directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: rev 9584 - in incubator/directory/janus/trunk/core/impl/src: java/org/apache/janus/authorization/policy test/org/apache/janus/authorization/policy
Date Thu, 18 Mar 2004 05:12:27 GMT
Author: vtence
Date: Wed Mar 17 21:12:26 2004
New Revision: 9584

Modified:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
Log:
o DIR-7: making default policy mutable

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/DefaultPolicyContext.java
Wed Mar 17 21:12:26 2004
@@ -24,15 +24,23 @@
 import java.util.Set;
 
 /**
+ * todo: use a map indexed on role names instead of a set
+ *
  * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
  */
-
 public class DefaultPolicyContext implements PolicyContext
 {
     private final PermissionCollection m_excludedPermissions;
     private final PermissionCollection m_uncheckedPermissions;
     private final Set m_roles;
 
+    public DefaultPolicyContext()
+    {
+        m_roles = new HashSet();
+        m_excludedPermissions = new PermissionCollection();
+        m_uncheckedPermissions = new PermissionCollection();
+    }
+
     protected DefaultPolicyContext( Set roles,
                                     Collection excludedPermissions,
                                     Collection uncheckedPermissions )
@@ -50,7 +58,7 @@
         for ( Iterator it = m_roles.iterator(); it.hasNext(); )
         {
             final RoleEntry role = (RoleEntry) it.next();
-            if (role.is( roleName )) return role.implies( permission );
+            if (role.is( roleName ) && role.implies( permission )) return true;
         }
 
         return false;
@@ -63,4 +71,35 @@
 
         return true;
     }
+
+    public boolean addToExcludedPolicy( Permission permission )
+    {
+        return m_excludedPermissions.add( permission );
+    }
+
+    public boolean addToUncheckedPolicy( Permission permission )
+    {
+        return m_uncheckedPermissions.add( permission );
+    }
+
+    public boolean addToRole( String roleName, Permission p )
+    {
+        for ( Iterator it = m_roles.iterator(); it.hasNext(); )
+        {
+            final RoleEntry roleEntry = (RoleEntry) it.next();
+            if (roleEntry.is( roleName )) return roleEntry.add( p );
+        }
+
+        RoleEntry roleEntry = addRole( roleName );
+        roleEntry.add( p );
+        return true;
+    }
+
+    private RoleEntry addRole( String roleName )
+    {
+        RoleEntry roleEntry = new RoleEntry( roleName );
+        m_roles.add( roleEntry );
+        return roleEntry;
+    }
+
 }

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
Wed Mar 17 21:12:26 2004
@@ -29,9 +29,24 @@
 {
     private final Collection m_permissions;
 
+    public PermissionCollection()
+    {
+        m_permissions = new HashSet();
+    }
+
+    public PermissionCollection( PermissionCollection permissions )
+    {
+        m_permissions = new HashSet( permissions.m_permissions );
+    }
+
     public PermissionCollection( Collection permissions )
     {
         m_permissions = new HashSet( permissions );
+    }
+
+    public boolean add( Permission permission )
+    {
+        return m_permissions.add( permission );
     }
 
     public boolean implies( Permission permission )

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/RoleEntry.java
Wed Mar 17 21:12:26 2004
@@ -28,10 +28,27 @@
     private final String m_roleName;
     private final PermissionCollection m_permissions;
 
+    public RoleEntry( String roleName )
+    {
+        m_roleName = roleName;
+        m_permissions = new PermissionCollection();
+    }
+
     public RoleEntry( String roleName, Set permissions )
     {
         m_roleName = roleName;
         m_permissions = new PermissionCollection( permissions );
+    }
+
+    public RoleEntry( String roleName, PermissionCollection permissions )
+    {
+        m_roleName = roleName;
+        m_permissions = new PermissionCollection( permissions );
+    }
+
+    public boolean add( Permission permission )
+    {
+        return m_permissions.add( permission );
     }
 
     public boolean is( String roleName )

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/DefaultPolicyContextTest.java
Wed Mar 17 21:12:26 2004
@@ -20,14 +20,12 @@
 import org.apache.janus.authorization.CheckedPermission;
 import org.apache.janus.authorization.ExcludedPermission;
 import org.apache.janus.authorization.UncheckedPermission;
+import org.apache.janus.authorization.AccessPermission;
 
 import java.util.HashSet;
 import java.util.Set;
 
-/**
- * test: addition of excluded statement
- * test: addition of role statement
- *
+/*
  * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
  */
 public class DefaultPolicyContextTest extends TestCase
@@ -176,10 +174,26 @@
         assertFalse( m_policyContext.requiresPriviledges( new ReadPermission() ) );
     }
 
-//    public void testAdditionOfExcludedPolicyStatement()
-//    {
-//        m_policyContext = new DefaultPolicyContext();
-//        assertTrue( "Permission reported as not added", m_policyContext.addToExcludedPolicy(
new ExcludedPermission() ) );
-//        assertFalse( "Permission was granted; should have been excluded", m_policyContext.checkPermission(
"guest", new ExcludedPermission() ));
-//    }
+    public void testAdditionOfExcludedPolicyStatement()
+    {
+        m_policyContext = new DefaultPolicyContext();
+        m_policyContext.addToExcludedPolicy( new ExcludedPermission() );
+        assertFalse( "Permission was granted; should have been excluded", m_policyContext.checkPermission(
"guest", new ExcludedPermission() ));
+    }
+
+    public void testAdditionOfUncheckedPolicyStatement()
+    {
+        m_policyContext = new DefaultPolicyContext();
+        m_policyContext.addToUncheckedPolicy( new UncheckedPermission() );
+        assertFalse( "Permission should no longer require priviledge", m_policyContext.requiresPriviledges(
new UncheckedPermission() ));
+    }
+
+    public void testAdditionOfPolicyStatement()
+    {
+        m_policyContext = new DefaultPolicyContext();
+        m_policyContext.addToRole( "member", new AccessPermission( "/sbin" ) );
+        m_policyContext.addToRole( "member", new AccessPermission( "/root" ) );
+        assertTrue( m_policyContext.checkPermission( "member", new AccessPermission( "/root"
) ));
+        assertTrue( m_policyContext.checkPermission( "member", new AccessPermission( "/sbin"
) ));
+    }
 }

Mime
View raw message