directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: r122673 - in incubator/directory/janus/trunk: core/impl/src/java/org/apache/janus/authorization core/impl/src/test/org/apache/janus/authorization script/src/java/org/apache/janus/script/xml script/src/java/org/apache/janus/script/xml/builder script/src/test/org/apache/janus/script/xml
Date Fri, 17 Dec 2004 20:18:59 GMT
Author: vtence
Date: Fri Dec 17 12:18:58 2004
New Revision: 122673

URL: http://svn.apache.org/viewcvs?view=rev&rev=122673
Log:
Completed XML frontend for Policies/RuleSets. Simplified and improved syntax too. That's is a good chunk done.
Added:
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java
      - copied, changed from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java
      - copied, changed from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java
Removed:
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java
Modified:
   incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
   incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java
   incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml

Modified: incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r1=122672&p2=incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/java/org/apache/janus/authorization/DefaultRule.java	Fri Dec 17 12:18:58 2004
@@ -19,6 +19,7 @@
 import org.apache.janus.authorization.effect.Effects;
 import org.apache.janus.authorization.predicate.Predicates;
 import org.apache.janus.authorization.predicate.AndPredicate;
+import org.apache.janus.authorization.predicate.OrPredicate;
 
 import javax.security.auth.Subject;
 
@@ -40,8 +41,8 @@
     public DefaultRule( Effect effect )
     {
         m_effect = effect;
-        m_subjectPredicate = Predicates.TRUE;
-        m_permissionPredicate = Predicates.TRUE;
+        m_subjectPredicate = Predicates.FALSE;
+        m_permissionPredicate = Predicates.FALSE;
     }
 
     public void setEffect( Effect effect )
@@ -51,12 +52,12 @@
 
     public void matchSubjects( Predicate condition )
     {
-        m_subjectPredicate = new AndPredicate( m_subjectPredicate, condition );
+        m_subjectPredicate = new OrPredicate( m_subjectPredicate, condition );
     }
 
     public void matchPermissions( Predicate condition )
     {
-        m_permissionPredicate = new AndPredicate( m_permissionPredicate, condition );
+        m_permissionPredicate = new OrPredicate( m_permissionPredicate, condition );
     }
 
     public Effect evaluate( Subject s, Permission p )

Modified: incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r1=122672&p2=incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java	(original)
+++ incubator/directory/janus/trunk/core/impl/src/test/org/apache/janus/authorization/DefaultRuleTest.java	Fri Dec 17 12:18:58 2004
@@ -50,13 +50,24 @@
         assertEquals( Effects.DENY, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
     }
 
-    public void testSubsequentConditionsAreCombinedIntoAnAndOperation()
+    public void testSubjectConditionsAreCombinedIntoAnOrOperation()
     {
         m_rule.setEffect( Effects.GRANT );
         m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
         m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
         m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.joe(), new SomePermission() ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new SomePermission() ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.joe(), new SomePermission() ) );
+    }
+
+    public void testPermissionConditionsAreCombinedIntoAnOrOperation()
+    {
+        m_rule.setEffect( Effects.GRANT );
+        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
+        m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "foo" ) ) );
+        m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "bar" ) ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission( "foo" ) ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission( "bar" ) ) );
     }
 
     public void testIsNotApplicableIfSubjectConditionIsNotVerified()

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java?view=auto&rev=122673
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/BuildingContext.java	Fri Dec 17 12:18:58 2004
@@ -0,0 +1,6 @@
+package org.apache.janus.script.xml;
+
+public interface BuildingContext extends ElementBuilder
+{
+    void registerBuilder( ElementBuilder builder );
+}

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/Dom4JRuleSetBuilder.java	Fri Dec 17 12:18:58 2004
@@ -27,6 +27,8 @@
 import org.apache.janus.script.xml.builder.HasRolePredicateBuilder;
 import org.apache.janus.script.xml.builder.AndPredicateBuilder;
 import org.apache.janus.script.xml.builder.OrPredicateBuilder;
+import org.apache.janus.script.xml.builder.GrantRuleBuilder;
+import org.apache.janus.script.xml.builder.DenyRuleBuilder;
 import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
@@ -45,8 +47,8 @@
  */
 public class Dom4JRuleSetBuilder implements RuleSetBuilder
 {
-    private final Element m_element;
-    private NodeBuildingContext m_buildingContext;
+    private final Element m_root;
+    private BuildingContext m_buildingContext;
 
     public static Dom4JRuleSetBuilder fromReader( Reader reader ) throws DocumentException
     {
@@ -55,7 +57,7 @@
 
     public Dom4JRuleSetBuilder( Element element )
     {
-        m_element = element;
+        m_root = element;
         m_buildingContext = new ReverseBuildingContext();
         registerBuilders();
     }
@@ -65,14 +67,14 @@
         this( doc.getRootElement() );
     }
 
-    public void registerBuilder( NodeBuilder builder )
+    public void registerBuilder( ElementBuilder builder )
     {
         m_buildingContext.registerBuilder( builder );
     }
 
     public void buildRuleSet( RuleSet ruleSet )
     {
-        List rules = m_element.elements( "rule" );
+        List rules = m_root.elements();
         addAllRules( ruleSet, rules );
     }
 
@@ -88,7 +90,10 @@
 
     private void registerBuilders()
     {
+        m_buildingContext.registerBuilder( new GrantRuleBuilder() );
+        m_buildingContext.registerBuilder( new DenyRuleBuilder() );
         m_buildingContext.registerBuilder( new DefaultRuleBuilder() );
+        m_buildingContext.registerBuilder( new AndPredicateBuilder( "subject" ) );
         m_buildingContext.registerBuilder( new TruePredicateBuilder() );
         m_buildingContext.registerBuilder( new FalsePredicateBuilder() );
         m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );

Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java (from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java)
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java&r1=121134&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ElementBuilder.java	Fri Dec 17 12:18:58 2004
@@ -25,7 +25,7 @@
  * </pre>
  * to recursively validates an element tree.
  */
-public interface NodeBuilder
+public interface ElementBuilder
 {
     /**
      * Checks whether this builder can handle the specified element.
@@ -34,7 +34,7 @@
      */
     boolean canBuild( Element e );
 
-    void setParent( NodeBuilder parent );
+    void setParent( ElementBuilder parent );
 
     Object buildFrom( Element e );
 }

Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuilder.java?view=auto&rev=122672
==============================================================================

Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/NodeBuildingContext.java?view=auto&rev=122672
==============================================================================

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/ReverseBuildingContext.java	Fri Dec 17 12:18:58 2004
@@ -18,13 +18,13 @@
 
 import org.dom4j.Element;
 import org.apache.janus.script.ScriptInterpretationException;
-import org.apache.janus.script.xml.builder.AbstractNodeBuilder;
+import org.apache.janus.script.xml.builder.AbstractElementBuilder;
 
 import java.util.List;
 import java.util.ArrayList;
 
-public class ReverseBuildingContext extends AbstractNodeBuilder
-        implements NodeBuildingContext
+public class ReverseBuildingContext extends AbstractElementBuilder
+        implements BuildingContext
 {
     private final List m_builders;
 
@@ -38,7 +38,7 @@
         return lookupBuilder( e ) != null;
     }
 
-    public void registerBuilder( NodeBuilder builder )
+    public void registerBuilder( ElementBuilder builder )
     {
         builder.setParent( this );
         m_builders.add( builder );
@@ -46,17 +46,17 @@
 
     public Object buildFrom( Element e )
     {
-        NodeBuilder builder = lookupBuilder( e );
-        if (builder == null) throw new ScriptInterpretationException( "Don't know how to handle element; no appropriate builder found for: " + e);
+        ElementBuilder builder = lookupBuilder( e );
+        if (builder == null) throw new ScriptInterpretationException( "Don't know how to handle element: " + e.getName());
 
         return builder.buildFrom( e );
     }
 
-    private NodeBuilder lookupBuilder( Element e )
+    private ElementBuilder lookupBuilder( Element e )
     {
         for ( int i = m_builders.size() - 1; i >= 0 ; i-- )
         {
-            NodeBuilder builder = ( NodeBuilder ) m_builders.get( i );
+            ElementBuilder builder = ( ElementBuilder ) m_builders.get( i );
             if ( builder.canBuild( e ) ) return builder;
         }
 

Copied: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java (from r121134, incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java)
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java&r1=121134&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractElementBuilder.java	Fri Dec 17 12:18:58 2004
@@ -16,18 +16,18 @@
  */
 package org.apache.janus.script.xml.builder;
 
-import org.apache.janus.script.xml.NodeBuilder;
+import org.apache.janus.script.xml.ElementBuilder;
 
-public abstract class AbstractNodeBuilder implements NodeBuilder
+public abstract class AbstractElementBuilder implements ElementBuilder
 {
-    private NodeBuilder m_parent;
+    private ElementBuilder m_parent;
 
-    public void setParent( NodeBuilder parent )
+    public void setParent( ElementBuilder parent )
     {
         m_parent = parent;
     }
 
-    protected final NodeBuilder getParent()
+    protected final ElementBuilder getParent()
     {
         return m_parent;
     }

Deleted: /incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractNodeBuilder.java?view=auto&rev=122672
==============================================================================

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java?view=auto&rev=122673
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AbstractRuleBuilder.java	Fri Dec 17 12:18:58 2004
@@ -0,0 +1,80 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+import org.apache.janus.authorization.DefaultRule;
+import org.apache.janus.authorization.Effect;
+import org.apache.janus.authorization.Predicate;
+import org.dom4j.Element;
+
+import java.util.Iterator;
+import java.util.List;
+
+public abstract class AbstractRuleBuilder extends AbstractElementBuilder
+{
+    private final String m_elementName;
+    private final Effect m_effect;
+
+    public AbstractRuleBuilder( String elementName, Effect effect )
+    {
+        m_elementName = elementName;
+        m_effect = effect;
+    }
+
+    public boolean canBuild( Element e )
+    {
+        return m_elementName.equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        DefaultRule rule = new DefaultRule( m_effect );
+        setSubjectPredicate( rule, e );
+        setPermissionPredicate( rule, e );
+        return rule;
+    }
+
+    private Predicate predicate( Element e )
+    {
+        return ( Predicate ) getParent().buildFrom( e );
+    }
+
+    private void setPermissionPredicate( DefaultRule rule, Element element )
+    {
+        Element permissions = element.element( "permissions" );
+        List predicates = permissions.elements();
+
+        for ( Iterator it = predicates.iterator(); it.hasNext(); )
+        {
+            Element e = ( Element ) it.next();
+            rule.matchPermissions( predicate( e ) );
+        }
+    }
+
+    private void setSubjectPredicate( DefaultRule rule, Element element )
+    {
+        Element subjects = element.element( "subjects" );
+        List predicates = subjects.elements();
+
+        for ( Iterator it = predicates.iterator(); it.hasNext(); )
+        {
+            Element e = ( Element ) it.next();
+            rule.matchSubjects( predicate( e ) );
+        }
+    }
+}
+

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/AndPredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -16,8 +16,9 @@
  */
 package org.apache.janus.script.xml.builder;
 
+import org.apache.janus.authorization.Predicate;
 import org.apache.janus.authorization.predicate.AndPredicate;
-import org.dom4j.Element;
+import org.apache.janus.authorization.predicate.Predicates;
 
 public class AndPredicateBuilder
         extends LogicalPredicateBuilder
@@ -32,8 +33,13 @@
         super( elementName );
     }
 
-    public Object buildFrom( Element e )
+    protected Predicate getSeed()
     {
-        return new AndPredicate( left( e ), right( e ) );
+        return Predicates.TRUE;
+    }
+
+    public Predicate compute( Predicate left, Predicate right )
+    {
+        return new AndPredicate( left, right );
     }
 }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DefaultRuleBuilder.java	Fri Dec 17 12:18:58 2004
@@ -19,11 +19,7 @@
 import org.apache.janus.authorization.DefaultRule;
 import org.apache.janus.authorization.Effect;
 import org.apache.janus.authorization.Predicate;
-import org.apache.janus.authorization.effect.DenyOverridesEffect;
 import org.apache.janus.authorization.effect.Effects;
-import org.apache.janus.authorization.effect.FirstApplicableEffect;
-import org.apache.janus.authorization.effect.LastApplicableEffect;
-import org.apache.janus.authorization.effect.PermitOverridesEffect;
 import org.dom4j.Element;
 
 import java.util.HashMap;
@@ -31,7 +27,7 @@
 import java.util.List;
 import java.util.Map;
 
-public class DefaultRuleBuilder extends AbstractNodeBuilder
+public class DefaultRuleBuilder extends AbstractElementBuilder
 {
     private final String m_elementName;
     private final Map m_effects;
@@ -76,11 +72,6 @@
     {
         m_effects.put( "grant", Effects.GRANT );
         m_effects.put( "deny", Effects.DENY );
-        m_effects.put( "not-applicable", Effects.NOT_APPLICABLE );
-        m_effects.put( "permit-overrides", new PermitOverridesEffect() );
-        m_effects.put( "deny-overrides", new DenyOverridesEffect() );
-        m_effects.put( "first-applicable", new FirstApplicableEffect() );
-        m_effects.put( "last-applicable", new LastApplicableEffect() );
     }
 
     private void setPermissionPredicate( DefaultRule rule, Element element )

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java?view=auto&rev=122673
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/DenyRuleBuilder.java	Fri Dec 17 12:18:58 2004
@@ -0,0 +1,32 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+import org.apache.janus.authorization.effect.Effects;
+
+public class DenyRuleBuilder extends AbstractRuleBuilder
+{
+    public DenyRuleBuilder()
+    {
+        this( "deny" );
+    }
+
+    public DenyRuleBuilder( String elementName )
+    {
+        super( elementName, Effects.DENY );
+    }
+}

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/FalsePredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -19,7 +19,7 @@
 import org.apache.janus.authorization.predicate.Predicates;
 import org.dom4j.Element;
 
-public class FalsePredicateBuilder extends AbstractNodeBuilder
+public class FalsePredicateBuilder extends AbstractElementBuilder
 {
     private final String m_elementName;
 

Added: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java?view=auto&rev=122673
==============================================================================
--- (empty file)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/GrantRuleBuilder.java	Fri Dec 17 12:18:58 2004
@@ -0,0 +1,33 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.janus.script.xml.builder;
+
+
+import org.apache.janus.authorization.effect.Effects;
+
+public class GrantRuleBuilder extends AbstractRuleBuilder
+{
+    public GrantRuleBuilder()
+    {
+        this( "grant" );
+    }
+
+    public GrantRuleBuilder( String elementName )
+    {
+        super( elementName, Effects.GRANT );
+    }
+}

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasGroupPredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -20,7 +20,7 @@
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
 import org.dom4j.Element;
 
-public class HasGroupPredicateBuilder extends AbstractNodeBuilder
+public class HasGroupPredicateBuilder extends AbstractElementBuilder
 {
     private final String m_elementName;
 

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasRolePredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -20,7 +20,7 @@
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
 import org.dom4j.Element;
 
-public class HasRolePredicateBuilder extends AbstractNodeBuilder
+public class HasRolePredicateBuilder extends AbstractElementBuilder
 {
     private final String m_elementName;
 

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/HasUsernamePredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -20,7 +20,7 @@
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
 import org.dom4j.Element;
 
-public class HasUsernamePredicateBuilder extends AbstractNodeBuilder
+public class HasUsernamePredicateBuilder extends AbstractElementBuilder
 {
     private final String m_elementName;
 

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/LogicalPredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -18,8 +18,12 @@
 
 import org.dom4j.Element;
 import org.apache.janus.authorization.Predicate;
+import org.apache.janus.authorization.predicate.Predicates;
+import org.apache.janus.authorization.predicate.AndPredicate;
 
-public abstract class LogicalPredicateBuilder extends AbstractNodeBuilder
+import java.util.Iterator;
+
+public abstract class LogicalPredicateBuilder extends AbstractElementBuilder
 {
     protected final String m_elementName;
 
@@ -30,46 +34,33 @@
 
     public boolean canBuild( Element e )
     {
-        return hasProperName( e ) && hasProperOperands( e );
+        return hasProperName( e );
     }
 
-    private boolean hasProperName( Element e )
+    public Object buildFrom( Element e )
     {
-        return m_elementName.equals( e.getName() );
-    }
+        Predicate p = Predicates.TRUE;
 
-    private boolean hasProperOperands( Element e )
-    {
-        return e.elements().size() == 2;
-    }
+        for ( Iterator it = e.elementIterator(); it.hasNext(); )
+        {
+            Element next = ( Element ) it.next();
+            p = compute( p, predicate( next ) );
+        }
 
-    protected Predicate left( Element e )
-    {
-        return predicate( leftOperand( e ) );
+        return p;
     }
 
-    protected Predicate right( Element e )
-    {
-        return predicate( rightOperand( e ) );
-    }
+    protected abstract Predicate getSeed();
+    
+    protected abstract Predicate compute( Predicate left, Predicate right );
 
-    private Predicate predicate( Element e )
-    {
-        return ( Predicate ) getParent().buildFrom( e );
-    }
-
-    protected Element leftOperand( Element e )
-    {
-        return child( e, 0 );
-    }
-
-    protected Element rightOperand( Element e )
+    private boolean hasProperName( Element e )
     {
-        return child( e, 1 );
+        return m_elementName.equals( e.getName() );
     }
 
-    private Element child( Element e, int index )
+    protected Predicate predicate( Element e )
     {
-        return ( Element ) e.elements().get( index );
+        return ( Predicate ) getParent().buildFrom( e );
     }
 }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/OrPredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -16,8 +16,9 @@
  */
 package org.apache.janus.script.xml.builder;
 
-import org.dom4j.Element;
+import org.apache.janus.authorization.Predicate;
 import org.apache.janus.authorization.predicate.OrPredicate;
+import org.apache.janus.authorization.predicate.Predicates;
 
 public class OrPredicateBuilder extends LogicalPredicateBuilder
 {
@@ -31,8 +32,13 @@
         super( elementName );
     }
 
-    public Object buildFrom( Element e )
+    protected Predicate getSeed()
     {
-        return new OrPredicate( left( e ), right( e ));
+        return Predicates.FALSE;
+    }
+
+    public Predicate compute( Predicate left, Predicate right )
+    {
+        return new OrPredicate( left, right);
     }
 }

Modified: incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/java/org/apache/janus/script/xml/builder/TruePredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -19,7 +19,7 @@
 import org.apache.janus.authorization.predicate.Predicates;
 import org.dom4j.Element;
 
-public class TruePredicateBuilder extends AbstractNodeBuilder
+public class TruePredicateBuilder extends AbstractElementBuilder
 {
     private final String m_elementName;
 

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/Dom4JRuleSetBuilderTest.java	Fri Dec 17 12:18:58 2004
@@ -16,6 +16,7 @@
  */
 package org.apache.janus.script.xml;
 
+import junit.framework.TestCase;
 import org.apache.janus.authorization.Policy;
 import org.apache.janus.authorization.effect.DenyOverridesEffect;
 import org.apache.janus.authorization.effect.Effects;
@@ -26,32 +27,35 @@
 import org.apache.janus.script.testmodel.Subjects;
 import org.apache.janus.script.testmodel.Usernames;
 import org.apache.janus.script.xml.builder.FalsePredicateBuilder;
-import org.jmock.MockObjectTestCase;
 
 import java.io.StringReader;
 
-public class Dom4JRuleSetBuilderTest extends MockObjectTestCase
+/**
+ * TODO: change or & and element to accept more than 2 children
+ * TODO: introduce subject element alias for and operation
+ */
+public class Dom4JRuleSetBuilderTest extends TestCase
 {
     public void testParsesDocumentAndAddsRulesToPolicy() throws Exception
     {
         String samplePolicy =
                 "<policy>\n" +
-                "    <rule effect=\"deny\">\n" +
+                "    <deny>\n" +
                 "        <subjects>\n" +
                 "            <any/>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    </deny>\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <any/>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( samplePolicy ) );
 
@@ -65,14 +69,14 @@
     {
         String grantToJoe =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <username>joeblow</username>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToJoe ) );
 
@@ -86,14 +90,14 @@
     {
         String grantToCanadians =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <group>canadians</group>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToCanadians ) );
 
@@ -107,14 +111,14 @@
     {
         String grantToDevelopers =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <role>developer</role>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToDevelopers ) );
 
@@ -124,18 +128,18 @@
         assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
     }
 
-    public void testPredicatesOnSubjectsCanBeRegisteredToExtendRuling() throws Exception
+    public void testPredicatesCanBeRegisteredToExtendRuling() throws Exception
     {
         String grantToGreenEyes =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <eye-color>green</eye-color>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantToGreenEyes ) );
         builder.registerBuilder( new HasEyeColorPredicateBuilder() );
@@ -150,14 +154,14 @@
     {
         String grantEveryone =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <any/>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( grantEveryone ) );
         builder.registerBuilder( new FalsePredicateBuilder( "any" ) );
@@ -168,45 +172,47 @@
         assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything() ).reduce() );
     }
 
-    public void testMultiplePredicatesAreCombinedWithAnAndOperation() throws Exception
+    public void testMultiplePredicatesAreCombinedWithAnOrOperation() throws Exception
     {
         String multiplePredicates =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <username>joeblow</username>\n" +
+                "            <group>canadians</group>\n" +
                 "            <role>developer</role>\n" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( multiplePredicates ) );
 
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
     }
 
     public void testHasBuiltinSupportForAndOperationOnPredicates() throws Exception
     {
         String andPredicateCombination =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <and>" +
                 "                <username>joeblow</username>\n" +
+                "                <group>geeks</group>\n" +
                 "                <role>developer</role>\n" +
                 "            </and>" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( andPredicateCombination ) );
 
@@ -214,25 +220,27 @@
         builder.buildRuleSet( policy );
 
         assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything() ).reduce() );
         assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Groups.geeks(), Roles.developer() ), Permissions.anything() ).reduce() );
     }
 
     public void testHasBuiltinSupportForOrOperationOnPredicates() throws Exception
     {
         String orPredicateCombination =
                 "<policy>\n" +
-                "    <rule effect=\"grant\">\n" +
+                "    <grant>\n" +
                 "        <subjects>\n" +
                 "            <or>" +
                 "                <username>joeblow</username>\n" +
+                "                <group>geeks</group>\n" +
                 "                <role>developer</role>\n" +
                 "            </or>" +
                 "        </subjects>\n" +
                 "        <permissions>\n" +
                 "            <any/>\n" +
                 "        </permissions>\n" +
-                "    </rule>\n" +
+                "    </grant>\n" +
                 "</policy>";
         Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( orPredicateCombination ) );
 
@@ -240,6 +248,33 @@
         builder.buildRuleSet( policy );
 
         assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything() ).reduce() );
         assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+    }
+
+    public void testSubjectIsAnAliasForAndOperation() throws Exception
+    {
+        String andPredicateCombination =
+                "<policy>\n" +
+                "    <grant>\n" +
+                "        <subjects>\n" +
+                "            <subject>" +
+                "                <username>joeblow</username>\n" +
+                "                <role>developer</role>\n" +
+                "            </subject>" +
+                "        </subjects>\n" +
+                "        <permissions>\n" +
+                "            <any/>\n" +
+                "        </permissions>\n" +
+                "    </grant>\n" +
+                "</policy>";
+        Dom4JRuleSetBuilder builder = Dom4JRuleSetBuilder.fromReader( new StringReader( andPredicateCombination ) );
+
+        Policy policy = new Policy( new PermitOverridesEffect() );
+        builder.buildRuleSet( policy );
+
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer() ), Permissions.anything() ).reduce() );
     }
 }

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r1=122672&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/HasEyeColorPredicateBuilder.java	Fri Dec 17 12:18:58 2004
@@ -18,10 +18,10 @@
 
 import org.apache.janus.authorization.predicate.HasPrincipalPredicate;
 import org.apache.janus.script.testmodel.EyeColorPrincipal;
-import org.apache.janus.script.xml.builder.AbstractNodeBuilder;
+import org.apache.janus.script.xml.builder.AbstractElementBuilder;
 import org.dom4j.Element;
 
-public class HasEyeColorPredicateBuilder extends AbstractNodeBuilder
+public class HasEyeColorPredicateBuilder extends AbstractElementBuilder
 {
     public boolean canBuild( Element e )
     {

Modified: incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml
Url: http://svn.apache.org/viewcvs/incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml?view=diff&rev=122673&p1=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml&r1=122672&p2=incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml&r2=122673
==============================================================================
--- incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml	(original)
+++ incubator/directory/janus/trunk/script/src/test/org/apache/janus/script/xml/policy.xml	Fri Dec 17 12:18:58 2004
@@ -1,23 +1,31 @@
 <policy>
-    <rule effect="grant">
-        <subject>
-            <or>
+    <grant>
+        <subjects>
+            <subject>
                 <role>admin</role>
                 <group>developer</group>
                 <username>joeblow</username>
-            </or>
-        </subject>
-        <permission>
+            </subject>
+            <subject>
+                <group>canadians</group>
+            </subject>
+        </subjects>
+        <permissions>
             <file path="/protected/*" action="read, write"/>
             <file path="/private/*" action="read"/>
-        </permission>
-    </rule>
-    <rule effect="deny">
-        <subject>
-            <any/>
-        </subject>
-        <permission>
-            <any/>
-        </permission>
-    </rule>
+        </permissions>
+    </grant>
+    <deny>
+        <subjects>
+            <subject>
+                <role>admin</role>
+                <group>developer</group>
+                <username>joeblow</username>
+            </subject>
+        </subjects>
+        <permissions>
+            <file path="/protected/*" action="read, write"/>
+            <file path="/private/*" action="read, write"/>
+        </permissions>
+    </deny>
 </policy>

Mime
View raw message