directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbenn...@apache.org
Subject svn commit: r486187 [36/49] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/ admin-api/src/main/ admin-api/src/main/java/ admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/ admin-api/src/main/java/org/safehaus/triplesec/ a...
Date Tue, 12 Dec 2006 15:24:14 GMT
Added: directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java (added)
+++ directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,630 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.guardian.demo;
+
+
+import java.awt.BorderLayout;
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+
+import javax.security.auth.login.LoginException;
+import javax.swing.JPanel;
+import javax.swing.JFrame;
+import javax.swing.JMenuBar;
+import javax.swing.JMenu;
+import javax.swing.JMenuItem;
+import javax.swing.JScrollPane;
+import javax.swing.JTextPane;
+
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
+import org.safehaus.triplesec.guardian.ChangeType;
+import org.safehaus.triplesec.guardian.Permission;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+
+
+public class DemoFrame extends JFrame
+{
+    private static final long serialVersionUID = 1L;
+    private static final String CONNECTION_URL_KEY = "connectionUrl";
+    private static final String CREDENTIALS_KEY = "applicationCredentials";
+    private static final String PRINCIPALDN_KEY = "applicationPrincipalDn";
+    private static final String DRIVER_KEY = "driver";
+    private static final String REALM_KEY = "realm";
+
+    private JPanel jContentPane = null;
+    private JScrollPane scrollPane = null;
+    private JMenuBar jJMenuBar = null;
+    private JMenu fileMenu = null;
+    private JMenuItem closeMenuItem = null;
+    private JMenuItem switchUserMenuItem = null;
+    private JMenu operationsMenu = null;
+    private JMenuItem bendMenuItem = null;
+    private JMenuItem foldMenuItem = null;
+    private JMenuItem mutilateMenuItem = null;
+    private JMenuItem spindleMenuItem = null;
+    private JMenuItem twistMenuItem = null;
+    private JTextPane jTextPane = null;
+
+    static ApplicationPolicy policy = null;
+    static String driver = "org.safehaus.triplesec.guardian.ldap.LdapConnectionDriver";
+    static String connectionUrl = "ldap://localhost:10389/dc=example,dc=com";
+    static String applicationPrincipalDn = "appname=demo,ou=Applications,dc=example,dc=com";
+    static String applicationCredentials = "secret";
+    static String realm = "example.com";
+    static Profile currentProfile = null;
+
+
+    /**
+     * This method initializes jPanel	
+     * 	
+     * @return javax.swing.JPanel	
+     */
+    private JScrollPane getScrollPane()
+    {
+        if ( scrollPane == null )
+        {
+            scrollPane = new JScrollPane();
+            scrollPane.setViewportView( getJTextPane() );
+        }
+        return scrollPane;
+    }
+
+
+    /**
+     * This method initializes jJMenuBar	
+     * 	
+     * @return javax.swing.JMenuBar	
+     */
+    private JMenuBar getJJMenuBar()
+    {
+        if ( jJMenuBar == null )
+        {
+            jJMenuBar = new JMenuBar();
+            jJMenuBar.add( getFileMenu() );
+            jJMenuBar.add( getOperationsMenu() );
+        }
+        return jJMenuBar;
+    }
+
+
+    /**
+     * This method initializes jMenu	
+     * 	
+     * @return javax.swing.JMenu	
+     */
+    private JMenu getFileMenu()
+    {
+        if ( fileMenu == null )
+        {
+            fileMenu = new JMenu();
+            fileMenu.setText( "File" );
+            fileMenu.add( getCloseMenuItem() );
+            fileMenu.add( getSwitchUserMenuItem() );
+        }
+        return fileMenu;
+    }
+
+
+    /**
+     * This method initializes jMenuItem    
+     *  
+     * @return javax.swing.JMenuItem    
+     */
+    private JMenuItem getCloseMenuItem()
+    {
+        if ( closeMenuItem == null )
+        {
+            closeMenuItem = new JMenuItem();
+            closeMenuItem.setText( "close" );
+            closeMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(close)" );
+                    DemoFrame.this.setVisible( false );
+                    DemoFrame.this.dispose();
+                    System.exit( 0 );
+                }
+            } );
+        }
+        return closeMenuItem;
+    }
+
+
+    /**
+     * This method initializes jMenuItem    
+     *  
+     * @return javax.swing.JMenuItem    
+     */
+    private JMenuItem getSwitchUserMenuItem()
+    {
+        if ( switchUserMenuItem == null )
+        {
+            switchUserMenuItem = new JMenuItem();
+            switchUserMenuItem.setText( "switch user" );
+            switchUserMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(switch user)" );
+                    boolean userLoggedIn = login( false );
+
+                    if ( userLoggedIn )
+                    {
+                        resetMenus( currentProfile );
+                    }
+                }
+            } );
+        }
+        return switchUserMenuItem;
+    }
+
+
+    /**
+     * This method initializes jMenu	
+     * 	
+     * @return javax.swing.JMenu	
+     */
+    private JMenu getOperationsMenu()
+    {
+        if ( operationsMenu == null )
+        {
+            operationsMenu = new JMenu();
+            operationsMenu.setText( "Operations" );
+
+            if ( currentProfile.hasPermission( "bend" ) )
+            {
+                System.out.println( "enabling bend" );
+                operationsMenu.add( getBendMenuItem() );
+            }
+
+            if ( currentProfile.hasPermission( "fold" ) )
+            {
+                System.out.println( "enabling fold" );
+                operationsMenu.add( getFoldMenuItem() );
+            }
+
+            if ( currentProfile.hasPermission( "mutilate" ) )
+            {
+                System.out.println( "enabling mutilate" );
+                operationsMenu.add( getMutilateMenuItem() );
+            }
+
+            if ( currentProfile.hasPermission( "spindle" ) )
+            {
+                System.out.println( "enabling spindle" );
+                operationsMenu.add( getSpindleMenuItem() );
+            }
+
+            if ( currentProfile.hasPermission( "twist" ) )
+            {
+                System.out.println( "enabling twist" );
+                operationsMenu.add( getTwistMenuItem() );
+            }
+        }
+        return operationsMenu;
+    }
+
+
+    /**
+     * This method initializes jMenuItem	
+     * 	
+     * @return javax.swing.JMenuItem	
+     */
+    private JMenuItem getBendMenuItem()
+    {
+        if ( bendMenuItem == null )
+        {
+            bendMenuItem = new JMenuItem();
+            bendMenuItem.setText( "bend" );
+            bendMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(bend)" );
+                    String appended = jTextPane.getText() + "\tbend\t==>\t" + new Date() + "\n";
+                    jTextPane.setText( appended );
+                }
+            } );
+        }
+        return bendMenuItem;
+    }
+
+
+    /**
+     * This method initializes jMenuItem	
+     * 	
+     * @return javax.swing.JMenuItem	
+     */
+    private JMenuItem getFoldMenuItem()
+    {
+        if ( foldMenuItem == null )
+        {
+            foldMenuItem = new JMenuItem();
+            foldMenuItem.setText( "fold" );
+            foldMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(fold)" );
+                    String appended = jTextPane.getText() + "\tfold\t==>\t" + new Date() + "\n";
+                    jTextPane.setText( appended );
+                }
+            } );
+        }
+        return foldMenuItem;
+    }
+
+
+    /**
+     * This method initializes jMenuItem	
+     * 	
+     * @return javax.swing.JMenuItem	
+     */
+    private JMenuItem getMutilateMenuItem()
+    {
+        if ( mutilateMenuItem == null )
+        {
+            mutilateMenuItem = new JMenuItem();
+            mutilateMenuItem.setText( "mutilate" );
+            mutilateMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(mutilate)" );
+                    String appended = jTextPane.getText() + "\tmutilate\t==>\t" + new Date() + "\n";
+                    jTextPane.setText( appended );
+                }
+            } );
+        }
+        return mutilateMenuItem;
+    }
+
+
+    /**
+     * This method initializes jMenuItem	
+     * 	
+     * @return javax.swing.JMenuItem	
+     */
+    private JMenuItem getSpindleMenuItem()
+    {
+        if ( spindleMenuItem == null )
+        {
+            spindleMenuItem = new JMenuItem();
+            spindleMenuItem.setText( "spindle" );
+            spindleMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(spindle)" );
+                    String appended = jTextPane.getText() + "\tspindle\t==>\t" + new Date() + "\n";
+                    jTextPane.setText( appended );
+                }
+            } );
+        }
+        return spindleMenuItem;
+    }
+
+
+    /**
+     * This method initializes jMenuItem	
+     * 	
+     * @return javax.swing.JMenuItem	
+     */
+    private JMenuItem getTwistMenuItem()
+    {
+        if ( twistMenuItem == null )
+        {
+            twistMenuItem = new JMenuItem();
+            twistMenuItem.setText( "twist" );
+            twistMenuItem.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed(twist)" );
+                    String appended = jTextPane.getText() + "\ttwist\t==>\t" + new Date() + "\n";
+                    jTextPane.setText( appended );
+                }
+            } );
+        }
+        return twistMenuItem;
+    }
+
+
+    /**
+     * This method initializes jTextPane	
+     * 	
+     * @return javax.swing.JTextPane	
+     */
+    private JTextPane getJTextPane()
+    {
+        if ( jTextPane == null )
+        {
+            jTextPane = new JTextPane();
+            jTextPane.setText( "\n\nOperations Performed:\n\n" );
+            jTextPane.setEditable( false );
+        }
+        return jTextPane;
+    }
+
+
+    public static void main( String[] args ) throws Exception
+    {
+        // find the properties file or use defaults
+        Properties properties = new Properties();
+        if ( args.length > 0 )
+        {
+            File configurationFile = new File( args[0] );
+            if ( configurationFile.exists() )
+            {
+                properties.load( new FileInputStream( configurationFile ) );
+                extractConnectionParameters( properties );
+            }
+            else
+            {
+                System.err.println( "no such file: " + configurationFile );
+                printUsage();
+                System.exit( 1 );
+            }
+        }
+        else if ( System.getProperty( "config.properties" ) != null )
+        {
+            File configurationFile = new File( args[0] );
+            if ( configurationFile.exists() )
+            {
+                properties.load( new FileInputStream( configurationFile ) );
+                extractConnectionParameters( properties );
+            }
+            else
+            {
+                System.err.println( "no such file: " + configurationFile );
+                printUsage();
+                System.exit( 1 );
+            }
+        }
+    
+        // initialize the driver and load the application's base policy from the store
+        Properties driverProps = new Properties();
+        driverProps.setProperty( "applicationPrincipalDN", applicationPrincipalDn );
+        driverProps.setProperty( "applicationCredentials", applicationCredentials );
+        Class.forName( driver );
+        policy = ApplicationPolicyFactory.newInstance( connectionUrl, driverProps );
+        login( true );
+        DemoFrame demoFrame = new DemoFrame();
+        demoFrame.setVisible( true );
+    }
+
+
+    static boolean login( boolean doExit )
+    {
+        List profileIdList = new ArrayList();
+        for ( Iterator ii = policy.getProfileIdIterator(); ii.hasNext(); /**/ )
+        {
+            profileIdList.add( ii.next() );
+        }
+        String[] profileStrings = new String[profileIdList.size()];
+        profileStrings = ( String[] ) profileIdList.toArray( profileStrings );
+        LoginDialog loginDialog = new LoginDialog( profileStrings );
+        loginDialog.setVisible( true );
+        if ( loginDialog.isLoginSelected() )
+        {
+            String password = loginDialog.getPassword();
+            String profileId = loginDialog.getSelectedProfile();
+            String passcode = loginDialog.getPasscode();
+    
+            System.out.println( "password = " + password );
+            System.out.println( "passcode = " + password );
+            System.out.println( "profile = " + profileId );
+    
+            boolean isSuccessful = false;
+            try
+            {
+                LoginCommand command = new LoginCommand( profileId, password, realm, passcode, policy );
+                isSuccessful = command.execute();
+            }
+            catch ( LoginException e )
+            {
+                e.printStackTrace();
+            }
+            
+            if ( !isSuccessful )
+            {
+                System.out.println( "Authentication failed for user profile: " + profileId );
+                loginDialog.dispose();
+                if ( doExit )
+                {
+                    System.exit( 1 );
+                }
+                return false;
+            }
+            else
+            {
+                loginDialog.dispose();
+                currentProfile = policy.getProfile( profileId );
+                System.out.println( "got profile: " + currentProfile );
+                return true;
+            }
+        }
+        return false;
+    }
+
+
+    private static void extractConnectionParameters( Properties p ) throws Exception
+    {
+        if ( p.containsKey( CONNECTION_URL_KEY ) && p.getProperty( CONNECTION_URL_KEY ) != null )
+        {
+            connectionUrl = p.getProperty( CONNECTION_URL_KEY );
+        }
+
+        if ( p.containsKey( REALM_KEY ) && p.getProperty( REALM_KEY ) != null )
+        {
+            realm = p.getProperty( REALM_KEY );
+        }
+
+        if ( p.containsKey( CREDENTIALS_KEY ) && p.getProperty( CREDENTIALS_KEY ) != null )
+        {
+            applicationCredentials = p.getProperty( CREDENTIALS_KEY );
+        }
+
+        if ( p.containsKey( DRIVER_KEY ) && p.getProperty( DRIVER_KEY ) != null )
+        {
+            driver = p.getProperty( DRIVER_KEY );
+        }
+
+        if ( p.containsKey( PRINCIPALDN_KEY ) && p.getProperty( PRINCIPALDN_KEY ) != null )
+        {
+            applicationPrincipalDn = p.getProperty( PRINCIPALDN_KEY );
+        }
+    }
+
+
+    private static void printUsage()
+    {
+        System.out.println( "Usage: java -jar guardian-demo-${version} path-to-config-properties or\n" );
+        System.out.println( "       java -Dconfig.properties=path-to-config-properties -jar guardian-demo-${version}" );
+    }
+
+
+    /**
+     * This is the default constructor
+     */
+    public DemoFrame()
+    {
+        super();
+        initialize();
+        policy.addPolicyListener( new DemoListener() );
+    }
+
+
+    private void resetMenus( Profile currentProfile )
+    {
+        setTitle( "Triplesec Guardian Demo - " + currentProfile.getProfileId() );
+        operationsMenu.removeAll();
+        if ( currentProfile.hasPermission( "bend" ) )
+        {
+            System.out.println( "enabling bend" );
+            operationsMenu.add( getBendMenuItem() );
+        }
+
+        if ( currentProfile.hasPermission( "fold" ) )
+        {
+            System.out.println( "enabling fold" );
+            operationsMenu.add( getFoldMenuItem() );
+        }
+
+        if ( currentProfile.hasPermission( "mutilate" ) )
+        {
+            System.out.println( "enabling mutilate" );
+            operationsMenu.add( getMutilateMenuItem() );
+        }
+
+        if ( currentProfile.hasPermission( "spindle" ) )
+        {
+            System.out.println( "enabling spindle" );
+            operationsMenu.add( getSpindleMenuItem() );
+        }
+
+        if ( currentProfile.hasPermission( "twist" ) )
+        {
+            System.out.println( "enabling twist" );
+            operationsMenu.add( getTwistMenuItem() );
+        }
+
+        repaint();
+    }
+    
+
+    class DemoListener implements PolicyChangeListener
+    {
+        public void roleChanged( ApplicationPolicy policy, Role role, ChangeType changeType )
+        {
+            System.out.println( "role changed: " + role );
+
+            if ( currentProfile.isInRole( role.getName() ) )
+            {
+                currentProfile = policy.getProfile( currentProfile.getProfileId() );
+                resetMenus( currentProfile );
+            }
+        }
+        
+        public void profileChanged( ApplicationPolicy policy, Profile profile, ChangeType changeType )
+        {
+            if ( currentProfile.equals( profile ) )
+            {
+                resetMenus( profile );
+            }
+        }
+
+        public void roleRenamed( ApplicationPolicy policy, Role role, String oldName ) {}
+        public void permissionChanged( ApplicationPolicy policy, Permission permission, ChangeType changeType ) {}
+        public void permissionRenamed( ApplicationPolicy policy, Permission permission, String oldName ){}
+        public void profileRenamed( ApplicationPolicy policy, Profile profile, String oldName ){}
+    }
+
+
+    /**
+     * This method initializes this
+     * 
+     * @return void
+     */
+    private void initialize()
+    {
+        this.setSize( 674, 384 );
+        this.setJMenuBar( getJJMenuBar() );
+        this.setContentPane( getJContentPane() );
+        this.setTitle( "Triplesec Guardian Demo - " + currentProfile.getProfileId() );
+        this.addWindowListener( new java.awt.event.WindowAdapter()
+        {
+            public void windowClosing( java.awt.event.WindowEvent e )
+            {
+                System.out.println( "windowClosing()" ); 
+                DemoFrame.this.setVisible( false );
+                DemoFrame.this.dispose();
+                System.exit( 0 );
+            }
+        } );
+    }
+
+
+    /**
+     * This method initializes jContentPane
+     * 
+     * @return javax.swing.JPanel
+     */
+    private JPanel getJContentPane()
+    {
+        if ( jContentPane == null )
+        {
+            jContentPane = new JPanel();
+            jContentPane.setLayout( new BorderLayout() );
+            jContentPane.add( getScrollPane(), java.awt.BorderLayout.CENTER );
+        }
+        return jContentPane;
+    }
+
+} //  @jve:decl-index=0:visual-constraint="10,10"

Added: directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginCommand.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginCommand.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginCommand.java (added)
+++ directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginCommand.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,147 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.guardian.demo;
+
+
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.callback.*;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.jaas.PasscodeCallback;
+import org.safehaus.triplesec.jaas.PolicyCallback;
+import org.safehaus.triplesec.jaas.RealmCallback;
+import org.safehaus.triplesec.jaas.SafehausLoginModule;
+import org.safehaus.triplesec.jaas.SafehausPrincipal;
+
+
+/**
+ * Simple login command used by the demo application.
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @version $Rev$
+ */
+public class LoginCommand
+{
+    /** the user id of the principal minus realm info */
+    private final String userId;
+    /** the realm the user is authenticating into */
+    private final String realm;
+    /** the value of the hotp */
+    private final String passcode;
+    /** the static password for the user */
+    private final String password;
+    /** the triplesec guardian policy for this application */
+    private final ApplicationPolicy policy;
+
+    /** the safehaus principal resulting from authentication */
+    private SafehausPrincipal principal;
+
+    
+    /**
+     * Creates a single use login command that can later be executed.
+     *
+     * @param userId the user id of the principal minus realm info
+     * @param realm the realm the user is authenticating into
+     * @param passcode the value of the hotp
+     */
+    public LoginCommand( String userId, String password, String realm, String passcode, ApplicationPolicy policy )
+    {
+        this.userId = userId;
+        this.realm = realm;
+        this.passcode = passcode;
+        this.password = password;
+        this.policy = policy;
+    }
+
+
+    /**
+     * Logs the user into the system.  Exceptions will contain optional information used to determine
+     * if a resync is in effect or if the account is locked out.
+     *
+     * @return true if we can authenticate the user, false otherwise
+     */
+    public boolean execute() throws LoginException
+    {
+        LoginModule module = new SafehausLoginModule();
+        Subject subject = new Subject();
+        Map options = new HashMap();
+        options.put( SafehausLoginModule.ALLOW_ADMIN, "true" );
+        module.initialize( subject, new LoginHandler(), new HashMap(), options );
+        boolean result = module.login();
+        result &= module.commit();
+        Object[] principals = subject.getPrincipals().toArray();
+        if ( principals.length > 0 )
+        {
+            principal = ( SafehausPrincipal ) principals[0];
+        }
+        return result;
+    }
+
+    
+    public SafehausPrincipal getSafehausPrincipal()
+    {
+        return principal;
+    }
+    
+
+    /**
+     * Simple handler implementation for this Demo.
+     */
+    class LoginHandler implements CallbackHandler
+    {
+        public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException
+        {
+            for ( int ii = 0; ii < callbacks.length; ii++ )
+            {
+                if ( callbacks[ii] instanceof NameCallback )
+                {
+                    NameCallback ncb = ( NameCallback ) callbacks[ii];
+                    ncb.setName( userId );
+                }
+                else if ( callbacks[ii] instanceof PasswordCallback )
+                {
+                    PasswordCallback pcb = ( PasswordCallback ) callbacks[ii];
+                    pcb.setPassword( password.toCharArray() );
+                }
+                else if ( callbacks[ii] instanceof RealmCallback )
+                {
+                    RealmCallback rcb = ( RealmCallback ) callbacks[ii];
+                    rcb.setRealm( realm );
+                }
+                else if ( callbacks[ii] instanceof PolicyCallback )
+                {
+                    PolicyCallback pcb = ( PolicyCallback ) callbacks[ii];
+                    pcb.setPolicy( policy );
+                }
+                else if ( callbacks[ii] instanceof PasscodeCallback )
+                {
+                    PasscodeCallback pcb = ( PasscodeCallback ) callbacks[ii];
+                    pcb.setPasscode( passcode );
+                }
+            }
+        }
+    }
+}

Added: directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginDialog.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginDialog.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginDialog.java (added)
+++ directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/LoginDialog.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,365 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.guardian.demo;
+
+
+import java.awt.BorderLayout;
+
+import javax.swing.JPanel;
+import javax.swing.JDialog;
+import javax.swing.JComboBox;
+import javax.swing.JPasswordField;
+import javax.swing.JButton;
+import java.awt.GridBagLayout;
+import java.awt.GridBagConstraints;
+import javax.swing.BoxLayout;
+import java.awt.FlowLayout;
+
+import javax.swing.JLabel;
+
+
+public class LoginDialog extends JDialog
+{
+    private static final long serialVersionUID = 1L;
+    private JPanel jContentPane = null;
+    private JPanel jPanel1 = null;
+    private JButton jButton = null;
+    private JButton jButton1 = null;
+    private JPanel jPanel = null;
+    private JPanel jPanel2 = null;
+    private String[] profiles = null;
+    private boolean loginSelected = false;
+    private JLabel jLabel = null;
+    private JComboBox profilesComboBox = null;
+    private JLabel jLabel1 = null;
+    private JPasswordField passwordField = null;
+    private JLabel jLabel2 = null;
+    private JPasswordField passcodeField = null;
+    
+    
+    public String[] getProfileIds()
+    {
+        return profiles;
+    }
+    
+    
+    /**
+     * This method initializes jPanel1	
+     * 	
+     * @return javax.swing.JPanel	
+     */
+    private JPanel getJPanel1()
+    {
+        if ( jPanel1 == null )
+        {
+            FlowLayout flowLayout = new FlowLayout();
+            flowLayout.setAlignment(java.awt.FlowLayout.CENTER);
+            jPanel1 = new JPanel();
+            jPanel1.setLayout(flowLayout);
+            jPanel1.add(getJButton(), null);
+            jPanel1.add(getJButton1(), null);
+        }
+        return jPanel1;
+    }
+
+
+    /**
+     * This method initializes jButton	
+     * 	
+     * @return javax.swing.JButton	
+     */
+    private JButton getJButton()
+    {
+        if ( jButton == null )
+        {
+            jButton = new JButton();
+            jButton.setText("Login");
+            jButton.setFocusable( true );
+            jButton.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    System.out.println( "actionPerformed()" ); 
+                    if ( passwordField.getPassword() != null && passwordField.getPassword().length > 0 )
+                    {
+                        loginSelected = true;
+                        LoginDialog.this.setVisible( false );
+                    }
+                }
+            } );
+        }
+        return jButton;
+    }
+
+
+    /**
+     * This method initializes jButton1	
+     * 	
+     * @return javax.swing.JButton	
+     */
+    private JButton getJButton1()
+    {
+        if ( jButton1 == null )
+        {
+            jButton1 = new JButton();
+            jButton1.setText("Cancel");
+            jButton1.addActionListener( new java.awt.event.ActionListener()
+            {
+                public void actionPerformed( java.awt.event.ActionEvent e )
+                {
+                    setLoginSelected( false );
+                    passwordField.setText( null );
+                    passcodeField.setText( null );
+                    LoginDialog.this.setVisible( false );
+                }
+            } );
+        }
+        return jButton1;
+    }
+
+
+    /**
+     * This method initializes jPanel	
+     * 	
+     * @return javax.swing.JPanel	
+     */
+    private JPanel getJPanel()
+    {
+        if ( jPanel == null )
+        {
+            GridBagConstraints gridBagConstraints4 = new GridBagConstraints();
+            gridBagConstraints4.fill = java.awt.GridBagConstraints.HORIZONTAL;
+            gridBagConstraints4.gridy = 2;
+            gridBagConstraints4.weightx = 1.0;
+            gridBagConstraints4.insets = new java.awt.Insets(0,0,0,5);
+            gridBagConstraints4.gridx = 1;
+            GridBagConstraints gridBagConstraints31 = new GridBagConstraints();
+            gridBagConstraints31.gridx = 0;
+            gridBagConstraints31.insets = new java.awt.Insets(0,0,0,5);
+            gridBagConstraints31.fill = java.awt.GridBagConstraints.HORIZONTAL;
+            gridBagConstraints31.gridy = 2;
+            jLabel2 = new JLabel();
+            jLabel2.setText("Passcode:");
+            jLabel2.setHorizontalAlignment(javax.swing.SwingConstants.RIGHT);
+            GridBagConstraints gridBagConstraints3 = new GridBagConstraints();
+            gridBagConstraints3.fill = java.awt.GridBagConstraints.HORIZONTAL;
+            gridBagConstraints3.gridy = 1;
+            gridBagConstraints3.weightx = 1.0;
+            gridBagConstraints3.insets = new java.awt.Insets(0,0,5,5);
+            gridBagConstraints3.gridx = 1;
+            GridBagConstraints gridBagConstraints = new GridBagConstraints();
+            gridBagConstraints.gridx = 0;
+            gridBagConstraints.insets = new java.awt.Insets(0,5,5,5);
+            gridBagConstraints.fill = java.awt.GridBagConstraints.HORIZONTAL;
+            gridBagConstraints.gridy = 1;
+            jLabel1 = new JLabel();
+            jLabel1.setText("Password:");
+            jLabel1.setHorizontalAlignment(javax.swing.SwingConstants.RIGHT);
+            GridBagConstraints gridBagConstraints2 = new GridBagConstraints();
+            gridBagConstraints2.fill = java.awt.GridBagConstraints.HORIZONTAL;
+            gridBagConstraints2.gridy = 0;
+            gridBagConstraints2.weightx = 1.0;
+            gridBagConstraints2.insets = new java.awt.Insets(0,0,5,5);
+            gridBagConstraints2.gridx = 1;
+            GridBagConstraints gridBagConstraints1 = new GridBagConstraints();
+            gridBagConstraints1.gridx = 0;
+            gridBagConstraints1.fill = java.awt.GridBagConstraints.HORIZONTAL;
+            gridBagConstraints1.insets = new java.awt.Insets(0,5,5,5);
+            gridBagConstraints1.gridy = 0;
+            jLabel = new JLabel();
+            jLabel.setText("Login Profile:");
+            jLabel.setHorizontalAlignment(javax.swing.SwingConstants.RIGHT);
+            jPanel = new JPanel();
+            jPanel.setLayout(new GridBagLayout());
+            jPanel.setPreferredSize(new java.awt.Dimension(40,25));
+            jPanel.add(jLabel, gridBagConstraints1);
+            jPanel.add(getProfilesComboBox(), gridBagConstraints2);
+            jPanel.add(jLabel1, gridBagConstraints);
+            jPanel.add(getPasswordField(), gridBagConstraints3);
+            jPanel.add(jLabel2, gridBagConstraints31);
+            jPanel.add(getPasscodeField(), gridBagConstraints4);
+        }
+        return jPanel;
+    }
+
+
+    /**
+     * This method initializes jPanel2	
+     * 	
+     * @return javax.swing.JPanel	
+     */
+    private JPanel getJPanel2()
+    {
+        if ( jPanel2 == null )
+        {
+            jPanel2 = new JPanel();
+            jPanel2.setLayout(new BoxLayout(getJPanel2(), BoxLayout.Y_AXIS));
+        }
+        return jPanel2;
+    }
+
+
+    /**
+     * This is the default constructor
+     */
+    public LoginDialog()
+    {
+        super();
+        initialize();
+        setModal( true );
+    }
+
+
+    /**
+     * This is the default constructor
+     */
+    public LoginDialog( String[] profiles )
+    {
+        super();
+        this.profiles = profiles;
+        initialize();
+        setModal( true );
+    }
+
+
+    /**
+     * This method initializes this
+     * 
+     * @return void
+     */
+    private void initialize()
+    {
+        this.setSize(292, 188);
+        this.setTitle("Login");
+        this.setContentPane( getJContentPane() );
+        this.addWindowListener( new java.awt.event.WindowAdapter()
+        {
+            public void windowClosing( java.awt.event.WindowEvent e )
+            {
+                System.out.println( "windowClosing()" ); 
+                LoginDialog.this.setVisible( false );
+                LoginDialog.this.dispose();
+            }
+        } );
+    }
+
+
+    /**
+     * This method initializes jContentPane
+     * 
+     * @return javax.swing.JPanel
+     */
+    private JPanel getJContentPane()
+    {
+        if ( jContentPane == null )
+        {
+            jContentPane = new JPanel();
+            jContentPane.setLayout(new BorderLayout());
+            jContentPane.add(getJPanel1(), java.awt.BorderLayout.SOUTH);
+            jContentPane.add(getJPanel(), java.awt.BorderLayout.CENTER);
+            jContentPane.add(getJPanel2(), java.awt.BorderLayout.EAST);
+        }
+        return jContentPane;
+    }
+
+
+    public void setLoginSelected( boolean loginSelected )
+    {
+        this.loginSelected = loginSelected;
+    }
+
+
+    public boolean isLoginSelected()
+    {
+        return loginSelected;
+    }
+
+
+    public String getPassword()
+    {
+        return new String( passwordField.getPassword() );
+    }
+
+
+    public String getPasscode()
+    {
+        return new String( passcodeField.getPassword() );
+    }
+
+
+    public String getSelectedProfile()
+    {
+        return ( String ) profilesComboBox.getSelectedItem();
+    }
+
+
+    /**
+     * This method initializes jComboBox	
+     * 	
+     * @return javax.swing.JComboBox	
+     */
+    private JComboBox getProfilesComboBox()
+    {
+        if ( profilesComboBox == null )
+        {
+            if ( profiles != null )
+            {
+                profilesComboBox = new JComboBox( profiles );
+            }
+            else
+            {
+                profilesComboBox = new JComboBox();
+            }
+            profilesComboBox.setPreferredSize(new java.awt.Dimension(32,19));
+        }
+        return profilesComboBox;
+    }
+
+
+    /**
+     * This method initializes jPasswordField	
+     * 	
+     * @return javax.swing.JPasswordField	
+     */
+    private JPasswordField getPasswordField()
+    {
+        if ( passwordField == null )
+        {
+            passwordField = new JPasswordField();
+        }
+        return passwordField;
+    }
+
+
+    /**
+     * This method initializes jPasswordField	
+     * 	
+     * @return javax.swing.JPasswordField	
+     */
+    private JPasswordField getPasscodeField()
+    {
+        if ( passcodeField == null )
+        {
+            passcodeField = new JPasswordField();
+        }
+        return passcodeField;
+    }
+
+}  //  @jve:decl-index=0:visual-constraint="10,10"

Added: directory/trunks/triplesec/swing-demo/src/test/java/org/safehaus/triplesec/guardian/demo/LaunchDemoFrame.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/test/java/org/safehaus/triplesec/guardian/demo/LaunchDemoFrame.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/test/java/org/safehaus/triplesec/guardian/demo/LaunchDemoFrame.java (added)
+++ directory/trunks/triplesec/swing-demo/src/test/java/org/safehaus/triplesec/guardian/demo/LaunchDemoFrame.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,40 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.guardian.demo;
+
+
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+
+
+public class LaunchDemoFrame extends TriplesecIntegration
+{
+    public LaunchDemoFrame() throws Exception
+    {
+        super();
+    }
+    
+    
+    public void testDemoFrame() throws Exception
+    {
+        DemoFrame.main( new String[]{} );
+        System.out.println( "Press any key to end test ..." );
+        System.in.read();
+    }
+}

Added: directory/trunks/triplesec/swing-demo/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/test/resources/log4j.properties?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/test/resources/log4j.properties (added)
+++ directory/trunks/triplesec/swing-demo/src/test/resources/log4j.properties Tue Dec 12 07:23:31 2006
@@ -0,0 +1,11 @@
+# Set root logger level to DEBUG and its only appender to A1.
+log4j.rootLogger=INFO, A1
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+
+# A1 uses PatternLayout.
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
+
+

Added: directory/trunks/triplesec/swing-demo/src/test/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/test/resources/server.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/test/resources/server.ldif (added)
+++ directory/trunks/triplesec/swing-demo/src/test/resources/server.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,561 @@
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#  
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License. 
+#  
+#
+#
+#   EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+#   http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+#
+
+#
+# This ACI allows brouse access to the root suffix and one level below that to anyone.
+# At this level there is nothing critical exposed.  Everything that matters is one or
+# more levels below this.
+#
+
+dn: cn=browseRootAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { maximum 1 }
+prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } }
+
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+#
+# This ACI allows users to modify a limited set of attributes in their own user
+# entry as well as read, compare those attributes.  The user's entry must be 
+# browseable and the DN must be returnable.
+#
+
+dn: cn=allowSelfModificationsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+#
+# This ACI allows users to access a limited set of attributes in their own user
+# entry as well as compare those attributes.  The user's entry must be browseable 
+# and the DN must be returnable.
+#
+
+dn: cn=allowSelfAccessAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+dn: ou=Groups, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
+
+dn: cn=superUsers, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: superUsers
+uniqueMember: uid=admin, ou=system
+
+dn: cn=userAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: userAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=applicationAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: applicationAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=groupAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: groupAdmin
+uniqueMember: uid=admin, ou=system
+
+#
+# This ACI allows members of the superUsers group to have full modify and read access
+# to the entire realm as does the system administrator principal: uid=admin, ou=system.
+#
+# The only thing these users cannot do is modify the system partition.  They are only
+# restricted to superUser rights within this realm partition
+#
+ 
+dn: cn=superUsersAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { }
+prescriptiveACI: { identificationTag "superUsersAci", precedence 20, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=superUsers,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+#
+# This ACI allows members of the userAdmin group to have full modify and read access
+# to user accounts besides their own.  Hence they can administer users in the system.
+#
+ 
+dn: cn=userAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "userAdminsAci", precedence 16, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=userAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the applicationAdmin group to have full modify and read access
+# to all applications in the realm.  Adding users to this group is like a wild card for 
+# application access.
+#
+ 
+dn: cn=applicationAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=applications" }
+prescriptiveACI: { identificationTag "applicationAdminsAci", precedence 17, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=applicationAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the groupAdmins group to have full modify and read access
+# to all groups in the realm other than the superUsers, userAdmins, groupAdmins, and the 
+# applicationAdmins groups.
+#
+# The rational behind this is to prevent these users from changing their or other
+# users' access rights for the entire system by modifying their membership in these 
+# groups. Making someone a groupAdmin should not open the door to their ability to
+# grant themselves or others system wide administrative abilities.
+#
+# Really the groupAdmins group is intended for users that have the ability to manage 
+# group membership in specific application administration groups and that's all.  
+# These types of admins should not have the right to promote others to system level
+# administrators or complete super users.
+#
+ 
+dn: cn=groupAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=groups", specificExclusions { chopBefore: "cn=userAdmins", chopBefore: "cn=groupAdmins", chopBefore: "cn=applicationAdmins", chopBefore: "cn=superUsers" } }
+prescriptiveACI: { identificationTag "groupAdminsAci", precedence 18, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=groupAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+# ----------------------------------------------------------------------------
+# Required Kerberos Server User
+# ----------------------------------------------------------------------------
+
+dn: uid=krbtgt, ou=Users, dc=example,dc=com
+cn: Kerberos Server
+sn: Server
+givenName: Kerberos
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+ou: Users
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: admin@example.com
+userPassword: secret
+
+# ----------------------------------------------------------------------------
+# Sample Hauskeys Users
+# ----------------------------------------------------------------------------
+
+dn: uid=mplanck, ou=Users, dc=example,dc=com
+cn: Max Planck
+sn: Planck
+givenName: Max
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: extensibleObject
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: mplanck
+krb5PrincipalName: mplanck@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: mplanck@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 666
+apacheSamType: 7
+safehausUid: mplanck
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausInfo: test account
+userPassword: secret
+
+dn: uid=aeinstein, ou=Users, dc=example,dc=com
+cn: Albert Einstein
+sn: Einstein
+givenName: Albert
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: extensibleObject
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: aeinstein
+krb5PrincipalName: aeinstein@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: aeinstein@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 666
+apacheSamType: 7
+safehausUid: aeinstein
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 8745127341
+safehausSecret:: eeeeffffgggghhhh
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausInfo: test account
+userPassword: secret
+
+dn: uid=nbohr, ou=Users, dc=example,dc=com
+cn: Neils Bohr
+sn: Bohr
+givenName: Neils
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: extensibleObject
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: nbohr
+krb5PrincipalName: nbohr@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: nbohr@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 666
+apacheSamType: 7
+safehausUid: nbohr
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 8745127341
+safehausSecret:: iiiijjjjkkkkllll
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausInfo: test account
+userPassword: secret
+
+# ----------------------------------------------------------------------------
+# Sample Local Users (not 2-factor)
+# ----------------------------------------------------------------------------
+
+dn: uid=mborn, ou=Users, dc=example,dc=com
+cn: Max Born
+sn: Born
+givenName: Max
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: mborn
+krb5PrincipalName: mborn@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: mborn@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 667
+safehausUid: mborn
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausInfo: test account
+userPassword: secret
+
+dn: uid=wpauli, ou=Users, dc=example,dc=com
+cn: Wolfgang Pauli
+sn: Pauli
+givenName: Wolfgang
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: wpauli
+krb5PrincipalName: wpauli@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: wpauli@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 667
+safehausUid: wpauli
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausInfo: test account
+userPassword: secret
+
+dn: uid=mcurie, ou=Users, dc=example,dc=com
+cn: Marie Curie
+sn: Curie
+givenName: Marie
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: mcurie
+krb5PrincipalName: mcurie@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: mcurie@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 667
+safehausUid: mcurie
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausInfo: test account
+userPassword: secret
+
+# ----------------------------------------------------------------------------
+# Sample External Users (not 2-factor)
+# ----------------------------------------------------------------------------
+
+dn: uid=pdirac, ou=Users, dc=example,dc=com
+objectClass: top
+objectClass: uidObject
+objectClass: extensibleObject
+objectClass: referral
+uid: pdirac
+ref: ldap://ad.example.com/uid=pdirac, ou=Users, dc=example,dc=com
+
+dn: uid=efermi, ou=Users, dc=example,dc=com
+objectClass: top
+objectClass: uidObject
+objectClass: extensibleObject
+objectClass: referral
+uid: efermi
+ref: ldap://openldap.example.com/uid=efermi, ou=Users, dc=example,dc=com
+
+dn: uid=rfeynman, ou=Users, dc=example,dc=com
+objectClass: top
+objectClass: uidObject
+objectClass: extensibleObject
+objectClass: referral
+uid: rfeynman
+ref: ldap://apacheds.example.com/uid=rfeynman, ou=Users, dc=example,dc=com
+
+# ----------------------------------------------------------------------------
+# Applications
+# ----------------------------------------------------------------------------
+
+dn: ou=Applications,dc=example,dc=com
+objectClass: top
+objectClass: organizationalunit
+ou: applications
+
+dn: appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyApplication
+objectclass: top
+appname: demo
+description: Demo application.
+userpassword:: c2VjcmV0
+
+dn: ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: top
+ou: permissions
+
+dn: permname=bend,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: bend
+
+dn: permname=fold,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: fold
+
+dn: permname=mutilate,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: mutilate
+
+dn: permname=spindle,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: spindle
+
+dn: permname=twist,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: twist
+
+dn: ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: top
+ou: roles
+
+dn: rolename=superuser,ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyRole
+objectclass: top
+grants: bend
+grants: fold
+grants: mutilate
+grants: spindle
+grants: twist
+rolename: superuser
+
+dn: rolename=untrusted,ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyRole
+objectclass: top
+grants: bend
+rolename: untrusted
+
+dn: rolename=trusted,ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyRole
+objectclass: top
+grants: bend
+grants: fold
+grants: mutilate
+rolename: trusted
+
+dn: ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: top
+ou: profiles
+
+dn: profileid=nbohr,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+profileid: nbohr
+roles: trusted
+user: nbohr
+
+dn: profileid=nbohr-superuser,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+denials: fold
+profileid: nbohr-superuser
+roles: superuser
+user: nbohr
+
+dn: profileid=mborn,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+grants: twist
+profileid: mborn
+roles: trusted
+user: mborn
+
+dn: profileid=aeinstein,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+grants: twist
+profileid: aeinstein
+roles: trusted
+user: aeinstein
+
+dn: profileid=mcurie,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+grants: spindle
+profileid: mcurie
+roles: trusted
+user: mcurie
+
+dn: profileid=wpauli,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+profileid: wpauli
+roles: untrusted
+user: wpauli
+
+dn: appName=tsecAdminTool,ou=Applications,dc=example,dc=com
+objectClass: policyApplication
+objectClass: top
+appName: safehausAdminUI
+description: Policy for Safehaus web and swing based administration UIs.
+userPassword: secret
+
+dn: ou=Permissions,appName=tsecAdminTool,ou=Applications,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: Permissions
+
+dn: ou=Roles,appName=tsecAdminTool,ou=Applications,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: Roles
+
+dn: ou=Profiles,appName=tsecAdminTool,ou=Applications,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: Profiles

Added: directory/trunks/triplesec/swing-demo/src/test/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-demo/src/test/resources/server.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-demo/src/test/resources/server.xml (added)
+++ directory/trunks/triplesec/swing-demo/src/test/resources/server.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,250 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+  "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+    <property name="properties">
+      <props>
+        <prop key="java.naming.security.authentication">simple</prop>
+        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+        <prop key="java.naming.security.credentials">secret</prop>
+        <prop key="java.naming.provider.url">dc=example,dc=com</prop>
+        <prop key="java.naming.factory.state">org.safehaus.triplesec.store.ProfileStateFactory</prop>
+        <prop key="java.naming.factory.object">org.safehaus.triplesec.store.ProfileObjectFactory</prop>
+
+        <prop key="kdc.primary.realm">EXAMPLE.COM</prop>
+        <prop key="kdc.principal">krbtgt/EXAMPLE.COM@EXAMPLE.COM</prop>
+        <prop key="kdc.encryption.types">des-cbc-md5 des3-cbc-sha1 des3-cbc-md5 des-cbc-md4 des-cbc-crc</prop>
+        <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
+        <prop key="kdc.java.naming.security.credentials">secret</prop>
+
+        <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
+        <prop key="changepw.java.naming.security.credentials">secret</prop>
+        <prop key="changepw.principal">kadmin/changepw@EXAMPLE.COM</prop>
+
+        <!-- All times are in minutes -->
+        <prop key="kdc.allowable.clockskew">5</prop>
+        <prop key="kdc.tgs.maximum.ticket.lifetime">1440</prop>
+        <prop key="kdc.tgs.maximum.renewable.lifetime">10080</prop>
+        <prop key="kdc.pa.enc.timestamp.required">true</prop>
+        <prop key="kdc.tgs.empty.addresses.allowed">true</prop>
+        <prop key="kdc.tgs.forwardable.allowed">true</prop>
+        <prop key="kdc.tgs.proxiable.allowed">true</prop>
+        <prop key="kdc.tgs.postdate.allowed">true</prop>
+        <prop key="kdc.tgs.renewable.allowed">true</prop>
+
+        <prop key="safehaus.entry.basedn">ou=Users,dc=example,dc=com</prop>
+        <prop key="safehaus.load.testdata">true</prop>
+        <prop key="kerberos.sam.type.7">org.safehaus.triplesec.verifier.hotp.DefaultHotpSamVerifier</prop>
+      </props>
+    </property>
+  </bean>
+
+  <bean id="configuration" class="org.safehaus.triplesec.configuration.MutableTriplesecStartupConfiguration">
+    <property name="workingDirectory"><value>partitions</value></property>
+    <property name="allowAnonymousAccess"><value>false</value></property>
+    <property name="accessControlEnabled"><value>true</value></property>
+    <property name="ldapPort"><value>10389</value></property>
+    <property name="enableKerberos"><value>true</value></property>
+    <property name="enableNtp"><value>false</value></property>
+    <property name="enableChangePassword"><value>true</value></property>
+
+    <!-- Uncomment below to have the server load entries on startup!        -->
+    <!-- ldifDirectory property can point to a relative file, directory or  -->
+    <!-- can point to an absolute path to either using the URL path         -->
+    <!-- notation: i.e. file:///Users/jack/apacheds/ldifs                   -->
+
+    <!-- Entries will optionally be filtered using LdifLoadFilters in the   -->
+    <!-- order specified.  The included Krb5KdcEntryFilter will filter      -->
+    <!-- kerberos principals creating keys for them using their             -->
+    <!-- userPassword attribute if present.                                 -->
+
+    <!-- If missing the Triplesec server will use LDIF files under the conf -->
+    <!-- directory where it has been installed.                             -->
+
+    <!--
+    <property name="ldifDirectory">
+      <value>example.ldif</value>
+    </property>
+    -->
+    <property name="ldifFilters">
+      <list>
+        <bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
+      </list>
+    </property>
+
+    <property name="activationConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.ActivationConfiguration">
+        <property name="enableDecoyMidlet"><value>true</value></property>
+        <property name="otpLength"><value>6</value></property>
+        <property name="midletNameAttribute"><value>midletNameAttribute</value></property>
+      </bean>  
+    </property>    
+    
+    <property name="smsConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.SmsConfiguration">
+        <property name="smsUsername"><value>hauskeys</value></property>
+        <property name="smsPassword"><value>secret</value></property>
+        <property name="smsAccountName"><value>demo</value></property>
+        <property name="smsTransportUrl"><value>http://www.nbroadcasting.com/customers/messages/Sender.asp</value></property>
+      </bean>  
+    </property>    
+    
+    <property name="smtpConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.SmtpConfiguration">
+        <property name="smtpAuthenticate"><value>false</value></property>
+        <!-- uncomment and set above property if authentication is required by mail server
+             <property name="smtpUsername"><value>hauskeys</value></property>
+             <property name="smtpPassword"><value>secret</value></property>
+             -->
+             <property name="smtpHost"><value>localhost</value></property>
+             <property name="smtpSubject"><value>Triplesec Account Activated</value></property>
+             <property name="smtpFrom"><value>dev@safehaus.org</value></property>
+           </bean>  
+         </property>    
+         
+    <property name="contextPartitionConfigurations">
+      <set>
+        <ref bean="examplePartitionConfiguration"/>
+      </set>
+    </property>
+    <property name="bootstrapSchemas">
+      <set>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CoreSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CosineSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.ApacheSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CollectiveSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.JavaSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.SystemSchema"/>
+        <bean class="org.safehaus.triplesec.store.schema.SafehausSchema"/>
+      </set>
+    </property>
+    
+    <property name="extendedOperationHandlers">
+      <list>
+        <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
+        <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
+      </list>
+    </property>  
+
+    <property name="interceptorConfigurations">
+      <list>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>normalizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.normalization.NormalizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authenticationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authn.AuthenticationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>referralService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.referral.ReferralService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authz.AuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>defaultAuthorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authz.DefaultAuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>exceptionService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.exception.ExceptionService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>schemaService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.schema.SchemaService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>subentryService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.subtree.SubentryService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>operationalAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.operational.OperationalAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>collectiveAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.collective.CollectiveAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>eventService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.event.EventService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>policyProtectionService</value></property>
+          <property name="interceptor">
+            <bean class="org.safehaus.triplesec.store.interceptor.PolicyProtectionInterceptor" />
+          </property>
+        </bean>
+      </list>
+    </property>
+  </bean>
+  
+  <bean id="examplePartitionConfiguration" class="org.apache.directory.server.core.configuration.MutablePartitionConfiguration">
+    <property name="name"><value>example</value></property>
+    <property name="suffix"><value>dc=example,dc=com</value></property>
+    <property name="indexedAttributes">
+      <set>
+        <value>objectClass</value>
+        <value>ou</value>
+        <value>dc</value>
+        <value>uid</value>
+        <value>profileId</value>
+        <value>roles</value>
+        <value>grants</value>
+        <value>denials</value>
+        <value>krb5PrincipalName</value>
+      </set>
+    </property>
+    <property name="contextEntry">
+      <value>
+        objectClass: top
+        objectClass: domain
+        objectClass: extensibleObject
+        dc: example
+        administrativeRole: accessControlSpecificArea
+        administrativeRole: collectiveAttributeSpecificArea
+      </value>
+    </property>
+  </bean>
+
+  <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+    <property name="customEditors">
+      <map>
+        <entry key="javax.naming.directory.Attributes">
+          <bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
+        </entry>
+      </map>
+   </property>
+  </bean>
+</beans>

Added: directory/trunks/triplesec/testdata/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/testdata/pom.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/testdata/pom.xml (added)
+++ directory/trunks/triplesec/testdata/pom.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+  
+    http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License. 
+-->
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.safehaus.triplesec</groupId>
+    <artifactId>build</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <artifactId>triplesec-testdata</artifactId>
+  <name>Triplesec Test Profiles</name>
+  <packaging>jar</packaging>  
+  <dependencies>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>triplesec-profile</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

Added: directory/trunks/triplesec/testdata/src/main/java/org/safehaus/profile/ProfileTestData.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/testdata/src/main/java/org/safehaus/profile/ProfileTestData.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/testdata/src/main/java/org/safehaus/profile/ProfileTestData.java (added)
+++ directory/trunks/triplesec/testdata/src/main/java/org/safehaus/profile/ProfileTestData.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,91 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.profile;
+
+
+/**
+ * Some pre-fab test profiles for use in various tests, demos and applications.
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @version $Rev$
+ */
+public class ProfileTestData
+{
+    /** bogus test account profile */
+    private static final ServerProfile BANK_ONE = new BaseServerProfile( "bankone",
+            "EXAMPLE.COM", "BankOne",
+            18237017371834L, new byte[] { 'a','s','d','f',
+                                          'a','d','s','f',
+                                          'a','d','f','a',
+                                          'd','f','a','f',
+                                          's','f','d','f'}, "1234", 
+                                          new byte[] { 's', 'e', 'c', 'r', 'e', 't' }
+    );
+
+    /** bogus test account profile */
+    private static final ServerProfile CITI_401K = new BaseServerProfile( "citi401k",
+            "EXAMPLE.COM", "Citi401k",
+            27934524L, new byte[] { 'x','a','x','1',
+                                    'a','x','s','d',
+                                    'f','g','c','f',
+                                    'g','4','a','3',
+                                    'f','f','y','*'}, "1234", 
+                                    new byte[] { 's', 'e', 'c', 'r', 'e', 't' }
+    );
+
+    /** bogus test account profile */
+    private static final ServerProfile APACHE = new BaseServerProfile( "apache",
+            "EXAMPLE.COM", "Apache",
+            513417813624832L, new byte[] { 'S','s','5','(',
+                                           '.','d','-','s',
+                                           'K','z','f','s',
+                                           'd','z','d','a',
+                                           's','z','?','f'}, "1234", 
+                                           new byte[] { 's', 'e', 'c', 'r', 'e', 't' }
+    );
+
+    /** bogus test account profile */
+    private static final ServerProfile CODEHAUS = new BaseServerProfile( "codehaus",
+            "EXAMPLE.COM", "Codehaus",
+            123984713378815745L, new byte[] { '5','x','g','>',
+                                              'a','v','s','.',
+                                              'x','Q','4','a',
+                                              'd','z',',','m',
+                                              'z','$','=','%'}, "1234", 
+                                              new byte[] { 's', 'e', 'c', 'r', 'e', 't' }
+    );
+
+    /** bogus test account profile */
+    private static final ServerProfile OFFICE = new BaseServerProfile( "officew2k",
+            "EXAMPLE.COM", "OfficeW2K",
+            999372763L, new byte[] { 'g','$','7','x',
+                                     'a','c','s','j',
+                                     'a','m','f','O',
+                                     'd','@','a','(',
+                                     's','-','d','.'}, "1234", 
+                                     new byte[] { 's', 'e', 'c', 'r', 'e', 't' }
+    );
+
+    /** bogus test account profile */
+    public static final ServerProfile[] PROFILES = new ServerProfile[]
+    {
+        BANK_ONE, CITI_401K, APACHE, CODEHAUS, OFFICE
+    };
+}

Added: directory/trunks/triplesec/tools/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/tools/pom.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/tools/pom.xml (added)
+++ directory/trunks/triplesec/tools/pom.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+
+-->
+
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.safehaus.triplesec</groupId>
+    <artifactId>build</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <artifactId>triplesec-tools</artifactId>
+  <name>Triplesec Server Tools</name>
+  <description>
+    Contained within this executable jar are various commandline utilities
+    for triplesec server.
+  </description>
+  <packaging>jar</packaging>  
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-server-tools</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>${pom.groupId}</groupId>
+      <artifactId>triplesec-main</artifactId>
+      <version>${pom.version}</version>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <configuration>
+          <archive>
+            <manifestFile>src/main/manifest/MANIFEST.MF</manifestFile>
+            <manifest>
+              <mainClass>org.safehaus.triplesec.tools.Tools</mainClass>
+            </manifest>
+          </archive>
+        </configuration>
+      </plugin>
+    </plugins>
+    <resources>
+      <resource>
+        <directory>src/main/resources</directory>
+        <filtering>true</filtering>
+      </resource>
+    </resources>
+  </build>
+</project>
+



Mime
View raw message