directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: r111933 - in incubator/directory/janus/trunk: core/impl/src/java/org/apache/janus/authentication core/impl/src/java/org/apache/janus/authentication/realm core/impl/src/java/org/apache/janus/authorization core/impl/src/java/org/apache/janus/authorization/predicate jdbc/src/java/org/apache/janus/authentication/realm script/src/java/org/apache/janus/script script/src/java/org/apache/janus/script/xml script/src/java/org/apache/janus/script/xml/parser script/src/test/org/apache/janus/script/testmodel script/src/test/org/apache/janus/script/xml
Date Wed, 15 Dec 2004 04:01:46 GMT
Author: vtence
Date: Tue Dec 14 20:01:45 2004
New Revision: 111933

URL: http://svn.apache.org/viewcvs?view=rev&rev=111933
Log:
Major cut at xml policy builder, including support for role, username and group based rules. A pluggable mechanism is also in place for hooking up custom rules. Next to tackle is some out-of-the-box support for permissions.
Added:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java
   incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java
      - copied, changed from r111503, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java
Removed:
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/parser/
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Permissions.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Subjects.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java
Modified:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java
   incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/AbstractPrincipal.java	Tue Dec 14 20:01:45 2004
@@ -62,7 +62,7 @@
 
     public String toString()
     {
-        return "name=" + m_name;
+        return m_name;
     }
 }
 

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authentication/realm/UsernamePrincipal.java	Tue Dec 14 20:01:45 2004
@@ -41,9 +41,4 @@
     {
         return super.hashCode();
     }
-
-    public String toString()
-    {
-        return "UsernamePrincipal: " + super.toString() + "";
-    }
 }

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	Tue Dec 14 20:01:45 2004
@@ -22,6 +22,7 @@
 import javax.security.auth.Subject;
 
 /**
+ * TODO: consider adding predicates into an And operation instead of replacing 
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
  */
 public class DefaultRule implements Rule

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/AndPredicate.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+public class AndPredicate implements Predicate
+{
+    private final Predicate m_left;
+    private final Predicate m_right;
+
+    public AndPredicate( Predicate left, Predicate right )
+    {
+        m_left = left;
+        m_right = right;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_left.evaluate( o ) && m_right.evaluate( o ); 
+    }
+}

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java&r1=111932&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/Predicates.java	Tue Dec 14 20:01:45 2004
@@ -49,4 +49,9 @@
     {
         return new HasPrincipalPredicate( p );
     }
+
+    public static Predicate and( Predicate p1, Predicate p2 )
+    {
+        return new AndPredicate( p1, p2 );
+    }
 }

Modified: incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java&r1=111932&p2=incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java	(original)
+++ incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/Column.java	Tue Dec 14 20:01:45 2004
@@ -19,6 +19,7 @@
 import org.apache.janus.authentication.Credential;
 
 import java.sql.ResultSet;
+import java.sql.SQLException;
 
 public class Column
 {
@@ -84,9 +85,13 @@
             value = (Credential) m_type.newInstance();
             value.setValue( rs.getString( m_name ));
         }
+        catch ( SQLException e )
+        {
+            throw new JDBCException( e );
+        }
         catch ( Exception e )
         {
-            throw new RuntimeException();
+            throw new InstantiationException( "Cannot create credential instance: " + m_type.getName(), e );
         }
         return value;
     }

Added: incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/jdbc/src/java/org/apache/janus/authentication/realm/InstantiationException.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,35 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authentication.realm;
+
+public class InstantiationException extends RuntimeException
+{
+    public InstantiationException( String message )
+    {
+        super( message );
+    }
+
+    public InstantiationException( Throwable cause )
+    {
+        super( cause );
+    }
+
+    public InstantiationException( String message, Throwable cause )
+    {
+        super( message, cause );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptInterpretationException.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+public class ScriptInterpretationException extends ScriptingException
+{
+    public ScriptInterpretationException()
+    {
+    }
+
+    public ScriptInterpretationException( String message )
+    {
+        super( message );
+    }
+
+    public ScriptInterpretationException( Throwable cause )
+    {
+        super( cause );
+    }
+
+    public ScriptInterpretationException( String message, Throwable cause )
+    {
+        super( message, cause );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/ScriptingException.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script;
+
+import org.apache.janus.JanusException;
+
+public class ScriptingException extends JanusException
+{
+    public ScriptingException()
+    {
+    }
+
+    public ScriptingException( String message )
+    {
+        super( message );
+    }
+
+    public ScriptingException( Throwable cause )
+    {
+        super( cause );
+    }
+
+    public ScriptingException( String message, Throwable cause )
+    {
+        super( message, cause );
+    }
+}

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java	Tue Dec 14 20:01:45 2004
@@ -16,31 +16,33 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authorization.DefaultRule;
-import org.apache.janus.authorization.Effect;
-import org.apache.janus.authorization.Predicate;
+import org.apache.janus.authorization.Rule;
 import org.apache.janus.authorization.RuleSet;
-import org.apache.janus.authorization.effect.DenyOverridesEffect;
-import org.apache.janus.authorization.effect.Effects;
-import org.apache.janus.authorization.effect.FirstApplicableEffect;
-import org.apache.janus.authorization.effect.LastApplicableEffect;
-import org.apache.janus.authorization.effect.PermitOverridesEffect;
 import org.apache.janus.script.RuleSetBuilder;
-import org.apache.janus.script.xml.parser.TruePredicateNodeParser;
+import org.apache.janus.script.xml.builder.HasUsernamePredicateBuilder;
+import org.apache.janus.script.xml.builder.TruePredicateBuilder;
+import org.apache.janus.script.xml.builder.DefaultRuleBuilder;
+import org.apache.janus.script.xml.builder.FalsePredicateBuilder;
+import org.apache.janus.script.xml.builder.HasGroupPredicateBuilder;
+import org.apache.janus.script.xml.builder.HasRolePredicateBuilder;
 import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
 
 import java.io.Reader;
-import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
 
+
+/**
+ * No validation of any sort is implemented yet. At some point, validation will need to be added.
+ * <p>
+ * <i>Warning: implementation not threadsafe</i>
+ */
 public class Dom4JRuleSetBuilder implements RuleSetBuilder
 {
     private final Element m_element;
-    private final Map m_parsers;
-    private final Map m_effects;
+    private NodeBuilderLookup m_lookup;
 
     public static Dom4JRuleSetBuilder fromReader( Reader reader ) throws DocumentException
     {
@@ -50,27 +52,8 @@
     public Dom4JRuleSetBuilder( Element element )
     {
         m_element = element;
-        m_parsers = new HashMap();
-        m_effects = new HashMap();
-
-        registerParsers();
-        registerEffects();
-    }
-
-    private void registerParsers()
-    {
-        m_parsers.put( "any", new TruePredicateNodeParser() );
-    }
-
-    private void registerEffects()
-    {
-        m_effects.put( "grant", Effects.GRANT );
-        m_effects.put( "deny", Effects.DENY );
-        m_effects.put( "not-applicable", Effects.NOT_APPLICABLE );
-        m_effects.put( "permit-overrides", new PermitOverridesEffect() );
-        m_effects.put( "deny-overrides", new DenyOverridesEffect() );
-        m_effects.put( "first-applicable", new FirstApplicableEffect() );
-        m_effects.put( "last-applicable", new LastApplicableEffect() );
+        m_lookup = new ReverseBuilderLookup();
+        registerBuilders();
     }
 
     public Dom4JRuleSetBuilder( Document doc )
@@ -78,46 +61,37 @@
         this( doc.getRootElement() );
     }
 
-    public void buildRuleSet( RuleSet ruleSet )
+    public void registerBuilder( NodeBuilder builder )
     {
-        Element rule = m_element.element( "rule" );
-        addRule( ruleSet, rule );
+        m_lookup.registerBuilder( builder );
     }
 
-    private void addRule( RuleSet ruleSet, Element element )
-    {
-        String effectName = element.attributeValue( "effect" );
-        DefaultRule rule = new DefaultRule( effect( effectName ) );
-        setSubjectPredicate( rule, element );
-        setPermissionPredicate( rule, element );
-        ruleSet.addRule( rule );
-    }
-
-    private Effect effect( String name )
-    {
-        return (Effect) m_effects.get( name );
-    }
-
-    private void setSubjectPredicate( DefaultRule rule, Element element )
-    {
-        Element subjects = element.element( "subjects" );
-        List predicates = subjects.elements();
-        Element e = (Element) predicates.get( 0 );
-        rule.matchSubjects( predicate( e ) );
-    }
-
-    private Predicate predicate( Element e )
+    public void buildRuleSet( RuleSet ruleSet )
     {
-        NodeParser nodeParser = (NodeParser) m_parsers.get( e.getName() );
-        return (Predicate) nodeParser.parse( e );
+        List rules = m_element.elements( "rule" );
+        addAllRules( ruleSet, rules );
     }
 
-    private void setPermissionPredicate( DefaultRule rule, Element element )
+    private void addAllRules( RuleSet ruleSet, List rules )
     {
-        Element permissions = element.element( "permissions" );
-        List predicates = permissions.elements();
-        Element e = (Element) predicates.get( 0 );
-        rule.matchPermissions( predicate( e ) );
+        for ( Iterator it = rules.iterator(); it.hasNext(); )
+        {
+            Element e = (Element) it.next();
+            NodeBuilder builder = m_lookup.lookupBuilder( e );
+            Rule rule = (Rule) builder.buildFrom( e, m_lookup );
+            ruleSet.addRule( rule );
+        }
+    }
+
+    private void registerBuilders()
+    {
+        m_lookup.registerBuilder( new DefaultRuleBuilder() );
+        m_lookup.registerBuilder( new TruePredicateBuilder() );
+        m_lookup.registerBuilder( new FalsePredicateBuilder() );
+        m_lookup.registerBuilder( new HasUsernamePredicateBuilder() );
+        m_lookup.registerBuilder( new HasUsernamePredicateBuilder() );
+        m_lookup.registerBuilder( new HasGroupPredicateBuilder() );
+        m_lookup.registerBuilder( new HasRolePredicateBuilder() );
     }
 }
 

Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java (from r111503, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java)
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java&r1=111503&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java	Tue Dec 14 20:01:45 2004
@@ -18,7 +18,9 @@
 
 import org.dom4j.Element;
 
-public interface NodeParser
+public interface NodeBuilder
 {
-    Object parse( Element e );
+    boolean canBuild( Element e );
+
+    Object buildFrom( Element e, NodeBuilderLookup lookup );
 }

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,10 @@
+package org.apache.janus.script.xml;
+
+import org.dom4j.Element;
+
+public interface NodeBuilderLookup
+{
+    void registerBuilder( NodeBuilder builder );
+
+    NodeBuilder lookupBuilder( Element e );
+}

Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeParser.java?view=auto&rev=111932
==============================================================================

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,49 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.dom4j.Element;
+import org.apache.janus.script.ScriptInterpretationException;
+
+import java.util.List;
+import java.util.ArrayList;
+
+public class ReverseBuilderLookup implements NodeBuilderLookup
+{
+    private final List m_builders;
+
+    public ReverseBuilderLookup()
+    {
+        m_builders = new ArrayList();
+    }
+
+    public void registerBuilder( NodeBuilder builder )
+    {
+        m_builders.add( builder );
+    }
+
+    public NodeBuilder lookupBuilder( Element e )
+    {
+        for ( int i = m_builders.size() - 1; i >= 0 ; i-- )
+        {
+            NodeBuilder builder = ( NodeBuilder ) m_builders.get( i );
+            if ( builder.canBuild( e ) ) return builder;
+        }
+
+        throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e);
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/EyeColorPrincipal.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.testmodel;
+
+import org.apache.janus.authentication.AbstractPrincipal;
+
+public class EyeColorPrincipal extends AbstractPrincipal
+{
+    public EyeColorPrincipal( String name )
+    {
+        super( name );
+    }
+
+    public boolean equals( Object o )
+    {
+        if ( this == o ) return true;
+        if ( !( o instanceof EyeColorPrincipal ) ) return false;
+        if ( !super.equals( o ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        return super.hashCode();
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Groups.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.testmodel;
+
+import org.apache.janus.authentication.attribute.GroupPrincipal;
+
+public class Groups
+{
+    public static GroupPrincipal canadians()
+    {
+        return new GroupPrincipal( "canadians" );
+    }
+
+    public static GroupPrincipal geeks()
+    {
+        return new GroupPrincipal( "geeks" );
+    }
+
+    public static GroupPrincipal men()
+    {
+        return new GroupPrincipal( "men" );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Permissions.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,28 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.testmodel;
+
+import org.apache.janus.authorization.BasicPermission;
+import org.apache.janus.authorization.Permission;
+
+public class Permissions
+{
+    public static Permission anything()
+    {
+        return new BasicPermission( "anything" );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Roles.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,48 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.testmodel;
+
+import org.apache.janus.authentication.attribute.RolePrincipal;
+
+import java.security.Principal;
+
+public class Roles
+{
+    public static Principal user()
+    {
+        return new RolePrincipal( "user" );
+    }
+
+    public static Principal developer()
+    {
+        return new RolePrincipal( "developer" );
+    }
+
+    public static Principal tester()
+    {
+        return new RolePrincipal( "tester" );
+    }
+
+    public static Principal manager()
+    {
+        return new RolePrincipal( "manager" );
+    }
+
+    private Roles()
+    {
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Subjects.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,73 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.testmodel;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+public class Subjects
+{
+    public static Subject joe()
+    {
+        return with( Usernames.joe() );
+    }
+
+    public static Subject with( Principal p )
+    {
+        Subject s = new Subject();
+        s.getPrincipals().add( p );
+        return s;
+    }
+
+    public static Subject with( Principal p1, Principal p2 )
+    {
+        Subject s = new Subject();
+        s.getPrincipals().add( p1 );
+        s.getPrincipals().add( p2 );
+        return s;
+    }
+
+    public static Subject with( Principal p1, Principal p2, Principal p3 )
+    {
+        Subject s = new Subject();
+        s.getPrincipals().add( p1 );
+        s.getPrincipals().add( p2 );
+        s.getPrincipals().add( p3 );
+        return s;
+    }
+
+    public static Subject with( Principal[] principals )
+    {
+        Subject s = new Subject();
+        for ( int i = 0; i < principals.length; i++ )
+        {
+            Principal p = principals[i];
+            s.getPrincipals().add( p );
+        }
+        return s;
+    }
+
+    public static Subject anybody()
+    {
+        return new Subject();
+    }
+
+    public static Subject withGreenEyes()
+    {
+        return with( new EyeColorPrincipal( "green" ) );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/testmodel/Usernames.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.testmodel;
+
+import org.apache.janus.authentication.realm.UsernamePrincipal;
+
+public class Usernames
+{
+    public static UsernamePrincipal joe()
+    {
+        return new UsernamePrincipal( "joeblow" );
+    }
+}

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	Tue Dec 14 20:01:45 2004
@@ -16,10 +16,11 @@
  */
 package org.apache.janus.script.xml;
 
-import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.authentication.attribute.AttributeProvider;
 import org.apache.janus.authentication.attribute.CyclicAssociationException;
+import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.script.InformationProviderBuilderMonitor;
+import org.apache.janus.script.testmodel.Groups;
 import org.jmock.Mock;
 import org.jmock.MockObjectTestCase;
 import org.jmock.core.Constraint;
@@ -36,8 +37,8 @@
         Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( userWithTwoGroups() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.geeks() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -60,7 +61,7 @@
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
         mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.men() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -84,7 +85,7 @@
                 ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
         AttributeProvider provider = new AttributeProvider();
 
-        mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) );
+        mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.men() ) );
 
         builder.buildProvider( provider );
         mockMonitor.verify();
@@ -107,7 +108,7 @@
                 ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
         AttributeProvider provider = new AttributeProvider();
 
-        CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), Groups.canadians() );
+        CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), org.apache.janus.script.testmodel.Groups.canadians() );
         mockMonitor.expects( once() ).method( "cyclicAssociation" ).with( new CyclicAssociationExceptionConstraint( expected ) );
 
         builder.buildProvider( provider );
@@ -135,11 +136,11 @@
 
         public boolean eval( Object o )
         {
-            if (!(o instanceof CyclicAssociationException)) return false;
+            if ( !( o instanceof CyclicAssociationException ) ) return false;
 
-            CyclicAssociationException other = (CyclicAssociationException) o;
-            if (!m_exception.getPrincipal().equals( other.getPrincipal()) ) return false;
-            if (!m_exception.getAttribute().equals( other.getAttribute()) ) return false;
+            CyclicAssociationException other = ( CyclicAssociationException ) o;
+            if ( !m_exception.getPrincipal().equals( other.getPrincipal() ) ) return false;
+            if ( !m_exception.getAttribute().equals( other.getAttribute() ) ) return false;
 
             return true;
         }

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	Tue Dec 14 20:01:45 2004
@@ -17,6 +17,9 @@
 package org.apache.janus.script.xml;
 
 import org.apache.janus.authentication.attribute.MutableInformationProvider;
+import org.apache.janus.script.testmodel.Groups;
+import org.apache.janus.script.testmodel.Roles;
+import org.apache.janus.script.testmodel.Usernames;
 import org.jmock.Mock;
 import org.jmock.MockObjectTestCase;
 
@@ -29,8 +32,8 @@
         Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( userWithTwoRoles() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.user() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.developer() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -52,9 +55,9 @@
         Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( groupsWithRoles() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.developer() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.tester() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -77,8 +80,8 @@
         Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( roleWithTwoRoles() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.user() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.tester() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&rev=111933&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r1=111932&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r2=111933
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java	Tue Dec 14 20:01:45 2004
@@ -19,29 +19,206 @@
 import org.apache.janus.authorization.Policy;
 import org.apache.janus.authorization.effect.DenyOverridesEffect;
 import org.apache.janus.authorization.effect.Effects;
+import org.apache.janus.authorization.effect.PermitOverridesEffect;
+import org.apache.janus.script.testmodel.Groups;
+import org.apache.janus.script.testmodel.Permissions;
+import org.apache.janus.script.testmodel.Roles;
+import org.apache.janus.script.testmodel.Subjects;
+import org.apache.janus.script.testmodel.Usernames;
+import org.apache.janus.script.xml.builder.FalsePredicateBuilder;
 import org.jmock.MockObjectTestCase;
 
 import java.io.StringReader;
 
 public class Dom4JRuleSetBuilderTest extends MockObjectTestCase
 {
+    /**
+     * TODO Several predicates (defaults to and operation)
+     */
     public void testParsesDocumentAndAddsRulesToPolicy() throws Exception
     {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( policyWithSingleRule() ) );
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy() ) );
 
         Policy policy = new Policy( new DenyOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
+        assertEquals( Effects.DENY, policy.evaluate( org.apache.janus.script.testmodel.Subjects.anybody(), Permissions.anything() ).reduce() );
     }
 
-    private String policyWithSingleRule()
+    public void testHasBuiltInSupportForRulingOnUsernames() throws Exception
+    {
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe() ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.joe(), Permissions.anything() ).reduce() );
+    }
+
+    public void testHasBuiltInSupportForRulingOnGroups() throws Exception
+    {
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians() ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() );
+    }
+
+    public void testHasBuiltInSupportForRulingOnRoles() throws Exception
+    {
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers() ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+    }
+
+    public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception
+    {
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes() ) );
+        builder.registerBuilder( new HasEyeColorPredicateBuilder() );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() );
+    }
+
+    public void testLastRegisteredBuilderWins() throws Exception
+    {
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone() ) );
+        builder.registerBuilder( new FalsePredicateBuilder( "any" ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
+    }
+
+    public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception
+    {
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates() ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
+    }
+
+    private String samplePolicy()
+    {
+        String content =
+                "<policy>\n" +
+                "    <rule effect=\"deny\">\n" +
+                "        <subjects>\n" +
+                "            <any/>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <any/>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        return content;
+    }
+
+    private String grantToJoe()
+    {
+        String content =
+                "<policy>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <username>joeblow</username>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        return content;
+    }
+
+    private String grantToCanadians()
+    {
+        String content =
+                "<policy>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <group>canadians</group>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        return content;
+    }
+
+    private String grantToDevelopers()
+    {
+        String content =
+                "<policy>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <role>developer</role>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        return content;
+    }
+
+    private String grantToGreenEyes()
+    {
+        String content =
+                "<policy>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <eye-color>green</eye-color>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        return content;
+    }
+
+    private String grantEveryone()
     {
         String content =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
                 "            <any/>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        return content;
+    }
+
+    private String multiplePredicates()
+    {
+        String content =
+                "<policy>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <username>joeblow</username>\n" +
+                "            <role>developer</role>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +

Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Groups.java?view=auto&rev=111932
==============================================================================

Added: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java?view=auto&rev=111933
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java	Tue Dec 14 20:01:45 2004
@@ -0,0 +1,34 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml;
+
+import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
+import org.apache.janus.script.testmodel.EyeColorPrincipal;
+import org.dom4j.Element;
+
+public class HasEyeColorPredicateBuilder implements NodeBuilder
+{
+    public boolean canBuild( Element e )
+    {
+        return "eye-color".equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    {
+        return new HasPrincipalPredicate( new EyeColorPrincipal( e.getTextTrim() ) );
+    }
+}

Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Permissions.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Permissions.java?view=auto&rev=111932
==============================================================================

Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Roles.java?view=auto&rev=111932
==============================================================================

Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Subjects.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Subjects.java?view=auto&rev=111932
==============================================================================

Deleted: /incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Usernames.java?view=auto&rev=111932
==============================================================================

Mime
View raw message