Return-Path: Delivered-To: apmail-incubator-directory-cvs-archive@www.apache.org Received: (qmail 70885 invoked from network); 10 Mar 2004 05:27:34 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 10 Mar 2004 05:27:33 -0000 Received: (qmail 50083 invoked by uid 500); 10 Mar 2004 05:27:12 -0000 Delivered-To: apmail-incubator-directory-cvs-archive@incubator.apache.org Received: (qmail 49953 invoked by uid 500); 10 Mar 2004 05:27:11 -0000 Mailing-List: contact directory-cvs-help@incubator.apache.org; run by ezmlm Precedence: bulk Reply-To: directory-dev@incubator.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list directory-cvs@incubator.apache.org Received: (qmail 49693 invoked from network); 10 Mar 2004 05:27:09 -0000 Received: from unknown (HELO minotaur.apache.org) (209.237.227.194) by daedalus.apache.org with SMTP; 10 Mar 2004 05:27:09 -0000 Received: (qmail 70708 invoked by uid 65534); 10 Mar 2004 05:27:29 -0000 Date: 10 Mar 2004 05:27:29 -0000 Message-ID: <20040310052729.70701.qmail@minotaur.apache.org> From: vtence@apache.org To: directory-cvs@incubator.apache.org Subject: svn commit: rev 9335 - in incubator/directory/janus/trunk: core/api/src/java/org/apache/janus/authorization/role core/impl/src/java/org/apache/janus/authorization/role core/impl/src/test/org/apache/janus/authorization/role sandbox/src/java/org/apache/janus/script/xml sandbox/src/test/org/apache/janus/script/xml X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Author: vtence Date: Tue Mar 9 21:27:28 2004 New Revision: 9335 Modified: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/MutableRoleManager.java incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java Log: o Work in progress (DIR-45) Modified: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/MutableRoleManager.java ============================================================================== --- incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/MutableRoleManager.java (original) +++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/MutableRoleManager.java Tue Mar 9 21:27:28 2004 @@ -26,4 +26,6 @@ boolean addPrincipalToRole( String roleName, Principal p ); boolean addRole( String roleName ); + + boolean addSubRole( String roleName, String subRoleName ); } Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/DefaultRoleManager.java Tue Mar 9 21:27:28 2004 @@ -67,22 +67,33 @@ public boolean addPrincipalToRole( String roleName, Principal p ) { + assertRoleExists( roleName ); RoleMapping mapping = getRole( roleName ); - if ( mapping == null ) throw new IllegalArgumentException( "Role is undefined: " + roleName ); return mapping.addPrincipal( p ); } + private void assertRoleExists( String roleName ) + { + if ( !roleExists( roleName ) ) + { + throw new IllegalArgumentException( "Role is undefined: " + roleName ); + } + } + private RoleMapping getRole( String roleName ) { return (RoleMapping) m_roles.get( roleName ); } - public void addSubRole( String roleName, String subRoleName ) + public boolean addSubRole( String roleName, String subRoleName ) { + assertRoleExists( roleName ); + assertRoleExists( subRoleName ); RoleMapping superRole = getRole( roleName ); RoleMapping subRole = getRole( subRoleName ); + if ( subRole.inRole( roleName ) ) throw new IllegalArgumentException( "Role circular dependency detected" ); - superRole.addRole( subRole ); + return superRole.addRole( subRole ); } } Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java (original) +++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/RoleMapping.java Tue Mar 9 21:27:28 2004 @@ -17,11 +17,12 @@ package org.apache.janus.authorization.role; import java.security.Principal; -import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; +import java.util.Map; /** * @author Apache Directory Project @@ -30,7 +31,7 @@ { private final String m_roleName; private final Collection m_principals; - private final Collection m_subRoles; + private final Map m_subRoles; public RoleMapping( String roleName ) { @@ -41,14 +42,14 @@ { m_roleName = roleName; m_principals = new HashSet( principals ); - m_subRoles = new ArrayList(); + m_subRoles = new HashMap(); } public boolean inRole( Principal p ) { if ( m_principals.contains( p ) ) return true; - for ( Iterator it = m_subRoles.iterator(); it.hasNext(); ) + for ( Iterator it = m_subRoles.values().iterator(); it.hasNext(); ) { RoleMapping subRoleMapping = (RoleMapping) it.next(); if ( subRoleMapping.inRole( p ) ) return true; @@ -57,6 +58,19 @@ return false; } + public boolean inRole( String roleName ) + { + if ( subRoleExists( roleName ) ) return true; + + for ( Iterator it = m_subRoles.values().iterator(); it.hasNext(); ) + { + final RoleMapping subRoleMapping = (RoleMapping) it.next(); + if ( subRoleMapping.inRole( roleName ) ) return true; + } + + return false; + } + public boolean given( Grant g ) { return g.given( m_roleName ); @@ -67,8 +81,17 @@ return m_principals.add( p ); } - public void addRole( RoleMapping mapping ) + public boolean addRole( RoleMapping role ) + { + if ( subRoleExists( role.m_roleName ) ) return false; + + m_subRoles.put( role.m_roleName, role ); + + return true; + } + + private boolean subRoleExists( String roleName ) { - m_subRoles.add( mapping ); + return m_subRoles.containsKey( roleName ); } } Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java ============================================================================== --- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java (original) +++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/DefaultRoleManagerTest.java Tue Mar 9 21:27:28 2004 @@ -24,11 +24,6 @@ import java.util.Map; /** - * test: adding sub role twice should be ignored - * test: Can't add role unknown role - * test: Cant't add unknown role to role - * test: Prevents role circular dependencies - * * @author Apache Directory Project */ public class DefaultRoleManagerTest extends TestCase @@ -130,6 +125,7 @@ try { m_roleManager.addPrincipalToRole( "undefined", john() ); + fail( "Added principal to undefined role" ); } catch ( IllegalArgumentException expected ) { @@ -146,4 +142,82 @@ m_roleManager.addSubRole( "member", "vip" ); assertTrue( m_roleManager.isPrincipalInRole( john(), new RoleGrant( "member" ) ) ); } + + public void testAddingSubRoleTwiceIsANoOp() + { + m_roleManager = new DefaultRoleManager(); + m_roleManager.addRole( "member" ); + m_roleManager.addRole( "vip" ); + assertTrue( m_roleManager.addSubRole( "member", "vip" ) ); + assertFalse( m_roleManager.addSubRole( "member", "vip" ) ); + } + + public void testEnforcesSubRoleDefinition() + { + m_roleManager = new DefaultRoleManager(); + m_roleManager.addRole( "member" ); + try + { + m_roleManager.addSubRole( "member", "vip" ); + fail( "Added undefined sub role" ); + } + catch ( IllegalArgumentException expected ) + { + assertTrue( true ); + } + } + + public void testParentRoleMustBeDefinedToAddSubRoles() + { + m_roleManager = new DefaultRoleManager(); + m_roleManager.addRole( "vip" ); + try + { + m_roleManager.addSubRole( "member", "vip" ); + fail( "Added sub role to undefined role" ); + } + catch ( IllegalArgumentException expected ) + { + assertTrue( true ); + } + } + + public void testPreventsCircularDependenciesBetweenRoles() + { + m_roleManager = new DefaultRoleManager(); + m_roleManager.addRole( "member" ); + m_roleManager.addRole( "vip" ); + m_roleManager.addSubRole( "member", "vip" ); + + try + { + m_roleManager.addSubRole( "vip", "member" ); + fail( "Role circular dependency not detected" ); + } + catch ( IllegalArgumentException expected ) + { + assertTrue( true ); + } + } + + public void testPreventsDeepCircularDependenciesBetweenRoles() + { + m_roleManager = new DefaultRoleManager(); + m_roleManager.addRole( "member" ); + m_roleManager.addRole( "vip" ); + m_roleManager.addRole( "executive" ); + m_roleManager.addSubRole( "member", "vip" ); + m_roleManager.addSubRole( "vip", "executive" ); + + try + { + m_roleManager.addSubRole( "executive", "member" ); + fail( "Role circular dependency not detected" ); + } + catch ( IllegalArgumentException expected ) + { + assertTrue( true ); + } + } + } Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java ============================================================================== --- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java (original) +++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java Tue Mar 9 21:27:28 2004 @@ -17,6 +17,7 @@ package org.apache.janus.script.xml; import org.apache.janus.authorization.role.MutableRoleManager; +import org.apache.janus.authentication.realm.UsernamePrincipal; import org.dom4j.Document; import org.dom4j.DocumentException; import org.dom4j.Element; @@ -24,6 +25,9 @@ import java.io.IOException; import java.io.Reader; +import java.util.List; +import java.util.Iterator; +import java.security.Principal; /** * Warning: Document is assumed to be valid. @@ -32,28 +36,52 @@ */ public class Dom4JRoleManagerBuilder { - private org.dom4j.Document m_doc; + private Document m_doc; - public Dom4JRoleManagerBuilder( Reader reader ) throws org.dom4j.DocumentException + public Dom4JRoleManagerBuilder( Reader reader ) throws DocumentException { m_doc = readDocument( reader ); } - public void buildRoleManager( org.apache.janus.authorization.role.MutableRoleManager roleManager ) throws IOException + public void buildRoleManager( MutableRoleManager roleManager ) throws IOException { - org.dom4j.Element root = m_doc.getRootElement(); - org.dom4j.Element roles = root.element( "roles" ); - addRoles( roleManager, roles ); + Element root = m_doc.getRootElement(); + addRoles( roleManager, root ); } - private void addRoles( org.apache.janus.authorization.role.MutableRoleManager roleManager, org.dom4j.Element roles ) + private void addRoles( MutableRoleManager roleManager, Element roles ) { + List roleList = roles.elements( "role" ); + + for ( Iterator it = roleList.iterator(); it.hasNext(); ) + { + final Element element = (Element) it.next(); + String roleName = element.attributeValue( "name" ); + roleManager.addRole( roleName ); + + addUsersToRole( roleManager, roleName, element); + } + } + + private void addUsersToRole( MutableRoleManager roleManager, + String roleName, + Element role ) + { + List userList = role.elements( "user" ); + + for ( Iterator it = userList.iterator(); it.hasNext(); ) + { + final Element element = (Element) it.next(); + String username = element.attributeValue( "username" ); + Principal user = new UsernamePrincipal( username ); + roleManager.addPrincipalToRole( roleName, user ); + } } - private org.dom4j.Document readDocument( Reader reader ) throws org.dom4j.DocumentException + private Document readDocument( Reader reader ) throws DocumentException { - org.dom4j.io.SAXReader xmlReader = new org.dom4j.io.SAXReader(); - org.dom4j.Document doc = xmlReader.read( reader ); + SAXReader xmlReader = new SAXReader(); + Document doc = xmlReader.read( reader ); return doc; } Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java ============================================================================== --- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java (original) +++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java Tue Mar 9 21:27:28 2004 @@ -18,7 +18,6 @@ import com.mockobjects.dynamic.C; import com.mockobjects.dynamic.Mock; -import junit.framework.TestCase; import org.apache.janus.authentication.realm.UsernamePrincipal; import org.apache.janus.authorization.role.MutableRoleManager; @@ -34,26 +33,55 @@ junit.textui.TestRunner.run( Dom4JRoleManagerBuilderTest.class ); } - public void testSimpleBuild() throws Exception + public void testEmptyRolesBuild() throws Exception { - org.apache.janus.script.xml.Dom4JRoleManagerBuilder builder = new org.apache.janus.script.xml.Dom4JRoleManagerBuilder( new StringReader( simpleRoles() ) ); + Dom4JRoleManagerBuilder builder = new Dom4JRoleManagerBuilder( + new StringReader( emptyRolesDefinition() ) ); - com.mockobjects.dynamic.Mock mockRoleManager = new com.mockobjects.dynamic.Mock( org.apache.janus.authorization.role.MutableRoleManager.class ); - mockRoleManager.expectAndReturn( "addPrincipalToRole", com.mockobjects.dynamic.C.args( com.mockobjects.dynamic.C.eq( "member"), com.mockobjects.dynamic.C.eq( john()) ), true ); - mockRoleManager.expectAndReturn( "addPrincipalToRole", com.mockobjects.dynamic.C.args( com.mockobjects.dynamic.C.eq( "member"), com.mockobjects.dynamic.C.eq( jane()) ), true ); + Mock mockRoleManager = new Mock( MutableRoleManager.class ); + mockRoleManager.expectAndReturn( "addRole", "member", true ); + mockRoleManager.expectAndReturn( "addRole", "vip", true ); builder.buildRoleManager( (MutableRoleManager) mockRoleManager.proxy() ); mockRoleManager.verify(); } - private String simpleRoles() + private String emptyRolesDefinition() + { + String content = "\n" + + "\n" + + " \n" + + " \n" + + ""; + return content; + } + + public void testSimpleRolesBuild() throws Exception + { + Dom4JRoleManagerBuilder builder = new Dom4JRoleManagerBuilder( + new StringReader( simpleRolesDefinition() ) ); + + Mock mockRoleManager = new Mock( MutableRoleManager.class ); + mockRoleManager.matchAndReturn( "addRole", C.ANY_ARGS, true ); + + mockRoleManager.expectAndReturn( "addPrincipalToRole", + C.args( C.eq( "member" ), C.eq( john() ) ), true ); + mockRoleManager.expectAndReturn( "addPrincipalToRole", + C.args( C.eq( "member" ), C.eq( jane() ) ), true ); + + builder.buildRoleManager( (MutableRoleManager) mockRoleManager.proxy() ); + + mockRoleManager.verify(); + } + + private String simpleRolesDefinition() { String content = "\n" + "\n" + " \n" - + " \n" - + " \n" + + " " + + " " + " \n" + ""; return content; @@ -63,7 +91,6 @@ { return new UsernamePrincipal( "john" ); } - private UsernamePrincipal jane() {