directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vte...@apache.org
Subject svn commit: r155029 [1/2] - in incubator/directory/authx/trunk: api/src/java/org/apache/authx/authorization/ example/src/java/org/apache/authx/example/web/ example/src/webapp/WEB-INF/ impl/src/java/org/apache/authx/authorization/ impl/src/java/org/apache/authx/authorization/condition/ impl/src/java/org/apache/authx/authorization/effect/ impl/src/java/org/apache/authx/authorization/predicate/ impl/src/test/org/apache/authx/authorization/ impl/src/test/org/apache/authx/authorization/effect/ script/src/java/org/apache/authx/script/xml/ script/src/java/org/apache/authx/script/xml/builder/ script/src/test/org/apache/authx/script/xml/
Date Wed, 23 Feb 2005 17:14:35 GMT
Author: vtence
Date: Wed Feb 23 09:14:19 2005
New Revision: 155029

URL: http://svn.apache.org/viewcvs?view=rev&rev=155029
Log:
Enhanced AuthorizationRequest to collect rule votes on authorization decision. Rule concept made easier to work with in preparation for scripted rule definitions. Predicate renamed to more appropriate Condition.

Added:
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java   (with props)
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java   (with props)
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java   (with props)
    incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java   (with props)
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TrueConditionBuilder.java   (with props)
    incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorConditionBuilder.java   (with props)
Removed:
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Predicate.java
    incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchasePredicateBuilder.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/SimpleAuthorizationRequest.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/AbstractCombinedEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/predicate/
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndPredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalsePredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupPredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRolePredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernamePredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/LogicalPredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/OrPredicateBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/TruePredicateBuilder.java
    incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/HasEyeColorPredicateBuilder.java
Modified:
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
    incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
    incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java
    incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java
    incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java
    incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java
    incubator/directory/authx/trunk/script/src/test/org/apache/authx/script/xml/Dom4JRuleSetBuilderTest.java

Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2005 Your Corporation. All Rights Reserved.
+ */
+package org.apache.authx.authorization;
+
+import javax.security.auth.Subject;
+
+public final class AuthorizationRequest
+{
+    private final Subject m_subject;
+    private final Permission m_permission;
+
+    private Effect m_effect;
+
+    public AuthorizationRequest( Subject subject, Permission permission )
+    {
+        m_subject = subject;
+        m_permission = permission;
+    }
+
+    public AuthorizationRequest( Subject subject, Permission permission, Effect initialEffect )
+    {
+        m_subject = subject;
+        m_permission = permission;
+        m_effect = initialEffect;
+    }
+
+    public boolean affectsSuject( Condition condition )
+    {
+        return condition.evaluate( m_subject );
+    }
+
+    public boolean targetsPermission( Condition condition )
+    {
+        return condition.evaluate( m_permission );
+    }
+
+    public Subject getSubject()
+    {
+        return m_subject;
+    }
+
+    public Permission getPermission()
+    {
+        return m_permission;
+    }
+
+    public void grant()
+    {
+        m_effect = m_effect.permit();
+    }
+
+    public void deny()
+    {
+        m_effect = m_effect.deny();
+    }
+
+    public void propagateEffect( AuthorizationRequest other )
+    {
+        m_effect.apply( other );
+    }
+
+    public AuthorizationRequest childRequest( Effect effect )
+    {
+        return new AuthorizationRequest( m_subject, m_permission, effect );
+    }
+
+    public Effect outcome()
+    {
+        return m_effect.reduce();
+    }
+}

Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/AuthorizationRequest.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java (original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Authorizer.java Wed Feb 23 09:14:19 2005
@@ -26,10 +26,10 @@
  * by rendering an authorization decision.
  * <p>
  * At this stage, no abstraction of authorization
- * decision exist and a boolean representation
+ * outcome exist and a boolean representation
  * is used. That could change at some point to support
  * a richer authorization model that associates positive
- * decisions to sets of obligations to which the client
+ * outcomes to sets of obligations to which the client
  * must compell.
  */
 public interface Authorizer

Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,25 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Condition
+{
+    boolean evaluate( Object o );
+}

Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Condition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java (added)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,31 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public interface Effect
+{
+    void apply( AuthorizationRequest request );
+
+    Effect permit();
+
+    Effect deny();
+
+    Effect reduce();
+}

Propchange: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Effect.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java (original)
+++ incubator/directory/authx/trunk/api/src/java/org/apache/authx/authorization/Rule.java Wed Feb 23 09:14:19 2005
@@ -21,5 +21,5 @@
  */
 public interface Rule
 {
-    Effect evaluate( AuthorizationRequest request );
+    void evaluate( AuthorizationRequest request );
 }

Added: incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,35 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.example.web;
+
+import org.apache.authx.script.xml.builder.AbstractElementBuilder;
+import org.apache.authx.authorization.condition.ImpliedPermissionCondition;
+import org.dom4j.Element;
+
+public class CanPurchaseConditionBuilder extends AbstractElementBuilder
+{
+    public boolean canBuild( Element e )
+    {
+        return "buy".equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        float limit = Float.parseFloat( e.attributeValue( "limit" ) );
+        return new ImpliedPermissionCondition( new PurchasePermission( limit ) );
+    }
+}

Propchange: incubator/directory/authx/trunk/example/src/java/org/apache/authx/example/web/CanPurchaseConditionBuilder.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy (original)
+++ incubator/directory/authx/trunk/example/src/webapp/WEB-INF/nanocontainer.groovy Wed Feb 23 09:14:19 2005
@@ -22,7 +22,7 @@
     policy = new org.apache.authx.authorization.Policy( new org.apache.authx.authorization.effect.PermitOverridesEffect() )
     permissions = new java.io.FileReader( "c:/tools/jakarta-tomcat-5.0.28/webapps/authx-example/WEB-INF/permissions.xml" )
     policyBuilder = org.apache.authx.script.xml.Dom4JRuleSetBuilder.fromReader( permissions )
-    policyBuilder.registerBuilder( new org.apache.authx.example.web.CanPurchasePredicateBuilder() )
+    policyBuilder.registerBuilder( new org.apache.authx.example.web.CanPurchaseConditionBuilder() )
     policyBuilder.buildRuleSet( policy )
 
     authorizer = new org.apache.authx.authorization.DefaultAuthorizer( policy );

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java Wed Feb 23 09:14:19 2005
@@ -16,6 +16,7 @@
  */
 package org.apache.authx.authorization;
 
+import org.apache.authx.authorization.effect.LastApplicableEffect;
 import org.apache.authx.authorization.effect.Effects;
 
 import javax.security.auth.Subject;
@@ -26,44 +27,40 @@
 {
     private final Map m_decisions;
     private final RuleSet m_ruleSet;
-    private boolean m_defaultDecision;
 
     public DefaultAuthorizer( RuleSet ruleSet )
     {
         m_ruleSet = ruleSet;
-        m_defaultDecision = true;
         m_decisions = new HashMap();
         m_decisions.put( Effects.GRANT, Boolean.TRUE );
-        m_decisions.put( Effects.NOT_APPLICABLE, Boolean.TRUE );
-        m_decisions.put( Effects.DENY, Boolean.FALSE );
+        m_decisions.put( Effects.NOT_APPLICABLE, Boolean.FALSE );
+        m_decisions.put( Effects.DENY, Boolean.FALSE);
     }
 
     public boolean renderDecision( Subject s, Permission p )
     {
-        AuthorizationRequest request = new SimpleAuthorizationRequest( s, p );
-        Effect effect = m_ruleSet.evaluate( request ).reduce();
-        Boolean decision = ( Boolean ) m_decisions.get( effect );
+        AuthorizationRequest request = new AuthorizationRequest( s, p, new LastApplicableEffect() );
+        m_ruleSet.evaluate( request );
 
-        return decision != null ? decision.booleanValue() : m_defaultDecision;
-    }
+        Effect outcome = request.outcome();
+        if ( unknown( outcome ) ) throw new IllegalArgumentException( "Don't know what to decide on: " + outcome );
+        Boolean decision = (Boolean) m_decisions.get( outcome );
 
-    public void grantOn( Effect effect )
-    {
-        m_decisions.put( effect, Boolean.TRUE );
+        return decision.booleanValue();
     }
 
-    public void denyOn( Effect effect )
+    private boolean unknown( Effect outcome )
     {
-        m_decisions.put( effect, Boolean.FALSE );
+        return !m_decisions.containsKey( outcome );
     }
 
-    public void grantIfUnsure()
+    public void grantOn( Effect effect )
     {
-        m_defaultDecision = true;
+        m_decisions.put( effect, Boolean.TRUE );
     }
 
-    public void denyIfUnsure()
+    public void denyOn( Effect effect )
     {
-        m_defaultDecision = false;
+        m_decisions.put( effect, Boolean.FALSE );
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/DefaultRule.java Wed Feb 23 09:14:19 2005
@@ -17,10 +17,8 @@
 package org.apache.authx.authorization;
 
 import org.apache.authx.authorization.effect.Effects;
-import org.apache.authx.authorization.predicate.OrPredicate;
-import org.apache.authx.authorization.predicate.Predicates;
-
-import javax.security.auth.Subject;
+import org.apache.authx.authorization.condition.OrCondition;
+import org.apache.authx.authorization.condition.Predicates;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
@@ -28,8 +26,8 @@
 public class DefaultRule implements Rule
 {
     private Effect m_effect;
-    private Predicate m_subjectPredicate;
-    private Predicate m_permissionPredicate;
+    private Condition m_subjectCondition;
+    private Condition m_permissionCondition;
 
     public DefaultRule()
     {
@@ -39,8 +37,8 @@
     public DefaultRule( Effect effect )
     {
         m_effect = effect;
-        m_subjectPredicate = Predicates.FALSE;
-        m_permissionPredicate = Predicates.FALSE;
+        m_subjectCondition = Predicates.FALSE;
+        m_permissionCondition = Predicates.FALSE;
     }
 
     public void setEffect( Effect effect )
@@ -48,33 +46,21 @@
         m_effect = effect;
     }
 
-    public void matchSubjects( Predicate condition )
-    {
-        m_subjectPredicate = new OrPredicate( m_subjectPredicate, condition );
-    }
-
-    public void matchPermissions( Predicate condition )
-    {
-        m_permissionPredicate = new OrPredicate( m_permissionPredicate, condition );
-    }
-
-    public Effect evaluate( Subject s, Permission p )
-    {
-        return matches( s, p ) ? m_effect : Effects.NOT_APPLICABLE;
-    }
-
-    private boolean matches( Subject s, Permission p )
+    public void matchSubjects( Condition condition )
     {
-        return m_subjectPredicate.evaluate( s ) && m_permissionPredicate.evaluate( p );
+        m_subjectCondition = new OrCondition( m_subjectCondition, condition );
     }
 
-    private boolean isApplicableTo( AuthorizationRequest request )
+    public void matchPermissions( Condition condition )
     {
-        return request.affectsSubjectMatching( m_subjectPredicate ) && request.targetsPermissionMatching( m_permissionPredicate );
+        m_permissionCondition = new OrCondition( m_permissionCondition, condition );
     }
 
-    public Effect evaluate( AuthorizationRequest request )
+    public void evaluate( AuthorizationRequest request )
     {
-        return isApplicableTo( request ) ? m_effect : Effects.NOT_APPLICABLE;
+        if ( request.affectsSuject( m_subjectCondition ) && request.targetsPermission( m_permissionCondition ) )
+        {
+            m_effect.apply( request );
+        }
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/Policy.java Wed Feb 23 09:14:19 2005
@@ -16,7 +16,6 @@
  */
 package org.apache.authx.authorization;
 
-import javax.security.auth.Subject;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Iterator;
@@ -40,17 +39,16 @@
         m_rules.add( rule );
     }
 
-    public Effect evaluate( AuthorizationRequest request )
+    public void evaluate( AuthorizationRequest request )
     {
-        Effect decision = m_effect;
+        AuthorizationRequest child = request.childRequest( m_effect );
 
         for ( Iterator it = m_rules.iterator(); it.hasNext(); )
         {
-            Rule rule = ( Rule ) it.next();
-            Effect effect = rule.evaluate( request );
-            decision = decision.add( effect );
+            final Rule rule = ( Rule ) it.next();
+            rule.evaluate( child );
         }
 
-        return decision;
+        child.propagateEffect( request );
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/PrimitiveRule.java Wed Feb 23 09:14:19 2005
@@ -16,19 +16,17 @@
  */
 package org.apache.authx.authorization;
 
-
-
 public class PrimitiveRule implements Rule
 {
-    private final Effect effect;
+    private final Effect m_effect;
 
     public PrimitiveRule( Effect effect )
     {
-        this.effect = effect;
+        m_effect = effect;
     }
 
-    public Effect evaluate( AuthorizationRequest request )
+    public void evaluate( AuthorizationRequest request )
     {
-        return effect;
+        m_effect.apply( request );
     }
 }

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+public class AndCondition implements Condition
+{
+    private final Condition m_left;
+    private final Condition m_right;
+
+    public AndCondition( Condition left, Condition right )
+    {
+        m_left = left;
+        m_right = right;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_left.evaluate( o ) && m_right.evaluate( o ); 
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/AndCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Permission;
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class DependedUponPermissionCondition implements Condition
+{
+    private final Permission m_permission;
+
+    public DependedUponPermissionCondition( Permission permission )
+    {
+        m_permission = permission;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Permission p = ( Permission ) o;
+        return p.implies( m_permission );
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/DependedUponPermissionCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class EqualCondition implements Condition
+{
+    private final Object m_obj;
+
+    public EqualCondition( Object obj )
+    {
+        m_obj = obj;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_obj.equals( o );
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/EqualCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class FalseCondition implements Condition
+{
+    public boolean evaluate( Object o )
+    {
+        return false;
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/FalseCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,49 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class HasPrincipalCondition implements Condition
+{
+    private final Principal m_principal;
+
+    public HasPrincipalCondition( Principal principal )
+    {
+        m_principal = principal;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Subject s = ( Subject ) o;
+
+        for ( Iterator it = s.getPrincipals().iterator(); it.hasNext(); )
+        {
+            Principal p = ( Principal ) it.next();
+            if ( m_principal.equals( p ) ) return true;
+        }
+
+        return false;
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/HasPrincipalCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,39 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Permission;
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class ImpliedPermissionCondition implements Condition
+{
+    private final Permission m_permission;
+
+    public ImpliedPermissionCondition( Permission permission )
+    {
+        m_permission = permission;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        Permission p = ( Permission ) o;
+        return m_permission.implies( p );
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/ImpliedPermissionCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+public class OrCondition implements Condition
+{
+    private final Condition m_left;
+    private final Condition m_right;
+
+    public OrCondition( Condition left, Condition right )
+    {
+        m_left = left;
+        m_right = right;
+    }
+
+    public boolean evaluate( Object o )
+    {
+        return m_left.evaluate( o ) || m_right.evaluate( o );
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/OrCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,57 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Permission;
+import org.apache.authx.authorization.Condition;
+
+import java.security.Principal;
+
+public final class Predicates
+{
+    public static final Condition TRUE = new TrueCondition();
+    public static final Condition FALSE = new FalseCondition();
+
+    private Predicates()
+    {
+    }
+
+    public static Condition isImplied( Permission p )
+    {
+        return new ImpliedPermissionCondition( p );
+    }
+
+    public static Condition isDependedUpon( Permission p )
+    {
+        return new DependedUponPermissionCondition( p );
+    }
+
+    public static Condition is( Object o )
+    {
+        return new EqualCondition( o );
+    }
+
+    public static Condition hasPrincipal( Principal p )
+    {
+        return new HasPrincipalCondition( p );
+    }
+
+    public static Condition and( Condition p1, Condition p2 )
+    {
+        return new AndCondition( p1, p2 );
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/Predicates.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java (added)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,30 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.authorization.condition;
+
+import org.apache.authx.authorization.Condition;
+
+/**
+ * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
+ */
+public class TrueCondition implements Condition
+{
+    public boolean evaluate( Object o )
+    {
+        return true;
+    }
+}

Propchange: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/condition/TrueCondition.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyEffect.java Wed Feb 23 09:14:19 2005
@@ -16,6 +16,7 @@
  */
 package org.apache.authx.authorization.effect;
 
+import org.apache.authx.authorization.AuthorizationRequest;
 import org.apache.authx.authorization.Effect;
 
 /**
@@ -27,14 +28,9 @@
     {
     }
 
-    public Effect add( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return this;
-    }
-
-    public Effect applyTo( Effect effect )
-    {
-        return effect.deny();
+        request.deny();
     }
 
     public Effect permit()
@@ -54,6 +50,6 @@
 
     public String toString()
     {
-        return "Deny";
+        return "deny";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/DenyOverridesEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
  */
-public class DenyOverridesEffect extends AbstractCombinedEffect
+public class DenyOverridesEffect implements Effect
 {
+    private final Effect m_effect;
+
     public DenyOverridesEffect()
     {
         this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
 
     public DenyOverridesEffect( Effect effect )
     {
-        super( effect );
+        m_effect = effect;
     }
 
-    public Effect applyTo( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return m_effect.applyTo( effect );
+        m_effect.apply( request );
     }
 
     public Effect permit()
@@ -48,9 +51,13 @@
         return Effects.DENY;
     }
 
+    public Effect reduce()
+    {
+        return m_effect.reduce();
+    }
 
     public String toString()
     {
-        return "Deny Overrides";
+        return "deny overrides";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/FirstApplicableEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
  */
-public class FirstApplicableEffect extends AbstractCombinedEffect
+public class FirstApplicableEffect implements Effect
 {
+    private final Effect m_effect;
+
     public FirstApplicableEffect()
     {
         this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
 
     protected FirstApplicableEffect( Effect effect )
     {
-        super( effect );
+        m_effect = effect;
     }
 
-    public Effect applyTo( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return m_effect.applyTo( effect );
+        m_effect.apply( request );
     }
 
     public Effect permit()
@@ -48,8 +51,13 @@
         return Effects.DENY;
     }
 
+    public Effect reduce()
+    {
+        return m_effect.reduce();
+    }
+
     public String toString()
     {
-        return "First Applicable";
+        return "first applicable";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/GrantEffect.java Wed Feb 23 09:14:19 2005
@@ -17,6 +17,7 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
@@ -27,14 +28,9 @@
     {
     }
 
-    public Effect add( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return this;
-    }
-
-    public Effect applyTo( Effect effect )
-    {
-        return effect.permit();
+        request.grant();
     }
 
     public Effect permit()
@@ -54,6 +50,6 @@
 
     public String toString()
     {
-        return "Grant";
+        return "grant";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/LastApplicableEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
  */
-public class LastApplicableEffect extends AbstractCombinedEffect
+public class LastApplicableEffect implements Effect
 {
+    private final Effect m_effect;
+
     public LastApplicableEffect()
     {
         this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
 
     protected LastApplicableEffect( Effect effect )
     {
-        super( effect );
+        m_effect = effect;
     }
 
-    public Effect applyTo( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return m_effect.applyTo( effect );
+        m_effect.apply( request );
     }
 
     public Effect permit()
@@ -48,9 +51,13 @@
         return new LastApplicableEffect( Effects.DENY );
     }
 
+    public Effect reduce()
+    {
+        return m_effect.reduce();
+    }
 
     public String toString()
     {
-        return "Last Applicable";
+        return "last applicable";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/NotApplicableEffect.java Wed Feb 23 09:14:19 2005
@@ -17,6 +17,7 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
@@ -27,14 +28,8 @@
     {
     }
 
-    public Effect applyTo( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return effect;
-    }
-
-    public Effect add( Effect effect )
-    {
-        return this;
     }
 
     public Effect permit()
@@ -54,6 +49,6 @@
 
     public String toString()
     {
-        return "Not Applicable";
+        return "not applicable";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java (original)
+++ incubator/directory/authx/trunk/impl/src/java/org/apache/authx/authorization/effect/PermitOverridesEffect.java Wed Feb 23 09:14:19 2005
@@ -17,12 +17,15 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
+import org.apache.authx.authorization.AuthorizationRequest;
 
 /**
  * @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
  */
-public class PermitOverridesEffect extends AbstractCombinedEffect
+public class PermitOverridesEffect implements Effect
 {
+    private final Effect m_effect;
+
     public PermitOverridesEffect()
     {
         this( Effects.NOT_APPLICABLE );
@@ -30,12 +33,12 @@
 
     protected PermitOverridesEffect( Effect effect )
     {
-        super( effect );
+        m_effect = effect;
     }
 
-    public Effect applyTo( Effect effect )
+    public void apply( AuthorizationRequest request )
     {
-        return m_effect.applyTo( effect );
+        m_effect.apply( request );
     }
 
     public Effect permit()
@@ -48,9 +51,13 @@
         return new PermitOverridesEffect( Effects.DENY );
     }
 
+    public Effect reduce()
+    {
+        return m_effect.reduce();
+    }
 
     public String toString()
     {
-        return "Permit Overrides";
+        return "permit overrides";
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultAuthorizerTest.java Wed Feb 23 09:14:19 2005
@@ -34,21 +34,18 @@
     public void testTakesPositiveDecisionIfRuleSuggestsPermission()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.GRANT ) );
-        m_authorizer.denyIfUnsure();
         assertTrue( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
     }
 
-    public void testTakesPositiveDecisionIfRuleIsNotApplicable()
+    public void testTakesNegativeDecisionIfRuleIsNotApplicable()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.NOT_APPLICABLE ) );
-        m_authorizer.denyIfUnsure();
-        assertTrue( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
+        assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
     }
 
     public void testTakesNegativeDecisionIfRuleSuggestDenial()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( Effects.DENY ) );
-        m_authorizer.grantIfUnsure();
         assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
     }
 
@@ -66,10 +63,9 @@
         assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
     }
 
-    public void testEffectsAreReducedBeforeTakingDecision()
+    public void testMakesDecisionBasedOnPrimitiveEffect()
     {
         m_authorizer = new DefaultAuthorizer( new Policy( new PermitOverridesEffect() ) );
-        m_authorizer.grantIfUnsure();
         m_authorizer.denyOn( Effects.NOT_APPLICABLE );
         assertFalse( m_authorizer.renderDecision( new Subject(), new SomePermission() ) );
     }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/DefaultRuleTest.java Wed Feb 23 09:14:19 2005
@@ -16,11 +16,12 @@
  */
 package org.apache.authx.authorization;
 
+import org.apache.authx.authorization.condition.FalseCondition;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.apache.authx.authorization.condition.ImpliedPermissionCondition;
+import org.apache.authx.authorization.condition.TrueCondition;
 import org.apache.authx.authorization.effect.Effects;
-import org.apache.authx.authorization.predicate.FalsePredicate;
-import org.apache.authx.authorization.predicate.HasPrincipalPredicate;
-import org.apache.authx.authorization.predicate.ImpliedPermissionPredicate;
-import org.apache.authx.authorization.predicate.TruePredicate;
+import org.apache.authx.authorization.effect.LastApplicableEffect;
 import org.apache.authx.testmodel.Subjects;
 import org.apache.authx.testmodel.Usernames;
 import org.jmock.MockObjectTestCase;
@@ -45,42 +46,64 @@
     public void testEvaluatesToRuleEffectIfTargetVerifiesCondition()
     {
         m_rule.setEffect( Effects.DENY );
-        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
-        m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
-        assertEquals( Effects.DENY, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ));
+        m_rule.matchSubjects( new HasPrincipalCondition( Usernames.john() ) );
+        m_rule.matchPermissions( new ImpliedPermissionCondition( new SomePermission() ) );
+
+        AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+
+        assertEquals( Effects.DENY, request.outcome() );
     }
 
     public void testSubjectConditionsAreCombinedIntoAnOrOperation()
     {
         m_rule.setEffect( Effects.GRANT );
-        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
-        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.joe() ) );
-        m_rule.matchPermissions( new ImpliedPermissionPredicate( new SomePermission() ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.joe(), new SomePermission() ) ) );
+        m_rule.matchSubjects( new HasPrincipalCondition( Usernames.john() ) );
+        m_rule.matchSubjects( new HasPrincipalCondition( Usernames.joe() ) );
+        m_rule.matchPermissions( new ImpliedPermissionCondition( new SomePermission() ) );
+
+        AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+        assertEquals( Effects.GRANT, request.outcome() );
+
+        request = new AuthorizationRequest( Subjects.joe(), new SomePermission(), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+        assertEquals( Effects.GRANT, request.outcome() );
     }
 
     public void testPermissionConditionsAreCombinedIntoAnOrOperation()
     {
         m_rule.setEffect( Effects.GRANT );
-        m_rule.matchSubjects( new HasPrincipalPredicate( Usernames.john() ) );
-        m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "foo" ) ) );
-        m_rule.matchPermissions( new ImpliedPermissionPredicate( new BasicPermission( "bar" ) ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ) ) ) );
-        assertEquals( Effects.GRANT, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ) ) ) );
+        m_rule.matchSubjects( new HasPrincipalCondition( Usernames.john() ) );
+        m_rule.matchPermissions( new ImpliedPermissionCondition( new BasicPermission( "foo" ) ) );
+        m_rule.matchPermissions( new ImpliedPermissionCondition( new BasicPermission( "bar" ) ) );
+
+        AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new BasicPermission( "foo" ), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+        assertEquals( Effects.GRANT, request.outcome() );
+
+        request = new AuthorizationRequest( Subjects.john(), new BasicPermission( "bar" ), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+        assertEquals( Effects.GRANT, request.outcome() );
     }
 
     public void testIsNotApplicableIfSubjectConditionIsNotVerified()
     {
-        m_rule.matchSubjects( new FalsePredicate() );
-        m_rule.matchPermissions( new TruePredicate() );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+        m_rule.matchSubjects( new FalseCondition() );
+        m_rule.matchPermissions( new TrueCondition() );
+
+        AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+        assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
     }
 
     public void testIsNotApplicableIfPermissionConditionIsNotVerified()
     {
-        m_rule.matchSubjects( new TruePredicate() );
-        m_rule.matchPermissions( new FalsePredicate() );
-        assertEquals( Effects.NOT_APPLICABLE, m_rule.evaluate( new SimpleAuthorizationRequest( Subjects.john(), new SomePermission() ) ) );
+        m_rule.matchSubjects( new TrueCondition() );
+        m_rule.matchPermissions( new FalseCondition() );
+
+        AuthorizationRequest request = new AuthorizationRequest( Subjects.john(), new SomePermission(), new LastApplicableEffect() );
+        m_rule.evaluate( request );
+        assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/PolicyTest.java Wed Feb 23 09:14:19 2005
@@ -16,26 +16,33 @@
  */
 package org.apache.authx.authorization;
 
-import junit.framework.TestCase;
 import org.apache.authx.authorization.effect.Effects;
 import org.apache.authx.authorization.effect.PermitOverridesEffect;
+import org.apache.authx.authorization.effect.LastApplicableEffect;
+import org.jmock.MockObjectTestCase;
 
 import javax.security.auth.Subject;
 
-public class PolicyTest extends TestCase
+public class PolicyTest extends MockObjectTestCase
 {
     public void testRendersDefaultDecisionWhenEmpty()
     {
         Policy policy = new Policy( new PermitOverridesEffect() );
-        assertEquals( Effects.NOT_APPLICABLE, policy.evaluate( new SimpleAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
+        AuthorizationRequest request = new AuthorizationRequest( new Subject(), new SomePermission(), new LastApplicableEffect() );
+        policy.evaluate( request );
+
+        assertEquals( Effects.NOT_APPLICABLE, request.outcome() );
     }
 
     public void testCombinesResultOfContainedRulesEvaluation()
     {
         Policy policy = new Policy( new PermitOverridesEffect() );
-        policy.addRule( new PrimitiveRule( Effects.DENY ) );
         policy.addRule( new PrimitiveRule( Effects.GRANT ) );
+        policy.addRule( new PrimitiveRule( Effects.DENY ) );
+
+        AuthorizationRequest request = new AuthorizationRequest( new Subject(), new SomePermission(), new LastApplicableEffect() );
+        policy.evaluate( request );
 
-        assertEquals( Effects.GRANT, policy.evaluate( new SimpleAuthorizationRequest( new Subject(), new SomePermission() ) ).reduce() );
+        assertEquals( Effects.GRANT, request.outcome() );
     }
 }

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/DenyOverridesEffectTest.java Wed Feb 23 09:14:19 2005
@@ -16,10 +16,10 @@
  */
 package org.apache.authx.authorization.effect;
 
+import junit.framework.TestCase;
 import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
 
-public class DenyOverridesEffectTest extends MockObjectTestCase
+public class DenyOverridesEffectTest extends TestCase
 {
     public void testDefaultsToNotApplicable()
     {

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/FirstApplicableEffectTest.java Wed Feb 23 09:14:19 2005
@@ -17,9 +17,9 @@
 package org.apache.authx.authorization.effect;
 
 import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
+import junit.framework.TestCase;
 
-public class FirstApplicableEffectTest extends MockObjectTestCase
+public class FirstApplicableEffectTest extends TestCase
 {
     public void testDefaultsToNotApplicable()
     {

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/LastApplicableEffectTest.java Wed Feb 23 09:14:19 2005
@@ -16,10 +16,10 @@
  */
 package org.apache.authx.authorization.effect;
 
+import junit.framework.TestCase;
 import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
 
-public class LastApplicableEffectTest extends MockObjectTestCase
+public class LastApplicableEffectTest extends TestCase
 {
     public void testDefaultsToNotApplicable()
     {

Modified: incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java (original)
+++ incubator/directory/authx/trunk/impl/src/test/org/apache/authx/authorization/effect/PermitOverridesEffectTest.java Wed Feb 23 09:14:19 2005
@@ -16,10 +16,10 @@
  */
 package org.apache.authx.authorization.effect;
 
+import junit.framework.TestCase;
 import org.apache.authx.authorization.Effect;
-import org.jmock.MockObjectTestCase;
 
-public class PermitOverridesEffectTest extends MockObjectTestCase
+public class PermitOverridesEffectTest extends TestCase
 {
     public void testDefaultsToNotApplicable()
     {

Modified: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java (original)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/Dom4JRuleSetBuilder.java Wed Feb 23 09:14:19 2005
@@ -19,15 +19,15 @@
 import org.apache.authx.authorization.Rule;
 import org.apache.authx.authorization.RuleSet;
 import org.apache.authx.script.RuleSetBuilder;
-import org.apache.authx.script.xml.builder.AndPredicateBuilder;
+import org.apache.authx.script.xml.builder.AndConditionBuilder;
 import org.apache.authx.script.xml.builder.DenyRuleBuilder;
-import org.apache.authx.script.xml.builder.FalsePredicateBuilder;
+import org.apache.authx.script.xml.builder.FalseConditionBuilder;
 import org.apache.authx.script.xml.builder.GrantRuleBuilder;
-import org.apache.authx.script.xml.builder.HasGroupPredicateBuilder;
-import org.apache.authx.script.xml.builder.HasRolePredicateBuilder;
-import org.apache.authx.script.xml.builder.HasUsernamePredicateBuilder;
-import org.apache.authx.script.xml.builder.OrPredicateBuilder;
-import org.apache.authx.script.xml.builder.TruePredicateBuilder;
+import org.apache.authx.script.xml.builder.HasGroupConditionBuilder;
+import org.apache.authx.script.xml.builder.HasRoleConditionBuilder;
+import org.apache.authx.script.xml.builder.HasUsernameConditionBuilder;
+import org.apache.authx.script.xml.builder.OrConditionBuilder;
+import org.apache.authx.script.xml.builder.TrueConditionBuilder;
 import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
@@ -91,15 +91,15 @@
     {
         m_buildingContext.registerBuilder( new GrantRuleBuilder() );
         m_buildingContext.registerBuilder( new DenyRuleBuilder() );
-        m_buildingContext.registerBuilder( new AndPredicateBuilder( "subject" ) );
-        m_buildingContext.registerBuilder( new TruePredicateBuilder() );
-        m_buildingContext.registerBuilder( new FalsePredicateBuilder() );
-        m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );
-        m_buildingContext.registerBuilder( new HasUsernamePredicateBuilder() );
-        m_buildingContext.registerBuilder( new HasGroupPredicateBuilder() );
-        m_buildingContext.registerBuilder( new HasRolePredicateBuilder() );
-        m_buildingContext.registerBuilder( new AndPredicateBuilder() );
-        m_buildingContext.registerBuilder( new OrPredicateBuilder() );
+        m_buildingContext.registerBuilder( new AndConditionBuilder( "subject" ) );
+        m_buildingContext.registerBuilder( new TrueConditionBuilder() );
+        m_buildingContext.registerBuilder( new FalseConditionBuilder() );
+        m_buildingContext.registerBuilder( new HasUsernameConditionBuilder() );
+        m_buildingContext.registerBuilder( new HasUsernameConditionBuilder() );
+        m_buildingContext.registerBuilder( new HasGroupConditionBuilder() );
+        m_buildingContext.registerBuilder( new HasRoleConditionBuilder() );
+        m_buildingContext.registerBuilder( new AndConditionBuilder() );
+        m_buildingContext.registerBuilder( new OrConditionBuilder() );
     }
 }
 

Modified: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java?view=diff&r1=155028&r2=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java (original)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AbstractRuleBuilder.java Wed Feb 23 09:14:19 2005
@@ -18,7 +18,7 @@
 
 import org.apache.authx.authorization.DefaultRule;
 import org.apache.authx.authorization.Effect;
-import org.apache.authx.authorization.Predicate;
+import org.apache.authx.authorization.Condition;
 import org.dom4j.Element;
 
 import java.util.Iterator;
@@ -48,9 +48,9 @@
         return rule;
     }
 
-    private Predicate predicate( Element e )
+    private Condition predicate( Element e )
     {
-        return ( Predicate ) getParent().buildFrom( e );
+        return ( Condition ) getParent().buildFrom( e );
     }
 
     private void setPermissionPredicate( DefaultRule rule, Element element )

Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,45 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.Condition;
+import org.apache.authx.authorization.condition.AndCondition;
+import org.apache.authx.authorization.condition.Predicates;
+
+public class AndConditionBuilder
+        extends LogicalConditionBuilder
+{
+    public AndConditionBuilder()
+    {
+        this( "and" );
+    }
+
+    public AndConditionBuilder( String elementName )
+    {
+        super( elementName );
+    }
+
+    protected Condition getSeed()
+    {
+        return Predicates.TRUE;
+    }
+
+    public Condition compute( Condition left, Condition right )
+    {
+        return new AndCondition( left, right );
+    }
+}

Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/AndConditionBuilder.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,45 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authorization.condition.Predicates;
+import org.dom4j.Element;
+
+public class FalseConditionBuilder extends AbstractElementBuilder
+{
+    private final String m_elementName;
+
+    public FalseConditionBuilder()
+    {
+        this( "none" );
+    }
+
+    public FalseConditionBuilder( String elementName )
+    {
+        m_elementName = elementName;
+    }
+
+    public boolean canBuild( Element e )
+    {
+        return m_elementName.equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        return Predicates.FALSE;
+    }
+}

Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/FalseConditionBuilder.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authentication.attribute.GroupPrincipal;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.dom4j.Element;
+
+public class HasGroupConditionBuilder extends AbstractElementBuilder
+{
+    private final String m_elementName;
+
+    public HasGroupConditionBuilder()
+    {
+        this( "group" );
+    }
+
+    public HasGroupConditionBuilder( String elementName )
+    {
+        m_elementName = elementName;
+    }
+
+    public boolean canBuild( Element e )
+    {
+        return m_elementName.equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        return new HasPrincipalCondition( new GroupPrincipal( e.getTextTrim() ) );
+    }
+}

Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasGroupConditionBuilder.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authentication.attribute.RolePrincipal;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.dom4j.Element;
+
+public class HasRoleConditionBuilder extends AbstractElementBuilder
+{
+    private final String m_elementName;
+
+    public HasRoleConditionBuilder()
+    {
+        this( "role" );
+    }
+
+    public HasRoleConditionBuilder( String elementName )
+    {
+        m_elementName = elementName;
+    }
+
+    public boolean canBuild( Element e )
+    {
+        return m_elementName.equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        return new HasPrincipalCondition( new RolePrincipal( e.getTextTrim() ) );
+    }
+}

Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasRoleConditionBuilder.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java?view=auto&rev=155029
==============================================================================
--- incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java (added)
+++ incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java Wed Feb 23 09:14:19 2005
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.authx.script.xml.builder;
+
+import org.apache.authx.authentication.realm.UsernamePrincipal;
+import org.apache.authx.authorization.condition.HasPrincipalCondition;
+import org.dom4j.Element;
+
+public class HasUsernameConditionBuilder extends AbstractElementBuilder
+{
+    private final String m_elementName;
+
+    public HasUsernameConditionBuilder()
+    {
+        this( "username" );
+    }
+
+    public HasUsernameConditionBuilder( String elementName )
+    {
+        m_elementName = elementName;
+    }
+
+    public boolean canBuild( Element e )
+    {
+        return m_elementName.equals( e.getName() );
+    }
+
+    public Object buildFrom( Element e )
+    {
+        return new HasPrincipalCondition( new UsernamePrincipal( e.getTextTrim() ) );
+    }
+}

Propchange: incubator/directory/authx/trunk/script/src/java/org/apache/authx/script/xml/builder/HasUsernameConditionBuilder.java
------------------------------------------------------------------------------
    svn:executable = *



Mime
View raw message