directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: r105928 - in incubator/directory/janus/trunk: core/api/src/java/org/apache/janus/authentication/attribute core/api/src/java/org/apache/janus/authentication/group core/api/src/java/org/apache/janus/authorization core/api/src/java/org/apache/janus/authorization/policy core/api/src/java/org/apache/janus/authorization/role core/impl core/impl/src/java/org/apache/janus/authentication core/impl/src/java/org/apache/janus/authentication/attribute core/impl/src/java/org/apache/janus/authentication/group core/impl/src/java/org/apache/janus/authorization core/impl/src/java/org/apache/janus/authorization/effect core/impl/src/java/org/apache/janus/authorization/policy core/impl/src/java/org/apache/janus/authorization/predicate core/impl/src/java/org/apache/janus/authorization/role core/impl/src/test/org/apache/janus/authentication core/impl/src/test/org/apache/janus/authentication/attribute core/impl/src/test/org/apache/janus/authentication/group core/impl/src/test/org/apache/janus/authorization core/impl/src/test/org/apache/janus/authorization/effect core/impl/src/test/org/apache/janus/authorization/policy core/impl/src/test/org/apache/janus/authorization/role core/impl/src/test/org/apache/janus/testmodel sandbox/src/java/org/apache/janus/authentication sandbox/src/java/org/apache/janus/authentication/attribute sandbox/src/java/org/apache/janus/authorization sandbox/src/java/org/apache/janus/script sandbox/src/java/org/apache/janus/script/xml sandbox/src/test/org/apache/janus/authentication/attribute sandbox/src/test/org/apache/janus/authorization sandbox/src/test/org/apache/janus/script/xml script/src/java/org/apache/janus/script script/src/java/org/apache/janus/script/xml script/src/test/org/apache/janus/script/xml
Date Sat, 20 Nov 2004 03:18:03 GMT
Author: vtence
Date: Fri Nov 19 19:18:02 2004
New Revision: 105928

Added:
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/InformationProvider.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Effect.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Rule.java
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/RuleSet.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributePrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/GroupPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/RolePrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionCollection.java
      - copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Policy.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Predicate.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PrimitiveRule.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/AbstractCombinedEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/Effects.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/GrantEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/FullPermission.java
      - copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/PolicyTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ReadPermission.java
      - copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SomePermission.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/DenyOverridesEffectTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/FirstApplicableEffectTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/LastApplicableEffectTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/PermitOverridesEffectTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Attributes.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Creds.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitCredential.java
      - copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitPrincipal.java
      - copied, changed from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Fruits.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Groups.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Roles.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java
      - copied, changed from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/InformationProvider.java
      - copied, changed from r57529, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java
      - copied, changed from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JUtils.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java
Removed:
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/group/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/group/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/group/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/role/
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/PolicyContextBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/RoleManagerBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JPolicyContextBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleManagerBuilder.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JPolicyContextBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleManagerBuilderTest.java
Modified:
   incubator/directory/janus/trunk/core/impl/project.xml
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
   incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
   incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
Log:
Moved new authentication and authorization code out of sandbox

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,48 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import java.security.Principal;
+
+public class CyclicAssociationException extends RuntimeException
+{
+    private final Principal m_principal;
+    private final Principal m_attribute;
+
+    public CyclicAssociationException( Principal principal, Principal attribute )
+    {
+        m_principal = principal;
+        m_attribute = attribute;
+    }
+
+    public String getMessage()
+    {
+        final StringBuffer sb = new StringBuffer();
+        sb.append( "Cyclic association detected between [" ).append( m_principal ).append( "] and [" ).append( m_attribute ).append( "]" );
+        return sb.toString();
+    }
+
+    public Principal getPrincipal()
+    {
+        return m_principal;
+    }
+
+    public Principal getAttribute()
+    {
+        return m_attribute;
+    }
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/InformationProvider.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/InformationProvider.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,24 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import javax.security.auth.Subject;
+
+public interface InformationProvider
+{
+    void populate( Subject s );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,29 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.attribute.InformationProvider;
+
+import java.security.Principal;
+import java.util.Collection;
+
+public interface MutableInformationProvider extends InformationProvider
+{
+    boolean addAllAttributes( Principal principal, Collection attributes );
+
+    boolean addAttribute( Principal principal, Principal attribute );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Authorizer.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,24 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+public interface Authorizer
+{
+    boolean authorize( Subject s, Permission p );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Effect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Effect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,33 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Effect
+{
+    Effect add( Effect effect );
+
+    Effect applyTo( Effect effect );
+
+    Effect permit();
+
+    Effect deny();
+
+    Effect reduce();
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Rule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/Rule.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Rule
+{
+    Effect evaluate( Subject s, Permission p );
+}

Added: incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/RuleSet.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/api/src/java/org/apache/janus/authorization/RuleSet.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface RuleSet extends Rule
+{
+    void addRule( Rule rule );
+}

Modified: incubator/directory/janus/trunk/core/impl/project.xml
==============================================================================
--- incubator/directory/janus/trunk/core/impl/project.xml	(original)
+++ incubator/directory/janus/trunk/core/impl/project.xml	Fri Nov 19 19:18:02 2004
@@ -17,6 +17,12 @@
             <groupId>${pom.groupId}</groupId>
             <artifactId>janus-api</artifactId>
             <version>${pom.currentVersion}</version>
+        </dependency>
+        <!-- Test dependencies -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.1</version>
         </dependency>
     </dependencies>
 </project>

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/DefaultAuthenticator.java	Fri Nov 19 19:18:02 2004
@@ -16,12 +16,14 @@
  */
 package org.apache.janus.authentication;
 
+import org.apache.janus.authentication.attribute.InformationProvider;
 import org.apache.janus.authentication.realm.Realm;
-import org.apache.janus.authentication.group.GroupManager;
 
 import javax.security.auth.Subject;
 import java.security.Principal;
-import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
 
 /**
  * An implementation of an authenticator that uses a single realm to perform authentication.
@@ -31,12 +33,12 @@
 public class DefaultAuthenticator implements Authenticator
 {
     private final Realm m_realm;
-    private final GroupManager m_groupManager;
+    private final Collection m_providers;
 
-    public DefaultAuthenticator( Realm realm, GroupManager groupManager )
+    public DefaultAuthenticator( Realm realm )
     {
         m_realm = realm;
-        m_groupManager = groupManager;
+        m_providers = new ArrayList();
     }
 
     public Subject authenticate( CredentialSet credentials )
@@ -51,9 +53,17 @@
         Subject subject = new Subject();
         subject.getPrincipals().add( p );
 
-        Principal[] groups = m_groupManager.getGroupsFor( p );
-        subject.getPrincipals().addAll( Arrays.asList( groups ));
+        for ( Iterator it = m_providers.iterator(); it.hasNext(); )
+        {
+            InformationProvider provider = ( InformationProvider ) it.next();
+            provider.populate( subject );
+        }
 
         return subject;
+    }
+
+    public void addInformationProvider( InformationProvider provider )
+    {
+        m_providers.add( provider );
     }
 }

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributePrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributePrincipal.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,65 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class AttributePrincipal extends AbstractPrincipal
+{
+    private final Object m_value;
+
+    public AttributePrincipal( String name, Object value )
+    {
+        super( name );
+        if ( value == null ) throw new NullPointerException( "value" );
+        m_value = value;
+    }
+
+    public Object getValue()
+    {
+        return m_value;
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof AttributePrincipal ) ) return false;
+        if ( !super.equals( o ) ) return false;
+
+        final AttributePrincipal other = ( AttributePrincipal ) o;
+
+        if ( !m_value.equals( other.m_value ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        int result = super.hashCode();
+        result = 29 * result + m_value.hashCode();
+        return result;
+    }
+
+    public String toString()
+    {
+        return "AttributePrincipal: " + super.toString();
+    }
+
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,105 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+
+public class AttributeProvider implements MutableInformationProvider
+{
+    private final Map m_attributes;
+
+    public AttributeProvider()
+    {
+        this( new HashMap() );
+    }
+
+    public AttributeProvider( Map attributes )
+    {
+        m_attributes = attributes;
+    }
+
+    public void populate( Subject s )
+    {
+        Principal[] principals = ( Principal[] ) s.getPrincipals().toArray( new Principal[s.getPrincipals().size()] );
+        for ( int i = 0; i < principals.length; i++ )
+        {
+            final Principal p = principals[i];
+            fillWithAttributes( s.getPrincipals(), p );
+        }
+    }
+
+    public boolean addAllAttributes( Principal principal, Collection attributes )
+    {
+        boolean modified = false;
+        for ( Iterator it = attributes.iterator(); it.hasNext(); )
+        {
+            Principal attribute = ( Principal ) it.next();
+            modified |= addAttribute( principal, attribute );
+        }
+
+        return modified;
+    }
+
+    public boolean addAttribute( Principal principal, Principal attribute )
+    {
+        detectCyclicAssociation( attribute, principal );
+        return attributes( principal ).add( attribute );
+    }
+
+    private void detectCyclicAssociation( Principal attribute, Principal principal )
+    {
+        Collection attributes = getAllAttributes( attribute );
+        if ( attributes.contains( principal ) ) throw new CyclicAssociationException( principal, attribute );
+    }
+
+    private Collection getAllAttributes( Principal principal )
+    {
+        final Collection attributes = new HashSet();
+        fillWithAttributes( attributes, principal );
+        return attributes;
+    }
+
+    private void fillWithAttributes( Collection principals, Principal p )
+    {
+        final Collection attributes = attributes( p );
+
+        for ( Iterator it = attributes.iterator(); it.hasNext(); )
+        {
+            Principal attribute = ( Principal ) it.next();
+            principals.add( attribute );
+            fillWithAttributes( principals, attribute );
+        }
+    }
+
+    private Collection attributes( Principal principal )
+    {
+        Collection attributes = ( Collection ) m_attributes.get( principal );
+        if ( attributes == null)
+        {
+            attributes = new HashSet();
+            m_attributes.put( principal, attributes );
+        }
+        return attributes;
+    }
+}
+

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/GroupPrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/GroupPrincipal.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class GroupPrincipal extends AbstractPrincipal
+{
+    public GroupPrincipal( String name )
+    {
+        super( name );
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !(o instanceof GroupPrincipal) ) return false;
+        if ( !super.equals( o ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return super.hashCode();
+    }
+
+    public String toString()
+    {
+        return "GroupPrincipal: " + super.toString();
+    }
+
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/RolePrincipal.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/attribute/RolePrincipal.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class RolePrincipal extends AbstractPrincipal
+{
+    public RolePrincipal( String name )
+    {
+        super( name );
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !(o instanceof RolePrincipal) ) return false;
+        if ( !super.equals( o ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return super.hashCode();
+    }
+
+    public String toString()
+    {
+        return "RolePrincipal: " + super.toString();
+    }
+
+}

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultAuthorizer.java	Fri Nov 19 19:18:02 2004
@@ -1,60 +1,87 @@
-/*
- *   Copyright 2004 The Apache Software Foundation
- *
- *   Licensed under the Apache License, Version 2.0 (the "License");
- *   you may not use this file except in compliance with the License.
- *   You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing, software
- *   distributed under the License is distributed on an "AS IS" BASIS,
- *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *   See the License for the specific language governing permissions and
- *   limitations under the License.
- *
- */
-package org.apache.janus.authorization;
-
-import org.apache.janus.authorization.policy.PolicyContext;
-import org.apache.janus.authorization.role.RoleManager;
-
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
- */
-public class DefaultAuthorizer implements Authorizer
-{
-    private final PolicyContext m_policyContext;
-    private final RoleManager m_roleManager;
-
-    public DefaultAuthorizer( PolicyContext policyContext,
-                              RoleManager roleManager )
-    {
-        m_policyContext = policyContext;
-        m_roleManager = roleManager;
-    }
-
-    public boolean checkAuthorization( Subject subject, Permission permission )
-    {
-        if ( !m_policyContext.requiresPriviledges( permission ) ) return true;
-
-        Set principals = subject.getPrincipals();
-        for ( Iterator it = principals.iterator(); it.hasNext(); )
-        {
-            final Principal p = ( Principal ) it.next();
-            String[] roles = m_roleManager.getRoles( p );
-            for ( int i = 0; i < roles.length; i++ )
-            {
-                final String role = roles[i];
-                if ( m_policyContext.checkPermission( role, permission ) ) return true;
-            }
-        }
-
-        return false;
-    }
-}
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+
+import javax.security.auth.Subject;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Warning: to be renamed to DefaultAuthorizer when moved out of sandbox
+ */
+public class DefaultAuthorizer implements Authorizer
+{
+    private boolean m_defaultDecision;
+    private final Map m_decisions;
+    private RuleSet m_ruleSet;
+
+    public DefaultAuthorizer()
+    {
+        this( new Policy( new PermitOverridesEffect() ) );
+    }
+
+    public DefaultAuthorizer( RuleSet ruleSet )
+    {
+        m_ruleSet = ruleSet;
+        m_defaultDecision = true;
+        m_decisions = new HashMap();
+        m_decisions.put( Effects.GRANT, Boolean.TRUE );
+        m_decisions.put( Effects.NOT_APPLICABLE, Boolean.TRUE );
+        m_decisions.put( Effects.DENY, Boolean.FALSE );
+    }
+
+    public boolean authorize( Subject s, Permission p )
+    {
+        Effect effect = m_ruleSet.evaluate( s, p ).reduce();
+        Boolean decision = ( Boolean ) m_decisions.get( effect );
+
+        return decision != null ? decision.booleanValue() : m_defaultDecision;
+    }
+
+    public void setRuleSet( RuleSet ruleSet )
+    {
+        m_ruleSet = ruleSet;
+    }
+
+    public void grantOn( Effect effect )
+    {
+        m_decisions.put( effect, Boolean.TRUE );
+    }
+
+    public void denyOn( Effect effect )
+    {
+        m_decisions.put( effect, Boolean.FALSE );
+    }
+
+    public void addRule( Rule rule )
+    {
+        m_ruleSet.addRule( rule );
+    }
+
+    public void grantIfUnsure()
+    {
+        m_defaultDecision = true;
+    }
+
+    public void denyIfUnsure()
+    {
+        m_defaultDecision = false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,69 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.predicate.Predicates;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultRule
+{
+    private Effect m_effect;
+    private Predicate m_subjectPredicate;
+    private Predicate m_permissionPredicate;
+
+    public DefaultRule()
+    {
+        this( Effects.GRANT );
+    }
+
+    public DefaultRule( Effect effect )
+    {
+        m_effect = effect;
+        m_subjectPredicate = Predicates.TRUE;
+        m_permissionPredicate = Predicates.TRUE;
+    }
+
+    public void setEffect( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public void matchSubjects( Predicate condition )
+    {
+        m_subjectPredicate = condition;
+    }
+
+    public void matchPermissions( Predicate condition )
+    {
+        m_permissionPredicate = condition;
+    }
+
+    public Effect evaluate( Subject s, Permission p )
+    {
+        return matches( s, p ) ? m_effect : Effects.NOT_APPLICABLE;
+    }
+
+    private boolean matches( Subject s, Permission p )
+    {
+        return m_subjectPredicate.evaluate( s ) && m_permissionPredicate.evaluate( p );
+    }
+}

Copied: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionCollection.java (from r57529, incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/policy/PermissionCollection.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PermissionCollection.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authorization.policy;
+package org.apache.janus.authorization;
 
 import org.apache.janus.authorization.Permission;
 

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Policy.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Policy.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,56 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class Policy implements RuleSet
+{
+    private final Effect m_effect;
+    private final Collection m_rules;
+
+    public Policy( Effect effect )
+    {
+        m_effect = effect;
+        m_rules = new ArrayList();
+    }
+
+    public void addRule( Rule rule )
+    {
+        m_rules.add( rule );
+    }
+
+    public Effect evaluate( Subject s, Permission p )
+    {
+        Effect decision = m_effect;
+
+        for ( Iterator it = m_rules.iterator(); it.hasNext(); )
+        {
+            Rule rule = ( Rule ) it.next();
+            Effect effect = rule.evaluate( s, p );
+            decision = decision.add( effect );
+        }
+
+        return decision;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Predicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/Predicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Predicate
+{
+    boolean evaluate( Object o );
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PrimitiveRule.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/PrimitiveRule.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,34 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import javax.security.auth.Subject;
+
+public class PrimitiveRule implements Rule
+{
+    private final Effect effect;
+
+    public PrimitiveRule( Effect effect )
+    {
+        this.effect = effect;
+    }
+
+    public Effect evaluate( Subject s, Permission p )
+    {
+        return effect;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/AbstractCombinedEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/AbstractCombinedEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+public abstract class AbstractCombinedEffect implements Effect
+{
+    protected final Effect m_effect;
+
+    protected AbstractCombinedEffect( Effect effect )
+    {
+        m_effect = effect;
+    }
+
+    public Effect add( Effect effect )
+    {
+        return effect.applyTo( this );
+    }
+
+    public Effect reduce()
+    {
+        return m_effect;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,54 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class DenyEffect implements Effect
+{
+    DenyEffect()
+    {
+    }
+
+    public Effect add( Effect effect )
+    {
+        return this;
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return effect.deny();
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect reduce()
+    {
+        return this;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/DenyOverridesEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DenyOverridesEffect extends AbstractCombinedEffect
+{
+    public DenyOverridesEffect()
+    {
+        this( Effects.NOT_APPLICABLE );
+    }
+
+    public DenyOverridesEffect( Effect effect )
+    {
+        super( effect );
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return m_effect.applyTo( effect );
+    }
+
+    public Effect permit()
+    {
+        return new DenyOverridesEffect( Effects.GRANT );
+    }
+
+    public Effect deny()
+    {
+        return Effects.DENY;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/Effects.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/Effects.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,26 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+public class Effects
+{
+    public static final Effect GRANT = new GrantEffect();
+    public static final Effect DENY = new DenyEffect();
+    public static final Effect NOT_APPLICABLE = new NotApplicableEffect();
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/FirstApplicableEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FirstApplicableEffect extends AbstractCombinedEffect
+{
+    public FirstApplicableEffect()
+    {
+        this( Effects.NOT_APPLICABLE );
+    }
+
+    protected FirstApplicableEffect( Effect effect )
+    {
+        super( effect );
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return m_effect.applyTo( effect );
+    }
+
+    public Effect permit()
+    {
+        return Effects.GRANT;
+    }
+
+    public Effect deny()
+    {
+        return Effects.DENY;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/GrantEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/GrantEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,54 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class GrantEffect implements Effect
+{
+    GrantEffect()
+    {
+    }
+
+    public Effect add( Effect effect )
+    {
+        return this;
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return effect.permit();
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect reduce()
+    {
+        return this;
+    }
+}
\ No newline at end of file

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/LastApplicableEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class LastApplicableEffect extends AbstractCombinedEffect
+{
+    public LastApplicableEffect()
+    {
+        this( Effects.NOT_APPLICABLE );
+    }
+
+    protected LastApplicableEffect( Effect effect )
+    {
+        super( effect );
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return m_effect.applyTo( effect );
+    }
+
+    public Effect permit()
+    {
+        return new LastApplicableEffect( Effects.GRANT );
+    }
+
+    public Effect deny()
+    {
+        return new LastApplicableEffect( Effects.DENY );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/NotApplicableEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,54 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public final class NotApplicableEffect implements Effect
+{
+    NotApplicableEffect()
+    {
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return effect;
+    }
+
+    public Effect add( Effect effect )
+    {
+        return this;
+    }
+
+    public Effect permit()
+    {
+        return this;
+    }
+
+    public Effect deny()
+    {
+        return this;
+    }
+
+    public Effect reduce()
+    {
+        return this;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/effect/PermitOverridesEffect.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,50 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class PermitOverridesEffect extends AbstractCombinedEffect
+{
+    public PermitOverridesEffect()
+    {
+        this( Effects.NOT_APPLICABLE );
+    }
+
+    protected PermitOverridesEffect( Effect effect )
+    {
+        super( effect );
+    }
+
+    public Effect applyTo( Effect effect )
+    {
+        return m_effect.applyTo( effect );
+    }
+
+    public Effect permit()
+    {
+        return Effects.GRANT;
+    }
+
+    public Effect deny()
+    {
+        return new PermitOverridesEffect( Effects.DENY );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/DependedUponPermissionPredicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DependedUponPermissionPredicate implements Predicate
+{
+    private final Permission m_permission;
+
+    public DependedUponPermissionPredicate( Permission permission )
+    {
+        m_permission = permission;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Permission p = ( Permission ) o;
+        return p.implies( m_permission );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/EqualPredicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class EqualPredicate implements Predicate
+{
+    private final Object m_obj;
+
+    public EqualPredicate( Object obj )
+    {
+        m_obj = obj;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_obj.equals( o );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/FalsePredicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FalsePredicate implements Predicate
+{
+    public boolean evaluate( Object o )
+    {
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/HasPrincipalPredicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,49 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class HasPrincipalPredicate implements Predicate
+{
+    private final Principal m_principal;
+
+    public HasPrincipalPredicate( Principal principal )
+    {
+        m_principal = principal;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Subject s = ( Subject ) o;
+
+        for ( Iterator it = s.getPrincipals().iterator(); it.hasNext(); )
+        {
+            Principal p = ( Principal ) it.next();
+            if ( m_principal.equals( p ) ) return true;
+        }
+
+        return false;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/ImpliedPermissionPredicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class ImpliedPermissionPredicate implements Predicate
+{
+    private final Permission m_permission;
+
+    public ImpliedPermissionPredicate( Permission permission )
+    {
+        m_permission = permission;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Permission p = ( Permission ) o;
+        return m_permission.implies( p );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,52 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Permission;
+import org.apache.janus.authorization.Predicate;
+
+import java.security.Principal;
+
+public final class Predicates
+{
+    public static final Predicate TRUE = new TruePredicate();
+    public static final Predicate FALSE = new FalsePredicate();
+
+    private Predicates()
+    {
+    }
+
+    public static Predicate isImplied( Permission p )
+    {
+        return new ImpliedPermissionPredicate( p );
+    }
+
+    public static Predicate isDependedUpon( Permission p )
+    {
+        return new DependedUponPermissionPredicate( p );
+    }
+
+    public static Predicate is( Object o )
+    {
+        return new EqualPredicate( o );
+    }
+
+    public static Predicate hasPrincipal( Principal p )
+    {
+        return new HasPrincipalPredicate( p );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/TruePredicate.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/TruePredicate.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class TruePredicate implements Predicate
+{
+    public boolean evaluate( Object o )
+    {
+        return true;
+    }
+}

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/DefaultAuthenticatorTest.java	Fri Nov 19 19:18:02 2004
@@ -16,16 +16,19 @@
  */
 package org.apache.janus.authentication;
 
-import org.apache.janus.authentication.group.GroupManager;
-import org.apache.janus.authentication.group.GroupPrincipal;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.janus.authentication.attribute.AttributeProvider;
 import org.apache.janus.authentication.realm.Realm;
+import org.apache.janus.testmodel.Attributes;
+import org.apache.janus.testmodel.Creds;
+import org.apache.janus.testmodel.Fruits;
+import org.apache.janus.testmodel.Groups;
 import org.jmock.Mock;
 import org.jmock.MockObjectTestCase;
 
 import javax.security.auth.Subject;
-import java.security.Principal;
+import java.util.Collection;
 import java.util.HashSet;
-import java.util.Set;
 
 /**
  * @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
@@ -34,55 +37,38 @@
 {
     private DefaultAuthenticator m_authenticator;
     private Mock m_mockRealm;
-    private Mock m_mockGroupManager;
-
-    public static void main( String[] args )
-    {
-        junit.textui.TestRunner.run( DefaultAuthenticatorTest.class );
-    }
 
     protected void setUp() throws Exception
     {
-        m_mockRealm
-                = new Mock( Realm.class );
-        m_mockGroupManager = new Mock( GroupManager.class );
-        m_authenticator
-                = new DefaultAuthenticator( ( Realm ) m_mockRealm.proxy(), (GroupManager) m_mockGroupManager.proxy() );
+        m_mockRealm = new Mock( Realm.class );
+        m_authenticator = new DefaultAuthenticator( ( Realm ) m_mockRealm.proxy() );
     }
 
-    private CredentialSet bananaCreds()
+    public void testAuthenticatesEntityAgainstRealm() throws Exception
     {
-        CredentialSet credentials = new CredentialSet();
-        credentials.add( new FruitCredential( "banana" ) );
-        return credentials;
+        m_mockRealm.expects( once() ).method( "validateCredentials" ).with( eq( Creds.banana() ) ).will( returnValue( Fruits.banana() ) );
+        m_authenticator.authenticate( Creds.banana() );
+        m_mockRealm.verify();
     }
 
-    public void testAuthentication()
+    public void testBuildsUpSubjectWithEntityPrincipal()
     {
-        m_mockRealm.expects( once() ).method( "validateCredentials" ).with( eq( bananaCreds() ) ).will( returnValue( banana() ) );
-        m_mockGroupManager.stubs().method( "getGroupsFor" ).will( returnValue( new GroupPrincipal[] {} ) );
+        m_mockRealm.stubs().method( "validateCredentials" ).with( eq( Creds.banana() ) ).will( returnValue( Fruits.banana() ) );
 
         Subject subject = null;
         try
         {
-            subject = m_authenticator.authenticate( bananaCreds() );
+            subject = m_authenticator.authenticate( Creds.banana() );
         }
         catch ( AuthenticationException e )
         {
             fail( "Login failed" );
         }
         assertTrue( "Principal was not added to subject",
-                subject.getPrincipals().contains( banana() ) );
-
-        m_mockRealm.verify();
-    }
-
-    private FruitPrincipal banana()
-    {
-        return new FruitPrincipal( "banana" );
+                subject.getPrincipals().contains( Fruits.banana() ) );
     }
 
-    public void testAuthenticationFailure()
+    public void testThrowsAuthenticationExceptionIfAuthenticationFails()
     {
         m_mockRealm.stubs().method( "validateCredentials" ).will( returnValue( null ) );
 
@@ -97,36 +83,31 @@
         }
     }
 
-    public void testPrincipalGroupsAreAddedToSubject() throws Exception
+    public void testBuildsUpSubjectWithEntityAttributes() throws Exception
     {
-        m_mockRealm.stubs().method( "validateCredentials" ).will( returnValue( banana() ) );
-        m_mockGroupManager.expects( once() ).method( "getGroupsFor" ).with( eq( banana() ) ).will( returnValue( bananaGroups() ) );
+        m_mockRealm.stubs().method( "validateCredentials" ).will( returnValue( Fruits.banana() ) );
 
-        Subject s = m_authenticator.authenticate( bananaCreds() );
+        AttributeProvider groupProvider = new AttributeProvider();
+        groupProvider.addAttribute( Fruits.banana(), Groups.fruits() );
+        m_authenticator.addInformationProvider( groupProvider );
+        AttributeProvider attributeProvider = new AttributeProvider();
+        attributeProvider.addAttribute( Fruits.banana(), Attributes.yellow() );
+        attributeProvider.addAttribute( Groups.fruits(), Attributes.tasty() );
+        m_authenticator.addInformationProvider( attributeProvider );
+
+        Subject s = m_authenticator.authenticate( Creds.banana() );
+
+        Collection expectedAttributes = new HashSet( );
+        expectedAttributes.add( Groups.fruits() );
+        expectedAttributes.add( Attributes.tasty() );
+        expectedAttributes.add( Attributes.yellow() );
 
-        Set expected = new HashSet( );
-        expected.add( tasty() );
-        expected.add( yellow() );
-        Set actual = s.getPrincipals( GroupPrincipal.class );
-        assertEquals( expected, actual );
-
-        m_mockGroupManager.verify();
-    }
-
-    private Principal[] bananaGroups()
-    {
-        return new GroupPrincipal[]{tasty(), yellow()};
-    }
-
-    private GroupPrincipal yellow()
-    {
-        GroupPrincipal yellow = new GroupPrincipal( "yellow" );
-        return yellow;
+        assertTrue( CollectionUtils.isProperSubCollection( expectedAttributes, s.getPrincipals() ) );
     }
 
-    private GroupPrincipal tasty()
+    public static void main( String[] args )
     {
-        GroupPrincipal tasty = new GroupPrincipal( "tasty" );
-        return tasty;
+        junit.textui.TestRunner.run( DefaultAuthenticatorTest.class );
     }
 }
+

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,112 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.attribute;
+
+import junit.framework.TestCase;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.janus.testmodel.Groups;
+import org.apache.janus.testmodel.Subjects;
+import org.apache.janus.testmodel.Usernames;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+
+public class AttributeProviderTest extends TestCase
+{
+    AttributeProvider m_provider;
+
+    protected void setUp() throws Exception
+    {
+        m_provider = new AttributeProvider();
+    }
+
+    public void testPopulatesSubjectWithAttributesOfSubjectPrincipal()
+    {
+        Collection groups = Arrays.asList( new Principal[] { Groups.geeks(), Groups.men() });
+        m_provider.addAllAttributes( Usernames.joe(), groups );
+
+        Subject joe = Subjects.joe();
+        m_provider.populate( joe );
+        assertTrue( CollectionUtils.isSubCollection( groups, joe.getPrincipals() ) );
+    }
+
+    public void testLooksAtAllSubjectPrincipalsWhenPopulating()
+    {
+        m_provider.addAttribute( Usernames.joe(), Groups.geeks() );
+        m_provider.addAttribute( Groups.canadians(), Groups.men() );
+
+        Subject joe = Subjects.with( Usernames.joe(), Groups.canadians() );
+        m_provider.populate( joe );
+
+        Collection groups = Arrays.asList( new Principal[] { Groups.geeks(), Groups.men() });
+        assertTrue( CollectionUtils.isSubCollection( groups, joe.getPrincipals() ) );
+    }
+
+    public void testPrincipalHasNoAttributeByDefault()
+    {
+        Subject joe = Subjects.joe();
+        m_provider.populate( joe );
+
+        Collection expectedPrincipals = Collections.singleton( Usernames.joe() );
+        Collection actualPrincipals = joe.getPrincipals();
+        assertTrue( CollectionUtils.isEqualCollection( expectedPrincipals, actualPrincipals ) );
+    }
+
+    public void testDuplicateAttributesAreIgnored()
+    {
+        assertTrue( m_provider.addAttribute( Usernames.joe(), Groups.geeks() ) );
+        assertFalse( m_provider.addAttribute( Usernames.joe(), Groups.geeks() ) );
+
+        Subject joe = Subjects.joe();
+        m_provider.populate( joe );
+
+        Collection expectedPrincipals = Collections.singleton( Groups.geeks() );
+        Collection actualPrincipals = joe.getPrincipals( GroupPrincipal.class );
+        assertTrue( CollectionUtils.isEqualCollection( expectedPrincipals, actualPrincipals ) );
+    }
+
+    public void testAttributesAreInheritedFromOtherAttributes()
+    {
+        m_provider.addAttribute( Usernames.joe(), Groups.canadians() );
+        m_provider.addAttribute( Groups.canadians(), Groups.geeks() );
+        m_provider.addAttribute( Groups.geeks(), Groups.men() );
+
+        Subject joe = Subjects.joe();
+        m_provider.populate( joe );
+
+        Collection expectedPrincipals = Arrays.asList( new Principal[] { Groups.canadians(), Groups.geeks(), Groups.men() } );
+        assertTrue( CollectionUtils.isSubCollection( expectedPrincipals, joe.getPrincipals()));
+    }
+
+    public void testForbidsCyclicAttributesAssociations()
+    {
+        m_provider.addAttribute( Groups.canadians(), Groups.men() );
+        m_provider.addAttribute( Groups.men(), Groups.geeks() );
+        try
+        {
+            m_provider.addAttribute( Groups.geeks(), Groups.canadians() );
+            fail("Cyclic associations are allowed");
+        }
+        catch ( CyclicAssociationException e )
+        {
+            assertTrue( true );
+        }
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultAuthorizerTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,95 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+
+import javax.security.auth.Subject;
+
+public class DefaultAuthorizerTest extends TestCase
+{
+    private DefaultAuthorizer m_authorizer;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultAuthorizerTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_authorizer = new DefaultAuthorizer();
+    }
+
+    public void testTakesPositiveDecisionIfRuleSuggestsPermission()
+    {
+        m_authorizer.setRuleSet( new Policy( Effects.GRANT ) );
+        m_authorizer.denyIfUnsure();
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testTakesPositiveDecisionIfRuleIsNotApplicable()
+    {
+        m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+        m_authorizer.denyIfUnsure();
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testTakesNegativeDecisionIfRuleSuggestDenial()
+    {
+        m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
+        m_authorizer.grantIfUnsure();
+        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testTakesPositiveDecisionByDefault()
+    {
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testCanForceEffectToGrantDecision()
+    {
+        m_authorizer.setRuleSet( new Policy( Effects.DENY ) );
+        m_authorizer.grantOn( Effects.DENY );
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testCanForceEffectToDenyDecision()
+    {
+        m_authorizer.setRuleSet( new Policy( Effects.NOT_APPLICABLE ) );
+        m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testEffectsAreReducedBeforeTakingDecision()
+    {
+        m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+        m_authorizer.grantIfUnsure();
+        m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+
+    public void testRulesCanBeAdded()
+    {
+        m_authorizer.setRuleSet( new Policy( new PermitOverridesEffect() ) );
+        m_authorizer.addRule( new PrimitiveRule( Effects.GRANT ) );
+        m_authorizer.denyIfUnsure();
+        m_authorizer.denyOn( Effects.NOT_APPLICABLE );
+        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,74 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.predicate.FalsePredicate;
+import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
+import org.apache.janus.authorization.predicate.ImpliedPermissionPredicate;
+import org.apache.janus.authorization.predicate.TruePredicate;
+import org.jmock.MockObjectTestCase;
+
+import javax.security.auth.Subject;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DefaultRuleTest extends MockObjectTestCase
+{
+    private DefaultRule m_rule;
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( DefaultRuleTest.class );
+    }
+
+    protected void setUp() throws Exception
+    {
+        m_rule = new DefaultRule();
+    }
+
+    public void testEvaluatesToRuleEffectIfTargetVerifiesCondition()
+    {
+        m_rule.setEffect( Effects.DENY );
+        m_rule.matchSubjects( new HasPrincipalPredicate( new UsernamePrincipal( "johnDoe" ) ) );
+        m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
+        assertEquals( Effects.DENY, m_rule.evaluate( john(), new SomePermission() ) );
+    }
+
+    public void testIsNotApplicableIfSubjectConditionIsNotVerified()
+    {
+        m_rule.matchSubjects( new FalsePredicate() );
+        m_rule.matchPermissions( new TruePredicate() );
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) );
+    }
+
+    public void testIsNotApplicableIfPermissionConditionIsNotVerified()
+    {
+        m_rule.matchSubjects( new TruePredicate() );
+        m_rule.matchPermissions( new FalsePredicate() );
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) );
+    }
+
+    private Subject john()
+    {
+        Subject subject = new Subject();
+        subject.getPrincipals().add( new UsernamePrincipal( "johnDoe" ) );
+        return subject;
+    }
+}

Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/FullPermission.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/FullPermission.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/FullPermission.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authorization.policy;
+package org.apache.janus.authorization;
 
 import org.apache.janus.authorization.BasicPermission;
 import org.apache.janus.authorization.Permission;

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/PolicyTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/PolicyTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+import junit.framework.TestCase;
+import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+
+import javax.security.auth.Subject;
+
+public class PolicyTest extends TestCase
+{
+    public void testRendersDefaultDecisionWhenEmpty()
+    {
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new Subject(), new SomePermission() ).reduce() );
+    }
+
+    public void testCombinesResultOfContainedRulesEvaluation()
+    {
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        policy.addRule( new PrimitiveRule( Effects.DENY ) );
+        policy.addRule( new PrimitiveRule( Effects.GRANT ) );
+
+        assertEquals( Effects.GRANT, policy.evaluate( new Subject(), new SomePermission() ).reduce() );
+    }
+}

Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ReadPermission.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/policy/ReadPermission.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/ReadPermission.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authorization.policy;
+package org.apache.janus.authorization;
 
 import org.apache.janus.authorization.BasicPermission;
 import org.apache.janus.authorization.Permission;

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SomePermission.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/SomePermission.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization;
+
+public class SomePermission extends BasicPermission
+{
+    public SomePermission()
+    {
+        super( "something" );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/DenyOverridesEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/DenyOverridesEffectTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,44 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class DenyOverridesEffectTest extends MockObjectTestCase
+{
+    public void testDefaultsToNotApplicable()
+    {
+        Effect effect = new DenyOverridesEffect();
+        assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+    }
+
+    public void testCombinedResultIsDenyIfSingleDenyIsEncountered()
+    {
+        Effect effect = new DenyOverridesEffect();
+        effect = effect.deny();
+        effect = effect.permit();
+        assertEquals( Effects.DENY, effect.reduce() );
+    }
+
+    public void testCombinedResultIsPermitIfNoDenyAndAtLeastAPermitIsEncountered()
+    {
+        Effect effect = new DenyOverridesEffect();
+        effect = effect.permit();
+        assertEquals( Effects.GRANT, effect.reduce() );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/FirstApplicableEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/FirstApplicableEffectTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,38 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class FirstApplicableEffectTest extends MockObjectTestCase
+{
+    public void testDefaultsToNotApplicable()
+    {
+        Effect effect = new FirstApplicableEffect();
+        assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+    }
+
+    public void testCombinedResultIsFirstApplicableEffect()
+    {
+        Effect effect = new FirstApplicableEffect();
+        effect = effect.deny();
+        effect = effect.permit();
+        effect = effect.deny();
+        assertEquals( Effects.DENY, effect.reduce() );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/LastApplicableEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/LastApplicableEffectTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,38 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class LastApplicableEffectTest extends MockObjectTestCase
+{
+    public void testDefaultsToNotApplicable()
+    {
+        Effect effect = new LastApplicableEffect();
+        assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+    }
+
+    public void testCombinedResultIsLastApplicableEffect()
+    {
+        Effect effect = new LastApplicableEffect();
+        effect = effect.deny();
+        effect = effect.permit();
+        effect = effect.deny();
+        assertEquals( Effects.DENY, effect.reduce() );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/PermitOverridesEffectTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/effect/PermitOverridesEffectTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,44 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.effect;
+
+import org.apache.janus.authorization.Effect;
+import org.jmock.MockObjectTestCase;
+
+public class PermitOverridesEffectTest extends MockObjectTestCase
+{
+    public void testDefaultsToNotApplicable()
+    {
+        Effect effect = new PermitOverridesEffect();
+        assertEquals( Effects.NOT_APPLICABLE, effect.reduce() );
+    }
+
+    public void testCombinedResultIsPermitIfSinglePermitIsEncountered()
+    {
+        Effect effect = new PermitOverridesEffect();
+        effect = effect.permit();
+        effect = effect.deny();
+        assertEquals( Effects.GRANT, effect.reduce() );
+    }
+
+    public void testCombinedResultIsDenyIfNoPermitAndAtLeastADenyIsEncountered()
+    {
+        Effect effect = new PermitOverridesEffect();
+        effect = effect.deny();
+        assertEquals( Effects.DENY, effect.reduce() );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Attributes.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Attributes.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.attribute.AttributePrincipal;
+
+import java.security.Principal;
+
+public class Attributes
+{
+    public static Principal tasty()
+    {
+        return new AttributePrincipal( "taste", "tasty" );
+    }
+
+    public static Principal yellow()
+    {
+        return new AttributePrincipal( "color", "yellow" );
+    }
+
+    private Attributes() {}
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Creds.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Creds.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,31 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.CredentialSet;
+
+public class Creds
+{
+    public static CredentialSet banana()
+    {
+        CredentialSet credentials = new CredentialSet();
+        credentials.add( new FruitCredential( "banana" ) );
+        return credentials;
+    }
+
+    private Creds() {}
+}

Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitCredential.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitCredential.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitCredential.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authentication;
+package org.apache.janus.testmodel;
 
 import java.io.Serializable;
 

Copied: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitPrincipal.java (from r57529, incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java)
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authentication/FruitPrincipal.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/FruitPrincipal.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authentication;
+package org.apache.janus.testmodel;
 
 import org.apache.janus.authentication.AbstractPrincipal;
 

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Fruits.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Fruits.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import java.security.Principal;
+
+public class Fruits
+{
+
+    public static Principal banana()
+    {
+        return new FruitPrincipal( "banana" );
+    }
+
+    private Fruits() {}
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Groups.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Groups.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,42 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+
+public class Groups
+{
+    public static GroupPrincipal canadians()
+    {
+        return new GroupPrincipal( "canadians" );
+    }
+
+    public static GroupPrincipal geeks()
+    {
+        return new GroupPrincipal( "geeks" );
+    }
+
+    public static GroupPrincipal men()
+    {
+        return new GroupPrincipal( "men" );
+    }
+
+    public static GroupPrincipal fruits()
+    {
+        return new GroupPrincipal( "fruits" );
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Roles.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Roles.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.attribute.RolePrincipal;
+
+import java.security.Principal;
+
+public class Roles
+{
+    public static Principal user()
+    {
+        return new RolePrincipal( "user" );
+    }
+
+    public static Principal developer()
+    {
+        return new RolePrincipal( "developer" );
+    }
+
+    public static Principal tester()
+    {
+        return new RolePrincipal( "tester" );
+    }
+
+    public static Principal manager()
+    {
+        return new RolePrincipal( "manager" );
+    }
+
+    private Roles() {}
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,63 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+public class Subjects
+{
+    public static Subject joe()
+    {
+        return with( Usernames.joe() );
+    }
+
+    public static Subject with( Principal p )
+    {
+        Subject s = new Subject();
+        s.getPrincipals().add( p );
+        return s;
+    }
+
+    public static Subject with( Principal p1, Principal p2 )
+    {
+        Subject s = new Subject();
+        s.getPrincipals().add( p1 );
+        s.getPrincipals().add( p2 );
+        return s;
+    }
+
+    public static Subject with( Principal p1, Principal p2, Principal p3 )
+    {
+        Subject s = new Subject();
+        s.getPrincipals().add( p1 );
+        s.getPrincipals().add( p2 );
+        s.getPrincipals().add( p3 );
+        return s;
+    }
+
+    public static Subject with( Principal[] principals )
+    {
+        Subject s = new Subject();
+        for ( int i = 0; i < principals.length; i++ )
+        {
+            Principal p = principals[i];
+            s.getPrincipals().add( p );
+        }
+        return s;
+    }
+}

Added: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.testmodel;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+public class Usernames
+{
+    public static UsernamePrincipal joe()
+    {
+        return new UsernamePrincipal( "joeblow" );
+    }
+}

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/AttributeProvider.java	Fri Nov 19 19:18:02 2004
@@ -16,9 +16,6 @@
  */
 package org.apache.janus.authentication.attribute;
 
-import org.apache.janus.authentication.CyclicAssociationException;
-import org.apache.janus.authentication.MutableInformationProvider;
-
 import javax.security.auth.Subject;
 import java.security.Principal;
 import java.util.Collection;

Copied: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java (from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java)
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/CyclicAssociationException.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/CyclicAssociationException.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authentication;
+package org.apache.janus.authentication.attribute;
 
 import java.security.Principal;
 

Copied: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/InformationProvider.java (from r57529, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java)
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/InformationProvider.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/InformationProvider.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,7 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authentication;
+package org.apache.janus.authentication.attribute;
 
 import javax.security.auth.Subject;
 

Copied: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java (from r76236, incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java)
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/MutableInformationProvider.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authentication/attribute/MutableInformationProvider.java	Fri Nov 19 19:18:02 2004
@@ -14,7 +14,9 @@
  *   limitations under the License.
  *
  */
-package org.apache.janus.authentication;
+package org.apache.janus.authentication.attribute;
+
+import org.apache.janus.authentication.attribute.InformationProvider;
 
 import java.security.Principal;
 import java.util.Collection;

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/authorization/DefaultAuthorizationController.java	Fri Nov 19 19:18:02 2004
@@ -26,7 +26,7 @@
 /**
  * Warning: to be renamed to DefaultAuthorizer when moved out of sandbox
  */
-public class DefaultAuthorizationController implements AuthorizationController
+public class DefaultAuthorizationController implements Authorizer
 {
     private boolean m_defaultDecision;
     private final Map m_decisions;

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilder.java	Fri Nov 19 19:18:02 2004
@@ -16,7 +16,8 @@
  */
 package org.apache.janus.script;
 
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 
 public interface InformationProviderBuilder
 {

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java	Fri Nov 19 19:18:02 2004
@@ -16,7 +16,7 @@
  */
 package org.apache.janus.script;
 
-import org.apache.janus.authentication.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
 
 import java.security.Principal;
 

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/NullInformationProviderMonitor.java	Fri Nov 19 19:18:02 2004
@@ -16,7 +16,7 @@
  */
 package org.apache.janus.script;
 
-import org.apache.janus.authentication.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
 
 import java.security.Principal;
 

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java	Fri Nov 19 19:18:02 2004
@@ -16,9 +16,10 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authentication.MutableInformationProvider;
-import org.apache.janus.authentication.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
 import org.apache.janus.authentication.realm.UsernamePrincipal;
 import org.apache.janus.script.InformationProviderBuilderMonitor;
 import org.apache.janus.script.InformationProviderBuilder;

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java	Fri Nov 19 19:18:02 2004
@@ -16,8 +16,9 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.script.InformationProviderBuilderMonitor;
 import org.apache.janus.script.NullInformationProviderMonitor;
 import org.dom4j.Document;

Modified: incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java	Fri Nov 19 19:18:02 2004
@@ -16,8 +16,9 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.authentication.attribute.RolePrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.script.InformationProviderBuilderMonitor;
 import org.apache.janus.script.NullInformationProviderMonitor;
 import org.dom4j.Document;

Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authentication/attribute/AttributeProviderTest.java	Fri Nov 19 19:18:02 2004
@@ -21,7 +21,6 @@
 import org.apache.janus.testmodel.Groups;
 import org.apache.janus.testmodel.Subjects;
 import org.apache.janus.testmodel.Usernames;
-import org.apache.janus.authentication.CyclicAssociationException;
 
 import javax.security.auth.Subject;
 import java.security.Principal;

Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/authorization/DefaultAuthorizationControllerTest.java	Fri Nov 19 19:18:02 2004
@@ -24,7 +24,7 @@
 
 public class DefaultAuthorizationControllerTest extends TestCase
 {
-    private DefaultAuthorizationController m_authorizer;
+    private DefaultAuthorizer m_authorizer;
 
     public static void main( String[] args )
     {
@@ -33,7 +33,7 @@
 
     protected void setUp() throws Exception
     {
-        m_authorizer = new DefaultAuthorizationController();
+        m_authorizer = new DefaultAuthorizer();
     }
 
     public void testTakesPositiveDecisionIfRuleSuggestsPermission()

Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	Fri Nov 19 19:18:02 2004
@@ -16,9 +16,9 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authentication.CyclicAssociationException;
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.authentication.attribute.AttributeProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
 import org.apache.janus.script.InformationProviderBuilderMonitor;
 import org.apache.janus.testmodel.Groups;
 import org.apache.janus.testmodel.Usernames;

Modified: incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
==============================================================================
--- incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/sandbox/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	Fri Nov 19 19:18:02 2004
@@ -16,7 +16,8 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authentication.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.testmodel.Groups;
 import org.apache.janus.testmodel.Roles;
 import org.apache.janus.testmodel.Usernames;

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilder.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+
+public interface InformationProviderBuilder
+{
+    void buildProvider( MutableInformationProvider groupProvider );
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/InformationProviderBuilderMonitor.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+
+import java.security.Principal;
+
+public interface InformationProviderBuilderMonitor
+{
+    void cyclicAssociation( CyclicAssociationException e );
+
+    void duplicateAttribute( Principal principal, Principal attribute );
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/NullInformationProviderMonitor.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/NullInformationProviderMonitor.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,32 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+
+import java.security.Principal;
+
+public class NullInformationProviderMonitor implements InformationProviderBuilderMonitor
+{
+    public void cyclicAssociation( CyclicAssociationException e )
+    {
+    }
+
+    public void duplicateAttribute( Principal principal, Principal attribute )
+    {
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/AbstractDom4JInformationProviderBuilder.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,68 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.InformationProviderBuilder;
+import org.dom4j.Element;
+
+import java.security.Principal;
+
+public abstract class AbstractDom4JInformationProviderBuilder implements InformationProviderBuilder
+{
+    protected final Element m_root;
+    protected final InformationProviderBuilderMonitor m_monitor;
+
+    public AbstractDom4JInformationProviderBuilder( Element root, InformationProviderBuilderMonitor monitor )
+    {
+        m_root = root;
+        m_monitor = monitor;
+    }
+
+    protected void addAttribute( MutableInformationProvider groupProvider, Principal principal, Principal attribute )
+    {
+        boolean added = false;
+        try
+        {
+            added = groupProvider.addAttribute( principal, attribute );
+            if (!added) m_monitor.duplicateAttribute( principal, attribute );
+        }
+        catch ( CyclicAssociationException e )
+        {
+            m_monitor.cyclicAssociation( e );
+        }
+    }
+
+    protected Principal getUserPrincipal( Element element )
+    {
+        String username = element.attributeValue( "username" );
+        Principal usernamePrincipal = new UsernamePrincipal( username );
+        return usernamePrincipal;
+    }
+
+    protected Principal getGroupPrincipal( Element element )
+    {
+        String groupName = element.attributeValue( "groupname" );
+        Principal groupPrincipal = new GroupPrincipal( groupName );
+        return groupPrincipal;
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JGroupBuilder.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,103 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.NullInformationProviderMonitor;
+import org.dom4j.Document;
+import org.dom4j.DocumentException;
+import org.dom4j.Element;
+
+import java.io.Reader;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.List;
+
+public class Dom4JGroupBuilder extends AbstractDom4JInformationProviderBuilder
+{
+    public static Dom4JGroupBuilder fromReader( Reader reader ) throws DocumentException
+    {
+        return fromReader( reader, new NullInformationProviderMonitor() );
+    }
+
+    public static Dom4JGroupBuilder fromReader( Reader reader, InformationProviderBuilderMonitor monitor ) throws DocumentException
+    {
+        Document doc = Dom4JUtils.readDocument( reader );
+        return new Dom4JGroupBuilder( doc, monitor );
+    }
+
+    public Dom4JGroupBuilder( Document doc )
+    {
+        this( doc.getRootElement() );
+    }
+
+    public Dom4JGroupBuilder( Document doc, InformationProviderBuilderMonitor monitor )
+    {
+        this( doc.getRootElement(), monitor );
+    }
+
+    public Dom4JGroupBuilder( Element root )
+    {
+        this( root, new NullInformationProviderMonitor() );
+    }
+
+    public Dom4JGroupBuilder( Element root, InformationProviderBuilderMonitor monitor )
+    {
+        super( root, monitor );
+    }
+
+    public void buildProvider( MutableInformationProvider provider )
+    {
+        addGroupsToUsers( provider, m_root.elements( "user" ) );
+        addGroupsToGroups( provider, m_root.elements( "group" ) );
+    }
+
+    private void addGroupsToUsers( MutableInformationProvider provider, List users )
+    {
+        for ( Iterator it = users.iterator(); it.hasNext(); )
+        {
+            Element element = ( Element ) it.next();
+            Principal user = getUserPrincipal( element );
+            Principal group = getGroupAttribute( element );
+
+            addAttribute( provider, user, group );
+        }
+    }
+
+    private void addGroupsToGroups( MutableInformationProvider provider, List groups )
+    {
+        for ( Iterator it = groups.iterator(); it.hasNext(); )
+        {
+            Element element = ( Element ) it.next();
+            Principal subGroup = getGroupPrincipal( element );
+            Principal group = getGroupAttribute( element );
+
+            addAttribute( provider, subGroup, group );
+        }
+    }
+
+    private Principal getGroupAttribute( Element element )
+    {
+        String groupName = element.attributeValue( "group" );
+        Principal groupPrincipal = new GroupPrincipal( groupName );
+        return groupPrincipal;
+    }
+}
+

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRoleBuilder.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,121 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.RolePrincipal;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.NullInformationProviderMonitor;
+import org.dom4j.Document;
+import org.dom4j.DocumentException;
+import org.dom4j.Element;
+
+import java.io.Reader;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.List;
+
+public class Dom4JRoleBuilder extends AbstractDom4JInformationProviderBuilder
+{
+    public static Dom4JRoleBuilder fromReader( Reader reader ) throws DocumentException
+    {
+        return fromReader( reader, new NullInformationProviderMonitor() );
+    }
+
+    public static Dom4JRoleBuilder fromReader( Reader reader, InformationProviderBuilderMonitor monitor ) throws DocumentException
+    {
+        Document doc = Dom4JUtils.readDocument( reader );
+        return new Dom4JRoleBuilder( doc, monitor );
+    }
+
+    public Dom4JRoleBuilder( Document doc )
+    {
+        this( doc.getRootElement() );
+    }
+
+    public Dom4JRoleBuilder( Document doc, InformationProviderBuilderMonitor monitor )
+    {
+        this( doc.getRootElement(), monitor );
+    }
+
+    public Dom4JRoleBuilder( Element root )
+    {
+        this( root, new NullInformationProviderMonitor() );
+    }
+
+    public Dom4JRoleBuilder( Element root, InformationProviderBuilderMonitor monitor )
+    {
+        super( root, monitor );
+    }
+
+    public void buildProvider( MutableInformationProvider provider )
+    {
+        addRolesToUsers( provider, m_root.elements( "user" ) );
+        addRolesToGroups( provider, m_root.elements( "group" ) );
+        addRolesToRoles( provider, m_root.elements( "role" ) );
+    }
+
+    private void addRolesToUsers( MutableInformationProvider provider, List users )
+    {
+        for ( Iterator it = users.iterator(); it.hasNext(); )
+        {
+            Element element = ( Element ) it.next();
+            Principal user = getUserPrincipal( element );
+            Principal role = getRoleAttribute( element );
+
+            addAttribute( provider, user, role );
+        }
+    }
+
+    private void addRolesToGroups( MutableInformationProvider provider, List groups )
+    {
+        for ( Iterator it = groups.iterator(); it.hasNext(); )
+        {
+            Element element = ( Element ) it.next();
+            Principal group = getGroupPrincipal( element );
+            Principal role = getRoleAttribute( element );
+
+            addAttribute( provider, group, role );
+        }
+    }
+
+    private void addRolesToRoles( MutableInformationProvider provider, List groups )
+    {
+        for ( Iterator it = groups.iterator(); it.hasNext(); )
+        {
+            Element element = ( Element ) it.next();
+            Principal subRole = getRolePrincipal( element );
+            Principal role = getRoleAttribute( element );
+
+            addAttribute( provider, subRole, role );
+        }
+    }
+
+    private Principal getRolePrincipal( Element element )
+    {
+        String roleName = element.attributeValue( "rolename" );
+        Principal rolePrincipal = new RolePrincipal( roleName );
+        return rolePrincipal;
+    }
+
+    private Principal getRoleAttribute( Element element )
+    {
+        String roleName = element.attributeValue( "role" );
+        Principal rolePrincipal = new RolePrincipal( roleName );
+        return rolePrincipal;
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JUtils.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JUtils.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,34 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.dom4j.Document;
+import org.dom4j.DocumentException;
+import org.dom4j.io.SAXReader;
+
+import java.io.Reader;
+
+public final class Dom4JUtils
+{
+    public static Document readDocument( Reader reader ) throws DocumentException 
+    {
+        final SAXReader parser = new SAXReader();
+        return parser.read( reader );
+    }
+
+    private Dom4JUtils() {}
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,155 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.authentication.attribute.AttributeProvider;
+import org.apache.janus.authentication.attribute.CyclicAssociationException;
+import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.jmock.Mock;
+import org.jmock.MockObjectTestCase;
+import org.jmock.core.Constraint;
+
+import java.io.StringReader;
+
+/**
+ * TODO: Move some tests to abstract test class
+ */
+public class Dom4JGroupBuilderTest extends MockObjectTestCase
+{
+    public void testParsesUsersFromXMLDocumentAndAddsGroupAttributesToProvider() throws Exception
+    {
+        Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( userWithTwoGroups() ) );
+
+        Mock mockProvider = new Mock( MutableInformationProvider.class );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+
+        builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+        mockProvider.verify();
+    }
+
+    private String userWithTwoGroups()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<groups>\n"
+                + "    <user username=\"joeblow\" group=\"men\"/>\n"
+                + "    <user username=\"joeblow\" group=\"geeks\"/>\n"
+                + "</groups>";
+        return content;
+    }
+
+    public void testParsesGroupsFromXMLDocumentAndAddsGroupAttributesToProvider() throws Exception
+    {
+        Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( groupWithTwoGroups() ) );
+
+        Mock mockProvider = new Mock( MutableInformationProvider.class );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.men() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+
+        builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+        mockProvider.verify();
+    }
+
+    private String groupWithTwoGroups()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<groups>\n"
+                + "    <group groupname=\"canadians\" group=\"men\"/>\n"
+                + "    <group groupname=\"canadians\" group=\"geeks\"/>\n"
+                + "</groups>";
+        return content;
+    }
+
+    public void testNotifiesMonitorWhenDuplicateAttributesAreFound() throws Exception
+    {
+        Mock mockMonitor = new Mock( InformationProviderBuilderMonitor.class );
+        Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( twiceSameAttribute() ),
+                ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
+        AttributeProvider provider = new AttributeProvider();
+
+        mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) );
+
+        builder.buildProvider( provider );
+        mockMonitor.verify();
+    }
+
+    private String twiceSameAttribute()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<groups>\n"
+                + "    <user username=\"joeblow\" group=\"men\"/>\n"
+                + "    <user username=\"joeblow\" group=\"men\"/>\n"
+                + "</groups>";
+        return content;
+    }
+
+    public void testNotifiesMonitorWhenCyclicAssociationsAreFound() throws Exception
+    {
+        Mock mockMonitor = new Mock( InformationProviderBuilderMonitor.class );
+        Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( withCyclicAssociation() ),
+                ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
+        AttributeProvider provider = new AttributeProvider();
+
+        CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), Groups.canadians() );
+        mockMonitor.expects( once() ).method( "cyclicAssociation" ).with( new CyclicAssociationExceptionConstraint( expected ) );
+
+        builder.buildProvider( provider );
+        mockMonitor.verify();
+    }
+
+    private String withCyclicAssociation()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<groups>\n"
+                + "    <group groupname=\"canadians\" group=\"men\"/>\n"
+                + "    <group groupname=\"men\" group=\"canadians\"/>\n"
+                + "</groups>";
+        return content;
+    }
+
+    public static class CyclicAssociationExceptionConstraint implements Constraint
+    {
+        private final CyclicAssociationException m_exception;
+
+        public CyclicAssociationExceptionConstraint( CyclicAssociationException exception )
+        {
+            m_exception = exception;
+        }
+
+        public boolean eval( Object o )
+        {
+            if (!(o instanceof CyclicAssociationException)) return false;
+
+            CyclicAssociationException other = (CyclicAssociationException) o;
+            if (!m_exception.getPrincipal().equals( other.getPrincipal()) ) return false;
+            if (!m_exception.getAttribute().equals( other.getAttribute()) ) return false;
+
+            return true;
+        }
+
+        public StringBuffer describeTo( StringBuffer buffer )
+        {
+            buffer.append( m_exception.toString() );
+
+            return buffer;
+        }
+
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,97 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.jmock.Mock;
+import org.jmock.MockObjectTestCase;
+
+import java.io.StringReader;
+
+public class Dom4JRoleBuilderTest extends MockObjectTestCase
+{
+    public void testParsesUsersFromXMLDocumentAndAddRoleAttributesToUsers() throws Exception
+    {
+        Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( userWithTwoRoles() ) );
+
+        Mock mockProvider = new Mock( MutableInformationProvider.class );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.developer() ) ).will( returnValue( true ) );
+
+        builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+        mockProvider.verify();
+    }
+
+    private String userWithTwoRoles()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<roles>\n"
+                + "    <user username=\"joeblow\" role=\"user\"/>\n"
+                + "    <user username=\"joeblow\" role=\"developer\"/>\n"
+                + "</roles>";
+        return content;
+    }
+
+    public void testParsesGroupsFromXMLDocumentAndAddsRoleAttributesToGroups() throws Exception
+    {
+        Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( groupsWithRoles() ) );
+
+        Mock mockProvider = new Mock( MutableInformationProvider.class );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.developer() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.tester() ) ).will( returnValue( true ) );
+
+        builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+        mockProvider.verify();
+    }
+
+    private String groupsWithRoles()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<roles>\n"
+                + "    <group groupname=\"men\" role=\"user\"/>\n"
+                + "    <group groupname=\"geeks\" role=\"developer\"/>\n"
+                + "    <group groupname=\"geeks\" role=\"tester\"/>\n"
+                + "</roles>";
+        return content;
+    }
+
+    public void testParsesRolesFromXMLDocumentAndAddsRoleAttributesToRoles() throws Exception
+    {
+        Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( roleWithTwoRoles() ) );
+
+        Mock mockProvider = new Mock( MutableInformationProvider.class );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.tester() ) ).will( returnValue( true ) );
+
+        builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
+
+        mockProvider.verify();
+    }
+
+    private String roleWithTwoRoles()
+    {
+        String content = "<?xml version=\"1.0\"?>\n"
+                + "<roles>\n"
+                + "    <role rolename=\"developer\" role=\"user\"/>\n"
+                + "    <role rolename=\"developer\" role=\"tester\"/>\n"
+                + "</roles>";
+        return content;
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+
+public class Groups
+{
+    public static GroupPrincipal canadians()
+    {
+        return new GroupPrincipal( "canadians" );
+    }
+
+    public static GroupPrincipal geeks()
+    {
+        return new GroupPrincipal( "geeks" );
+    }
+
+    public static GroupPrincipal men()
+    {
+        return new GroupPrincipal( "men" );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.attribute.RolePrincipal;
+
+import java.security.Principal;
+
+public class Roles
+{
+    public static Principal user()
+    {
+        return new RolePrincipal( "user" );
+    }
+
+    public static Principal developer()
+    {
+        return new RolePrincipal( "developer" );
+    }
+
+    public static Principal tester()
+    {
+        return new RolePrincipal( "tester" );
+    }
+
+    public static Principal manager()
+    {
+        return new RolePrincipal( "manager" );
+    }
+
+    private Roles() {}
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java	Fri Nov 19 19:18:02 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+public class Usernames
+{
+    public static UsernamePrincipal joe()
+    {
+        return new UsernamePrincipal( "joeblow" );
+    }
+}

Mime
View raw message