directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r490646 [7/8] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/main/java/org/safehaus/triplesec/admin/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/ adm...
Date Thu, 28 Dec 2006 04:48:33 GMT
Added: directory/trunks/triplesec/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/itest-data/src/main/resources/server.ldif?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/itest-data/src/main/resources/server.ldif (added)
+++ directory/trunks/triplesec/itest-data/src/main/resources/server.ldif Wed Dec 27 20:48:29 2006
@@ -0,0 +1,534 @@
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#  
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License. 
+#  
+#
+#
+#   EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+#   http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+#
+#
+# This ACI allows brouse access to the root suffix and one level below that to anyone.
+# At this level there is nothing critical exposed.  Everything that matters is one or
+# more levels below this.
+#
+
+dn: cn=browseRootAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { maximum 1 }
+prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } }
+
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+#
+# This ACI allows users to modify a limited set of attributes in their own user
+# entry as well as read, compare those attributes.  The user's entry must be
+# browseable and the DN must be returnable.
+#
+
+dn: cn=allowSelfModificationsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+#
+# This ACI allows users to access a limited set of attributes in their own user
+# entry as well as compare those attributes.  The user's entry must be browseable
+# and the DN must be returnable.
+#
+
+dn: cn=allowSelfAccessAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+dn: ou=Groups, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
+
+dn: cn=superUsers, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: superUsers
+uniqueMember: uid=admin, ou=system
+
+dn: cn=userAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: userAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=applicationAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: applicationAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=groupAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: groupAdmin
+uniqueMember: uid=admin, ou=system
+
+#
+# This ACI allows members of the superUsers group to have full modify and read access
+# to the entire realm as does the system administrator principal: uid=admin, ou=system.
+#
+# The only thing these users cannot do is modify the system partition.  They are only
+# restricted to superUser rights within this realm partition
+#
+ 
+dn: cn=superUsersAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { }
+prescriptiveACI: { identificationTag "superUsersAci", precedence 20, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=superUsers,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+#
+# This ACI allows members of the userAdmin group to have full modify and read access
+# to user accounts besides their own.  Hence they can administer users in the system.
+#
+ 
+dn: cn=userAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "userAdminsAci", precedence 16, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=userAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the applicationAdmin group to have full modify and read access
+# to all applications in the realm.  Adding users to this group is like a wild card for 
+# application access.
+#
+ 
+dn: cn=applicationAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=applications" }
+prescriptiveACI: { identificationTag "applicationAdminsAci", precedence 17, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=applicationAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the groupAdmins group to have full modify and read access
+# to all groups in the realm other than the superUsers, userAdmins, groupAdmins, and the 
+# applicationAdmins groups.
+#
+# The rational behind this is to prevent these users from changing their or other
+# users' access rights for the entire system by modifying their membership in these 
+# groups. Making someone a groupAdmin should not open the door to their ability to
+# grant themselves or others system wide administrative abilities.
+#
+# Really the groupAdmins group is intended for users that have the ability to manage 
+# group membership in specific application administration groups and that's all.  
+# These types of admins should not have the right to promote others to system level
+# administrators or complete super users.
+#
+ 
+dn: cn=groupAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=groups", specificExclusions { chopBefore: "cn=userAdmins", chopBefore: "cn=groupAdmins", chopBefore: "cn=applicationAdmins", chopBefore: "cn=superUsers" } }
+prescriptiveACI: { identificationTag "groupAdminsAci", precedence 18, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=groupAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+dn: uid=akarasulu, ou=Users, dc=example,dc=com
+cn: Alex Karasulu
+sn: Karasulu
+givenname: Alex
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: extensibleObject
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Jacksonville
+uid: akarasulu
+krb5PrincipalName: akarasulu@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: akarasulu@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 666
+apacheSamType: 7
+safehausUid: akarasulu
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: maxwell
+
+dn: uid=lockedout, ou=Users, dc=example, dc=com
+cn: Risky
+sn: Lockedout
+givenname: Unlucky
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: DummyCity
+uid: lockedout
+krb5PrincipalName: lockedout@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: lockedout@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 699
+safehausUid: lockedout
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 101347012
+safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r
+safehausFailuresInEpoch: 20
+safehausResynchCount: -1
+safehausInfo: unlucky account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: asdfasdf
+
+dn: uid=erodriguez, ou=Users, dc=example, dc=com
+cn: Enrique Rodriguez
+sn: Rodriguez
+givenname: Enrique
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Boston
+uid: erodriguez
+krb5PrincipalName: erodriguez@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+safehausUid: erodriguez
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: noices
+
+dn: uid=krbtgt, ou=Users, dc=example, dc=com
+cn: Kerberos Server
+sn: Server
+givenname: Kerberos
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: kahuna
+
+dn: uid=hostssh, ou=Users, dc=example, dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/www.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: uid=hostssh2, ou=Users, dc=example, dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalunit
+ou: applications
+
+dn: appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyApplication
+appName: mockApplication
+userPassword:: dGVzdGluZw==
+
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
+dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: mockRole0
+
+dn: roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+roleName: mockRole1
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm0
+
+dn: roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+roleName: mockRole2
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: grant=mockPerm1, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm1
+
+dn: roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+#grants: mockPerm3
+#grants: mockPerm2
+roleName: mockRole3
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: grant=mockPerm3, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm3
+
+dn: grant=mockPerm2, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm2
+
+dn: roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+#grants: mockPerm9
+#grants: mockPerm7
+#grants: mockPerm6
+#grants: mockPerm5
+#grants: mockPerm4
+roleName: mockRole4
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: grant=mockPerm9, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm9
+
+dn: grant=mockPerm7, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm7
+
+dn: grant=mockPerm6, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm6
+
+dn: grant=mockPerm5, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm5
+
+dn: grant=mockPerm4, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm4
+
+dn: ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: profiles
+
+dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+profileId: mockProfile0 
+user: akarasulu
+
+dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+user: akarasulu
+profileId: mockProfile1
+roles: mockRole2
+roles: mockRole1
+
+dn: profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+profileId: mockProfile2
+#grants: mockPerm0
+user: akarasulu
+roles: mockRole2
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm0
+
+dn: profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+#grants: mockPerm7
+#grants: mockPerm0
+profileId: mockProfile3
+user: akarasulu
+roles: mockRole3
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: grant=mockPerm7, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm7
+
+dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm0
+
+dn: profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+#denials: mockPerm7
+#grants: mockPerm0
+roles: mockRole4
+roles: mockRole3
+user: akarasulu
+profileId: mockProfile4
+
+dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permClass
+permClassName: org.safehaus.triplesec.guardian.StringPermission
+
+dn: deny=mockPerm7, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm7
+
+dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: permGrant
+grant: mockPerm0
+

Modified: directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java (original)
+++ directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java Wed Dec 27 20:48:29 2006
@@ -121,8 +121,9 @@
         {
             if ( module.commit() )
             {
-                this.subject.getPrincipals().clear();
-                this.subject.getPrincipals().add( new SafehausPrincipal( this.profile ) );
+                //Clearing the principals means this has to be the only login module, not a reasonable assumption
+//                this.subject.getPrincipals().clear();
+                this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
                 return true;
             }
             
@@ -140,7 +141,7 @@
     public boolean login() throws LoginException
     {
         Callback[] callbacks = new Callback[] {
-            profileIdCallback, passwordCallback, realmCallback, passcodeCallback, policyCallback
+            profileIdCallback, passwordCallback, realmCallback, passcodeCallback
         };
         
         // -------------------------------------------------------------------
@@ -222,7 +223,8 @@
             
             if ( bindAs( "uid=admin,ou=system", "admin" ) )
             {
-                this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
+                //add in commit(), not here
+//                this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
                 return true;
             }
             else
@@ -386,8 +388,7 @@
         passwordCallback = new PasswordCallback( "Password: ", false );
         realmCallback = new RealmCallback();
         passcodeCallback = new PasscodeCallback();
-        policyCallback = new PolicyCallback();
-        
+
         // Save these values for delayed initialization of the Krb5LoginModule
         this.subject = subject;
         this.callbackHandler = callbackHandler;

Modified: directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java (original)
+++ directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java Wed Dec 27 20:48:29 2006
@@ -33,8 +33,9 @@
  */
 public class SafehausPrincipal implements Principal
 {
+
     /** the Guardian authorization profile for this principal */
-    private Profile profile;
+    private final Profile profile;
 
 
     SafehausPrincipal( Profile profile )

Modified: directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java (original)
+++ directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java Wed Dec 27 20:48:29 2006
@@ -260,7 +260,7 @@
         }
         else
         {
-            throw new Exception( "Can't figure out where to fine my installation." ); 
+            throw new Exception( "Can't figure out where to find my installation." );
         }
 
         cfg.setShutdownHookEnabled( enableShutdownHook );

Modified: directory/trunks/triplesec/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/pom.xml?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/pom.xml (original)
+++ directory/trunks/triplesec/pom.xml Wed Dec 27 20:48:29 2006
@@ -141,67 +141,67 @@
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-core</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.shared</groupId>
         <artifactId>shared-ldap</artifactId>
-        <version>0.9.5.3</version>
+        <version>0.9.6-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-core-unit</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-kerberos-shared</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-protocol-kerberos</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-server-ssl</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-server-tools</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-core-shared</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-server-jndi</artifactId>
-        <version>1.0.0</version>
+        <version>1.5.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.shared</groupId>
         <artifactId>shared-asn1-codec</artifactId>
-        <version>0.9.5.3</version>
+        <version>0.9.6-SNAPSHOT</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.directory.daemon</groupId>
         <artifactId>daemon-bootstrappers</artifactId>
-        <version>1.0.0</version>
+        <version>1.1.0-SNAPSHOT</version>
       </dependency>
 
       <dependency>
@@ -414,18 +414,18 @@
                     <artifactId>maven-surefire-plugin</artifactId>
                     <version>2.2</version>
                     <configuration>
-                        <forkMode>once</forkMode>
-                        <argLine>-enableassertions -Dgeronimo.bootstrap.logging.enabled=false -Dlog4j.configuration=org/apache/geronimo/test-log4j.properties</argLine>
+                        <forkMode>never</forkMode>
+                        <argLine>-enableassertions</argLine>
                         <workingDirectory>${project.build.directory}</workingDirectory>
 
                         <!-- Override the default, do not accept Test* as test classes -->
-                        <excludes>
-                            <exclude>**/Abstract*.java</exclude>
-                            <exclude>**/Test*.java</exclude>
-                        </excludes>
-                        <includes>
-                            <include>**/*Test.java</include>
-                        </includes>
+                        <!--<excludes>-->
+                            <!--<exclude>**/Abstract*.java</exclude>-->
+                            <!--<exclude>**/Test*.java</exclude>-->
+                        <!--</excludes>-->
+                        <!--<includes>-->
+                            <!--<include>**/*Test.java</include>-->
+                        <!--</includes>-->
                     </configuration>
                 </plugin>
 
@@ -547,7 +547,7 @@
       <plugin>
         <groupId>org.mortbay.jetty</groupId>
         <artifactId>maven-jetty-plugin</artifactId>
-        <version>6.1-SNAPSHOT</version>
+        <version>6.1.0rc2</version>
       </plugin>
 
            </plugins>
@@ -567,7 +567,6 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-site-plugin</artifactId>
-        <version>2.0-beta-5</version>
       </plugin>
 
       
@@ -639,6 +638,7 @@
         <module>testdata</module>
         <module>jaas</module>
         <module>sms</module>
+        <module>itest-data</module>
         <module>store</module>
         <module>verifier</module>
         <module>main</module>

Modified: directory/trunks/triplesec/store/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/pom.xml?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/store/pom.xml (original)
+++ directory/trunks/triplesec/store/pom.xml Wed Dec 27 20:48:29 2006
@@ -30,6 +30,12 @@
   <dependencies>
     <dependency>
       <groupId>${project.groupId}</groupId>
+      <artifactId>triplesec-itest-data</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
       <artifactId>triplesec-testdata</artifactId>
       <version>${project.version}</version>
       <scope>test</scope>

Modified: directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java (original)
+++ directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java Wed Dec 27 20:48:29 2006
@@ -78,12 +78,13 @@
             while( ocList.hasMore() )
             {
                 String value = String.valueOf( ocList.next() );
-                if( "policyPermission".equalsIgnoreCase( value ) )
-                {
-                    checkNewPolicyEntry( next, name, "2.5.4.11=permissions" );
-                    policyEntry = true;
-                }
-                else if( "policyRole".equalsIgnoreCase( value ) )
+//                if( "policyPermission".equalsIgnoreCase( value ) )
+//                {
+//                    checkNewPolicyEntry( next, name, "2.5.4.11=permissions" );
+//                    policyEntry = true;
+//                }
+//                else
+                if( "policyRole".equalsIgnoreCase( value ) )
                 {
                     checkNewPolicyEntry( next, name, "2.5.4.11=roles" );
                     policyEntry = true;
@@ -93,6 +94,18 @@
                     checkNewPolicyEntry( next, name, "2.5.4.11=profiles" );
                     policyEntry = true;
                 }
+                else if ("permClass".equalsIgnoreCase( value ))
+                {
+                    policyEntry = true;
+                }
+                else if ("permGrant".equalsIgnoreCase( value ))
+                {
+                    policyEntry = true;
+                }
+                else if ("permDeny".equalsIgnoreCase( value ))
+                {
+                    policyEntry = true;
+                }
                 else if( "policyApplication".equalsIgnoreCase( value ) )
                 {
                     isApplication = true;
@@ -478,7 +491,7 @@
         if( !parentName.equalsIgnoreCase( parentDn.getRdn().toString() ) )
         {
             throw new SchemaViolationException( "Parent entry for policyPermissions must be '" +
-                parentName + "': " + name );
+                parentName + "': " + name + "\n\ninstead of " + parentDn.getRdn().toString() );
         }
 
         parentDn.remove( parentDn.size() -1 );

Modified: directory/trunks/triplesec/store/src/main/schema/safehaus.schema
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/main/schema/safehaus.schema?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/store/src/main/schema/safehaus.schema (original)
+++ directory/trunks/triplesec/store/src/main/schema/safehaus.schema Wed Dec 27 20:48:29 2006
@@ -140,33 +140,33 @@
     MUST ( uid )
     MAY  ( userPassword $ description $ safehausDisabled ) )
 
-attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.201
-        NAME 'permName'
-        DESC 'the case sensitive name of a permission within the system'
-        EQUALITY caseExactMatch
-        SUBSTR caseExactSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.202 NAME 'policyPermission'
-    SUP top
-    AUXILIARY
-    MUST ( permName )
-    MAY ( description )
-    )
-
-attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.202
-        NAME 'grants'
-        DESC 'the permissions granted to a role or a profile'
-        EQUALITY caseExactMatch
-        SUBSTR caseExactSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.203
-        NAME 'denials'
-        DESC 'the permissions denied for a profile'
-        EQUALITY caseExactMatch
-        SUBSTR caseExactSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.201
+#        NAME 'permName'
+#        DESC 'the case sensitive name of a permission within the system'
+#        EQUALITY caseExactMatch
+#        SUBSTR caseExactSubstringsMatch
+#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+#objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.202 NAME 'policyPermission'
+#    SUP top
+#    AUXILIARY
+#    MUST ( permName )
+#    MAY ( description )
+#    )
+
+#attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.202
+#        NAME 'grants'
+#        DESC 'the permissions granted to a role or a profile'
+#        EQUALITY caseExactMatch
+#        SUBSTR caseExactSubstringsMatch
+#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.203
+#        NAME 'denials'
+#        DESC 'the permissions denied for a role or a profile'
+#        EQUALITY caseExactMatch
+#        SUBSTR caseExactSubstringsMatch
+#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
 attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.204
         NAME 'roleName'
@@ -200,11 +200,58 @@
     SUP top
     AUXILIARY
     MUST ( roleName )
-    MAY  ( grants $ description ) )
+    MAY  ( description ) )
 
 objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.204 NAME 'policyProfile'
     SUP top
     AUXILIARY
     MUST ( profileId $ user )
-    MAY  ( grants $ denials $ roles $ userPassword $ description $ safehausDisabled ) )
+    MAY  ( roles $ userPassword $ description $ safehausDisabled ) )
+
+attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.208
+        NAME 'permClassName'
+        DESC 'java class for a set of permission'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.209
+        NAME 'grant'
+        DESC 'name for a granted permission'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.210
+        NAME 'deny'
+        DESC 'name for a denied permission'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.211
+        NAME 'action'
+        DESC 'action for a permission'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.205 NAME 'permClass'
+    SUP top
+    AUXILIARY
+    MUST ( permClassName )
+    )
+
+objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.206 NAME 'permGrant'
+    SUP top
+    AUXILIARY
+    MUST ( grant )
+    MAY  ( action )
+    )
+
+objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.207 NAME 'permDeny'
+    SUP top
+    AUXILIARY
+    MUST ( deny )
+    MAY  ( action )
+    )

Modified: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java (original)
+++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java Wed Dec 27 20:48:29 2006
@@ -94,7 +94,7 @@
         
         super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() );
         super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() );
-        super.setLdifPath( "/interceptor.ldif", getClass() );
+        super.setLdifPath( "/server.ldif", getClass() );
         super.setUp();
 
         Hashtable env = new Hashtable();
@@ -124,7 +124,7 @@
             userPassword = "secret";
         }
         
-        LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" );
+        LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" );
 
         Hashtable env = new Hashtable();
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
@@ -221,7 +221,7 @@
             userPassword = "secret";
         }
         
-        LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" );
+        LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" );
 
         Hashtable env = new Hashtable();
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
@@ -250,18 +250,18 @@
         {
             attrs.put( "userPassword", userPassword );
         }
-        LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" );
+        LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" );
         ctx.createSubcontext( dn, attrs );
         
         // create ou=permissions
-        attrs = new LockableAttributesImpl();
-        oc = new LockableAttributeImpl( "objectClass" );
-        oc.add( "top" );
-        oc.add( "organizationalUnit" );
-        attrs.put( oc );
-        attrs.put( "ou", "permissions" );
-        dn = new LdapDN( "ou=permissions,appName="+appName+",ou=Applications,dc=example,dc=com" );
-        ctx.createSubcontext( dn, attrs );
+//        attrs = new LockableAttributesImpl();
+//        oc = new LockableAttributeImpl( "objectClass" );
+//        oc.add( "top" );
+//        oc.add( "organizationalUnit" );
+//        attrs.put( oc );
+//        attrs.put( "ou", "permissions" );
+//        dn = new LdapDN( "ou=permissions,appName="+appName+",ou=applications,dc=example,dc=com" );
+//        ctx.createSubcontext( dn, attrs );
 
         // create ou=roles
         attrs = new LockableAttributesImpl();
@@ -270,7 +270,7 @@
         oc.add( "organizationalUnit" );
         attrs.put( oc );
         attrs.put( "ou", "roles" );
-        dn = new LdapDN( "ou=roles,appName="+appName+",ou=Applications,dc=example,dc=com" );
+        dn = new LdapDN( "ou=roles,appName="+appName+",ou=applications,dc=example,dc=com" );
         ctx.createSubcontext( dn, attrs );
 
         // create ou=profiles
@@ -280,14 +280,14 @@
         oc.add( "organizationalUnit" );
         attrs.put( oc );
         attrs.put( "ou", "profiles" );
-        dn = new LdapDN( "ou=profiles,appName="+appName+",ou=Applications,dc=example,dc=com" );
+        dn = new LdapDN( "ou=profiles,appName="+appName+",ou=applications,dc=example,dc=com" );
         ctx.createSubcontext( dn, attrs );
     }
     
     
     public void addAppUserToAdminGroup( String appName ) throws NamingException
     {
-        LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" );
+        LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" );
         Attributes attrs = new LockableAttributesImpl();
         attrs.put( "uniqueMember", dn.getUpName() );
         
@@ -298,6 +298,8 @@
     
     private boolean canWriteToPermissions( String appName ) throws NamingException
     {
+        return true;
+/*
         DirContext appUserCtx = getAppContextAsApp( appName );
         Attributes attrs = new LockableAttributesImpl();
         attrs.put( "objectClass", "policyPermission" );
@@ -322,6 +324,7 @@
             {
             }
         }
+*/
     }
     
     
@@ -331,9 +334,9 @@
         assertTrue( adminGroupExists( "testApp" ) );
         assertTrue( aciItemsExist( "testApp" ) );
         assertNoAccessToAdminGroupByApp( "testApp", "secret" );
-        assertFalse( canWriteToPermissions( "testApp" ) );
+//        assertFalse( canWriteToPermissions( "testApp" ) );
         addAppUserToAdminGroup( "testApp" );
-        assertTrue( canWriteToPermissions( "testApp" ) );
+//        assertTrue( canWriteToPermissions( "testApp" ) );
     }
     
 
@@ -348,13 +351,13 @@
 
     private void destroyApplication( String appName ) throws Exception
     {
-        DirContext appCtx = ( DirContext ) ctx.lookup( "appName="+appName+",ou=Applications,dc=example,dc=com" );
-        appCtx.destroySubcontext( "ou=permissions" );
+        DirContext appCtx = ( DirContext ) ctx.lookup( "appName="+appName+",ou=applications,dc=example,dc=com" );
+//        appCtx.destroySubcontext( "ou=permissions" );
         appCtx.destroySubcontext( "ou=profiles" );
         appCtx.destroySubcontext( "ou=roles" );
         appCtx.close();
         
-        ctx.destroySubcontext( "appName="+appName+",ou=Applications,dc=example,dc=com" );
+        ctx.destroySubcontext( "appName="+appName+",ou=applications,dc=example,dc=com" );
     }
 
 

Modified: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java (original)
+++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java Wed Dec 27 20:48:29 2006
@@ -58,6 +58,8 @@
  */
 public class PolicyProtectionInterceptorITest extends AbstractAdminTestCase
 {
+
+    private static final String STRING_PERMISSION_CLASS_NAME = "org.safehaus.triplesec.guardian.StringPermission";
     private DirContext ctx;
 
 
@@ -94,7 +96,7 @@
 
         super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() );
         super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() );
-        super.setLdifPath( "/interceptor.ldif", getClass() );
+        super.setLdifPath( "/server.ldif", getClass() );
         super.setUp();
 
         Hashtable env = new Hashtable();
@@ -125,20 +127,18 @@
         ctx.bind( "ou=test,dc=example,dc=com", null, new BasicAttributes( "objectClass", "top" ) );
 
         // Test adding permissions
-        Attributes perm = new BasicAttributes();
-        attr = new BasicAttribute( "objectClass" );
-        attr.add( "top" );
-        attr.add( "policyPermission" );
-        perm.put( attr );
-        perm.put( "permName", "permX" );
-
-        _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm );
+//        Attributes perm = new BasicAttributes();
+//        attr = new BasicAttribute( "objectClass" );
+//        attr.add( "top" );
+//        attr.add( "policyPermission" );
+//        perm.put( attr );
+//        perm.put( "permName", "permX" );
+//
+//        _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm );
 
         // Test adding roles
         Attributes role = new BasicAttributes();
-        attr = new BasicAttribute( "objectClass" );
-        attr.add( "top" );
-        attr.add( "policyRole" );
+        attr = getObjectClassAttr("policyRole");
         role.put( attr );
         role.put( "roleName", "roleX" );
 
@@ -146,9 +146,7 @@
 
         // Test adding profiles
         Attributes profile = new BasicAttributes();
-        attr = new BasicAttribute( "objectClass" );
-        attr.add( "top" );
-        attr.add( "policyProfile" );
+        attr = getObjectClassAttr("policyProfile");
         profile.put( attr );
         profile.put( "profileId", "profileX" );
         profile.put( "user", "akarasulu" );
@@ -158,29 +156,42 @@
         
         // Test adding a role with non-existing permissions
         role = new BasicAttributes();
-        attr = new BasicAttribute( "objectClass" );
-        attr.add( "top" );
-        attr.add( "policyRole" );
-        role.put( attr );
+        role.put( getObjectClassAttr("policyRole") );
         role.put( "roleName", "roleY" );
-        role.put( "grants", "unknownPerm" );
-        try
-        {
+        //TODO add perm in new way
+//        role.put( "grants", "unknownPerm" );
+//        try
+//        {
             ctx.bind(
                     "roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
                     null, role);
-            Assert.fail();
-        }
-        catch( SchemaViolationException e )
-        {
+
+        Attributes permClass = new BasicAttributes();
+        permClass.put(getObjectClassAttr("permClass"));
+        permClass.put("permClassName", STRING_PERMISSION_CLASS_NAME);
+        ctx.bind(
+                "permClassName=" + STRING_PERMISSION_CLASS_NAME + ", roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                null, permClass);
+
+        Attributes grant = new BasicAttributes();
+        grant.put(getObjectClassAttr("permGrant"));
+        grant.put("grant", "newPerm");
+        ctx.bind(
+                "grant=newPerm, permClassName=" + STRING_PERMISSION_CLASS_NAME + ", roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                null, grant);
+
+
+            //TODO check that bind should work
+//            Assert.fail();
+//        }
+//        catch( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
 
         // Test adding a profile with a non-existing role
         profile = new BasicAttributes();
-        attr = new BasicAttribute( "objectClass" );
-        attr.add( "top" );
-        attr.add( "policyProfile" );
+        attr = getObjectClassAttr("policyProfile");
         profile.put( attr );
         profile.put( "profileId", "profileY" );
         profile.put( "roles", "unknownRole" );
@@ -199,52 +210,52 @@
         
         // Test adding a profile with non-existing permissions
         profile = new BasicAttributes();
-        attr = new BasicAttribute( "objectClass" );
-        attr.add( "top" );
-        attr.add( "policyProfile" );
+        attr = getObjectClassAttr("policyProfile");
         profile.put( attr );
-        profile.put( "uid", "profileY" );
-        profile.put( "grants", "unknownPerm" );
+        profile.put( "profileId", "profileY" );
+        profile.put( "user", "someone" );
+    //TODO add permissions new way, fix test
+//        profile.put( "grants", "unknownPerm" );
         
-        try
-        {
+//        try
+//        {
             ctx.bind(
                     "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
                     null, profile);
-            Assert.fail();
-        }
-        catch( SchemaViolationException e )
-        {
+//            Assert.fail();
+//        }
+//        catch( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
         
         // Test adding non-existing permission to a role
-        try
-        {
-            ctx.modifyAttributes(
-                    "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
-                    DirContext.ADD_ATTRIBUTE,
-                    new BasicAttributes( "grants", "unknownPerm" ) );
-            Assert.fail();
-        }
-        catch( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.modifyAttributes(
+//                    "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+//                    DirContext.ADD_ATTRIBUTE,
+//                    new BasicAttributes( "grants", "unknownPerm" ) );
+//            Assert.fail();
+//        }
+//        catch( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
         
         // Test adding non-existing permission to a profile
-        try
-        {
-            ctx.modifyAttributes(
-                    "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
-                    DirContext.ADD_ATTRIBUTE,
-                    new BasicAttributes( "grants", "unknownPerm" ) );
-            Assert.fail();
-        }
-        catch( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.modifyAttributes(
+//                    "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+//                    DirContext.ADD_ATTRIBUTE,
+//                    new BasicAttributes( "grants", "unknownPerm" ) );
+//            Assert.fail();
+//        }
+//        catch( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
 
         // Test adding non-existing role to a profile
         try
@@ -261,6 +272,14 @@
         }
     }
 
+    private Attribute getObjectClassAttr(String objectClass) {
+        Attribute attr;
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( objectClass );
+        return attr;
+    }
+
 
     private void _testAdd( String rn, String siblingRN, String parentRN, Attributes entry ) throws NamingException
     {
@@ -329,23 +348,25 @@
         ctx.unbind( "uid=akarasulu, ou=Users, dc=example,dc=com" );
 
         // Test deleting permissions not in use
-        ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+//        ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
 
         // Test deleting roles not in use
         ctx.unbind( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
 
         // Test deleting permissions in use
-        try
-        {
-            ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
-            Assert.fail();
-        }
-        catch ( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+//            Assert.fail();
+//        }
+//        catch ( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
 
         // Test deleting roles in use
+        ctx.unbind("grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com");
+        ctx.unbind("permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com");
         try
         {
             ctx.unbind( "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
@@ -393,12 +414,12 @@
         //        {
         //            // OK
         //        }
-        ctx.modifyAttributes(
-            "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-            DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
-        ctx.modifyAttributes(
-            "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-            DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+//        ctx.modifyAttributes(
+//            "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//            DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+//        ctx.modifyAttributes(
+//            "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//            DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
 
         // Test modifications on roles
         //        ctx.modifyAttributes(
@@ -637,36 +658,36 @@
         {
             // OK
         }
-        try
-        {
-            ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-                "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" );
-            Assert.fail();
-        }
-        catch ( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//                "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+//            Assert.fail();
+//        }
+//        catch ( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
 
         // Test renaming entries not in use
-        ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-            "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+//        ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//            "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
         ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
             "roleName=mockRoleX, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
         ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
             "profileId=mockProfileX, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" );
 
         // Test renaming entries in use
-        try
-        {
-            ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-                "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
-            Assert.fail();
-        }
-        catch ( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//                "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+//            Assert.fail();
+//        }
+//        catch ( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
         try
         {
             ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
@@ -705,36 +726,36 @@
         {
             // OK
         }
-        try
-        {
-            ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-                "ou=permissions,ou=applications,dc=example,dc=com" );
-            Assert.fail();
-        }
-        catch ( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//                "ou=permissions,ou=applications,dc=example,dc=com" );
+//            Assert.fail();
+//        }
+//        catch ( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
 
         // Test renaming entries not in use
-        ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-            "permName=mockPerm8, ou=applications,dc=example,dc=com" );
+//        ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//            "permName=mockPerm8, ou=applications,dc=example,dc=com" );
         ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
             "roleName=mockRole0, ou=applications,dc=example,dc=com" );
         ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
             "profileId=mockProfile0, ou=applications,dc=example,dc=com" );
 
         // Test renaming entries in use
-        try
-        {
-            ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
-                "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" );
-            Assert.fail();
-        }
-        catch ( SchemaViolationException e )
-        {
+//        try
+//        {
+//            ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+//                "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" );
+//            Assert.fail();
+//        }
+//        catch ( SchemaViolationException e )
+//        {
             // OK
-        }
+//        }
         try
         {
             ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",

Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java (original)
+++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java Wed Dec 27 20:48:29 2006
@@ -47,7 +47,7 @@
 import org.safehaus.triplesec.TriplesecInstallationLayout;
 import org.safehaus.triplesec.admin.Application;
 import org.safehaus.triplesec.admin.Group;
-import org.safehaus.triplesec.admin.Permission;
+import org.safehaus.triplesec.admin.PermissionClass;
 import org.safehaus.triplesec.admin.Profile;
 import org.safehaus.triplesec.admin.Role;
 import org.safehaus.triplesec.admin.User;
@@ -101,7 +101,7 @@
     private JButton disconnectButton = null;
     private JMenu connectionMenu = null;
     private JPanel emptyPanel = null;
-    private PermissionPanel permissionPanel = null;
+//    private PermissionPanel permissionPanel = null;
     private RolePanel rolePanel;
     private UserPanel userPanel;
     private ProfilePanel profilePanel;
@@ -110,7 +110,7 @@
     private GroupPanel groupPanel;
     private NewGroupPanel newGroupPanel;
     private NewUserPanel newUserPanel;
-    private NewPermissionPanel newPermissionPanel;
+//    private NewPermissionPanel newPermissionPanel;
     private NewRolePanel newRolePanel;
     private NewProfilePanel newProfilePanel;
     private JMenu settingsMenu = null;
@@ -157,7 +157,6 @@
     /**
      * This method initializes this
      * 
-     * @return void
      */
     private void initialize()
     {
@@ -493,7 +492,7 @@
             rightDetailPanelLayout = new CardLayout();
             rightDetailPanel.setLayout( rightDetailPanelLayout );
             rightDetailPanel.add( getEmptyPanel(), getEmptyPanel().getName() );
-            rightDetailPanel.add( getPermissionPanel(), getPermissionPanel().getName() );
+//            rightDetailPanel.add( getPermissionPanel(), getPermissionPanel().getName() );
             rightDetailPanel.add( getRolePanel(), getRolePanel().getName() );
             rightDetailPanel.add( getProfilePanel(), getProfilePanel().getName() );
             rightDetailPanel.add( getApplicationPanel(), getApplicationPanel().getName() );
@@ -502,7 +501,7 @@
             rightDetailPanel.add( getNewApplicationPanel(), getNewApplicationPanel().getName() );
             rightDetailPanel.add( getNewGroupPanel(), getNewGroupPanel().getName() );
             rightDetailPanel.add( getNewUserPanel(), getNewUserPanel().getName() );
-            rightDetailPanel.add( getNewPermissionPanel(), getNewPermissionPanel().getName() );
+//            rightDetailPanel.add( getNewPermissionPanel(), getNewPermissionPanel().getName() );
             rightDetailPanel.add( getNewRolePanel(), getNewRolePanel().getName() );
             rightDetailPanel.add( getNewProfilePanel(), getNewProfilePanel().getName() );
         }
@@ -678,15 +677,15 @@
      *  
      * @return javax.swing.JPanel   
      */
-    private PermissionPanel getPermissionPanel()
-    {
-        if ( permissionPanel == null )
-        {
-            permissionPanel = new PermissionPanel();
-            permissionPanel.setName( "permissionPanel" );
-        }
-        return permissionPanel;
-    }
+//    private PermissionPanel getPermissionPanel()
+//    {
+//        if ( permissionPanel == null )
+//        {
+//            permissionPanel = new PermissionPanel();
+//            permissionPanel.setName( "permissionPanel" );
+//        }
+//        return permissionPanel;
+//    }
 
 
     /**
@@ -823,15 +822,15 @@
      *  
      * @return javax.swing.JPanel   
      */
-    private NewPermissionPanel getNewPermissionPanel()
-    {
-        if ( newPermissionPanel == null )
-        {
-            newPermissionPanel = new NewPermissionPanel();
-            newPermissionPanel.setName( "newPermissionPanel" );
-        }
-        return newPermissionPanel;
-    }
+//    private NewPermissionPanel getNewPermissionPanel()
+//    {
+//        if ( newPermissionPanel == null )
+//        {
+//            newPermissionPanel = new NewPermissionPanel();
+//            newPermissionPanel.setName( "newPermissionPanel" );
+//        }
+//        return newPermissionPanel;
+//    }
 
 
     /**
@@ -1079,13 +1078,14 @@
         }
         
         Object obj = node.getUserObject();
-        if ( obj instanceof Permission )
-        {
-            permissionPanel.setTreeNode( node );
-            permissionPanel.setTree( leftNavigation.getTree() );
-            rightDetailPanelLayout.show( rightDetailPanel, "permissionPanel" );
-        }
-        else if ( obj instanceof Role )
+//        if ( obj instanceof Permission )
+//        {
+//            permissionPanel.setTreeNode( node );
+//            permissionPanel.setTree( leftNavigation.getTree() );
+//            rightDetailPanelLayout.show( rightDetailPanel, "permissionPanel" );
+//        }
+//        else
+        if ( obj instanceof Role )
         {
             rolePanel.setTreeNode( node );
             rolePanel.setTree( leftNavigation.getTree() );
@@ -1135,12 +1135,12 @@
                 newUserPanel.setLeftTreeNavigation( leftNavigation );
                 rightDetailPanelLayout.show( rightDetailPanel, "newUserPanel" );
             }
-            else if ( ( ( String ) obj ).equalsIgnoreCase( "Permissions" ) )
-            {
-                newPermissionPanel.setTreeNode( node );
-                newPermissionPanel.setLeftTreeNavigation( leftNavigation );
-                rightDetailPanelLayout.show( rightDetailPanel, "newPermissionPanel" );
-            }
+//            else if ( ( ( String ) obj ).equalsIgnoreCase( "Permissions" ) )
+//            {
+//                newPermissionPanel.setTreeNode( node );
+//                newPermissionPanel.setLeftTreeNavigation( leftNavigation );
+//                rightDetailPanelLayout.show( rightDetailPanel, "newPermissionPanel" );
+//            }
             else if ( ( ( String ) obj ).equalsIgnoreCase( "Roles" ) )
             {
                 newRolePanel.setTreeNode( node );

Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java (original)
+++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java Wed Dec 27 20:48:29 2006
@@ -32,7 +32,7 @@
 import org.safehaus.triplesec.admin.Group;
 import org.safehaus.triplesec.admin.HauskeysUser;
 import org.safehaus.triplesec.admin.LocalUser;
-import org.safehaus.triplesec.admin.Permission;
+import org.safehaus.triplesec.admin.PermissionClass;
 import org.safehaus.triplesec.admin.Profile;
 import org.safehaus.triplesec.admin.Role;
 
@@ -189,14 +189,14 @@
                 setIcon( applicationContainerClosedIcon );
             }
         }
-        else if ( leaf && isPermission( value ) ) 
+        else if ( leaf && isPermissionClass( value ) )
         {
             setIcon( permissionIcon );
-            Permission permission = getPermission( value );
-            if ( permission.getDescription() != null )
-            {
-                setToolTipText( permission.getDescription() );
-            }
+            PermissionClass permission = getPermission( value );
+//            if ( permission.getDescription() != null )
+//            {
+//                setToolTipText( permission.getDescription() );
+//            }
         }
         else if ( isApplication( value ) )
         {
@@ -357,10 +357,10 @@
     }
 
 
-    private boolean isPermission( Object obj )
+    private boolean isPermissionClass( Object obj )
     {
         DefaultMutableTreeNode node = ( DefaultMutableTreeNode ) obj;
-        if ( node.getUserObject() instanceof Permission )
+        if ( node.getUserObject() instanceof PermissionClass )
         {
             return true;
         }
@@ -401,10 +401,10 @@
     }
     
     
-    private Permission getPermission( Object obj )
+    private PermissionClass getPermission( Object obj )
     {
         DefaultMutableTreeNode node = ( DefaultMutableTreeNode ) obj;
-        return ( Permission ) node.getUserObject();
+        return ( PermissionClass ) node.getUserObject();
     }
     
     

Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java (original)
+++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java Wed Dec 27 20:48:29 2006
@@ -217,12 +217,12 @@
                 model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), rolesNode, 0 );
             }
 
-            DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" );
-            model.insertNodeInto( permissionsNode, appNode, 0 );
-            for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ )
-            {
-                model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 );
-            }
+//            DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" );
+//            model.insertNodeInto( permissionsNode, appNode, 0 );
+//            for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ )
+//            {
+//                model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 );
+//            }
         }
     }
     
@@ -257,12 +257,12 @@
             model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), rolesNode, 0 );
         }
 
-        DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" );
-        model.insertNodeInto( permissionsNode, appNode, 0 );
-        for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ )
-        {
-            model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 );
-        }
+//        DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" );
+//        model.insertNodeInto( permissionsNode, appNode, 0 );
+//        for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ )
+//        {
+//            model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 );
+//        }
     }
     
     

Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java (original)
+++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java Wed Dec 27 20:48:29 2006
@@ -46,12 +46,13 @@
 import org.safehaus.triplesec.admin.Application;
 import org.safehaus.triplesec.admin.ApplicationModifier;
 import org.safehaus.triplesec.admin.DataAccessException;
-import org.safehaus.triplesec.admin.Permission;
 import org.safehaus.triplesec.admin.Profile;
 import org.safehaus.triplesec.admin.ProfileModifier;
 import org.safehaus.triplesec.admin.Role;
 import org.safehaus.triplesec.admin.RoleModifier;
 import org.safehaus.triplesec.admin.TriplesecAdmin;
+import org.safehaus.triplesec.admin.PermissionClass;
+
 import javax.swing.JPasswordField;
 
 
@@ -113,7 +114,6 @@
     /**
      * This method initializes this
      * 
-     * @return void
      */
     private void initialize()
     {
@@ -249,35 +249,35 @@
         // Iterated and copy app's perms and create in new app
         // -------------------------------------------------------------------
         
-        DefaultMutableTreeNode permsNode = null;
-        DefaultMutableTreeNode newPermsNode = null;
+//        DefaultMutableTreeNode permsNode = null;
+//        DefaultMutableTreeNode newPermsNode = null;
         DefaultTreeModel model = ( DefaultTreeModel ) leftTreeNavigation.getTree().getModel();
-        for ( Enumeration ii = copiedApplicationNode.children(); ii.hasMoreElements(); /**/ )
-        {
-            DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement();
-            if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) )
-            {
-                permsNode = child;
-            }
-        }
-        for ( Enumeration ii = newApplicationNode.children(); ii.hasMoreElements(); /**/ )
-        {
-            DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement();
-            if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) )
-            {
-                newPermsNode = child;
-            }
-        }
-        for ( Enumeration ii = permsNode.children(); ii.hasMoreElements(); /**/ )
-        {
-            DefaultMutableTreeNode copiedPermissionNode = ( DefaultMutableTreeNode ) ii.nextElement();
-            Permission copiedPermission = ( Permission ) copiedPermissionNode.getUserObject();
-            Permission newPermission = newApplication.modifier()
-                .newPermission( copiedPermission.getName() )
-                .setDescription( copiedPermission.getDescription() ).add();
-            model.insertNodeInto( new DefaultMutableTreeNode( newPermission ), newPermsNode, 0 );
-        }
-        
+//        for ( Enumeration ii = copiedApplicationNode.children(); ii.hasMoreElements(); /**/ )
+//        {
+//            DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement();
+//            if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) )
+//            {
+//                permsNode = child;
+//            }
+//        }
+//        for ( Enumeration ii = newApplicationNode.children(); ii.hasMoreElements(); /**/ )
+//        {
+//            DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement();
+//            if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) )
+//            {
+//                newPermsNode = child;
+//            }
+//        }
+//        for ( Enumeration ii = permsNode.children(); ii.hasMoreElements(); /**/ )
+//        {
+//            DefaultMutableTreeNode copiedPermissionNode = ( DefaultMutableTreeNode ) ii.nextElement();
+//            Permission copiedPermission = ( Permission ) copiedPermissionNode.getUserObject();
+//            Permission newPermission = newApplication.modifier()
+//                .newPermission( copiedPermission.getName() )
+//                .setDescription( copiedPermission.getDescription() ).add();
+//            model.insertNodeInto( new DefaultMutableTreeNode( newPermission ), newPermsNode, 0 );
+//        }
+//
         // -------------------------------------------------------------------
         // Iterate and copy app's roles and create in new app
         // -------------------------------------------------------------------
@@ -306,9 +306,9 @@
             Role copiedRole = ( Role ) copiedRoleNode.getUserObject();
             RoleModifier modifier = newApplication.modifier().newRole( copiedRole.getName() )
                 .setDescription( copiedRole.getDescription() );
-            for ( Iterator jj = copiedRole.getGrants().iterator(); jj.hasNext(); /**/ )
+            for ( Iterator<PermissionClass> jj = copiedRole.getPermissionClasses().iterator(); jj.hasNext(); /**/ )
             {
-                modifier.addGrant( ( String ) jj.next() );
+                modifier.addPermissionClass(  jj.next() );
             }
             Role newRole = modifier.add();
             model.insertNodeInto( new DefaultMutableTreeNode( newRole ), newRolesNode, 0 );
@@ -343,13 +343,9 @@
             ProfileModifier modifier = newApplication.modifier()
                 .newProfile( copiedProfile.getId(), copiedProfile.getUser() )
                 .setDescription( copiedProfile.getDescription() );
-            for ( Iterator jj = copiedProfile.getGrants().iterator(); jj.hasNext(); /**/ )
-            {
-                modifier.addGrant( ( String ) jj.next() );
-            }
-            for ( Iterator jj = copiedProfile.getDenials().iterator(); jj.hasNext(); /**/ )
+            for ( Iterator<PermissionClass> jj = copiedProfile.getPermissionClasses().iterator(); jj.hasNext(); /**/ )
             {
-                modifier.addDenial( ( String ) jj.next() );
+                modifier.addPermissionClass(  jj.next() );
             }
             for ( Iterator jj = copiedProfile.getRoles().iterator(); jj.hasNext(); /**/ )
             {

Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java (original)
+++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java Wed Dec 27 20:48:29 2006
@@ -43,8 +43,8 @@
 
 import org.safehaus.triplesec.admin.Application;
 import org.safehaus.triplesec.admin.DataAccessException;
-import org.safehaus.triplesec.admin.Permission;
-import org.safehaus.triplesec.admin.PermissionModifier;
+import org.safehaus.triplesec.admin.PermissionClass;
+//import org.safehaus.triplesec.admin.PermissionClassModifier;
 
 
 public class NewPermissionPanel extends JPanel
@@ -92,7 +92,6 @@
     /**
      * This method initializes this
      * 
-     * @return void
      */
     private void initialize()
     {
@@ -388,24 +387,24 @@
         
         DefaultMutableTreeNode appNode = ( DefaultMutableTreeNode ) node.getParent();
         Application application = ( Application ) appNode.getUserObject();
-        Permission permission;
-        PermissionModifier modifier = application.modifier().newPermission( permissionNameTextField.getText() )
-            .setDescription( descriptionTextArea.getText() );
-        try
-        {
-            permission = modifier.add();
-            DefaultMutableTreeNode permissionNode = new DefaultMutableTreeNode( permission );
-            DefaultTreeModel model = ( DefaultTreeModel ) leftTreeNavigation.getTree().getModel();
-            model.insertNodeInto( permissionNode, node, 0 );
-            existingPermissionsTableModel.fireTableDataChanged();
-        }
-        catch ( DataAccessException e )
-        {
-            JOptionPane.showMessageDialog( this,
-                UiUtils.wrap( "Failed to create permission:\n" + e.getMessage(), 79 ),
-                "Permission creation failure!", JOptionPane.ERROR_MESSAGE );
-            return;
-        }
+        PermissionClass permission;
+//        PermissionClassModifier modifier = application.modifier().newPermission( permissionNameTextField.getText() )
+//            .setDescription( descriptionTextArea.getText() );
+//        try
+//        {
+//            permission = modifier.add();
+//            DefaultMutableTreeNode permissionNode = new DefaultMutableTreeNode( permission );
+//            DefaultTreeModel model = ( DefaultTreeModel ) leftTreeNavigation.getTree().getModel();
+//            model.insertNodeInto( permissionNode, node, 0 );
+//            existingPermissionsTableModel.fireTableDataChanged();
+//        }
+//        catch ( DataAccessException e )
+//        {
+//            JOptionPane.showMessageDialog( this,
+//                UiUtils.wrap( "Failed to create permission:\n" + e.getMessage(), 79 ),
+//                "Permission creation failure!", JOptionPane.ERROR_MESSAGE );
+//            return;
+//        }
         permissionNameTextField.setText( null );
         statusTextField.setText( null );
     }
@@ -482,14 +481,14 @@
             {
                 public void valueChanged( ListSelectionEvent e )
                 {
-                    int index = existingPermissionsTable.getSelectionModel().getAnchorSelectionIndex();
-                    if ( existingPermissionsTableModel.getRowCount() == 0 || index < 0 )
-                    {
-                        return;
-                    }
-                    Permission permission = ( Permission ) existingPermissionsTableModel.getValueAt( index, 0 );
-                    permissionNameTextField.setText( "CopyOf" + permission.getName() );
-                    descriptionTextArea.setText( permission.getDescription() );
+//                    int index = existingPermissionsTable.getSelectionModel().getAnchorSelectionIndex();
+//                    if ( existingPermissionsTableModel.getRowCount() == 0 || index < 0 )
+//                    {
+//                        return;
+//                    }
+//                    PermissionClass permission = ( PermissionClass ) existingPermissionsTableModel.getValueAt( index, 0 );
+//                    permissionNameTextField.setText( "CopyOf" + permission.getName() );
+//                    descriptionTextArea.setText( permission.getDescription() );
                 }
             } );
             existingPermissionsTable.setModel( getExistingPermissionsTableModel() );

Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java (original)
+++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java Wed Dec 27 20:48:29 2006
@@ -84,8 +84,8 @@
     private JLabel jLabel3 = null;
     private JComboBox usersComboBox = null;
     private DefaultComboBoxModel usersComboBoxModel = new DefaultComboBoxModel();
-    private ProfilePermissionsPanel profileGrantsPanel;
-    private ProfilePermissionsPanel profileDenialsPanel;
+//    private ProfilePermissionsPanel profileGrantsPanel;
+//    private ProfilePermissionsPanel profileDenialsPanel;
     private ProfileRolesPanel profileRolesPanel;
     
     
@@ -108,7 +108,6 @@
     /**
      * This method initializes this
      * 
-     * @return void
      */
     private void initialize()
     {
@@ -431,8 +430,8 @@
         // Fill up the various panels for grants, denials and roles
         // -------------------------------------------------------------------
 
-        profileGrantsPanel.populateLists( applicationNode, Collections.EMPTY_SET );
-        profileDenialsPanel.populateLists( applicationNode, Collections.EMPTY_SET );
+//        profileGrantsPanel.populateLists( applicationNode, Collections.EMPTY_SET );
+//        profileDenialsPanel.populateLists( applicationNode, Collections.EMPTY_SET );
         profileRolesPanel.populateLists( applicationNode, Collections.EMPTY_SET );
     }
 
@@ -470,14 +469,14 @@
         // Iterate through and add denials, grants, and roles in list panels
         // -------------------------------------------------------------------
 
-        for ( Enumeration ii = profileGrantsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ )
-        {
-            modifier.addGrant( ( String ) ii.nextElement() );
-        }
-        for ( Enumeration ii = profileDenialsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ )
-        {
-            modifier.addDenial( ( String ) ii.nextElement() );
-        }
+//        for ( Enumeration ii = profileGrantsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ )
+//        {
+//            modifier.addGrant( ( String ) ii.nextElement() );
+//        }
+//        for ( Enumeration ii = profileDenialsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ )
+//        {
+//            modifier.addDenial( ( String ) ii.nextElement() );
+//        }
         for ( Enumeration ii = profileRolesPanel.getProfileRolesModel().elements(); ii.hasMoreElements(); /**/ )
         {
             modifier.addRole( ( String ) ii.nextElement() );
@@ -515,8 +514,8 @@
             centerTabbedPane = new JTabbedPane();
             centerTabbedPane.addTab( "Existing", null, getExistingPanelTab(),
                 "Copy a profile from any one of these existing profiles." );
-            centerTabbedPane.addTab( "Grants", null, getProfileGrantsPanel() );
-            centerTabbedPane.addTab( "Denials", null, getProfileDenialsPanel() );
+//            centerTabbedPane.addTab( "Grants", null, getProfileGrantsPanel() );
+//            centerTabbedPane.addTab( "Denials", null, getProfileDenialsPanel() );
             centerTabbedPane.addTab( "Roles", null, getProfileRolesPanel() );
         }
         return centerTabbedPane;
@@ -528,14 +527,14 @@
      * 
      * @return javax.swing.JPanel
      */
-    private ProfilePermissionsPanel getProfileGrantsPanel()
-    {
-        if ( profileGrantsPanel == null )
-        {
-            profileGrantsPanel = new ProfilePermissionsPanel();
-        }
-        return profileGrantsPanel;
-    }
+//    private ProfilePermissionsPanel getProfileGrantsPanel()
+//    {
+//        if ( profileGrantsPanel == null )
+//        {
+//            profileGrantsPanel = new ProfilePermissionsPanel();
+//        }
+//        return profileGrantsPanel;
+//    }
 
 
     /**
@@ -543,14 +542,14 @@
      * 
      * @return javax.swing.JPanel
      */
-    private ProfilePermissionsPanel getProfileDenialsPanel()
-    {
-        if ( profileDenialsPanel == null )
-        {
-            profileDenialsPanel = new ProfilePermissionsPanel( false );
-        }
-        return profileDenialsPanel;
-    }
+//    private ProfilePermissionsPanel getProfileDenialsPanel()
+//    {
+//        if ( profileDenialsPanel == null )
+//        {
+//            profileDenialsPanel = new ProfilePermissionsPanel( false );
+//        }
+//        return profileDenialsPanel;
+//    }
 
     
     private ProfileRolesPanel getProfileRolesPanel()
@@ -637,8 +636,8 @@
                         return;
                     }
                     
-                    profileGrantsPanel.populateLists( applicationNode, profile.getGrants() );
-                    profileDenialsPanel.populateLists( applicationNode, profile.getDenials() );
+//                    profileGrantsPanel.populateLists( applicationNode, profile.getGrants() );
+//                    profileDenialsPanel.populateLists( applicationNode, profile.getDenials() );
                     profileRolesPanel.populateLists( applicationNode, profile.getRoles() );
                 }
             } );



Mime
View raw message