directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: r154356 - in incubator/directory/authx/trunk: api/src/java/org/apache/authx/authorization/ impl/src/java/org/apache/authx/authorization/ impl/src/test/org/apache/authx/authorization/ script/src/test/org/apache/authx/script/xml/
Date Fri, 18 Feb 2005 21:48:38 GMT
Author: vtence
Date: Fri Feb 18 13:48:35 2005
New Revision: 154356

URL: http://svn.apache.org/viewcvs?view=rev&rev=154356
Log:
Introduced the concept of AuthorizationRequest

Added:
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
  (with props)
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
  (with props)
Removed:
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Predicate.java
Modified:
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
    incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java

Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java?view=auto&rev=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
(added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
Fri Feb 18 13:48:35 2005
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+public interface AuthorizationRequest
+{
+    boolean affectsSubject( Predicate subjectPredicate );
+
+    boolean targetsPermission( Predicate permissionPredicate );
+}

Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
(original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
Fri Feb 18 13:48:35 2005
@@ -16,7 +16,7 @@
  */
 package org.apache.authx.authorization;
 
-import javax.security.auth.Subject;
+
 
 /**
  * An <code>Authorizer</code> is a security
@@ -24,15 +24,9 @@
  * responding to an authorization request
  * by rendering an authorization decision.
  * <p>
- * At this stage, no authorization request
- * abstraction exist yet, but that may change
- * soon. For the time being, an authorization request
- * is composed of a requested <code>Permission</code>
- * on behalf of a given subject.
- * <p>
- * No abstraction of authorization
- * decision exist either and a boolean representation
- * is used. That should change as well to support
+ * At this stage, no abstraction of authorization
+ * decision exist and a boolean representation
+ * is used. That could change at some point to support
  * a richer authorization model that associates positive
  * decisions to sets of obligations to which the client
  * must compell.
@@ -43,10 +37,9 @@
      * Renders an authorization decision in response
      * to the given authorization request.
      *
-     * @param s The subject requesting a permission
-     * @param p The targeted permission 
+     * @param request The authorization request to evaluate
      * @return true if case of a positive decision,
      *         false otherwise
      */
-    boolean authorize( Subject s, Permission p );
+    boolean renderDecision( AuthorizationRequest request );
 }

Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java?view=auto&rev=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
(added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
Fri Feb 18 13:48:35 2005
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Predicate
+{
+    boolean evaluate( Object o );
+}

Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
(original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
Fri Feb 18 13:48:35 2005
@@ -23,5 +23,5 @@
  */
 public interface Rule
 {
-    Effect evaluate( Subject s, Permission p );
+    Effect evaluate( AuthorizationRequest request );
 }

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java?view=auto&rev=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
(added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
Fri Feb 18 13:48:35 2005
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+import javax.security.auth.Subject;
+
+public class DefaultAuthorizationRequest implements AuthorizationRequest
+{
+    private final Subject m_subject;
+    private final Permission m_permission;
+
+    public DefaultAuthorizationRequest( Subject subject, Permission permission )
+    {
+        m_subject = subject;
+        m_permission = permission;
+    }
+
+    public boolean affectsSubject( Predicate subjectPredicate )
+    {
+        return subjectPredicate.evaluate( m_subject );
+    }
+
+    public boolean targetsPermission( Predicate permissionPredicate )
+    {
+        return permissionPredicate.evaluate( m_permission );
+    }
+
+    public boolean equals( Object value )
+    {
+        if ( this == value ) return true;
+        if ( !( value instanceof DefaultAuthorizationRequest ) ) return false;
+
+        final DefaultAuthorizationRequest defaultAuthorizationRequest = ( DefaultAuthorizationRequest
) value;
+
+        if ( !m_permission.equals( defaultAuthorizationRequest.m_permission ) ) return false;
+        if ( !m_subject.equals( defaultAuthorizationRequest.m_subject ) ) return false;
+
+        return true;
+    }
+
+    public int hashCode()
+    {
+        int result;
+        result = m_subject.hashCode();
+        result = 29 * result + m_permission.hashCode();
+        return result;
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizationRequest.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
(original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
Fri Feb 18 13:48:35 2005
@@ -18,7 +18,6 @@
 
 import org.apache.authx.authorization.effect.Effects;
 
-import javax.security.auth.Subject;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -38,9 +37,9 @@
         m_decisions.put( Effects.DENY, Boolean.FALSE );
     }
 
-    public boolean authorize( Subject s, Permission p )
+    public boolean renderDecision( AuthorizationRequest request )
     {
-        Effect effect = m_ruleSet.evaluate( s, p ).reduce();
+        Effect effect = m_ruleSet.evaluate( request ).reduce();
         Boolean decision = ( Boolean ) m_decisions.get( effect );
 
         return decision != null ? decision.booleanValue() : m_defaultDecision;

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
(original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
Fri Feb 18 13:48:35 2005
@@ -67,4 +67,14 @@
     {
         return m_subjectPredicate.evaluate( s ) && m_permissionPredicate.evaluate(
p );
     }
+
+    private boolean isApplicableTo( AuthorizationRequest request )
+    {
+        return request.affectsSubject( m_subjectPredicate ) && request.targetsPermission(
m_permissionPredicate );
+    }
+
+    public Effect evaluate( AuthorizationRequest request )
+    {
+        return isApplicableTo( request ) ? m_effect : Effects.NOT_APPLICABLE;
+    }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
(original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
Fri Feb 18 13:48:35 2005
@@ -40,14 +40,14 @@
         m_rules.add( rule );
     }
 
-    public Effect evaluate( Subject s, Permission p )
+    public Effect evaluate( AuthorizationRequest request )
     {
         Effect decision = m_effect;
 
         for ( Iterator it = m_rules.iterator(); it.hasNext(); )
         {
             Rule rule = ( Rule ) it.next();
-            Effect effect = rule.evaluate( s, p );
+            Effect effect = rule.evaluate( request );
             decision = decision.add( effect );
         }
 

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
(original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
Fri Feb 18 13:48:35 2005
@@ -16,7 +16,7 @@
  */
 package org.apache.authx.authorization;
 
-import javax.security.auth.Subject;
+
 
 public class PrimitiveRule implements Rule
 {
@@ -27,7 +27,7 @@
         this.effect = effect;
     }
 
-    public Effect evaluate( Subject s, Permission p )
+    public Effect evaluate( AuthorizationRequest request )
     {
         return effect;
     }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
(original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
Fri Feb 18 13:48:35 2005
@@ -35,35 +35,35 @@
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.GRANT ) );
         m_authorizer.denyIfUnsure();
-        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+        assertTrue( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(),
new SomePermission() ) ) );
     }
 
     public void testTakesPositiveDecisionIfRuleIsNotApplicable()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.NOT_APPLICABLE ) );
         m_authorizer.denyIfUnsure();
-        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+        assertTrue( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(),
new SomePermission() ) ) );
     }
 
     public void testTakesNegativeDecisionIfRuleSuggestDenial()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
         m_authorizer.grantIfUnsure();
-        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+        assertFalse( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(),
new SomePermission() ) ) );
     }
 
     public void testCanForceEffectToGrantDecision()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
         m_authorizer.grantOn( Effects.DENY );
-        assertTrue( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+        assertTrue( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(),
new SomePermission() ) ) );
     }
 
     public void testCanForceEffectToDenyDecision()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.NOT_APPLICABLE ) );
         m_authorizer.denyOn( Effects.NOT_APPLICABLE );
-        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+        assertFalse( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(),
new SomePermission() ) ) );
     }
 
     public void testEffectsAreReducedBeforeTakingDecision()
@@ -71,6 +71,6 @@
         m_authorizer = new DefaultAuthorizer( new Policy( new PermitOverridesEffect() ) );
         m_authorizer.grantIfUnsure();
         m_authorizer.denyOn( Effects.NOT_APPLICABLE );
-        assertFalse( m_authorizer.authorize( new Subject(), new SomePermission() ) );
+        assertFalse( m_authorizer.renderDecision( new DefaultAuthorizationRequest( new Subject(),
new SomePermission() ) ) );
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
(original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
Fri Feb 18 13:48:35 2005
@@ -47,7 +47,7 @@
         m_rule.setEffect( Effects.DENY );
         m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
         m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
-        assertEquals( Effects.DENY, m_rule.evaluate( Subjects.john(), new SomePermission()
) );
+        assertEquals( Effects.DENY, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(),
new SomePermission() ) ));
     }
 
     public void testSubjectConditionsAreCombinedIntoAnOrOperation()
@@ -56,8 +56,8 @@
         m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
         m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
         m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new SomePermission()
) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.joe(), new SomePermission()
) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(),
new SomePermission() ) ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.joe(),
new SomePermission() ) ) );
     }
 
     public void testPermissionConditionsAreCombinedIntoAnOrOperation()
@@ -66,21 +66,21 @@
         m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
         m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "foo"
) ) );
         m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "bar"
) ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission(
"foo" ) ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( Subjects.john(), new BasicPermission(
"bar" ) ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(),
new BasicPermission( "foo" ) ) ) );
+        assertEquals( Effects.GRANT, m_rule.evaluate( new DefaultAuthorizationRequest( Subjects.john(),
new BasicPermission( "bar" ) ) ) );
     }
 
     public void testIsNotApplicableIfSubjectConditionIsNotVerified()
     {
         m_rule.matchSubjects( new FalsePredicate() );
         m_rule.matchPermissions( new TruePredicate() );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission()
) );
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new DefaultAuthorizationRequest(
Subjects.john(), new SomePermission() ) ) );
     }
 
     public void testIsNotApplicableIfPermissionConditionIsNotVerified()
     {
         m_rule.matchSubjects( new TruePredicate() );
         m_rule.matchPermissions( new FalsePredicate() );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( Subjects.john(), new SomePermission()
) );
+        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new DefaultAuthorizationRequest(
Subjects.john(), new SomePermission() ) ) );
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
(original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
Fri Feb 18 13:48:35 2005
@@ -27,7 +27,7 @@
     public void testRendersDefaultDecisionWhenEmpty()
     {
         Policy policy = new Policy( new PermitOverridesEffect() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new Subject(), new SomePermission()
).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
new Subject(), new SomePermission() ) ).reduce() );
     }
 
     public void testCombinesResultOfContainedRulesEvaluation()
@@ -36,6 +36,6 @@
         policy.addRule( new PrimitiveRule( Effects.DENY ) );
         policy.addRule( new PrimitiveRule( Effects.GRANT ) );
 
-        assertEquals( Effects.GRANT, policy.evaluate( new Subject(), new SomePermission()
).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( new
Subject(), new SomePermission() ) ).reduce() );
     }
 }

Modified: incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java?view=diff&r1=154355&r2=154356
==============================================================================
--- incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
(original)
+++ incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java
Fri Feb 18 13:48:35 2005
@@ -18,6 +18,7 @@
 
 import junit.framework.TestCase;
 import org.apache.authx.authorization.Policy;
+import org.apache.authx.authorization.DefaultAuthorizationRequest;
 import org.apache.authx.authorization.effect.DenyOverridesEffect;
 import org.apache.authx.authorization.effect.Effects;
 import org.apache.authx.authorization.effect.PermitOverridesEffect;
@@ -62,7 +63,7 @@
         Policy policy = new Policy( new DenyOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.DENY, policy.evaluate( Subjects.anybody(), Permissions.anything()
).reduce() );
+        assertEquals( Effects.DENY, policy.evaluate( new DefaultAuthorizationRequest( Subjects.anybody(),
Permissions.anything() ) ).reduce() );
     }
 
     public void testHasBuiltInSupportForRulingOnUsernames() throws Exception
@@ -83,7 +84,7 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.joe(), Permissions.anything()
).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.joe(),
Permissions.anything() ) ).reduce() );
     }
 
     public void testHasBuiltInSupportForRulingOnGroups() throws Exception
@@ -104,7 +105,7 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ),
Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Groups.canadians() ), Permissions.anything() ) ).reduce() );
     }
 
     public void testHasBuiltInSupportForRulingOnRoles() throws Exception
@@ -125,7 +126,7 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ),
Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Roles.developer() ), Permissions.anything() )) .reduce() );
     }
 
     public void testPredicatesCanBeRegisteredToExtendRuling() throws Exception
@@ -147,7 +148,7 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.withGreenEyes(), Permissions.anything()
).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.withGreenEyes(),
Permissions.anything() ) ).reduce() );
     }
 
     public void testLastRegisteredBuilderWins() throws Exception
@@ -169,7 +170,7 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.anybody(), Permissions.anything()
).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.anybody(), Permissions.anything() ) ).reduce() );
     }
 
     public void testMultiplePredicatesAreCombinedWithAnOrOperation() throws Exception
@@ -192,9 +193,9 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything()
).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.canadians() ),
Permissions.anything() ).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Roles.developer() ),
Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Usernames.joe() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Groups.canadians() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Roles.developer() ), Permissions.anything() ) ).reduce() );
     }
 
     public void testHasBuiltInSupportForAndOperationOnPredicates() throws Exception
@@ -219,10 +220,10 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe()
), Permissions.anything() ).reduce() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Groups.geeks()
), Permissions.anything() ).reduce() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer()
), Permissions.anything() ).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Groups.geeks(),
Roles.developer() ), Permissions.anything() ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.with( Groups.geeks() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Usernames.joe(), Groups.geeks(), Roles.developer() ), Permissions.anything() ) ).reduce()
);
     }
 
     public void testHasBuiltInSupportForOrOperationOnPredicates() throws Exception
@@ -246,9 +247,9 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe() ), Permissions.anything()
).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Groups.geeks() ), Permissions.anything()
).reduce() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer()
), Permissions.anything() ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Usernames.joe() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Groups.geeks() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
     }
 
     public void testSubjectIsAnAliasForAndOperation() throws Exception
@@ -272,8 +273,8 @@
         Policy policy = new Policy( new PermitOverridesEffect() );
         builder.buildRuleSet( policy );
 
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Usernames.joe()
), Permissions.anything() ).reduce() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( Subjects.with( Roles.developer()
), Permissions.anything() ).reduce() );
-        assertEquals( Effects.GRANT, policy.evaluate( Subjects.with( Usernames.joe(), Roles.developer()
), Permissions.anything() ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.with( Usernames.joe() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new DefaultAuthorizationRequest(
Subjects.with( Roles.developer() ), Permissions.anything() ) ).reduce() );
+        assertEquals( Effects.GRANT, policy.evaluate( new DefaultAuthorizationRequest( Subjects.with(
Usernames.joe(), Roles.developer() ), Permissions.anything() ) ).reduce() );
     }
 }



Mime
View raw message