directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: rev 57162 - in incubator/directory/janus/trunk/sandbox/src: java/org/apache/janus/authorization test/org/apache/janus/authorization
Date Wed, 10 Nov 2004 16:03:32 GMT
Author: vtence
Date: Wed Nov 10 08:03:31 2004
New Revision: 57162

Modified:
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
Log:
Added more control on behavior

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
Wed Nov 10 08:03:31 2004
@@ -17,6 +17,7 @@
 package org.apache.janus.authorization;
 
 import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
 
 import javax.security.auth.Subject;
 import java.util.HashMap;
@@ -27,11 +28,19 @@
  */
 public class DefaultAuthorizationController implements AuthorizationController
 {
+    private boolean m_defaultDecision;
     private final Map m_decisions;
-    private Rule m_rule;
+    private RuleSet m_ruleSet;
 
     public DefaultAuthorizationController()
     {
+        this( new Policy( new PermitOverridesEffect() ) );
+    }
+
+    public DefaultAuthorizationController( RuleSet ruleSet )
+    {
+        m_ruleSet = ruleSet;
+        m_defaultDecision = true;
         m_decisions = new HashMap();
         m_decisions.put( Effects.GRANT, Boolean.TRUE );
         m_decisions.put( Effects.NOT_APPLICABLE, Boolean.TRUE );
@@ -40,15 +49,15 @@
 
     public boolean authorize( Subject s, Permission p )
     {
-        Effect effect = m_rule.evaluate( s, p );
+        Effect effect = m_ruleSet.evaluate( s, p ).reduce();
         Boolean decision = ( Boolean ) m_decisions.get( effect );
 
-        return decision.booleanValue();
+        return decision != null ? decision.booleanValue() : m_defaultDecision;
     }
 
-    public void setRuleBase( Rule rule )
+    public void setRuleSet( RuleSet ruleSet )
     {
-        m_rule = rule;
+        m_ruleSet = ruleSet;
     }
 
     public void grantOn( Effect effect )
@@ -59,5 +68,20 @@
     public void denyOn( Effect effect )
     {
         m_decisions.put( effect, Boolean.FALSE );
+    }
+
+    public void addRule( Rule rule )
+    {
+        m_ruleSet.addRule( rule );
+    }
+
+    public void grantIfUnsure()
+    {
+        m_defaultDecision = true;
+    }
+
+    public void denyIfUnsure()
+    {
+        m_defaultDecision = false;
     }
 }

Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
(original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
Wed Nov 10 08:03:31 2004
@@ -18,6 +18,7 @@
 
 import junit.framework.TestCase;
 import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
 
 import javax.security.auth.Subject;
 
@@ -37,33 +38,58 @@
 
     public void testTakesPositiveDecisionIfRuleSuggestsPermission()
     {
-        m_authorizer.setRuleBase( new PrimitiveRule( Effects.GRANT ) );
+        m_authorizer.setRuleSet( new Policy( Effects.GRANT ) );
+        m_authorizer.denyIfUnsure();
         assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
     }
 
     public void testTakesPositiveDecisionIfRuleIsNotApplicable()
     {
-        m_authorizer.setRuleBase( new PrimitiveRule( Effects.NOT_APPLICABLE ) );
+        m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+        m_authorizer.denyIfUnsure();
         assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
     }
 
     public void testTakesNegativeDecisionIfRuleSuggestDenial()
     {
-        m_authorizer.setRuleBase( new PrimitiveRule( Effects.DENY ) );
+        m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
+        m_authorizer.grantIfUnsure();
         assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
     }
 
+    public void testTakesPositiveDecisionByDefault()
+    {
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
     public void testCanForceEffectToGrantDecision()
     {
-        m_authorizer.setRuleBase( new PrimitiveRule( Effects.DENY ) );
+        m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
         m_authorizer.grantOn( Effects.DENY );
         assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
     }
 
     public void testCanForceEffectToDenyDecision()
     {
-        m_authorizer.setRuleBase( new PrimitiveRule( Effects.NOT_APPLICABLE ) );
+        m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+        m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testEffectsAreReducedBeforeTakingDecision()
+    {
+        m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+        m_authorizer.grantIfUnsure();
         m_authorizer.denyOn( Effects.NOT_APPLICABLE );
         assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testRulesCanBeAdded()
+    {
+        m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+        m_authorizer.addRule( new PrimitiveRule( Effects.GRANT ) );
+        m_authorizer.denyIfUnsure();
+        m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
     }
 }

Mime
View raw message