directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: rev 9579 - in incubator/directory/janus/trunk: core/impl/src/java/org/apache/janus/authorization core/impl/src/java/org/apache/janus/authorization/policy core/impl/src/test/org/apache/janus/authorization/policy sandbox/src/java/org/apache/janus/script/xml sandbox/src/test/org/apache/janus/script/xml
Date Thu, 18 Mar 2004 04:02:58 GMT
Author: vtence
Date: Wed Mar 17 20:02:56 2004
New Revision: 9579

Modified:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java
Log:
o Fixed unchecked policy behaviour

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/BasicPermission.java
Wed Mar 17 20:02:56 2004
@@ -21,7 +21,7 @@
  */
 public class BasicPermission extends AbstractPermission
 {
-    private static final String[] NO_ACTIONS = new String[0];
+    protected static final String[] NO_ACTIONS = new String[0];
 
     public BasicPermission( String resource )
     {

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
Wed Mar 17 20:02:56 2004
@@ -30,17 +30,22 @@
 public class DefaultPolicyContext implements PolicyContext
 {
     private final PermissionCollection m_excludedPermissions;
+    private final PermissionCollection m_uncheckedPermissions;
     private final Set m_roles;
 
-    public DefaultPolicyContext( Set roles, Collection excludedPermissions )
+    protected DefaultPolicyContext( Set roles,
+                                    Collection excludedPermissions,
+                                    Collection uncheckedPermissions )
     {
         m_roles = new HashSet( roles );
         m_excludedPermissions = new PermissionCollection( excludedPermissions );
+        m_uncheckedPermissions = new PermissionCollection( uncheckedPermissions );
     }
 
     public boolean checkPermission( String roleName, Permission permission )
     {
         if (m_excludedPermissions.dependsOn( permission )) return false;
+        if (m_uncheckedPermissions.implies( permission )) return true;
 
         for ( Iterator it = m_roles.iterator(); it.hasNext(); )
         {
@@ -48,19 +53,14 @@
             if (role.is( roleName )) return role.implies( permission );
         }
 
-        return true;
+        return false;
     }
 
     public boolean requiresPriviledges( Permission permission )
     {
-        if (m_excludedPermissions.implies( permission )) return true;
+        if (m_excludedPermissions.dependsOn( permission )) return true;
+        if (m_uncheckedPermissions.implies( permission )) return false;
 
-        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
-        {
-            final RoleEntry role = (RoleEntry) it.next();
-            if (role.implies( permission )) return true;
-        }
-
-        return false;
+        return true;
     }
 }

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
Wed Mar 17 20:02:56 2004
@@ -25,12 +25,16 @@
 import java.util.Set;
 
 /**
+ * test: addition of excluded statement
+ * test: addition of role statement
+ *
  * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
  */
 public class DefaultPolicyContextTest extends TestCase
 {
     private DefaultPolicyContext m_policyContext;
     private Set m_excludedPermissions;
+    private Set m_uncheckedPermissions;
     private Set m_roles;
 
     public static void main( String[] args )
@@ -41,12 +45,14 @@
     protected void setUp() throws Exception
     {
         m_excludedPermissions = new HashSet();
+        m_uncheckedPermissions = new HashSet();
         m_roles = new HashSet();
     }
 
     public void testUncheckedPermissionRequiresNoPriviledge()
     {
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_uncheckedPermissions.add( new UncheckedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertFalse( "Permission is unchecked but requires priviledges", m_policyContext.requiresPriviledges(
new UncheckedPermission() ) );
     }
@@ -54,7 +60,7 @@
     public void testExcludedPermissionRequiresPriviledges()
     {
         m_excludedPermissions.add( new ExcludedPermission() );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertTrue( "Permission is excluded but requires no priviledge", m_policyContext.requiresPriviledges(
new ExcludedPermission() ) );
     }
@@ -65,14 +71,15 @@
         permissions.add( new CheckedPermission() );
         RoleEntry role = new RoleEntry( "member", permissions );
         m_roles.add( role );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertTrue( "Permission is checked but requires no priviledge", m_policyContext.requiresPriviledges(
new CheckedPermission() ) );
     }
 
     public void testUncheckedPermissionIsGranted()
     {
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_uncheckedPermissions.add( new UncheckedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertTrue( "Permission is unchecked yet was denied", m_policyContext.checkPermission(
"guest", new UncheckedPermission() ) );
     }
@@ -80,16 +87,14 @@
     public void testExcludedPermissionIsDenied()
     {
         m_excludedPermissions.add( new ExcludedPermission() );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertFalse( "Permission is excluded yet was granted", m_policyContext.checkPermission(
"admin", new ExcludedPermission() ) );
     }
 
     public void testRoleWithNoPermissionGrantsNothing()
     {
-        RoleEntry role = new RoleEntry( "member", new HashSet() );
-        m_roles.add( role );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertFalse( "Role has no permission yet it granted one", m_policyContext.checkPermission(
"member", new CheckedPermission() ) );
     }
@@ -100,7 +105,7 @@
         permissions.add( new CheckedPermission() );
         RoleEntry role = new RoleEntry( "member", permissions );
         m_roles.add( role );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertTrue( "Role has permission yet it denied it", m_policyContext.checkPermission(
"member", new CheckedPermission() ) );
     }
@@ -112,28 +117,69 @@
         permissions.add( new CheckedPermission() );
         RoleEntry role = new RoleEntry( "member", permissions );
         m_roles.add( role );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertFalse( "Excluded statement did not overrule role statement", m_policyContext.checkPermission(
"member", new CheckedPermission() ) );
+    }
 
+    public void testExcludedStatementHasPrecedenceOverUncheckedStatement()
+    {
+        m_excludedPermissions.add( new UncheckedPermission() );
+        m_uncheckedPermissions.add( new UncheckedPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
+
+        assertFalse( "Permission should not be granted", m_policyContext.checkPermission(
"member", new UncheckedPermission() ) );
+        assertTrue( "Permission should require priviledge", m_policyContext.requiresPriviledges(
new UncheckedPermission() ) );
     }
 
-    public void testImpliedPermissionIsGranted()
+    public void testPermissionImpliedByCheckedPermissionIsGranted()
     {
         Set permissions = new HashSet();
         permissions.add( new FullPermission() );
         RoleEntry role = new RoleEntry( "member", permissions );
         m_roles.add( role );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertTrue( "Permission is implied by role permission yet it was denied", m_policyContext.checkPermission(
"member", new ReadPermission() ) );
     }
 
-    public void testImpliyingPermissionIsDenied()
+    public void testPermissionImpliedByUncheckedPermissionIsGranted()
+    {
+        m_uncheckedPermissions.add( new FullPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
+
+        assertTrue( "Permission is implied by unchecked permission yet it was denied", m_policyContext.checkPermission(
"member", new ReadPermission() ) );
+    }
+
+    public void testPermissionImpliyingExcludedPermissionIsDenied()
     {
         m_excludedPermissions.add( new ReadPermission() );
-        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
 
         assertFalse( "Permission implies excluded permission yet it was granted", m_policyContext.checkPermission(
"member", new FullPermission() ) );
     }
+
+    public void testPermissionImpliyingExcludedPermissionRequiresPriviledges()
+    {
+        m_excludedPermissions.add( new ReadPermission() );
+        m_uncheckedPermissions.add( new FullPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
+
+        assertTrue( m_policyContext.requiresPriviledges( new FullPermission() ) );
+    }
+
+    public void testPermissionImpliedByUncheckedPermissionDoesNotRequireAnyPriviledge()
+    {
+        m_uncheckedPermissions.add( new FullPermission() );
+        m_policyContext = new DefaultPolicyContext( m_roles, m_excludedPermissions, m_uncheckedPermissions
);
+
+        assertFalse( m_policyContext.requiresPriviledges( new ReadPermission() ) );
+    }
+
+//    public void testAdditionOfExcludedPolicyStatement()
+//    {
+//        m_policyContext = new DefaultPolicyContext();
+//        assertTrue( "Permission reported as not added", m_policyContext.addToExcludedPolicy(
new ExcludedPermission() ) );
+//        assertFalse( "Permission was granted; should have been excluded", m_policyContext.checkPermission(
"guest", new ExcludedPermission() ));
+//    }
 }

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java
(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java
Wed Mar 17 20:02:56 2004
@@ -16,18 +16,18 @@
  */
 package org.apache.janus.script.xml;
 
+import java.io.IOException;
+import java.io.Reader;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.List;
+
 import org.apache.janus.authentication.realm.UsernamePrincipal;
 import org.apache.janus.authorization.role.MutableRoleManager;
 import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
 import org.dom4j.io.SAXReader;
-
-import java.io.IOException;
-import java.io.Reader;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.List;
 
 /**
  * <strong>Warning:</strong> Document is assumed to be valid.

Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java
(original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java
Wed Mar 17 20:02:56 2004
@@ -23,6 +23,8 @@
 
 import java.io.StringReader;
 
+import junit.framework.TestCase;
+
 /**
  * test: duplicate role
  * test: duplicate principal in role
@@ -32,7 +34,7 @@
  *
  * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
  */
-public class Dom4JRoleManagerBuilderTest extends junit.framework.TestCase
+public class Dom4JRoleManagerBuilderTest extends TestCase
 {
     private Mock m_mockRoleManager;
 

Mime
View raw message