directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: rev 36048 - in incubator/directory/janus/trunk/sandbox/src: java/org/apache/janus/authorization java/org/apache/janus/authorization/effect java/org/apache/janus/authorization/predicate test/org/apache/janus/authorization
Date Fri, 06 Aug 2004 21:18:59 GMT
Author: vtence
Date: Fri Aug  6 14:18:58 2004
New Revision: 36048

Added:
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/BasicRule.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultRule.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/EffectResolver.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Predicate.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Rule.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/RuleSet.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultPolicyTest.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultRuleTest.java
Log:
o DIRJANUS-23: Work in progress. This is giving me some headaches ;-)

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/BasicRule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/BasicRule.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.NotApplicableEffect;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class BasicRule implements Rule
+{
+    private final Effect m_effect;
+    private final Predicate m_subjectPredicate;
+    private final Predicate m_permissionPredicate;
+
+    public BasicRule( Effect effect, Predicate subjectPredicate, Predicate permissionPredicate
)
+    {
+        m_effect = effect;
+        m_subjectPredicate = subjectPredicate;
+        m_permissionPredicate = permissionPredicate;
+    }
+
+    public Effect evaluate( Subject s, Permission p )
+    {
+        if ( !m_subjectPredicate.evaluate( s ) ) return new NotApplicableEffect();
+        if ( !m_permissionPredicate.evaluate( p ) ) return new NotApplicableEffect();
+
+        return m_effect;
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultRule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultRule.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,47 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.IndeterminateEffect;
+import org.apache.janus.authorization.effect.NotApplicableEffect;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultRule
+{
+    private final Effect m_effect;
+    private Predicate m_subjectPredicate;
+
+    public DefaultRule( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public void setSubjectCondition( Predicate predicate )
+    {
+        m_subjectPredicate = predicate;
+    }
+
+    public Effect evaluate( Subject s ) {
+        if (m_subjectPredicate.evaluate( s ) ) return m_effect;
+
+        return new NotApplicableEffect();
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Effect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,33 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Effect
+{
+    Effect combineWith( Effect effect );
+
+    Effect permit();
+
+    Effect deny();
+
+    Effect indeterminate();
+
+    boolean resolve( EffectResolver effectResolver );
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/EffectResolver.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/EffectResolver.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface EffectResolver
+{
+    boolean notApplicable();
+
+    boolean indeterminate();
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Policy.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,56 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class Policy implements RuleSet
+{
+    private final Effect m_effect;
+    private final Collection m_rules;
+
+    public Policy( Effect effect )
+    {
+        m_effect = effect;
+        m_rules = new ArrayList();
+    }
+
+    public void addRule( Rule rule )
+    {
+        m_rules.add( rule );
+    }
+
+    public Effect evaluate( Subject s, Permission p )
+    {
+        Effect effect = m_effect;
+
+        for ( Iterator it = m_rules.iterator(); it.hasNext(); )
+        {
+            Rule rule = ( Rule ) it.next();
+            Effect e = rule.evaluate( s, p );
+            effect = e.combineWith( effect );
+        }
+
+        return effect;
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Predicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Predicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Predicate
+{
+    boolean evaluate( Object o );
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Rule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/Rule.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2004 Your Corporation. All Rights Reserved.
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Rule
+{
+    Effect evaluate( Subject s, Permission p );
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/RuleSet.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/RuleSet.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface RuleSet extends Rule
+{
+    void addRule( Rule rule );
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,51 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class DenyEffect implements Effect
+{
+    public Effect combineWith( Effect effect )
+    {
+        return effect.deny();
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect indeterminate()
+    {
+        return this;
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,63 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DenyOverridesEffect implements Effect
+{
+    private final Effect m_effect;
+
+    public DenyOverridesEffect()
+    {
+        this( new DenyEffect() );
+    }
+
+    protected DenyOverridesEffect( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public Effect combineWith( Effect effect )
+    {
+        return m_effect.combineWith( effect );
+    }
+
+    public Effect permit()
+    {
+        return new DenyOverridesEffect( new GrantEffect() );
+    }
+
+    public Effect deny()
+    {
+        return new DenyEffect();
+    }
+
+    public Effect indeterminate()
+    {
+        return new DenyOverridesEffect( new IndeterminateEffect() );
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return m_effect.resolve( effectResolver );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,63 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FirstApplicableEffect implements Effect
+{
+    private final Effect m_effect;
+
+    public FirstApplicableEffect()
+    {
+        this( new NotApplicableEffect() );
+    }
+
+    protected FirstApplicableEffect( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public Effect combineWith( Effect effect )
+    {
+        return m_effect.combineWith( effect );
+    }
+
+    public Effect permit()
+    {
+        return new GrantEffect();
+    }
+
+    public Effect deny()
+    {
+        return new DenyEffect();
+    }
+
+    public Effect indeterminate()
+    {
+        return new IndeterminateEffect();
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return m_effect.resolve( effectResolver );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/GrantEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,51 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class GrantEffect implements Effect
+{
+    public Effect combineWith( Effect effect )
+    {
+        return effect.permit();
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect indeterminate()
+    {
+        return this;
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return true;
+    }
+}
\ No newline at end of file

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/IndeterminateEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,51 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class IndeterminateEffect implements Effect
+{
+    public Effect combineWith( Effect effect )
+    {
+        return effect.indeterminate();
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect indeterminate()
+    {
+        return this;
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return effectResolver.indeterminate();
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,63 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class LastApplicableEffect implements Effect
+{
+    private final Effect m_effect;
+
+    public LastApplicableEffect()
+    {
+        this( new NotApplicableEffect() );
+    }
+
+    protected LastApplicableEffect( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public Effect combineWith( Effect effect )
+    {
+        return m_effect.combineWith( effect );
+    }
+
+    public Effect permit()
+    {
+        return new LastApplicableEffect( new GrantEffect() );
+    }
+
+    public Effect deny()
+    {
+        return new LastApplicableEffect( new DenyEffect() );
+    }
+
+    public Effect indeterminate()
+    {
+        return new LastApplicableEffect( new IndeterminateEffect() );
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return m_effect.resolve( effectResolver );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,51 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class NotApplicableEffect implements Effect
+{
+    public Effect combineWith( Effect effect )
+    {
+        return effect;
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect indeterminate()
+    {
+        return this;
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return effectResolver.notApplicable();
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,63 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.EffectResolver;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class PermitOverridesEffect implements Effect
+{
+    private final Effect m_effect;
+
+    public PermitOverridesEffect()
+    {
+        this( new NotApplicableEffect() );
+    }
+
+    protected PermitOverridesEffect( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public Effect combineWith( Effect effect )
+    {
+        return m_effect.combineWith( effect );
+    }
+
+    public Effect permit()
+    {
+        return new GrantEffect();
+    }
+
+    public Effect deny()
+    {
+        return new PermitOverridesEffect( new DenyEffect() );
+    }
+
+    public Effect indeterminate()
+    {
+        return new PermitOverridesEffect( new IndeterminateEffect() );
+    }
+
+    public boolean resolve( EffectResolver effectResolver )
+    {
+        return m_effect.resolve( effectResolver );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DependedUponPermissionPredicate implements Predicate
+{
+    private final Permission m_permission;
+
+    public DependedUponPermissionPredicate( Permission permission )
+    {
+        m_permission = permission;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Permission p = ( Permission ) o;
+        return p.implies( m_permission );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class EqualPredicate implements Predicate
+{
+    private final Object m_obj;
+
+    public EqualPredicate( Object obj )
+    {
+        m_obj = obj;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_obj.equals( o );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FalsePredicate implements Predicate
+{
+    public boolean evaluate( Object o )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,49 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class HasPrincipalPredicate implements Predicate
+{
+    private final Principal m_principal;
+
+    public HasPrincipalPredicate( Principal principal )
+    {
+        m_principal = principal;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Subject s = (Subject) o;
+
+        for ( Iterator it = s.getPrincipals().iterator(); it.hasNext(); )
+        {
+            Principal p = ( Principal ) it.next();
+            if (m_principal.equals( p )) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class ImpliedPermissionPredicate implements Predicate
+{
+    private final Permission m_permission;
+
+    public ImpliedPermissionPredicate( Permission permission )
+    {
+        m_permission = permission;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Permission p = ( Permission ) o;
+        return m_permission.implies( p );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class TruePredicate implements Predicate
+{
+    public boolean evaluate( Object o )
+    {
+        return true;
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultPolicyTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultPolicyTest.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,92 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.authorization.effect.DenyEffect;
+import org.apache.janus.authorization.effect.GrantEffect;
+import org.apache.janus.authorization.effect.NotApplicableEffect;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+import org.jmock.Mock;
+import org.jmock.MockObjectTestCase;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultPolicyTest extends MockObjectTestCase
+{
+    private Policy m_policy;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultPolicyTest.class );
+    }
+
+    public void testCombinesRuleEffectsIntoPolicyEffect()
+    {
+        m_policy = new Policy( new PermitOverridesEffect() );
+
+        Mock mockDenyRule = new Mock( Rule.class );
+        mockDenyRule.expects( once() ).method( "evaluate" ).with( eq( john() ), eq( voting()
) ).will( returnValue( new DenyEffect() ) );
+        m_policy.addRule( ( Rule ) mockDenyRule.proxy() );
+
+        Mock mockGrantRule = new Mock( Rule.class );
+        mockGrantRule.expects( once() ).method( "evaluate" ).with( eq( john() ), eq( voting()
) ).will( returnValue( new GrantEffect() ) );
+        m_policy.addRule( ( Rule ) mockGrantRule.proxy() );
+
+        Effect effect = m_policy.evaluate( john(), voting() );
+
+        Mock mockEffect = new Mock( Effect.class );
+        mockEffect.expects( once() ).method( "permit" );
+        effect.combineWith( ( Effect ) mockEffect.proxy() );
+
+        mockEffect.verify();
+        mockDenyRule.verify();
+        mockGrantRule.verify();
+    }
+
+    public void testNoApplicableRule()
+    {
+        m_policy = new Policy( new PermitOverridesEffect() );
+
+        Mock mockRule = new Mock( Rule.class );
+        mockRule.stubs().method( "evaluate" ).will( returnValue( new NotApplicableEffect()
) );
+        m_policy.addRule( ( Rule ) mockRule.proxy() );
+
+        Effect effect = m_policy.evaluate( john(), voting() );
+
+        Mock mockEffect = new Mock( Effect.class );
+        mockEffect.expects( never() ).method( ANYTHING );
+        effect.combineWith( ( Effect ) mockEffect.proxy() );
+
+        mockEffect.verify();
+    }
+
+    private Subject john()
+    {
+        Subject subject = new Subject();
+        subject.getPrincipals().add( new UsernamePrincipal( "johnDoe" ) );
+        return subject;
+    }
+
+    private Permission voting()
+    {
+        return new BasicPermission( "vote" );
+    }
+}

Added: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultRuleTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultRuleTest.java
Fri Aug  6 14:18:58 2004
@@ -0,0 +1,75 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.jmock.MockObjectTestCase;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.authorization.effect.GrantEffect;
+import org.apache.janus.authorization.effect.NotApplicableEffect;
+import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
+import org.apache.janus.authorization.predicate.FalsePredicate;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultRuleTest extends MockObjectTestCase
+{
+    private DefaultRule m_rule;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultRuleTest.class );
+    }
+
+    // Example rule:
+    // Doctor in group A with username starting with A-N is granted access to folder "patients"
+
+    // Doctor who is in charge of patient can access files of patient
+
+    /**
+     * TODO:
+     * -- valid condition on subject -> effect
+     * -- invalid condition on subject -> not applicable
+     * indeterminate condition on subject -> indeterminate
+     * valid condition on resource -> effect
+     * invalid condition on resource -> not applicable
+     * indeterminate condition on resource -> indeterminate
+     */
+
+    public void testValidConditionOnSubject()
+    {
+        m_rule = new DefaultRule( new GrantEffect() );
+        m_rule.setSubjectCondition( new HasPrincipalPredicate( new UsernamePrincipal ("johnDoe"
)) );
+        assertTrue( m_rule.evaluate( john() ) instanceof GrantEffect );
+    }
+
+    public void testIsNotApplicableIsSubjectConditionNotVerified()
+    {
+        m_rule = new DefaultRule( new GrantEffect() );
+        m_rule.setSubjectCondition( new FalsePredicate() );
+        assertTrue( m_rule.evaluate( john() ) instanceof NotApplicableEffect );
+    }
+
+    private Subject john()
+    {
+        Subject subject = new Subject();
+        subject.getPrincipals().add( new UsernamePrincipal( "johnDoe" ) );
+        return subject;
+    }
+}

Mime
View raw message