directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: r121134 - in incubator/directory/janus/trunk: core/impl/src/java/org/apache/janus/authorization core/impl/src/java/org/apache/janus/authorization/predicate core/impl/src/test/org/apache/janus/authorization core/impl/src/test/org/apache/janus/testmodel script/src/java/org/apache/janus/script/xml script/src/java/org/apache/janus/script/xml/builder script/src/test/org/apache/janus/script/xml
Date Thu, 16 Dec 2004 04:13:12 GMT
Author: vtence
Date: Wed Dec 15 20:13:11 2004
New Revision: 121134

URL: http://svn.apache.org/viewcvs?view=rev&rev=121134
Log:
Added and or or predicate support to xml ruleset definitions
Added:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java
      - copied, changed from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java
      - copied, changed from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java
Removed:
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java
Modified:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	Wed Dec 15 20:13:11 2004
@@ -18,6 +18,7 @@
 
 import org.apache.janus.authorization.effect.Effects;
 import org.apache.janus.authorization.predicate.Predicates;
+import org.apache.janus.authorization.predicate.AndPredicate;
 
 import javax.security.auth.Subject;
 
@@ -50,12 +51,12 @@
 
     public void matchSubjects( Predicate condition )
     {
-        m_subjectPredicate = condition;
+        m_subjectPredicate = new AndPredicate( m_subjectPredicate, condition );
     }
 
     public void matchPermissions( Predicate condition )
     {
-        m_permissionPredicate = condition;
+        m_permissionPredicate = new AndPredicate( m_permissionPredicate, condition );
     }
 
     public Effect evaluate( Subject s, Permission p )

Added: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java?view=auto&rev=121134
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/predicate/OrPredicate.java	Wed Dec 15 20:13:11 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.authorization.predicate;
+
+import org.apache.janus.authorization.Predicate;
+
+public class OrPredicate implements Predicate
+{
+    private final Predicate m_left;
+    private final Predicate m_right;
+
+    public OrPredicate( Predicate left, Predicate right )
+    {
+        m_left = left;
+        m_right = right;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_left.evaluate( o ) || m_right.evaluate( o );
+    }
+}

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java	Wed Dec 15 20:13:11 2004
@@ -16,16 +16,15 @@
  */
 package org.apache.janus.authorization;
 
-import org.apache.janus.authentication.realm.UsernamePrincipal;
 import org.apache.janus.authorization.effect.Effects;
 import org.apache.janus.authorization.predicate.FalsePredicate;
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
 import org.apache.janus.authorization.predicate.ImpliedPermissionPredicate;
 import org.apache.janus.authorization.predicate.TruePredicate;
+import org.apache.janus.testmodel.Subjects;
+import org.apache.janus.testmodel.Usernames;
 import org.jmock.MockObjectTestCase;
 
-import javax.security.auth.Subject;
-
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
  */
@@ -46,29 +45,31 @@
     public void testEvaluatesToRuleEffectIfTargetVerifiesCondition()
     {
         m_rule.setEffect( Effects.DENY );
-        m_rule.matchSubjects( new HasPrincipalPredicate( new UsernamePrincipal( "johnDoe" ) ) );
+        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
+        m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
+        assertEquals( Effects.DENY, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
+    }
+
+    public void testSubsequentConditionsAreCombinedIntoAnAndOperation()
+    {
+        m_rule.setEffect( Effects.GRANT );
+        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
+        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
         m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
-        assertEquals( Effects.DENY, m_rule.evaluate( john(), new SomePermission() ) );
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.joe(), new SomePermission() ) );
     }
 
     public void testIsNotApplicableIfSubjectConditionIsNotVerified()
     {
         m_rule.matchSubjects( new FalsePredicate() );
         m_rule.matchPermissions( new TruePredicate() );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) );
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
     }
 
     public void testIsNotApplicableIfPermissionConditionIsNotVerified()
     {
         m_rule.matchSubjects( new TruePredicate() );
         m_rule.matchPermissions( new FalsePredicate() );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( john(), new SomePermission() ) );
-    }
-
-    private Subject john()
-    {
-        Subject subject = new Subject();
-        subject.getPrincipals().add( new UsernamePrincipal( "johnDoe" ) );
-        return subject;
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
     }
 }

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Subjects.java	Wed Dec 15 20:13:11 2004
@@ -26,6 +26,11 @@
         return with( Usernames.joe() );
     }
 
+    public static Subject john()
+    {
+        return with( Usernames.john() );
+    }
+
     public static Subject with( Principal p )
     {
         Subject s = new Subject();

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java&r1=121133&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/testmodel/Usernames.java	Wed Dec 15 20:13:11 2004
@@ -24,4 +24,9 @@
     {
         return new UsernamePrincipal( "joeblow" );
     }
+
+    public static UsernamePrincipal john()
+    {
+        return new UsernamePrincipal( "johnDoe" );
+    }
 }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java	Wed Dec 15 20:13:11 2004
@@ -25,6 +25,8 @@
 import org.apache.janus.script.xml.builder.FalsePredicateBuilder;
 import org.apache.janus.script.xml.builder.HasGroupPredicateBuilder;
 import org.apache.janus.script.xml.builder.HasRolePredicateBuilder;
+import org.apache.janus.script.xml.builder.AndPredicateBuilder;
+import org.apache.janus.script.xml.builder.OrPredicateBuilder;
 import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
@@ -35,14 +37,16 @@
 
 
 /**
- * No validation of any sort is implemented yet. At some point, validation will need to be added.
+ * No validation of any sort is implemented yet. At some point, validation will need to be added,
+ * possibly via a validate method on node builders, that would recursively check all elements in the
+ * DOM tree.
  * <p>
  * <i>Warning: implementation not threadsafe</i>
  */
 public class Dom4JRuleSetBuilder implements RuleSetBuilder
 {
     private final Element m_element;
-    private NodeBuilderLookup m_lookup;
+    private NodeBuildingContext m_buildingContext;
 
     public static Dom4JRuleSetBuilder fromReader( Reader reader ) throws DocumentException
     {
@@ -52,7 +56,7 @@
     public Dom4JRuleSetBuilder( Element element )
     {
         m_element = element;
-        m_lookup = new ReverseBuilderLookup();
+        m_buildingContext = new ReverseBuildingContext();
         registerBuilders();
     }
 
@@ -63,7 +67,7 @@
 
     public void registerBuilder( NodeBuilder builder )
     {
-        m_lookup.registerBuilder( builder );
+        m_buildingContext.registerBuilder( builder );
     }
 
     public void buildRuleSet( RuleSet ruleSet )
@@ -77,21 +81,22 @@
         for ( Iterator it = rules.iterator(); it.hasNext(); )
         {
             Element e = (Element) it.next();
-            NodeBuilder builder = m_lookup.lookupBuilder( e );
-            Rule rule = (Rule) builder.buildFrom( e, m_lookup );
+            Rule rule = (Rule) m_buildingContext.buildFrom( e );
             ruleSet.addRule( rule );
         }
     }
 
     private void registerBuilders()
     {
-        m_lookup.registerBuilder( new DefaultRuleBuilder() );
-        m_lookup.registerBuilder( new TruePredicateBuilder() );
-        m_lookup.registerBuilder( new FalsePredicateBuilder() );
-        m_lookup.registerBuilder( new HasUsernamePredicateBuilder() );
-        m_lookup.registerBuilder( new HasUsernamePredicateBuilder() );
-        m_lookup.registerBuilder( new HasGroupPredicateBuilder() );
-        m_lookup.registerBuilder( new HasRolePredicateBuilder() );
+        m_buildingContext.registerBuilder( new DefaultRuleBuilder() );
+        m_buildingContext.registerBuilder( new TruePredicateBuilder() );
+        m_buildingContext.registerBuilder( new FalsePredicateBuilder() );
+        m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );
+        m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );
+        m_buildingContext.registerBuilder( new HasGroupPredicateBuilder() );
+        m_buildingContext.registerBuilder( new HasRolePredicateBuilder() );
+        m_buildingContext.registerBuilder( new AndPredicateBuilder() );
+        m_buildingContext.registerBuilder( new OrPredicateBuilder() );
     }
 }
 

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java	Wed Dec 15 20:13:11 2004
@@ -18,9 +18,23 @@
 
 import org.dom4j.Element;
 
+/**
+ * TODO: Consider having a tree validation method like
+ * <pre>
+ * <code>boolean validate(Element element)</code>
+ * </pre>
+ * to recursively validates an element tree.
+ */
 public interface NodeBuilder
 {
+    /**
+     * Checks whether this builder can handle the specified element.
+     * This is not intended to be recursive, i.e. builders should not
+     * check if contained elements can in turn be built correctly.
+     */
     boolean canBuild( Element e );
 
-    Object buildFrom( Element e, NodeBuilderLookup lookup );
+    void setParent( NodeBuilder parent );
+
+    Object buildFrom( Element e );
 }

Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java?view=auto&rev=121133
==============================================================================

Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java (from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java)
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java&r1=111968&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilderLookup.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java	Wed Dec 15 20:13:11 2004
@@ -1,10 +1,6 @@
 package org.apache.janus.script.xml;
 
-import org.dom4j.Element;
-
-public interface NodeBuilderLookup
+public interface NodeBuildingContext extends NodeBuilder
 {
     void registerBuilder( NodeBuilder builder );
-
-    NodeBuilder lookupBuilder( Element e );
 }

Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java?view=auto&rev=121133
==============================================================================

Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java (from r111968, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java)
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java&r1=111968&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuilderLookup.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java	Wed Dec 15 20:13:11 2004
@@ -18,25 +18,41 @@
 
 import org.dom4j.Element;
 import org.apache.janus.script.ScriptInterpretationException;
+import org.apache.janus.script.xml.builder.AbstractNodeBuilder;
 
 import java.util.List;
 import java.util.ArrayList;
 
-public class ReverseBuilderLookup implements NodeBuilderLookup
+public class ReverseBuildingContext extends AbstractNodeBuilder
+        implements NodeBuildingContext
 {
     private final List m_builders;
 
-    public ReverseBuilderLookup()
+    public ReverseBuildingContext()
     {
         m_builders = new ArrayList();
     }
 
+    public boolean canBuild( Element e )
+    {
+        return lookupBuilder( e ) != null;
+    }
+
     public void registerBuilder( NodeBuilder builder )
     {
+        builder.setParent( this );
         m_builders.add( builder );
     }
 
-    public NodeBuilder lookupBuilder( Element e )
+    public Object buildFrom( Element e )
+    {
+        NodeBuilder builder = lookupBuilder( e );
+        if (builder == null) throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e);
+
+        return builder.buildFrom( e );
+    }
+
+    private NodeBuilder lookupBuilder( Element e )
     {
         for ( int i = m_builders.size() - 1; i >= 0 ; i-- )
         {
@@ -44,6 +60,7 @@
             if ( builder.canBuild( e ) ) return builder;
         }
 
-        throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e);
+        return null;
     }
 }
+

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java?view=auto&rev=121134
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java	Wed Dec 15 20:13:11 2004
@@ -0,0 +1,34 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+import org.apache.janus.script.xml.NodeBuilder;
+
+public abstract class AbstractNodeBuilder implements NodeBuilder
+{
+    private NodeBuilder m_parent;
+
+    public void setParent( NodeBuilder parent )
+    {
+        m_parent = parent;
+    }
+
+    protected final NodeBuilder getParent()
+    {
+        return m_parent;
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java?view=auto&rev=121134
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+import org.apache.janus.authorization.predicate.AndPredicate;
+import org.dom4j.Element;
+
+public class AndPredicateBuilder
+        extends LogicalPredicateBuilder
+{
+    public AndPredicateBuilder()
+    {
+        this( "and" );
+    }
+
+    public AndPredicateBuilder( String elementName )
+    {
+        super( elementName );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        return new AndPredicate( left( e ), right( e ) );
+    }
+}

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java	Wed Dec 15 20:13:11 2004
@@ -19,22 +19,19 @@
 import org.apache.janus.authorization.DefaultRule;
 import org.apache.janus.authorization.Effect;
 import org.apache.janus.authorization.Predicate;
-import org.apache.janus.authorization.predicate.Predicates;
 import org.apache.janus.authorization.effect.DenyOverridesEffect;
 import org.apache.janus.authorization.effect.Effects;
 import org.apache.janus.authorization.effect.FirstApplicableEffect;
 import org.apache.janus.authorization.effect.LastApplicableEffect;
 import org.apache.janus.authorization.effect.PermitOverridesEffect;
-import org.apache.janus.script.xml.NodeBuilder;
-import org.apache.janus.script.xml.NodeBuilderLookup;
 import org.dom4j.Element;
 
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Iterator;
 
-public class DefaultRuleBuilder implements NodeBuilder
+public class DefaultRuleBuilder extends AbstractNodeBuilder
 {
     private final String m_elementName;
     private final Map m_effects;
@@ -56,24 +53,23 @@
         return m_elementName.equals( e.getName() );
     }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
         String effectName = e.attributeValue( "effect" );
         DefaultRule rule = new DefaultRule( effect( effectName ) );
-        setSubjectPredicate( rule, e, lookup );
-        setPermissionPredicate( rule, e, lookup );
+        setSubjectPredicate( rule, e );
+        setPermissionPredicate( rule, e );
         return rule;
     }
 
     private Effect effect( String name )
     {
-        return (Effect) m_effects.get( name );
+        return ( Effect ) m_effects.get( name );
     }
 
-    private Predicate predicate( Element e, NodeBuilderLookup lookup )
+    private Predicate predicate( Element e )
     {
-        NodeBuilder builder = lookup.lookupBuilder( e );
-        return (Predicate) builder.buildFrom( e, lookup );
+        return ( Predicate ) getParent().buildFrom( e );
     }
 
     private void registerEffects()
@@ -87,34 +83,28 @@
         m_effects.put( "last-applicable", new LastApplicableEffect() );
     }
 
-    private void setPermissionPredicate( DefaultRule rule, Element element, NodeBuilderLookup lookup )
+    private void setPermissionPredicate( DefaultRule rule, Element element )
     {
         Element permissions = element.element( "permissions" );
         List predicates = permissions.elements();
 
-        Predicate p = Predicates.TRUE;
         for ( Iterator it = predicates.iterator(); it.hasNext(); )
         {
             Element e = ( Element ) it.next();
-            // Consider moving this logic to default rule
-            p = Predicates.and( p, predicate( e, lookup ) );
+            rule.matchPermissions( predicate( e ) );
         }
-        rule.matchPermissions( p );
     }
 
-    private void setSubjectPredicate( DefaultRule rule, Element element, NodeBuilderLookup lookup  )
+    private void setSubjectPredicate( DefaultRule rule, Element element )
     {
         Element subjects = element.element( "subjects" );
         List predicates = subjects.elements();
 
-        Predicate p = Predicates.TRUE;
         for ( Iterator it = predicates.iterator(); it.hasNext(); )
         {
             Element e = ( Element ) it.next();
-            // Consider moving this logic to default rule
-            p = Predicates.and( p, predicate( e, lookup ) );
+            rule.matchSubjects( predicate( e ) );
         }
-        rule.matchSubjects( p );
     }
 }
 

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -16,18 +16,16 @@
  */
 package org.apache.janus.script.xml.builder;
 
-import org.apache.janus.script.xml.NodeBuilder;
-import org.apache.janus.script.xml.NodeBuilderLookup;
 import org.apache.janus.authorization.predicate.Predicates;
 import org.dom4j.Element;
 
-public class FalsePredicateBuilder implements NodeBuilder
+public class FalsePredicateBuilder extends AbstractNodeBuilder
 {
     private final String m_elementName;
 
     public FalsePredicateBuilder()
     {
-       this( "none" );
+        this( "none" );
     }
 
     public FalsePredicateBuilder( String elementName )
@@ -40,7 +38,7 @@
         return m_elementName.equals( e.getName() );
     }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
         return Predicates.FALSE;
     }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -18,11 +18,9 @@
 
 import org.apache.janus.authentication.attribute.GroupPrincipal;
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
-import org.apache.janus.script.xml.NodeBuilder;
-import org.apache.janus.script.xml.NodeBuilderLookup;
 import org.dom4j.Element;
 
-public class HasGroupPredicateBuilder implements NodeBuilder
+public class HasGroupPredicateBuilder extends AbstractNodeBuilder
 {
     private final String m_elementName;
 
@@ -41,8 +39,8 @@
         return m_elementName.equals( e.getName() );
     }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
-        return new HasPrincipalPredicate( new GroupPrincipal( e.getTextTrim() ));
+        return new HasPrincipalPredicate( new GroupPrincipal( e.getTextTrim() ) );
     }
 }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -16,14 +16,11 @@
  */
 package org.apache.janus.script.xml.builder;
 
-import org.apache.janus.authentication.attribute.GroupPrincipal;
 import org.apache.janus.authentication.attribute.RolePrincipal;
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
-import org.apache.janus.script.xml.NodeBuilder;
-import org.apache.janus.script.xml.NodeBuilderLookup;
 import org.dom4j.Element;
 
-public class HasRolePredicateBuilder implements NodeBuilder
+public class HasRolePredicateBuilder extends AbstractNodeBuilder
 {
     private final String m_elementName;
 
@@ -42,8 +39,8 @@
         return m_elementName.equals( e.getName() );
     }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
-        return new HasPrincipalPredicate( new RolePrincipal( e.getTextTrim() ));
+        return new HasPrincipalPredicate( new RolePrincipal( e.getTextTrim() ) );
     }
 }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -18,11 +18,9 @@
 
 import org.apache.janus.authentication.realm.UsernamePrincipal;
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
-import org.apache.janus.script.xml.NodeBuilder;
-import org.apache.janus.script.xml.NodeBuilderLookup;
 import org.dom4j.Element;
 
-public class HasUsernamePredicateBuilder implements NodeBuilder
+public class HasUsernamePredicateBuilder extends AbstractNodeBuilder
 {
     private final String m_elementName;
 
@@ -41,8 +39,8 @@
         return m_elementName.equals( e.getName() );
     }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
-        return new HasPrincipalPredicate( new UsernamePrincipal( e.getTextTrim() ));
+        return new HasPrincipalPredicate( new UsernamePrincipal( e.getTextTrim() ) );
     }
 }

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java?view=auto&rev=121134
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -0,0 +1,75 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+import org.dom4j.Element;
+import org.apache.janus.authorization.Predicate;
+
+public abstract class LogicalPredicateBuilder extends AbstractNodeBuilder
+{
+    protected final String m_elementName;
+
+    protected LogicalPredicateBuilder( String elementName )
+    {
+        m_elementName = elementName;
+    }
+
+    public boolean canBuild( Element e )
+    {
+        return hasProperName( e ) && hasProperOperands( e );
+    }
+
+    private boolean hasProperName( Element e )
+    {
+        return m_elementName.equals( e.getName() );
+    }
+
+    private boolean hasProperOperands( Element e )
+    {
+        return e.elements().size() == 2;
+    }
+
+    protected Predicate left( Element e )
+    {
+        return predicate( leftOperand( e ) );
+    }
+
+    protected Predicate right( Element e )
+    {
+        return predicate( rightOperand( e ) );
+    }
+
+    private Predicate predicate( Element e )
+    {
+        return ( Predicate ) getParent().buildFrom( e );
+    }
+
+    protected Element leftOperand( Element e )
+    {
+        return child( e, 0 );
+    }
+
+    protected Element rightOperand( Element e )
+    {
+        return child( e, 1 );
+    }
+
+    private Element child( Element e, int index )
+    {
+        return ( Element ) e.elements().get( index );
+    }
+}

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java?view=auto&rev=121134
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -0,0 +1,38 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+import org.dom4j.Element;
+import org.apache.janus.authorization.predicate.OrPredicate;
+
+public class OrPredicateBuilder extends LogicalPredicateBuilder
+{
+    public OrPredicateBuilder()
+    {
+        this( "or" );
+    }
+
+    public OrPredicateBuilder( String elementName )
+    {
+        super( elementName );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        return new OrPredicate( left( e ), right( e ));
+    }
+}

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -16,18 +16,16 @@
  */
 package org.apache.janus.script.xml.builder;
 
-import org.apache.janus.script.xml.NodeBuilder;
-import org.apache.janus.script.xml.NodeBuilderLookup;
 import org.apache.janus.authorization.predicate.Predicates;
 import org.dom4j.Element;
 
-public class TruePredicateBuilder implements NodeBuilder
+public class TruePredicateBuilder extends AbstractNodeBuilder
 {
     private final String m_elementName;
 
     public TruePredicateBuilder()
     {
-       this( "any" );
+        this( "any" );
     }
 
     public TruePredicateBuilder( String elementName )
@@ -38,9 +36,9 @@
     public boolean canBuild( Element e )
     {
         return m_elementName.equals( e.getName() );
-    }                 
+    }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
         return Predicates.TRUE;
     }

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JGroupBuilderTest.java	Wed Dec 15 20:13:11 2004
@@ -21,6 +21,7 @@
 import org.apache.janus.authentication.attribute.MutableInformationProvider;
 import org.apache.janus.script.InformationProviderBuilderMonitor;
 import org.apache.janus.script.testmodel.Groups;
+import org.apache.janus.script.testmodel.Usernames;
 import org.jmock.Mock;
 import org.jmock.MockObjectTestCase;
 import org.jmock.core.Constraint;
@@ -37,8 +38,8 @@
         Dom4JGroupBuilder builder = Dom4JGroupBuilder.fromReader( new StringReader( userWithTwoGroups() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.geeks() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -61,7 +62,7 @@
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
         mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.men() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.canadians() ), eq( Groups.geeks() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -85,7 +86,7 @@
                 ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
         AttributeProvider provider = new AttributeProvider();
 
-        mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( org.apache.janus.script.testmodel.Usernames.joe() ), eq( org.apache.janus.script.testmodel.Groups.men() ) );
+        mockMonitor.expects( once() ).method( "duplicateAttribute" ).with( eq( Usernames.joe() ), eq( Groups.men() ) );
 
         builder.buildProvider( provider );
         mockMonitor.verify();
@@ -108,7 +109,7 @@
                 ( InformationProviderBuilderMonitor ) mockMonitor.proxy() );
         AttributeProvider provider = new AttributeProvider();
 
-        CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), org.apache.janus.script.testmodel.Groups.canadians() );
+        CyclicAssociationException expected = new CyclicAssociationException( Groups.men(), Groups.canadians() );
         mockMonitor.expects( once() ).method( "cyclicAssociation" ).with( new CyclicAssociationExceptionConstraint( expected ) );
 
         builder.buildProvider( provider );

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRoleBuilderTest.java	Wed Dec 15 20:13:11 2004
@@ -32,8 +32,8 @@
         Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( userWithTwoRoles() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Usernames.joe() ), eq( Roles.developer() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -55,9 +55,9 @@
         Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( groupsWithRoles() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.developer() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Groups.geeks() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.men() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.developer() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Groups.geeks() ), eq( Roles.tester() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 
@@ -80,8 +80,8 @@
         Dom4JRoleBuilder builder = Dom4JRoleBuilder.fromReader( new StringReader( roleWithTwoRoles() ) );
 
         Mock mockProvider = new Mock( MutableInformationProvider.class );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.user() ) ).will( returnValue( true ) );
-        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( org.apache.janus.script.testmodel.Roles.developer() ), eq( org.apache.janus.script.testmodel.Roles.tester() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.user() ) ).will( returnValue( true ) );
+        mockProvider.expects( once() ).method( "addAttribute" ).with( eq( Roles.developer() ), eq( Roles.tester() ) ).will( returnValue( true ) );
 
         builder.buildProvider( ( MutableInformationProvider ) mockProvider.proxy() );
 

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java	Wed Dec 15 20:13:11 2004
@@ -32,22 +32,49 @@
 
 public class Dom4JRuleSetBuilderTest extends MockObjectTestCase
 {
-    /**
-     * TODO Several predicates (defaults to and operation)
-     */
     public void testParsesDocumentAndAddsRulesToPolicy() throws Exception
     {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy() ) );
+        String samplePolicy =
+                "<policy>\n" +
+                "    <rule effect=\"deny\">\n" +
+                "        <subjects>\n" +
+                "            <any/>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <any/>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy ) );
 
         Policy policy = new Policy( new DenyOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.DENY, policy.evaluate( org.apache.janus.script.testmodel.Subjects.anybody(), Permissions.anything() ).reduce() );
+        assertEquals( Effects.DENY, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
     }
 
     public void testHasBuiltInSupportForRulingOnUsernames() throws Exception
     {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe() ) );
+        String grantToJoe =
+                "<policy>\n" +
+                "    <rule effect=\"grant\">\n" +
+                "        <subjects>\n" +
+                "            <username>joeblow</username>\n" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </rule>\n" +
+                "</policy>";
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe ) );
 
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
@@ -57,174 +84,162 @@
 
     public void testHasBuiltInSupportForRulingOnGroups() throws Exception
     {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians() ) );
-
-        Policy policy = new Policy( new PermitOverridesEffect() );
-        builder.buildRuleSet( policy );
-
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() );
-    }
-
-    public void testHasBuiltInSupportForRulingOnRoles() throws Exception
-    {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers() ) );
-
-        Policy policy = new Policy( new PermitOverridesEffect() );
-        builder.buildRuleSet( policy );
-
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
-    }
-
-    public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception
-    {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes() ) );
-        builder.registerBuilder( new HasEyeColorPredicateBuilder() );
-
-        Policy policy = new Policy( new PermitOverridesEffect() );
-        builder.buildRuleSet( policy );
-
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() );
-    }
-
-    public void testLastRegisteredBuilderWins() throws Exception
-    {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone() ) );
-        builder.registerBuilder( new FalsePredicateBuilder( "any" ) );
-
-        Policy policy = new Policy( new PermitOverridesEffect() );
-        builder.buildRuleSet( policy );
-
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
-    }
-
-    public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception
-    {
-        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates() ) );
-
-        Policy policy = new Policy( new PermitOverridesEffect() );
-        builder.buildRuleSet( policy );
-
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
-    }
-
-    private String samplePolicy()
-    {
-        String content =
+        String grantToCanadians =
                 "<policy>\n" +
-                "    <rule effect=\"deny\">\n" +
-                "        <subjects>\n" +
-                "            <any/>\n" +
-                "        </subjects>\n" +
-                "        <permissions>\n" +
-                "            <any/>\n" +
-                "        </permissions>\n" +
-                "    </rule>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <any/>\n" +
+                "            <group>canadians</group>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() );
     }
 
-    private String grantToJoe()
+    public void testHasBuiltInSupportForRulingOnRoles() throws Exception
     {
-        String content =
+        String grantToDevelopers =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <username>joeblow</username>\n" +
+                "            <role>developer</role>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
     }
 
-    private String grantToCanadians()
+    public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception
     {
-        String content =
+        String grantToGreenEyes =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <group>canadians</group>\n" +
+                "            <eye-color>green</eye-color>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes ) );
+        builder.registerBuilder( new HasEyeColorPredicateBuilder() );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything() ).reduce() );
     }
 
-    private String grantToDevelopers()
+    public void testLastRegisteredBuilderWins() throws Exception
     {
-        String content =
+        String grantEveryone =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <role>developer</role>\n" +
+                "            <any/>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone ) );
+        builder.registerBuilder( new FalsePredicateBuilder( "any" ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
     }
 
-    private String grantToGreenEyes()
+    public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception
     {
-        String content =
+        String multiplePredicates =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <eye-color>green</eye-color>\n" +
+                "            <username>joeblow</username>\n" +
+                "            <role>developer</role>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
     }
 
-    private String grantEveryone()
+    public void testHasBuiltinSupportForAndOperationOnPredicates() throws Exception
     {
-        String content =
+        String andPredicateCombination =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <any/>\n" +
+                "            <and>" +
+                "                <username>joeblow</username>\n" +
+                "                <role>developer</role>\n" +
+                "            </and>" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( andPredicateCombination ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
     }
 
-    private String multiplePredicates()
+    public void testHasBuiltinSupportForOrOperationOnPredicates() throws Exception
     {
-        String content =
+        String orPredicateCombination =
                 "<policy>\n" +
                 "    <rule effect=\"grant\">\n" +
                 "        <subjects>\n" +
-                "            <username>joeblow</username>\n" +
-                "            <role>developer</role>\n" +
+                "            <or>" +
+                "                <username>joeblow</username>\n" +
+                "                <role>developer</role>\n" +
+                "            </or>" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
                 "    </rule>\n" +
                 "</policy>";
-        return content;
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( orPredicateCombination ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
     }
 }

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java?view=diff&rev=121134&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r1=121133&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r2=121134
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java	Wed Dec 15 20:13:11 2004
@@ -18,16 +18,17 @@
 
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
 import org.apache.janus.script.testmodel.EyeColorPrincipal;
+import org.apache.janus.script.xml.builder.AbstractNodeBuilder;
 import org.dom4j.Element;
 
-public class HasEyeColorPredicateBuilder implements NodeBuilder
+public class HasEyeColorPredicateBuilder extends AbstractNodeBuilder
 {
     public boolean canBuild( Element e )
     {
         return "eye-color".equals( e.getName() );
     }
 
-    public Object buildFrom( Element e, NodeBuilderLookup lookup )
+    public Object buildFrom( Element e )
     {
         return new HasPrincipalPredicate( new EyeColorPrincipal( e.getTextTrim() ) );
     }

Mime
View raw message