directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: rev 6917 - in incubator/directory/janus/trunk: core/api core/api/src core/api/src/java core/api/src/java/org core/api/src/java/org/apache core/api/src/java/org/apache/janus core/api/src/java/org/apache/janus/authentication core/api/src/java/org/apache/janus/authentication/realm core/api/src/java/org/apache/janus/authorization core/api/src/java/org/apache/janus/authorization/policy core/api/src/java/org/apache/janus/authorization/role core/impl core/impl/src core/impl/src/java core/impl/src/java/org core/impl/src/java/org/apache core/impl/src/java/org/apache/janus core/impl/src/java/org/apache/janus/authentication core/impl/src/java/org/apache/janus/authentication/realm core/impl/src/java/org/apache/janus/authorization core/impl/src/java/org/apache/janus/authorization/policy core/impl/src/java/org/apache/janus/authorization/role core/impl/src/test core/impl/src/test/org core/impl/src/test/org/apache core/impl/src/test/org/apache/janus core/impl/src/test/org/apache/janus/authentication core/impl/src/test/org/apache/janus/authentication/realm core/impl/src/test/org/apache/janus/authorization core/impl/src/test/org/apache/janus/authorization/policy core/impl/src/test/org/apache/janus/authorization/role script script/src script/src/java script/src/java/org script/src/java/org/apache script/src/java/org/apache/janus script/src/java/org/apache/janus/script script/src/java/org/apache/janus/script/xml script/src/test script/src/test/org script/src/test/org/apache script/src/test/org/apache/janus script/src/test/org/apache/janus/script script/src/test/org/apache/janus/script/xml
Date Fri, 27 Feb 2004 22:23:01 GMT
Author: vtence
Date: Fri Feb 27 14:22:59 2004
New Revision: 6917

Added:
   incubator/directory/janus/trunk/core/api/project.xml
   incubator/directory/janus/trunk/core/api/src/
   incubator/directory/janus/trunk/core/api/src/java/
   incubator/directory/janus/trunk/core/api/src/java/org/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/AuthenticationException.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/Authenticator.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/Credential.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/CredentialSet.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/MutableRealm.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/Realm.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java   (contents, props changed)
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Permission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java   (contents, props changed)
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/Grant.java   (contents, props changed)
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/RoleManager.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/
   incubator/directory/janus/trunk/core/impl/project.xml
   incubator/directory/janus/trunk/core/impl/src/
   incubator/directory/janus/trunk/core/impl/src/java/
   incubator/directory/janus/trunk/core/impl/src/java/org/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/AbstractPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/AuthenticationMethod.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/CredentialsMatcher.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/DefaultRealm.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/EqualCredentials.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePasswordAuthentication.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/AbstractPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/AccessPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionGrant.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/
   incubator/directory/janus/trunk/core/impl/src/test/org/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/AlwaysMatch.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/DefaultRealmTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/NeverMatch.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/UsernamePasswordAuthenticationTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/CheckedPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SSNPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/Interdiction.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/Right.java   (contents, props changed)
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java   (contents, props changed)
   incubator/directory/janus/trunk/script/project.xml
   incubator/directory/janus/trunk/script/src/
   incubator/directory/janus/trunk/script/src/java/
   incubator/directory/janus/trunk/script/src/java/org/
   incubator/directory/janus/trunk/script/src/java/org/apache/
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RealmBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RealmBuilderMonitor.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRealmBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NullRealmBuilderMonitor.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/XMLRealm.java
   incubator/directory/janus/trunk/script/src/test/
   incubator/directory/janus/trunk/script/src/test/org/
   incubator/directory/janus/trunk/script/src/test/org/apache/
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRealmBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/XMLRealmTest.java
Log:
o Simplified directory stucture

Added: incubator/directory/janus/trunk/core/api/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/project.xml	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+    <extend>${basedir}/../../project.xml</extend>
+
+    <name>Janus API</name>
+    <id>janus-api</id>
+    <package>org.apache.janus</package>
+
+    <shortDescription>Janus API</shortDescription>
+
+    <description>
+    Janus Security Framework APIs
+    </description>
+
+</project>
\ No newline at end of file

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/AuthenticationException.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/AuthenticationException.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,31 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+/**
+ * /**
+ * Thrown if there is a problem performing authentication.
+ *
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class AuthenticationException extends Exception
+{
+    public AuthenticationException( String s )
+    {
+        super( s );
+    }
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/Authenticator.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/Authenticator.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+import javax.security.auth.Subject;
+
+/**
+ * <i><strong>Warning:</strong> This is experimental. Don't know yet if authenticator
+ * may use a single realm or several realms to perform authentication. In the case of several realms,
+ * each realm will probably support a unique authentication method and the argument to <code>authenticate</code>
+ * will change to a grouping of credential collections.</i>
+ *
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Authenticator
+{
+    /**
+     * Returns a populated Subject with the principals which represent the
+     * identity of the user as well as any other principal for which permissions may be associated.
+     * <p/>
+     * If the configured realm implementation has <code>GroupSupport</code> then this
+     * authenticator may choose to add a principal for each group the user is a member of.
+     *
+     * @param credentials A collection of credential objects provided as proof of identity
+     * @return a Subject populated with appropriate principals
+     * @throws AuthenticationException
+     *          thrown if there is a problem during authentication
+     */
+    Subject authenticate( CredentialSet credentials )
+            throws AuthenticationException;
+}
+

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/Credential.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/Credential.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,78 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+import java.io.Serializable;
+
+/**
+ * Class representing a unit of proof of identity.
+ * <p/>
+ * A credential is represented by a type and a value.
+ *
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public final class Credential implements Serializable
+{
+    private final String m_type;
+    private final Object m_value;
+
+    /**
+     * Constructs a new credential object with the given type
+     * and value.
+     */
+    public Credential( String type, Object value )
+    {
+        m_type = type;
+        m_value = value;
+    }
+
+    public boolean isOfType( String type )
+    {
+        return m_type.equals( type );
+    }
+
+    public Object getValue()
+    {
+        return m_value;
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !(o instanceof Credential) ) return false;
+
+        final Credential credential = (Credential) o;
+
+        if ( !m_type.equals( credential.m_type ) ) return false;
+        if ( !m_value.equals( credential.m_value ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        int result;
+        result = m_type.hashCode();
+        result = 29 * result + m_value.hashCode();
+        return result;
+    }
+
+    public String toString()
+    {
+        return "[type = " + m_type + ", value = " + m_value + "]";
+    }
+}
\ No newline at end of file

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/CredentialSet.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/CredentialSet.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,151 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * Declared final so we make sure no imposter implementation is possible.
+ *
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public final class CredentialSet
+{
+    private final Set m_credentials;
+
+    public CredentialSet()
+    {
+        this( Collections.EMPTY_SET );
+    }
+
+    public CredentialSet( CredentialSet credentials )
+    {
+        this( credentials.elements() );
+    }
+
+    public CredentialSet( Collection credentials )
+    {
+        m_credentials = new HashSet( credentials );
+    }
+
+    public boolean add( Credential c )
+    {
+        return m_credentials.add( c );
+    }
+
+    /**
+     * Checks if this credential set contains credentials.
+     *
+     * @return true is this set is empty, false if it contains
+     *         at least one credential.
+     */
+    public boolean isEmpty()
+    {
+        return m_credentials.isEmpty();
+    }
+
+    /**
+     * Returns a collection containing all the credential objects
+     * in the current collection.
+     *
+     * @return an unmodifiable collection of all the credentials in this set.
+     */
+    public Set elements()
+    {
+        return Collections.unmodifiableSet( m_credentials );
+    }
+
+    /**
+     * Returns a subset of the current set
+     * of credentials composed of all credentials
+     * of the given type.
+     *
+     * @param type of credential to be returned.
+     * @return a new CredentialSet containing all
+     *         of the Credential objects of the given type.
+     */
+    public CredentialSet getCredentials( String type )
+    {
+        final CredentialSet subSet = new CredentialSet();
+        for ( Iterator it = m_credentials.iterator(); it.hasNext(); )
+        {
+            final Credential c = (Credential) it.next();
+            if ( c.isOfType( type ) ) subSet.add( c );
+        }
+
+        return subSet;
+    }
+
+    public Credential getCredential( String type )
+    {
+        for ( Iterator it = m_credentials.iterator(); it.hasNext(); )
+        {
+            final Credential c = (Credential) it.next();
+            if ( c.isOfType( type ) ) return c;
+        }
+
+        return null;
+    }
+
+    public int size()
+    {
+        return m_credentials.size();
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !(o instanceof CredentialSet) ) return false;
+
+        final CredentialSet credentialSet = (CredentialSet) o;
+
+        if ( !m_credentials.equals( credentialSet.m_credentials ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return m_credentials.hashCode();
+    }
+
+    public String toString()
+    {
+        if ( isEmpty() ) return "{}";
+
+        StringBuffer sb = new StringBuffer( "{" );
+        for ( Iterator it = m_credentials.iterator(); it.hasNext(); )
+        {
+            Credential c = (Credential) it.next();
+            sb.append( c ).append( ", " );
+        }
+
+        removeTrailingSeparator( sb );
+        sb.append( "}" );
+
+        return sb.toString();
+    }
+
+    private void removeTrailingSeparator( StringBuffer sb )
+    {
+        sb.setLength( sb.length() - 2 );
+    }
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/MutableRealm.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/MutableRealm.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface MutableRealm extends Realm
+{
+    boolean addIdentity( CredentialSet credentials );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/Realm.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/realm/Realm.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,29 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Realm
+{
+    Principal validateCredentials( CredentialSet credentials );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Authorizer
+{
+    boolean checkAuthorization( Subject subject, Permission permission );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Permission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Permission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,32 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Permission
+{
+    String getResource();
+
+    String[] actions();
+
+    /**
+     * Checks if the specified permission's actions are "implied by" this object's actions.
+     */
+    boolean implies( Permission permission );
+}
\ No newline at end of file

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/policy/PolicyContext.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,32 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface PolicyContext
+{
+    /**
+     * This method is used to determine if a role has a given permission.
+     */
+    boolean checkPermission( String roleName, Permission permission );
+
+    boolean requiresPriviledges( Permission permission );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/Grant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/Grant.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface Grant
+{
+    boolean given( String roleName );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/RoleManager.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/RoleManager.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface RoleManager
+{
+    boolean isPrincipalInRole( Principal p, Grant grant );
+}

Added: incubator/directory/janus/trunk/core/impl/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/project.xml	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+    <extend>${basedir}/../../project.xml</extend>
+
+    <name>Janus Implementation</name>
+    <id>janus-impl</id>
+    <package>org.apache.janus</package>
+
+    <shortDescription>Janus Implementation</shortDescription>
+
+    <description>
+    Implementation of the Janus Security Framework APIs
+    </description>
+
+    <dependencies>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-api</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,52 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+import org.apache.janus.authentication.realm.Realm;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * An implementation of an authenticator that uses a single realm to perform authentication.
+ * 
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthenticator implements Authenticator
+{
+    private final Realm m_realm;
+
+    public DefaultAuthenticator( Realm realm )
+    {
+        m_realm = realm;
+    }
+
+    public Subject authenticate( CredentialSet credentials )
+            throws AuthenticationException
+    {
+        Principal p = m_realm.validateCredentials( credentials );
+        if ( p == null )
+        {
+            throw new AuthenticationException( "Credentials rejected" );
+        }
+
+        Subject subject = new Subject();
+        subject.getPrincipals().add( p );
+
+        return subject;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/AbstractPrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/AbstractPrincipal.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,68 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import java.security.Principal;
+
+/**
+ * A principal name is unique within the set
+ * of principals of the same type.
+ *
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public abstract class AbstractPrincipal implements Principal
+{
+    private final String m_name;
+
+    public AbstractPrincipal( String name )
+    {
+        if ( name == null ) throw new NullPointerException( "name" );
+        if ( name.equals( "" ) )
+        {
+            throw new IllegalArgumentException( "Empty name" );
+        }
+        m_name = name;
+    }
+
+    public String getName()
+    {
+        return m_name;
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof AbstractPrincipal ) ) return false;
+
+        final AbstractPrincipal abstractPrincipal = (AbstractPrincipal) o;
+
+        if ( !m_name.equals( abstractPrincipal.m_name ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return m_name.hashCode();
+    }
+
+    public String toString()
+    {
+        return "name=" + m_name;
+    }
+}
+

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/AuthenticationMethod.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/AuthenticationMethod.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,33 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface AuthenticationMethod
+{
+    Principal getPrincipal( CredentialSet credentialSet );
+
+    boolean supports( CredentialSet credentialSet );
+
+    CredentialsMatcher matcher( CredentialSet credentials );
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/CredentialsMatcher.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/CredentialsMatcher.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface CredentialsMatcher
+{
+    boolean matches( CredentialSet creds );
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/DefaultRealm.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/DefaultRealm.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,77 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRealm implements MutableRealm
+{
+    private final AuthenticationMethod m_authenticationMethod;
+    private final Collection m_identities;
+
+    public DefaultRealm( AuthenticationMethod authenticationMethod )
+    {
+        m_authenticationMethod = authenticationMethod;
+        m_identities = new ArrayList();
+    }
+
+    public Principal validateCredentials( CredentialSet credentials )
+    {
+        if ( !m_authenticationMethod.supports( credentials ) ) return null;
+        if ( !contains( credentials ) ) return null;
+
+        return m_authenticationMethod.getPrincipal( credentials );
+    }
+
+    public boolean addIdentity( CredentialSet credentials )
+    {
+        if ( !m_authenticationMethod.supports( credentials ) )
+        {
+            throw new IllegalArgumentException(
+                    "Credentials not supported by authentication method" );
+        }
+        if ( contains( credentials ) ) return false;
+        m_identities.add( new CredentialSet( credentials ) );
+
+        return true;
+    }
+
+    private boolean contains( CredentialSet credentials )
+    {
+        CredentialsMatcher criterion = m_authenticationMethod.matcher( credentials );
+        return search( criterion );
+    }
+
+    public boolean search( CredentialsMatcher criterion )
+    {
+        for ( Iterator it = m_identities.iterator(); it.hasNext(); )
+        {
+            CredentialSet creds = (CredentialSet) it.next();
+            if ( criterion.matches( creds ) ) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/EqualCredentials.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/EqualCredentials.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class EqualCredentials implements CredentialsMatcher
+{
+    private final CredentialSet m_toMatch;
+
+    public EqualCredentials( CredentialSet credentials )
+    {
+        m_toMatch = credentials;
+    }
+
+    public boolean matches( CredentialSet creds )
+    {
+        return m_toMatch.equals( creds );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePasswordAuthentication.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePasswordAuthentication.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,55 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.Credential;
+import org.apache.janus.authentication.CredentialSet;
+
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class UsernamePasswordAuthentication implements AuthenticationMethod
+{
+    public UsernamePasswordAuthentication()
+    {
+    }
+
+    public Principal getPrincipal( CredentialSet credentialSet )
+    {
+        Credential username = credentialSet.getCredential( "username" );
+        return new UsernamePrincipal( username.getValue().toString() );
+    }
+
+    public boolean supports( CredentialSet credentialSet )
+    {
+        if ( credentialSet.size() != 2 ) return false;
+        CredentialSet usernames = credentialSet.getCredentials( "username" );
+        if ( usernames.size() != 1 ) return false;
+        CredentialSet passwords = credentialSet.getCredentials( "password" );
+        if ( passwords.size() != 1 ) return false;
+
+        return true;
+    }
+
+    public CredentialsMatcher matcher( CredentialSet credentials )
+    {
+        return new EqualCredentials( credentials );
+    }
+
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,47 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class UsernamePrincipal extends AbstractPrincipal
+{
+    public UsernamePrincipal( String name )
+    {
+        super( name );
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof UsernamePrincipal ) ) return false;
+        if ( !super.equals( o ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return super.hashCode();
+    }
+
+    public String toString()
+    {
+        return "UsernamePrincipal: " + super.toString() + "";
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/AbstractPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/AbstractPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,61 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public abstract class AbstractPermission implements Permission
+{
+    private final String m_resource;
+
+    protected AbstractPermission( String resource )
+    {
+        if ( resource == null )
+        {
+            throw new NullPointerException( "resource can't be null" );
+        }
+
+        if ( resource.length() == 0 )
+        {
+            throw new IllegalArgumentException( "resource can't be empty" );
+        }
+        m_resource = resource;
+    }
+
+    public String getResource()
+    {
+        return m_resource;
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof AbstractPermission ) ) return false;
+
+        final AbstractPermission abstractPermission = (AbstractPermission) o;
+
+        if ( !m_resource.equals( abstractPermission.m_resource ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return m_resource.hashCode();
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/AccessPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/AccessPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class AccessPermission extends BasicPermission
+{
+    public AccessPermission( String resource )
+    {
+        super( resource );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,47 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class BasicPermission extends AbstractPermission
+{
+    private static final String[] NO_ACTIONS = new String[0];
+
+    public BasicPermission( String resource )
+    {
+        super( resource );
+    }
+
+    public String[] actions()
+    {
+        return NO_ACTIONS;
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return equals( permission );
+    }
+
+    public boolean equals( Object o )
+    {
+        if (!(o instanceof BasicPermission)) return false;
+
+        return super.equals( o );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,59 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.RoleManager;
+
+import javax.security.auth.Subject;
+import java.util.Set;
+import java.util.Iterator;
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthorizer implements Authorizer
+{
+    private final PolicyContext m_policyContext;
+    private final RoleManager m_roleManager;
+
+    public DefaultAuthorizer( PolicyContext policyContext,
+                              RoleManager roleManager )
+    {
+        m_policyContext = policyContext;
+        m_roleManager = roleManager;
+    }
+
+    public boolean checkAuthorization( Subject subject, Permission permission )
+    {
+        if ( !m_policyContext.requiresPriviledges( permission ) ) return true;
+
+        Set principals = subject.getPrincipals();
+        for ( Iterator it = principals.iterator(); it.hasNext(); )
+        {
+            final Principal p = (Principal) it.next();
+            if ( m_roleManager.isPrincipalInRole( p,
+                    new PermissionGrant( m_policyContext, permission ) ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionGrant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionGrant.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.Grant;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class PermissionGrant implements Grant
+{
+    private final PolicyContext m_policyContext;
+    private final Permission m_permission;
+
+    public PermissionGrant( PolicyContext policyContext,
+                            Permission permission )
+    {
+        m_permission = permission;
+        m_policyContext = policyContext;
+    }
+
+    public boolean given( String roleName )
+    {
+        return m_policyContext.checkPermission( roleName, m_permission );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,66 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+
+public class DefaultPolicyContext implements PolicyContext
+{
+    private final PermissionCollection m_excludedPermissions;
+    private final Set m_roles;
+
+    public DefaultPolicyContext( Set roles, Collection excludedPermissions )
+    {
+        m_roles = new HashSet( roles );
+        m_excludedPermissions = new PermissionCollection( excludedPermissions );
+    }
+
+    public boolean checkPermission( String roleName, Permission permission )
+    {
+        if (m_excludedPermissions.dependsOn( permission )) return false;
+
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            final RoleEntry role = (RoleEntry) it.next();
+            if (role.is( roleName )) return role.implies( permission );
+        }
+
+        return true;
+    }
+
+    public boolean requiresPriviledges( Permission permission )
+    {
+        if (m_excludedPermissions.implies( permission )) return true;
+
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            final RoleEntry role = (RoleEntry) it.next();
+            if (role.implies( permission )) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,58 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class PermissionCollection
+{
+    private final Collection m_permissions;
+
+    public PermissionCollection( Collection permissions )
+    {
+        m_permissions = new HashSet( permissions );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        for ( Iterator it = m_permissions.iterator(); it.hasNext(); )
+        {
+            Permission p = (Permission) it.next();
+            if (p.implies( permission )) return true;
+        }
+
+        return false;
+    }
+
+    public boolean dependsOn( Permission permission )
+    {
+        for ( Iterator it = m_permissions.iterator(); it.hasNext(); )
+        {
+            Permission p = (Permission) it.next();
+            if (permission.implies( p )) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.Permission;
+
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleEntry
+{
+    private final String m_roleName;
+    private final PermissionCollection m_permissions;
+
+    public RoleEntry( String roleName, Set permissions )
+    {
+        m_roleName = roleName;
+        m_permissions = new PermissionCollection( permissions );
+    }
+
+    public boolean is( String roleName )
+    {
+        return m_roleName.equals( roleName );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return m_permissions.implies( permission );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,47 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRoleManager implements RoleManager
+{
+    private final Collection m_roles;
+
+    public DefaultRoleManager( Collection roles )
+    {
+        m_roles = new ArrayList( roles );
+    }
+
+    public boolean isPrincipalInRole( Principal p, Grant grant )
+    {
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            RoleMapping mapping = (RoleMapping) it.next();
+            if ( mapping.inRole( p ) && mapping.given( grant ) ) return true;
+        }
+
+        return false;
+    }
+
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import java.security.Principal;
+import java.util.Collection;
+import java.util.HashSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleMapping
+{
+    private final String m_roleName;
+    private final Collection m_principals;
+
+    public RoleMapping( String roleName, Collection principals )
+    {
+        m_roleName = roleName;
+        m_principals = new HashSet( principals );
+    }
+
+    public boolean inRole( Principal p )
+    {
+        return m_principals.contains( p );
+    }
+
+    public boolean given( Grant g )
+    {
+        return g.given( m_roleName );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,86 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+import com.mockobjects.dynamic.C;
+import com.mockobjects.dynamic.Mock;
+import junit.framework.TestCase;
+import org.apache.janus.authentication.realm.Realm;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthenticatorTest extends TestCase
+{
+    private DefaultAuthenticator m_authenticator;
+    private Mock m_mockRealm;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultAuthenticatorTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_mockRealm
+                = new Mock( Realm.class );
+        m_authenticator
+                = new DefaultAuthenticator( (Realm) m_mockRealm.proxy() );
+    }
+
+    private CredentialSet banana()
+    {
+        CredentialSet credentials = new CredentialSet();
+        credentials.add( new Credential( "fruit", "banana" ) );
+        return credentials;
+    }
+
+    public void testAuthentication()
+    {
+        m_mockRealm.matchAndReturn( "validateCredentials", C.eq( banana() ),
+                new FruitPrincipal( "banana" ) );
+
+        Subject subject = null;
+        try
+        {
+            subject = m_authenticator.authenticate( banana() );
+        }
+        catch ( AuthenticationException e )
+        {
+            fail( "Login failed" );
+        }
+        assertTrue( "Principal was not added to subject",
+                subject.getPrincipals().contains( new FruitPrincipal( "banana" ) ) );
+    }
+
+    public void testAuthenticationFailure()
+    {
+        m_mockRealm.matchAndReturn( "validateCredentials", C.ANY_ARGS, null );
+
+        try
+        {
+            m_authenticator.authenticate( new CredentialSet() );
+            fail( "Login has not failed" );
+        }
+        catch ( AuthenticationException expected )
+        {
+            assertTrue( true );
+        }
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication;
+
+import org.apache.janus.authentication.realm.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class FruitPrincipal extends AbstractPrincipal
+{
+    public FruitPrincipal( String name )
+    {
+        super( name );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/AlwaysMatch.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/AlwaysMatch.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class AlwaysMatch implements CredentialsMatcher
+{
+    public boolean matches( CredentialSet credentials )
+    {
+        return true;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/DefaultRealmTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/DefaultRealmTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,159 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import com.mockobjects.dynamic.C;
+import com.mockobjects.dynamic.Mock;
+import junit.framework.TestCase;
+import org.apache.janus.authentication.Credential;
+import org.apache.janus.authentication.CredentialSet;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRealmTest extends TestCase
+{
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultRealmTest.class );
+    }
+
+    private DefaultRealm realm;
+
+    public void testValidationFailsIfCredentialSetNotSupported()
+    {
+        Mock mockAuthenticationMethod = new Mock( AuthenticationMethod.class );
+        realm = new DefaultRealm( (AuthenticationMethod) mockAuthenticationMethod.proxy() );
+        mockAuthenticationMethod.matchAndReturn( "supports", joeCredentials(), false );
+        assertNull( "Empty credential set was validated", realm.validateCredentials( joeCredentials() ) );
+    }
+
+    public void testEmptyRealmNeverValidates()
+    {
+        Mock mockAuthenticationMethod = createMockAuthenticationMethod();
+        mockAuthenticationMethod.matchAndReturn( "matcher", C.ANY_ARGS, new AlwaysMatch() );
+        realm = new DefaultRealm( (AuthenticationMethod) mockAuthenticationMethod.proxy() );
+
+        assertNull( "Principal was returned but realm contains no entry",
+                realm.validateCredentials( johnCredentials() ) );
+
+    }
+
+    public void testValidationFailsIfCredentialsAreNotMatched()
+    {
+        Mock mockAuthenticationMethod = createMockAuthenticationMethod();
+        mockAuthenticationMethod.matchAndReturn( "matcher", C.ANY_ARGS, new NeverMatch() );
+
+        realm = new DefaultRealm( (AuthenticationMethod) mockAuthenticationMethod.proxy() );
+
+        assertNull( "Principal was returned but credentials are invalid",
+                realm.validateCredentials( johnCredentials() ) );
+
+    }
+
+    public void testValidationSucceedsIfOneEntryIsMatched()
+    {
+        Mock mockAuthenticationMethod = createMockAuthenticationMethod();
+        mockAuthenticationMethod.matchAndReturn( "matcher", C.ANY_ARGS, new EqualCredentials( janeCredentials() ) );
+        mockAuthenticationMethod.matchAndReturn( "getPrincipal", janeCredentials(), jane() );
+
+        realm = new DefaultRealm( (AuthenticationMethod) mockAuthenticationMethod.proxy() );
+
+        try
+        {
+            realm.addIdentity( janeCredentials() );
+            realm.addIdentity( johnCredentials() );
+        }
+        catch ( IllegalArgumentException unexpected )
+        {
+            fail( "Invalid credential set was reported when it was valid" );
+        }
+
+        assertEquals( "Principal identified does not match credentials",
+                jane(),
+                realm.validateCredentials( janeCredentials() ) );
+    }
+
+
+    public void testRejectsNewEntryIfCredentialSetIsNotSupported()
+    {
+        Mock mockAuthenticationMethod = new Mock( AuthenticationMethod.class );
+        realm = new DefaultRealm( (AuthenticationMethod) mockAuthenticationMethod.proxy() );
+
+        mockAuthenticationMethod.matchAndReturn( "supports", joeCredentials(), false );
+
+        try
+        {
+            realm.addIdentity( joeCredentials() );
+            fail( "Malformed credential set was accepted in realm" );
+        }
+        catch ( IllegalArgumentException expected )
+        {
+            assertTrue( true );
+        }
+    }
+
+    public void testIdentityIsNotAddedIfAlreadyInRealm()
+    {
+        Mock mockAuthenticationMethod = createMockAuthenticationMethod();
+        realm = new DefaultRealm( (AuthenticationMethod) mockAuthenticationMethod.proxy() );
+        mockAuthenticationMethod.matchAndReturn( "matcher", C.ANY_ARGS, new EqualCredentials( joeCredentials() ) );
+
+        realm.addIdentity( joeCredentials() );
+        assertFalse( "Identity reported as added twice", realm.addIdentity( joeCredentials() ) );
+    }
+
+    private CredentialSet johnCredentials()
+    {
+        Set creds = new HashSet();
+        creds.add( new Credential( "username", "john" ) );
+        creds.add( new Credential( "password", "doe" ) );
+        return new CredentialSet( creds );
+    }
+
+    private CredentialSet janeCredentials()
+    {
+        Set creds = new HashSet();
+        creds.add( new Credential( "username", "jane" ) );
+        creds.add( new Credential( "password", "doe" ) );
+        return new CredentialSet( creds );
+    }
+
+    private CredentialSet joeCredentials()
+    {
+        Set creds = new HashSet();
+        creds.add( new Credential( "username", "joe" ) );
+        creds.add( new Credential( "password", "blow" ) );
+        return new CredentialSet( creds );
+    }
+
+    private Principal jane()
+    {
+        return new UsernamePrincipal( "jane" );
+    }
+
+    public Mock createMockAuthenticationMethod()
+    {
+        Mock mockAuthenticationMethod = new Mock( AuthenticationMethod.class );
+        mockAuthenticationMethod.matchAndReturn( "supports", C.ANY_ARGS, true );
+        return mockAuthenticationMethod;
+    }
+}
\ No newline at end of file

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/NeverMatch.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/NeverMatch.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import org.apache.janus.authentication.CredentialSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class NeverMatch implements CredentialsMatcher
+{
+    public boolean matches( CredentialSet credentials )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/UsernamePasswordAuthenticationTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/realm/UsernamePasswordAuthenticationTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,87 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+import junit.framework.TestCase;
+import org.apache.janus.authentication.Credential;
+import org.apache.janus.authentication.CredentialSet;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class UsernamePasswordAuthenticationTest extends TestCase
+{
+    private UsernamePasswordAuthentication m_auth;
+
+    protected void setUp() throws Exception
+    {
+        m_auth = new UsernamePasswordAuthentication();
+    }
+
+    private CredentialSet validCredentials()
+    {
+        Set credentials = new HashSet();
+        credentials.add( new Credential( "username", "john" ) );
+        credentials.add( new Credential( "password", "doe" ) );
+        return new CredentialSet( credentials );
+    }
+
+    private CredentialSet extraCredentials()
+    {
+        Set credentials = new HashSet();
+        credentials.add( new Credential( "username", "john" ) );
+        credentials.add( new Credential( "password", "doe" ) );
+        credentials.add( new Credential( "password", "baz" ) );
+        credentials.add( new Credential( "foo", "bar" ) );
+        return new CredentialSet( credentials );
+    }
+
+    public void testCredentialsWithNoUsernameAreNotSupported()
+    {
+        assertFalse( "Reports it supports credentials with no username", m_auth.supports( new CredentialSet( Collections.singleton( new Credential( "password", "bar" ) ) ) ) );
+    }
+
+    public void testCredentialsWithNoPasswordAreNotSupported()
+    {
+        assertFalse( "Reports it supports credentials with no password", m_auth.supports( new CredentialSet( Collections.singleton( new Credential( "username", "foo" ) ) ) ) );
+    }
+
+    public void testSetsWithAllValidCredentialsPlusExtraOnesAreNotSupported()
+    {
+        assertFalse( "Reports it supports extra credentials", m_auth.supports( extraCredentials() ) );
+    }
+
+    public void testAUsernameAndAPaswordIsAValidCredentialSet()
+    {
+        assertTrue( "Reports it does not support credentials with a username and a password", m_auth.supports( validCredentials() ) );
+    }
+
+    public void testCredentialsMatchIfEqual()
+    {
+        assertTrue( "Equal sets of credentials do not match", m_auth.matcher( validCredentials() ).matches( validCredentials() ) );
+        assertFalse( "Different sets of credentials were matched", m_auth.matcher( extraCredentials() ).matches( validCredentials() ) );
+    }
+
+    public void testPrincipalsCreatedAreUsernamePrincipals()
+    {
+        assertEquals( "Created wrong principal", new UsernamePrincipal( "john" ), m_auth.getPrincipal( validCredentials() ) );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/CheckedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/CheckedPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class CheckedPermission extends BasicPermission
+{
+    public CheckedPermission()
+    {
+        super( "protected" );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,119 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import com.mockobjects.dynamic.C;
+import com.mockobjects.dynamic.Mock;
+import junit.framework.TestCase;
+import org.apache.janus.authorization.policy.PolicyContext;
+import org.apache.janus.authorization.role.RoleManager;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultAuthorizerTest extends TestCase
+{
+    private DefaultAuthorizer m_authorizer;
+    private Mock m_mockPolicyContext;
+    private Mock m_mockRoleManager;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultAuthorizerTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_mockPolicyContext = new Mock( PolicyContext.class );
+        m_mockRoleManager = new Mock( RoleManager.class );
+        m_authorizer = new DefaultAuthorizer( (PolicyContext) m_mockPolicyContext.proxy(),
+                (RoleManager) m_mockRoleManager.proxy() );
+
+    }
+
+    public void testUncheckedPermissionsAreGrantedToAnyone()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new UncheckedPermission(), false );
+        assertTrue( "Unchecked permission was not granted",
+                m_authorizer.checkAuthorization( user( "johnDoe" ),
+                        new UncheckedPermission() ) );
+    }
+
+    public void testSubjectWithoutPrincipalIsNotAuthorized()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new CheckedPermission(), true );
+
+        assertFalse( "Authorization given to subject with no role",
+                m_authorizer.checkAuthorization( new Subject(),
+                        new CheckedPermission() ) );
+    }
+
+    public void testSubjectWithASinglePrincipalIsAuthorizedIfPrincipalIsInRole()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new CheckedPermission(), true );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new UsernamePrincipal( "johnDoe" ) ), C.isA( PermissionGrant.class ) ),
+                true );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new UsernamePrincipal( "janeDoe" ) ), C.isA( PermissionGrant.class ) ),
+                false );
+
+        assertTrue( "Principal in role did not get authorization",
+                m_authorizer.checkAuthorization( user( "johnDoe" ),
+                        new CheckedPermission() ) );
+        assertFalse( "Principal not in role did get authorization",
+                m_authorizer.checkAuthorization( user( "janeDoe" ),
+                        new CheckedPermission() ) );
+    }
+
+    public void testSubjectWithSeveralPrincipalsIsAuthorizedIfOnePrincipalIsInRole()
+    {
+        m_mockPolicyContext.matchAndReturn( "requiresPriviledges",
+                new CheckedPermission(), true );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new SSNPrincipal( "123-456-789" ) ), C.isA( PermissionGrant.class ) ),
+                false );
+        m_mockRoleManager.matchAndReturn( "isPrincipalInRole",
+                C.args( C.eq( new UsernamePrincipal( "janeDoe" ) ), C.isA( PermissionGrant.class ) ),
+                true );
+
+        assertTrue( "Subject with principal in role did not get authorization",
+                m_authorizer.checkAuthorization( member( "janeDoe", "123-456-789" ),
+                        new CheckedPermission() ) );
+    }
+
+    private Subject user( String username )
+    {
+        Subject subject = new Subject();
+        subject.getPrincipals().add( new UsernamePrincipal( username ) );
+        return subject;
+    }
+
+    private Subject member( String username, String ssn )
+    {
+        Subject subject = new Subject();
+        subject.getPrincipals().add( new UsernamePrincipal( username ) );
+        subject.getPrincipals().add( new SSNPrincipal( ssn ) );
+        return subject;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ExcludedPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class ExcludedPermission extends BasicPermission
+{
+    public ExcludedPermission()
+    {
+        super( "private" );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SSNPrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SSNPrincipal.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,49 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authentication.realm.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class SSNPrincipal extends AbstractPrincipal
+{
+    public SSNPrincipal( String name )
+    {
+        super( name );
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof SSNPrincipal ) ) return false;
+        if ( !super.equals( o ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return super.hashCode();
+    }
+
+    public String toString()
+    {
+        return "SSNPrincipal: " + super.toString() + "";
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/UncheckedPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class UncheckedPermission extends BasicPermission
+{
+    public UncheckedPermission()
+    {
+        super( "public" );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,139 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.CheckedPermission;
+import org.apache.janus.authorization.ExcludedPermission;
+import org.apache.janus.authorization.UncheckedPermission;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultPolicyContextTest extends TestCase
+{
+    private DefaultPolicyContext m_policyContext;
+    private Set m_excludedPermissions;
+    private Set m_roles;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultPolicyContextTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_excludedPermissions = new HashSet();
+        m_roles = new HashSet();
+    }
+
+    public void testUncheckedPermissionRequiresNoPriviledge()
+    {
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Permission is unchecked but requires priviledges", m_policyContext.requiresPriviledges( new UncheckedPermission() ) );
+    }
+
+    public void testExcludedPermissionRequiresPriviledges()
+    {
+        m_excludedPermissions.add( new ExcludedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is excluded but requires no priviledge", m_policyContext.requiresPriviledges( new ExcludedPermission() ) );
+    }
+
+    public void testCheckedPermissionRequiresPriviledges()
+    {
+        Set permissions = new HashSet();
+        permissions.add( new CheckedPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is checked but requires no priviledge", m_policyContext.requiresPriviledges( new CheckedPermission() ) );
+    }
+
+    public void testUncheckedPermissionIsGranted()
+    {
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is unchecked yet was denied", m_policyContext.checkPermission( "guest", new UncheckedPermission() ) );
+    }
+
+    public void testExcludedPermissionIsDenied()
+    {
+        m_excludedPermissions.add( new ExcludedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Permission is excluded yet was granted", m_policyContext.checkPermission( "admin", new ExcludedPermission() ) );
+    }
+
+    public void testRoleWithNoPermissionGrantsNothing()
+    {
+        RoleEntry role = new RoleEntry( "member", new HashSet() );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Role has no permission yet it granted one", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+    }
+
+    public void testPermissionGrantedIfInRole()
+    {
+        Set permissions = new HashSet();
+        permissions.add( new CheckedPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Role has permission yet it denied it", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+    }
+
+    public void testExcludedStatementHasPrecedenceOverRoleStatement()
+    {
+        m_excludedPermissions.add( new CheckedPermission() );
+        Set permissions = new HashSet();
+        permissions.add( new CheckedPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Excluded statement did not overrule role statement", m_policyContext.checkPermission( "member", new CheckedPermission() ) );
+
+    }
+
+    public void testImpliedPermissionIsGranted()
+    {
+        Set permissions = new HashSet();
+        permissions.add( new FullPermission() );
+        RoleEntry role = new RoleEntry( "member", permissions );
+        m_roles.add( role );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertTrue( "Permission is implied by role permission yet it was denied", m_policyContext.checkPermission( "member", new ReadPermission() ) );
+    }
+
+    public void testImpliyingPermissionIsDenied()
+    {
+        m_excludedPermissions.add( new ReadPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+
+        assertFalse( "Permission implies excluded permission yet it was granted", m_policyContext.checkPermission( "member", new FullPermission() ) );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class FullPermission extends BasicPermission
+{
+    public FullPermission()
+    {
+        super( "resource" );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return true;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.policy;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class ReadPermission extends BasicPermission
+{
+    public ReadPermission()
+    {
+        super( "resource" );
+    }
+
+    public boolean implies( Permission permission )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,63 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+import junit.framework.TestCase;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class DefaultRoleManagerTest extends TestCase
+{
+    private DefaultRoleManager m_roleManager;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultRoleManagerTest.class );
+    }
+
+    public void testPrincipalWithNoRoleIsNeverInRole()
+    {
+        m_roleManager = new DefaultRoleManager( Collections.EMPTY_SET );
+        assertFalse( "Principal with no role was in role", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Right() ) );
+    }
+
+    public void testSingleRole()
+    {
+        RoleMapping role = new RoleMapping( "member", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) );
+        m_roleManager = new DefaultRoleManager( Collections.singletonList( role ) );
+
+        assertTrue( "Principal did not get right", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Right() ) );
+        assertFalse( "Principal did not get interdiction", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new Interdiction() ) );
+    }
+
+    public void testMultipleRole()
+    {
+        Collection roles = new ArrayList();
+        roles.add( new RoleMapping( "guest", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) ) );
+        roles.add( new RoleMapping( "member", Collections.singleton( new UsernamePrincipal( "johnDoe" ) ) ) );
+        m_roleManager = new DefaultRoleManager( roles );
+
+        assertTrue( "Role was not matched", m_roleManager.isPrincipalInRole( new UsernamePrincipal( "johnDoe" ), new RoleGrant( "member" ) ) );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/Interdiction.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/Interdiction.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Interdiction implements Grant
+{
+    public boolean given( String roleName )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/Right.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/Right.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Right implements Grant
+{
+    public boolean given( String roleName )
+    {
+        return true;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/RoleGrant.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,35 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.role;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class RoleGrant implements Grant
+{
+    private final String m_roleName;
+
+    public RoleGrant( String roleName )
+    {
+        m_roleName = roleName;
+    }
+
+    public boolean given( String roleName )
+    {
+        return m_roleName.equals( roleName );
+    }
+}

Added: incubator/directory/janus/trunk/script/project.xml
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/project.xml	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+    <extend>${basedir}/../project.xml</extend>
+
+    <name>Janus scripted front-end</name>
+    <id>janus-script</id>
+    <package>org.apache.janus.script</package>
+
+    <shortDescription>Scripted front-end to Janus</shortDescription>
+
+    <description>
+    Scripted front-end to Janus
+    </description>
+
+    <dependencies>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-api</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>janus-impl</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+
+        <!-- XML -->
+        <dependency>
+            <groupId>dom4j</groupId>
+            <artifactId>dom4j</artifactId>
+            <version>1.4</version>
+        </dependency>
+        <dependency>
+            <groupId>xerces</groupId>
+            <artifactId>xercesImpl</artifactId>
+            <version>2.6.0</version>
+        </dependency>
+        <dependency>
+            <groupId>xml-apis</groupId>
+            <artifactId>xml-apis</artifactId>
+            <version>1.0.b2</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RealmBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RealmBuilder.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.realm.MutableRealm;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface RealmBuilder
+{
+    void buildRealm( MutableRealm realm ) throws Exception;
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RealmBuilderMonitor.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RealmBuilderMonitor.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.CredentialSet;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public interface RealmBuilderMonitor
+{
+    void duplicateIdentity( CredentialSet identity );
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRealmBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRealmBuilder.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,73 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.Credential;
+import org.apache.janus.authentication.CredentialSet;
+import org.apache.janus.authentication.realm.MutableRealm;
+import org.apache.janus.script.RealmBuilder;
+import org.apache.janus.script.RealmBuilderMonitor;
+import org.dom4j.Document;
+import org.dom4j.Element;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * Builds a realm with username password identities.
+ * <p/>
+ * <strong>Warning:</strong> Document is assumed to be valid.
+ *
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Dom4JRealmBuilder implements RealmBuilder
+{
+    private final Document m_doc;
+    private final RealmBuilderMonitor m_monitor;
+
+    public Dom4JRealmBuilder( Document doc, RealmBuilderMonitor monitor )
+    {
+        m_doc = doc;
+        m_monitor = monitor;
+    }
+
+    public void buildRealm( MutableRealm realm ) throws IOException
+    {
+        Element root = m_doc.getRootElement();
+        Element users = root.element( "users" );
+        addUsers( realm, users );
+    }
+
+    private void addUsers( MutableRealm realm, Element users )
+    {
+        List userList = users.elements( "user" );
+
+        for ( Iterator it = userList.iterator(); it.hasNext(); )
+        {
+            final Element user = (Element) it.next();
+            CredentialSet creds = new CredentialSet();
+            String username = user.attributeValue( "username" );
+            creds.add( new Credential( "username", username ) );
+            String password = user.attributeValue( "password" );
+            creds.add( new Credential( "password", password ) );
+
+            boolean added = realm.addIdentity( creds );
+            if ( !added ) m_monitor.duplicateIdentity( creds );
+        }
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NullRealmBuilderMonitor.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NullRealmBuilderMonitor.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.CredentialSet;
+import org.apache.janus.script.RealmBuilderMonitor;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class NullRealmBuilderMonitor implements RealmBuilderMonitor
+{
+    public void duplicateIdentity( CredentialSet identity )
+    {
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/XMLRealm.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/XMLRealm.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,57 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.CredentialSet;
+import org.apache.janus.authentication.realm.DefaultRealm;
+import org.apache.janus.authentication.realm.MutableRealm;
+import org.apache.janus.authentication.realm.Realm;
+import org.apache.janus.authentication.realm.UsernamePasswordAuthentication;
+import org.apache.janus.script.RealmBuilder;
+import org.apache.janus.script.RealmBuilderMonitor;
+import org.dom4j.Document;
+import org.dom4j.io.SAXReader;
+
+import java.io.Reader;
+import java.security.Principal;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class XMLRealm implements Realm
+{
+    private final MutableRealm m_delegate;
+
+    public XMLRealm( Reader reader ) throws Exception
+    {
+        this( reader, new NullRealmBuilderMonitor() );
+    }
+
+    public XMLRealm( Reader reader, RealmBuilderMonitor monitor ) throws Exception
+    {
+        SAXReader xmlReader = new SAXReader();
+        Document root = xmlReader.read( reader );
+        RealmBuilder builder = new Dom4JRealmBuilder( root, monitor );
+        m_delegate = new DefaultRealm( new UsernamePasswordAuthentication() );
+        builder.buildRealm( m_delegate );
+    }
+
+    public Principal validateCredentials( CredentialSet credentials )
+    {
+        return m_delegate.validateCredentials( credentials );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRealmBuilderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRealmBuilderTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,115 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import com.mockobjects.dynamic.Mock;
+import junit.framework.TestCase;
+import org.apache.janus.authentication.Credential;
+import org.apache.janus.authentication.CredentialSet;
+import org.apache.janus.authentication.realm.DefaultRealm;
+import org.apache.janus.authentication.realm.MutableRealm;
+import org.apache.janus.authentication.realm.UsernamePasswordAuthentication;
+import org.apache.janus.script.RealmBuilderMonitor;
+import org.dom4j.Document;
+import org.dom4j.Element;
+import org.dom4j.tree.DefaultDocument;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class Dom4JRealmBuilderTest extends TestCase
+{
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( Dom4JRealmBuilderTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+    }
+
+    public void testSimpleBuild() throws Exception
+    {
+        Dom4JRealmBuilder builder = new Dom4JRealmBuilder( simpleRealm(), new NullRealmBuilderMonitor() );
+
+        Mock mockRealm = new Mock( MutableRealm.class );
+        mockRealm.expectAndReturn( "addIdentity", johnCredentials(), true );
+        mockRealm.expectAndReturn( "addIdentity", janeCredentials(), true );
+
+        builder.buildRealm( (MutableRealm) mockRealm.proxy() );
+
+        mockRealm.verify();
+    }
+
+    private Document simpleRealm()
+    {
+        Document doc = new DefaultDocument();
+        Element root = doc.addElement( "realm" );
+        Element users = root.addElement( "users" );
+        Element john = users.addElement( "user" );
+        john.addAttribute( "username", "john" );
+        john.addAttribute( "password", "doe" );
+        Element jane = users.addElement( "user" );
+        jane.addAttribute( "username", "jane" );
+        jane.addAttribute( "password", "doe" );
+
+        return doc;
+    }
+
+    private CredentialSet johnCredentials()
+    {
+        CredentialSet johnCredentials = new CredentialSet();
+        johnCredentials.add( new Credential( "username", "john" ) );
+        johnCredentials.add( new Credential( "password", "doe" ) );
+        return johnCredentials;
+    }
+
+    private CredentialSet janeCredentials()
+    {
+        CredentialSet johnCredentials = new CredentialSet();
+        johnCredentials.add( new Credential( "username", "jane" ) );
+        johnCredentials.add( new Credential( "password", "doe" ) );
+        return johnCredentials;
+    }
+
+    public void testNotifiesOfDuplicateIdentities() throws Exception
+    {
+        Mock mockMonitor = new Mock( RealmBuilderMonitor.class );
+        Dom4JRealmBuilder builder = new Dom4JRealmBuilder( realmWithDuplicateIdentity(),
+                (RealmBuilderMonitor) mockMonitor.proxy() );
+
+        mockMonitor.expect( "duplicateIdentity", johnCredentials() );
+        builder.buildRealm( new DefaultRealm( new UsernamePasswordAuthentication() ) );
+
+        mockMonitor.verify();
+    }
+
+    private Document realmWithDuplicateIdentity()
+    {
+        Document doc = new DefaultDocument();
+        Element root = doc.addElement( "realm" );
+        Element users = root.addElement( "users" );
+        Element john = users.addElement( "user" );
+        john.addAttribute( "username", "john" );
+        john.addAttribute( "password", "doe" );
+        Element jane = users.addElement( "user" );
+        jane.addAttribute( "username", "john" );
+        jane.addAttribute( "password", "doe" );
+
+        return doc;
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/XMLRealmTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/XMLRealmTest.java	Fri Feb 27 14:22:59 2004
@@ -0,0 +1,98 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import junit.framework.TestCase;
+import org.apache.janus.authentication.Credential;
+import org.apache.janus.authentication.CredentialSet;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+import java.io.StringReader;
+
+/**
+ * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
+ */
+public class XMLRealmTest extends TestCase
+{
+    private XMLRealm m_realm;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( XMLRealmTest.class );
+    }
+
+    public void testBuildsRealmFromXMLDocument() throws Exception
+    {
+        m_realm = new XMLRealm( new StringReader( simpleRealm() ) );
+
+        assertEquals( "Could not validateCredentials identity; must be missing in realm", new UsernamePrincipal(
+                "john" ),
+                m_realm.validateCredentials( johnCredentials() ) );
+        assertEquals( "Could not validateCredentials identity; must be missing in realm", new UsernamePrincipal(
+                "jane" ),
+                m_realm.validateCredentials( janeCredentials() ) );
+    }
+
+    private String simpleRealm()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                         + "<realm>\n"
+                         + "    <users>\n"
+                         + "        <user username=\"john\" password=\"doe\"/>\n"
+                         + "        <user username=\"jane\" password=\"doe\"/>\n"
+                         + "    </users>\n"
+                         + "</realm>";
+        return content;
+    }
+
+    private CredentialSet johnCredentials()
+    {
+        CredentialSet johnCredentials = new CredentialSet();
+        johnCredentials.add( new Credential( "username", "john" ) );
+        johnCredentials.add( new Credential( "password", "doe" ) );
+        return johnCredentials;
+    }
+
+    private CredentialSet janeCredentials()
+    {
+        CredentialSet janeCredentials = new CredentialSet();
+        janeCredentials.add( new Credential( "username", "jane" ) );
+        janeCredentials.add( new Credential( "password", "doe" ) );
+        return janeCredentials;
+    }
+
+    public void testIgnoresDuplicateIdentities() throws Exception
+    {
+        m_realm = new XMLRealm( new StringReader( realmWithDuplicateIdentities() ) );
+
+        assertEquals( "Could not validateCredentials identity; must be missing in realm", new UsernamePrincipal(
+                "john" ),
+                m_realm.validateCredentials( johnCredentials() ) );
+    }
+
+    private String realmWithDuplicateIdentities()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                         + "<realm>\n"
+                         + "    <users>\n"
+                         + "        <user username=\"john\" password=\"doe\"/>\n"
+                         + "        <user username=\"john\" password=\"doe\"/>\n"
+                         + "    </users>\n"
+                         + "</realm>";
+        return content;
+    }
+}

Mime
View raw message