set m_excludedPermissions;
+    private Set m_roles;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultPolicyContextTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_excludedPermissions = new HashSet();
+        m_roles = new HashSet();
+    }
+
+    public void testUncheckedPermissionRequiresNoPriviledge()
+    {
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Permission is unchecked but requires priviledges", m_policyContext.requiresPriviledges( new UncheckedPermission() ) );
+    }
+
+    public void testExcludedPermissionRequiresPriviledges()
+    {
+        m_excludedPermissions.add( new ExcludedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is excluded but requires no priviledge", m_policyContext.requiresPriviledges( new ExcludedPermission() ) );
+    }
+
+    public void testCheckedPermissionRequiresPriviledges()
+    {
+        Set permissions = new HashSet();
+        permissions.add( new CheckedPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is checked but requires no priviledge", m_policyContext.requiresPriviledges( new CheckedPermission() ) );
+    }
+
+    public void testUncheckedPermissionIsGranted()
+    {
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is unchecked yet was denied", m_policyContext.checkPermission( "guest", new UncheckedPermission() ) );
+    }
+
+    public void testExcludedPermissionIsDenied()
+    {
+        m_excludedPermissions.add( new ExcludedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Permission is excluded yet was granted", m_policyContext.checkPermission( "admin", new ExcludedPermission() ) );
+    }
+
+    public void testRoleWithNoPermissionGrantsNothing()
+    {
+        RoleEntry role = new RoleEntry( "member", new HashSet() );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Role has no permission yet it granted one", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+    }
+
+    public void testPermissionGrantedIfInRole()
+    {
+        Set permissions = new HashSet();
+        permissions.add( new CheckedPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Role has permission yet it denied it", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+    }
+
+    public void testExcludedStatementHasPrecedenceOverRoleStatement()
+    {
+        m_excludedPermissions.add( new CheckedPermission() );
+        Set permissions = new HashSet();
+        permissions.add( new CheckedPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Excluded statement did not overrule role statement", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+
+    }
+
+    public void testImpliedPermissionIsGranted()
+    {
+        Set permissions = new HashSet();
+        permissions.add( new FullPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is implied by role permission yet it was denied", m_policyContext.checkPermission( "member", new ReadPermission() ) );
+    }
+
+    public void testImpliyingPermissionIsDenied()
+    {
+        m_excludedPermissions.add( new ReadPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Permission implies excluded permission yet it was granted", m_policyContext.checkPermission( "member", new FullPermission() ) );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class FullPermission extends BasicPermission
+{
+    public FullPermission()
+    {
+        super( "resource" );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return true;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class ReadPermission extends BasicPermission
+{
+    public ReadPermission()
+    {
+        super( "resource" );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,62 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import junit.framework.TestCase;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRoleManagerTest extends TestCase
+{
+    private DefaultRoleManager m_roleManager;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultRoleManagerTest.class );
+    }
+
+    public void testPrincipalWithNoRoleIsNeverInRole()
+    {
+        m_roleManager = new DefaultRoleManager( Collections.EMPTY_SET );
+        assertFalse( "Principal with no role was in role", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Right() ) );
+    }
+
+    public void testSingleRole()
+    {
+        RoleMapping role = new RoleMapping( "member", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) );
+        m_roleManager = new DefaultRoleManager( Collections.singletonList( role ) );
+
+        assertTrue( "Principal did not get right", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Right() ) );
+        assertFalse( "Principal did not get interdiction", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Interdiction() ) );
+    }
+
+    public void testMultipleRole()
+    {
+        Collection roles = new ArrayList();
+        roles.add( new RoleMapping( "guest", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) ) );
+        roles.add( new RoleMapping( "member", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) ) );
+        m_roleManager = new DefaultRoleManager( roles );
+
+        assertTrue( "Role was not matched", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new RoleGrant( "member" ) ) );
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Interdiction.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Interdiction.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Interdiction implements Grant
+{
+    public boolean given( String roleName )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Right.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/Right.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Right implements Grant
+{
+    public boolean given( String roleName )
+    {
+        return true;
+    }
+}

Added: incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/authorization/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java	Wed Feb 18 15:19:37 2004
@@ -0,0 +1,35 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleGrant implements Grant
+{
+    private final String m_roleName;
+
+    public RoleGrant( String roleName )
+    {
+        m_roleName = roleName;
+    }
+
+    public boolean given( String roleName )
+    {
+        return m_roleName.equals( roleName );
+    }
+}

Mime
View raw message