Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 4389 invoked from network); 28 Dec 2006 07:25:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Dec 2006 07:25:35 -0000 Received: (qmail 65304 invoked by uid 500); 28 Dec 2006 07:25:41 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 65277 invoked by uid 500); 28 Dec 2006 07:25:41 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Delivered-To: moderator for commits@directory.apache.org Received: (qmail 78479 invoked by uid 99); 28 Dec 2006 04:50:01 -0000 X-ASF-Spam-Status: No, hits=-8.2 required=10.0 tests=ALL_TRUSTED,EM_ROLEX,NO_REAL_NAME X-Spam-Check-By: apache.org Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r490646 [7/8] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/main/java/org/safehaus/triplesec/admin/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/ adm... Date: Thu, 28 Dec 2006 04:48:33 -0000 To: commits@directory.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20061228044836.B35961A9829@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Added: directory/trunks/triplesec/itest-data/src/main/resources/server.ldif URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/itest-data/src/main/resources/server.ldif?view=auto&rev=490646 ============================================================================== --- directory/trunks/triplesec/itest-data/src/main/resources/server.ldif (added) +++ directory/trunks/triplesec/itest-data/src/main/resources/server.ldif Wed Dec 27 20:48:29 2006 @@ -0,0 +1,534 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +# +# EXAMPLE.COM is freely and reserved for testing according to this RFC: +# +# http://www.rfc-editor.org/rfc/rfc2606.txt +# +# +# +# This ACI allows brouse access to the root suffix and one level below that to anyone. +# At this level there is nothing critical exposed. Everything that matters is one or +# more levels below this. +# + +dn: cn=browseRootAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { maximum 1 } +prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } } + +dn: ou=Users, dc=example, dc=com +objectclass: top +objectclass: organizationalunit +ou: Users + +# +# This ACI allows users to modify a limited set of attributes in their own user +# entry as well as read, compare those attributes. The user's entry must be +# browseable and the DN must be returnable. +# + +dn: cn=allowSelfModificationsAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=users", maximum 1 } +prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } } + +# +# This ACI allows users to access a limited set of attributes in their own user +# entry as well as compare those attributes. The user's entry must be browseable +# and the DN must be returnable. +# + +dn: cn=allowSelfAccessAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=users", maximum 1 } +prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } } + +dn: ou=Groups, dc=example, dc=com +objectclass: top +objectclass: organizationalunit +ou: Groups + +dn: cn=superUsers, ou=Groups, dc=example, dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: superUsers +uniqueMember: uid=admin, ou=system + +dn: cn=userAdmins, ou=Groups, dc=example, dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: userAdmin +uniqueMember: uid=admin, ou=system + +dn: cn=applicationAdmins, ou=Groups, dc=example, dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: applicationAdmin +uniqueMember: uid=admin, ou=system + +dn: cn=groupAdmins, ou=Groups, dc=example, dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: groupAdmin +uniqueMember: uid=admin, ou=system + +# +# This ACI allows members of the superUsers group to have full modify and read access +# to the entire realm as does the system administrator principal: uid=admin, ou=system. +# +# The only thing these users cannot do is modify the system partition. They are only +# restricted to superUser rights within this realm partition +# + +dn: cn=superUsersAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { } +prescriptiveACI: { identificationTag "superUsersAci", precedence 20, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=superUsers,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } } + +# +# This ACI allows members of the userAdmin group to have full modify and read access +# to user accounts besides their own. Hence they can administer users in the system. +# + +dn: cn=userAdminsAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=users", maximum 1 } +prescriptiveACI: { identificationTag "userAdminsAci", precedence 16, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=userAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } } + + +# +# This ACI allows members of the applicationAdmin group to have full modify and read access +# to all applications in the realm. Adding users to this group is like a wild card for +# application access. +# + +dn: cn=applicationAdminsAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=applications" } +prescriptiveACI: { identificationTag "applicationAdminsAci", precedence 17, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=applicationAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } } + + +# +# This ACI allows members of the groupAdmins group to have full modify and read access +# to all groups in the realm other than the superUsers, userAdmins, groupAdmins, and the +# applicationAdmins groups. +# +# The rational behind this is to prevent these users from changing their or other +# users' access rights for the entire system by modifying their membership in these +# groups. Making someone a groupAdmin should not open the door to their ability to +# grant themselves or others system wide administrative abilities. +# +# Really the groupAdmins group is intended for users that have the ability to manage +# group membership in specific application administration groups and that's all. +# These types of admins should not have the right to promote others to system level +# administrators or complete super users. +# + +dn: cn=groupAdminsAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=groups", specificExclusions { chopBefore: "cn=userAdmins", chopBefore: "cn=groupAdmins", chopBefore: "cn=applicationAdmins", chopBefore: "cn=superUsers" } } +prescriptiveACI: { identificationTag "groupAdminsAci", precedence 18, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=groupAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } } + +dn: uid=akarasulu, ou=Users, dc=example,dc=com +cn: Alex Karasulu +sn: Karasulu +givenname: Alex +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: extensibleObject +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: Jacksonville +uid: akarasulu +krb5PrincipalName: akarasulu@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: akarasulu@example.com +telephonenumber: +1 904 982 6882 +facsimiletelephonenumber: +1 904 982 6883 +roomnumber: 666 +apacheSamType: 7 +safehausUid: akarasulu +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 27304238 +safehausSecret:: aaaabbbbccccdddd +safehausFailuresInEpoch: 0 +safehausResynchCount: -1 +safehausInfo: test account +safehausTokenPin: 1234 +safehausNotifyBy: sms +userpassword: maxwell + +dn: uid=lockedout, ou=Users, dc=example, dc=com +cn: Risky +sn: Lockedout +givenname: Unlucky +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: DummyCity +uid: lockedout +krb5PrincipalName: lockedout@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: lockedout@example.com +telephonenumber: +1 904 982 6882 +facsimiletelephonenumber: +1 904 982 6883 +roomnumber: 699 +safehausUid: lockedout +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 101347012 +safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r +safehausFailuresInEpoch: 20 +safehausResynchCount: -1 +safehausInfo: unlucky account +safehausTokenPin: 1234 +safehausNotifyBy: sms +userpassword: asdfasdf + +dn: uid=erodriguez, ou=Users, dc=example, dc=com +cn: Enrique Rodriguez +sn: Rodriguez +givenname: Enrique +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: Boston +uid: erodriguez +krb5PrincipalName: erodriguez@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +safehausUid: erodriguez +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 917483720127847 +safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^* +safehausFailuresInEpoch: 0 +safehausResynchCount: -1 +safehausInfo: test account +safehausTokenPin: 1234 +safehausNotifyBy: sms +userpassword: noices + +dn: uid=krbtgt, ou=Users, dc=example, dc=com +cn: Kerberos Server +sn: Server +givenname: Kerberos +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: krbtgt +krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: kahuna + +dn: uid=hostssh, ou=Users, dc=example, dc=com +cn: SSH Service +sn: Service +givenname: SSH +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: hostssh +krb5PrincipalName: host/www.example.com@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: randall + +dn: uid=hostssh2, ou=Users, dc=example, dc=com +cn: SSH Service +sn: Service +givenname: SSH +objectclass: top +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: hostssh +krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: randall + +dn: ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalunit +ou: applications + +dn: appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyApplication +appName: mockApplication +userPassword:: dGVzdGluZw== + +dn: ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalUnit +ou: roles + +dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: policyRole +objectClass: top +roleName: mockRole0 + +dn: roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +roleName: mockRole1 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm0 + +dn: roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +roleName: mockRole2 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: grant=mockPerm1, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm1 + +dn: roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +#grants: mockPerm3 +#grants: mockPerm2 +roleName: mockRole3 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: grant=mockPerm3, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm3 + +dn: grant=mockPerm2, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm2 + +dn: roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +#grants: mockPerm9 +#grants: mockPerm7 +#grants: mockPerm6 +#grants: mockPerm5 +#grants: mockPerm4 +roleName: mockRole4 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: grant=mockPerm9, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm9 + +dn: grant=mockPerm7, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm7 + +dn: grant=mockPerm6, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm6 + +dn: grant=mockPerm5, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm5 + +dn: grant=mockPerm4, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm4 + +dn: ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalUnit +ou: profiles + +dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +profileId: mockProfile0 +user: akarasulu + +dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +user: akarasulu +profileId: mockProfile1 +roles: mockRole2 +roles: mockRole1 + +dn: profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +profileId: mockProfile2 +#grants: mockPerm0 +user: akarasulu +roles: mockRole2 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm0 + +dn: profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +#grants: mockPerm7 +#grants: mockPerm0 +profileId: mockProfile3 +user: akarasulu +roles: mockRole3 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: grant=mockPerm7, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm7 + +dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm0 + +dn: profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +#denials: mockPerm7 +#grants: mockPerm0 +roles: mockRole4 +roles: mockRole3 +user: akarasulu +profileId: mockProfile4 + +dn: permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permClass +permClassName: org.safehaus.triplesec.guardian.StringPermission + +dn: deny=mockPerm7, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm7 + +dn: grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: permGrant +grant: mockPerm0 + Modified: directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java (original) +++ directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java Wed Dec 27 20:48:29 2006 @@ -121,8 +121,9 @@ { if ( module.commit() ) { - this.subject.getPrincipals().clear(); - this.subject.getPrincipals().add( new SafehausPrincipal( this.profile ) ); + //Clearing the principals means this has to be the only login module, not a reasonable assumption +// this.subject.getPrincipals().clear(); + this.subject.getPrincipals().add( new SafehausPrincipal( profile ) ); return true; } @@ -140,7 +141,7 @@ public boolean login() throws LoginException { Callback[] callbacks = new Callback[] { - profileIdCallback, passwordCallback, realmCallback, passcodeCallback, policyCallback + profileIdCallback, passwordCallback, realmCallback, passcodeCallback }; // ------------------------------------------------------------------- @@ -222,7 +223,8 @@ if ( bindAs( "uid=admin,ou=system", "admin" ) ) { - this.subject.getPrincipals().add( new SafehausPrincipal( profile ) ); + //add in commit(), not here +// this.subject.getPrincipals().add( new SafehausPrincipal( profile ) ); return true; } else @@ -386,8 +388,7 @@ passwordCallback = new PasswordCallback( "Password: ", false ); realmCallback = new RealmCallback(); passcodeCallback = new PasscodeCallback(); - policyCallback = new PolicyCallback(); - + // Save these values for delayed initialization of the Krb5LoginModule this.subject = subject; this.callbackHandler = callbackHandler; Modified: directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java (original) +++ directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java Wed Dec 27 20:48:29 2006 @@ -33,8 +33,9 @@ */ public class SafehausPrincipal implements Principal { + /** the Guardian authorization profile for this principal */ - private Profile profile; + private final Profile profile; SafehausPrincipal( Profile profile ) Modified: directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java (original) +++ directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java Wed Dec 27 20:48:29 2006 @@ -260,7 +260,7 @@ } else { - throw new Exception( "Can't figure out where to fine my installation." ); + throw new Exception( "Can't figure out where to find my installation." ); } cfg.setShutdownHookEnabled( enableShutdownHook ); Modified: directory/trunks/triplesec/pom.xml URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/pom.xml?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/pom.xml (original) +++ directory/trunks/triplesec/pom.xml Wed Dec 27 20:48:29 2006 @@ -141,67 +141,67 @@ org.apache.directory.server apacheds-core - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.shared shared-ldap - 0.9.5.3 + 0.9.6-SNAPSHOT org.apache.directory.server apacheds-core-unit - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.server apacheds-kerberos-shared - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.server apacheds-protocol-kerberos - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.server apacheds-server-ssl - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.server apacheds-server-tools - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.server apacheds-core-shared - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.server apacheds-server-jndi - 1.0.0 + 1.5.0-SNAPSHOT org.apache.directory.shared shared-asn1-codec - 0.9.5.3 + 0.9.6-SNAPSHOT org.apache.directory.daemon daemon-bootstrappers - 1.0.0 + 1.1.0-SNAPSHOT @@ -414,18 +414,18 @@ maven-surefire-plugin 2.2 - once - -enableassertions -Dgeronimo.bootstrap.logging.enabled=false -Dlog4j.configuration=org/apache/geronimo/test-log4j.properties + never + -enableassertions ${project.build.directory} - - **/Abstract*.java - **/Test*.java - - - **/*Test.java - + + + + + + + @@ -547,7 +547,7 @@ org.mortbay.jetty maven-jetty-plugin - 6.1-SNAPSHOT + 6.1.0rc2 @@ -567,7 +567,6 @@ org.apache.maven.plugins maven-site-plugin - 2.0-beta-5 @@ -639,6 +638,7 @@ testdata jaas sms + itest-data store verifier main Modified: directory/trunks/triplesec/store/pom.xml URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/pom.xml?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/store/pom.xml (original) +++ directory/trunks/triplesec/store/pom.xml Wed Dec 27 20:48:29 2006 @@ -30,6 +30,12 @@ ${project.groupId} + triplesec-itest-data + ${project.version} + test + + + ${project.groupId} triplesec-testdata ${project.version} test Modified: directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java (original) +++ directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java Wed Dec 27 20:48:29 2006 @@ -78,12 +78,13 @@ while( ocList.hasMore() ) { String value = String.valueOf( ocList.next() ); - if( "policyPermission".equalsIgnoreCase( value ) ) - { - checkNewPolicyEntry( next, name, "2.5.4.11=permissions" ); - policyEntry = true; - } - else if( "policyRole".equalsIgnoreCase( value ) ) +// if( "policyPermission".equalsIgnoreCase( value ) ) +// { +// checkNewPolicyEntry( next, name, "2.5.4.11=permissions" ); +// policyEntry = true; +// } +// else + if( "policyRole".equalsIgnoreCase( value ) ) { checkNewPolicyEntry( next, name, "2.5.4.11=roles" ); policyEntry = true; @@ -93,6 +94,18 @@ checkNewPolicyEntry( next, name, "2.5.4.11=profiles" ); policyEntry = true; } + else if ("permClass".equalsIgnoreCase( value )) + { + policyEntry = true; + } + else if ("permGrant".equalsIgnoreCase( value )) + { + policyEntry = true; + } + else if ("permDeny".equalsIgnoreCase( value )) + { + policyEntry = true; + } else if( "policyApplication".equalsIgnoreCase( value ) ) { isApplication = true; @@ -478,7 +491,7 @@ if( !parentName.equalsIgnoreCase( parentDn.getRdn().toString() ) ) { throw new SchemaViolationException( "Parent entry for policyPermissions must be '" + - parentName + "': " + name ); + parentName + "': " + name + "\n\ninstead of " + parentDn.getRdn().toString() ); } parentDn.remove( parentDn.size() -1 ); Modified: directory/trunks/triplesec/store/src/main/schema/safehaus.schema URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/main/schema/safehaus.schema?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/store/src/main/schema/safehaus.schema (original) +++ directory/trunks/triplesec/store/src/main/schema/safehaus.schema Wed Dec 27 20:48:29 2006 @@ -140,33 +140,33 @@ MUST ( uid ) MAY ( userPassword $ description $ safehausDisabled ) ) -attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.201 - NAME 'permName' - DESC 'the case sensitive name of a permission within the system' - EQUALITY caseExactMatch - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.202 NAME 'policyPermission' - SUP top - AUXILIARY - MUST ( permName ) - MAY ( description ) - ) - -attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.202 - NAME 'grants' - DESC 'the permissions granted to a role or a profile' - EQUALITY caseExactMatch - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.203 - NAME 'denials' - DESC 'the permissions denied for a profile' - EQUALITY caseExactMatch - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +#attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.201 +# NAME 'permName' +# DESC 'the case sensitive name of a permission within the system' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +#objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.202 NAME 'policyPermission' +# SUP top +# AUXILIARY +# MUST ( permName ) +# MAY ( description ) +# ) + +#attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.202 +# NAME 'grants' +# DESC 'the permissions granted to a role or a profile' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.203 +# NAME 'denials' +# DESC 'the permissions denied for a role or a profile' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.204 NAME 'roleName' @@ -200,11 +200,58 @@ SUP top AUXILIARY MUST ( roleName ) - MAY ( grants $ description ) ) + MAY ( description ) ) objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.204 NAME 'policyProfile' SUP top AUXILIARY MUST ( profileId $ user ) - MAY ( grants $ denials $ roles $ userPassword $ description $ safehausDisabled ) ) + MAY ( roles $ userPassword $ description $ safehausDisabled ) ) + +attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.208 + NAME 'permClassName' + DESC 'java class for a set of permission' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.209 + NAME 'grant' + DESC 'name for a granted permission' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.210 + NAME 'deny' + DESC 'name for a denied permission' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributetype ( 1.2.6.1.4.1.22555.1.1.1.3.211 + NAME 'action' + DESC 'action for a permission' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.205 NAME 'permClass' + SUP top + AUXILIARY + MUST ( permClassName ) + ) + +objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.206 NAME 'permGrant' + SUP top + AUXILIARY + MUST ( grant ) + MAY ( action ) + ) + +objectclass ( 1.2.6.1.4.1.22555.1.1.1.4.207 NAME 'permDeny' + SUP top + AUXILIARY + MUST ( deny ) + MAY ( action ) + ) Modified: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java (original) +++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java Wed Dec 27 20:48:29 2006 @@ -94,7 +94,7 @@ super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() ); super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() ); - super.setLdifPath( "/interceptor.ldif", getClass() ); + super.setLdifPath( "/server.ldif", getClass() ); super.setUp(); Hashtable env = new Hashtable(); @@ -124,7 +124,7 @@ userPassword = "secret"; } - LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" ); + LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" ); Hashtable env = new Hashtable(); env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" ); @@ -221,7 +221,7 @@ userPassword = "secret"; } - LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" ); + LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" ); Hashtable env = new Hashtable(); env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" ); @@ -250,18 +250,18 @@ { attrs.put( "userPassword", userPassword ); } - LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" ); + LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" ); ctx.createSubcontext( dn, attrs ); // create ou=permissions - attrs = new LockableAttributesImpl(); - oc = new LockableAttributeImpl( "objectClass" ); - oc.add( "top" ); - oc.add( "organizationalUnit" ); - attrs.put( oc ); - attrs.put( "ou", "permissions" ); - dn = new LdapDN( "ou=permissions,appName="+appName+",ou=Applications,dc=example,dc=com" ); - ctx.createSubcontext( dn, attrs ); +// attrs = new LockableAttributesImpl(); +// oc = new LockableAttributeImpl( "objectClass" ); +// oc.add( "top" ); +// oc.add( "organizationalUnit" ); +// attrs.put( oc ); +// attrs.put( "ou", "permissions" ); +// dn = new LdapDN( "ou=permissions,appName="+appName+",ou=applications,dc=example,dc=com" ); +// ctx.createSubcontext( dn, attrs ); // create ou=roles attrs = new LockableAttributesImpl(); @@ -270,7 +270,7 @@ oc.add( "organizationalUnit" ); attrs.put( oc ); attrs.put( "ou", "roles" ); - dn = new LdapDN( "ou=roles,appName="+appName+",ou=Applications,dc=example,dc=com" ); + dn = new LdapDN( "ou=roles,appName="+appName+",ou=applications,dc=example,dc=com" ); ctx.createSubcontext( dn, attrs ); // create ou=profiles @@ -280,14 +280,14 @@ oc.add( "organizationalUnit" ); attrs.put( oc ); attrs.put( "ou", "profiles" ); - dn = new LdapDN( "ou=profiles,appName="+appName+",ou=Applications,dc=example,dc=com" ); + dn = new LdapDN( "ou=profiles,appName="+appName+",ou=applications,dc=example,dc=com" ); ctx.createSubcontext( dn, attrs ); } public void addAppUserToAdminGroup( String appName ) throws NamingException { - LdapDN dn = new LdapDN( "appName="+appName+",ou=Applications,dc=example,dc=com" ); + LdapDN dn = new LdapDN( "appName="+appName+",ou=applications,dc=example,dc=com" ); Attributes attrs = new LockableAttributesImpl(); attrs.put( "uniqueMember", dn.getUpName() ); @@ -298,6 +298,8 @@ private boolean canWriteToPermissions( String appName ) throws NamingException { + return true; +/* DirContext appUserCtx = getAppContextAsApp( appName ); Attributes attrs = new LockableAttributesImpl(); attrs.put( "objectClass", "policyPermission" ); @@ -322,6 +324,7 @@ { } } +*/ } @@ -331,9 +334,9 @@ assertTrue( adminGroupExists( "testApp" ) ); assertTrue( aciItemsExist( "testApp" ) ); assertNoAccessToAdminGroupByApp( "testApp", "secret" ); - assertFalse( canWriteToPermissions( "testApp" ) ); +// assertFalse( canWriteToPermissions( "testApp" ) ); addAppUserToAdminGroup( "testApp" ); - assertTrue( canWriteToPermissions( "testApp" ) ); +// assertTrue( canWriteToPermissions( "testApp" ) ); } @@ -348,13 +351,13 @@ private void destroyApplication( String appName ) throws Exception { - DirContext appCtx = ( DirContext ) ctx.lookup( "appName="+appName+",ou=Applications,dc=example,dc=com" ); - appCtx.destroySubcontext( "ou=permissions" ); + DirContext appCtx = ( DirContext ) ctx.lookup( "appName="+appName+",ou=applications,dc=example,dc=com" ); +// appCtx.destroySubcontext( "ou=permissions" ); appCtx.destroySubcontext( "ou=profiles" ); appCtx.destroySubcontext( "ou=roles" ); appCtx.close(); - ctx.destroySubcontext( "appName="+appName+",ou=Applications,dc=example,dc=com" ); + ctx.destroySubcontext( "appName="+appName+",ou=applications,dc=example,dc=com" ); } Modified: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java (original) +++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java Wed Dec 27 20:48:29 2006 @@ -58,6 +58,8 @@ */ public class PolicyProtectionInterceptorITest extends AbstractAdminTestCase { + + private static final String STRING_PERMISSION_CLASS_NAME = "org.safehaus.triplesec.guardian.StringPermission"; private DirContext ctx; @@ -94,7 +96,7 @@ super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() ); super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() ); - super.setLdifPath( "/interceptor.ldif", getClass() ); + super.setLdifPath( "/server.ldif", getClass() ); super.setUp(); Hashtable env = new Hashtable(); @@ -125,20 +127,18 @@ ctx.bind( "ou=test,dc=example,dc=com", null, new BasicAttributes( "objectClass", "top" ) ); // Test adding permissions - Attributes perm = new BasicAttributes(); - attr = new BasicAttribute( "objectClass" ); - attr.add( "top" ); - attr.add( "policyPermission" ); - perm.put( attr ); - perm.put( "permName", "permX" ); - - _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm ); +// Attributes perm = new BasicAttributes(); +// attr = new BasicAttribute( "objectClass" ); +// attr.add( "top" ); +// attr.add( "policyPermission" ); +// perm.put( attr ); +// perm.put( "permName", "permX" ); +// +// _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm ); // Test adding roles Attributes role = new BasicAttributes(); - attr = new BasicAttribute( "objectClass" ); - attr.add( "top" ); - attr.add( "policyRole" ); + attr = getObjectClassAttr("policyRole"); role.put( attr ); role.put( "roleName", "roleX" ); @@ -146,9 +146,7 @@ // Test adding profiles Attributes profile = new BasicAttributes(); - attr = new BasicAttribute( "objectClass" ); - attr.add( "top" ); - attr.add( "policyProfile" ); + attr = getObjectClassAttr("policyProfile"); profile.put( attr ); profile.put( "profileId", "profileX" ); profile.put( "user", "akarasulu" ); @@ -158,29 +156,42 @@ // Test adding a role with non-existing permissions role = new BasicAttributes(); - attr = new BasicAttribute( "objectClass" ); - attr.add( "top" ); - attr.add( "policyRole" ); - role.put( attr ); + role.put( getObjectClassAttr("policyRole") ); role.put( "roleName", "roleY" ); - role.put( "grants", "unknownPerm" ); - try - { + //TODO add perm in new way +// role.put( "grants", "unknownPerm" ); +// try +// { ctx.bind( "roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", null, role); - Assert.fail(); - } - catch( SchemaViolationException e ) - { + + Attributes permClass = new BasicAttributes(); + permClass.put(getObjectClassAttr("permClass")); + permClass.put("permClassName", STRING_PERMISSION_CLASS_NAME); + ctx.bind( + "permClassName=" + STRING_PERMISSION_CLASS_NAME + ", roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + null, permClass); + + Attributes grant = new BasicAttributes(); + grant.put(getObjectClassAttr("permGrant")); + grant.put("grant", "newPerm"); + ctx.bind( + "grant=newPerm, permClassName=" + STRING_PERMISSION_CLASS_NAME + ", roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + null, grant); + + + //TODO check that bind should work +// Assert.fail(); +// } +// catch( SchemaViolationException e ) +// { // OK - } +// } // Test adding a profile with a non-existing role profile = new BasicAttributes(); - attr = new BasicAttribute( "objectClass" ); - attr.add( "top" ); - attr.add( "policyProfile" ); + attr = getObjectClassAttr("policyProfile"); profile.put( attr ); profile.put( "profileId", "profileY" ); profile.put( "roles", "unknownRole" ); @@ -199,52 +210,52 @@ // Test adding a profile with non-existing permissions profile = new BasicAttributes(); - attr = new BasicAttribute( "objectClass" ); - attr.add( "top" ); - attr.add( "policyProfile" ); + attr = getObjectClassAttr("policyProfile"); profile.put( attr ); - profile.put( "uid", "profileY" ); - profile.put( "grants", "unknownPerm" ); + profile.put( "profileId", "profileY" ); + profile.put( "user", "someone" ); + //TODO add permissions new way, fix test +// profile.put( "grants", "unknownPerm" ); - try - { +// try +// { ctx.bind( "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", null, profile); - Assert.fail(); - } - catch( SchemaViolationException e ) - { +// Assert.fail(); +// } +// catch( SchemaViolationException e ) +// { // OK - } +// } // Test adding non-existing permission to a role - try - { - ctx.modifyAttributes( - "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", - DirContext.ADD_ATTRIBUTE, - new BasicAttributes( "grants", "unknownPerm" ) ); - Assert.fail(); - } - catch( SchemaViolationException e ) - { +// try +// { +// ctx.modifyAttributes( +// "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", +// DirContext.ADD_ATTRIBUTE, +// new BasicAttributes( "grants", "unknownPerm" ) ); +// Assert.fail(); +// } +// catch( SchemaViolationException e ) +// { // OK - } +// } // Test adding non-existing permission to a profile - try - { - ctx.modifyAttributes( - "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", - DirContext.ADD_ATTRIBUTE, - new BasicAttributes( "grants", "unknownPerm" ) ); - Assert.fail(); - } - catch( SchemaViolationException e ) - { +// try +// { +// ctx.modifyAttributes( +// "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", +// DirContext.ADD_ATTRIBUTE, +// new BasicAttributes( "grants", "unknownPerm" ) ); +// Assert.fail(); +// } +// catch( SchemaViolationException e ) +// { // OK - } +// } // Test adding non-existing role to a profile try @@ -261,6 +272,14 @@ } } + private Attribute getObjectClassAttr(String objectClass) { + Attribute attr; + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( objectClass ); + return attr; + } + private void _testAdd( String rn, String siblingRN, String parentRN, Attributes entry ) throws NamingException { @@ -329,23 +348,25 @@ ctx.unbind( "uid=akarasulu, ou=Users, dc=example,dc=com" ); // Test deleting permissions not in use - ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); +// ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); // Test deleting roles not in use ctx.unbind( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); // Test deleting permissions in use - try - { - ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); - Assert.fail(); - } - catch ( SchemaViolationException e ) - { +// try +// { +// ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); +// Assert.fail(); +// } +// catch ( SchemaViolationException e ) +// { // OK - } +// } // Test deleting roles in use + ctx.unbind("grant=mockPerm0, permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com"); + ctx.unbind("permClassName=org.safehaus.triplesec.guardian.StringPermission, roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com"); try { ctx.unbind( "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); @@ -393,12 +414,12 @@ // { // // OK // } - ctx.modifyAttributes( - "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); - ctx.modifyAttributes( - "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); +// ctx.modifyAttributes( +// "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); +// ctx.modifyAttributes( +// "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); // Test modifications on roles // ctx.modifyAttributes( @@ -637,36 +658,36 @@ { // OK } - try - { - ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" ); - Assert.fail(); - } - catch ( SchemaViolationException e ) - { +// try +// { +// ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" ); +// Assert.fail(); +// } +// catch ( SchemaViolationException e ) +// { // OK - } +// } // Test renaming entries not in use - ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); +// ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", "roleName=mockRoleX, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", "profileId=mockProfileX, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ); // Test renaming entries in use - try - { - ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); - Assert.fail(); - } - catch ( SchemaViolationException e ) - { +// try +// { +// ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); +// Assert.fail(); +// } +// catch ( SchemaViolationException e ) +// { // OK - } +// } try { ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", @@ -705,36 +726,36 @@ { // OK } - try - { - ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - "ou=permissions,ou=applications,dc=example,dc=com" ); - Assert.fail(); - } - catch ( SchemaViolationException e ) - { +// try +// { +// ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// "ou=permissions,ou=applications,dc=example,dc=com" ); +// Assert.fail(); +// } +// catch ( SchemaViolationException e ) +// { // OK - } +// } // Test renaming entries not in use - ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - "permName=mockPerm8, ou=applications,dc=example,dc=com" ); +// ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// "permName=mockPerm8, ou=applications,dc=example,dc=com" ); ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", "roleName=mockRole0, ou=applications,dc=example,dc=com" ); ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", "profileId=mockProfile0, ou=applications,dc=example,dc=com" ); // Test renaming entries in use - try - { - ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", - "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" ); - Assert.fail(); - } - catch ( SchemaViolationException e ) - { +// try +// { +// ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", +// "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" ); +// Assert.fail(); +// } +// catch ( SchemaViolationException e ) +// { // OK - } +// } try { ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java (original) +++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java Wed Dec 27 20:48:29 2006 @@ -47,7 +47,7 @@ import org.safehaus.triplesec.TriplesecInstallationLayout; import org.safehaus.triplesec.admin.Application; import org.safehaus.triplesec.admin.Group; -import org.safehaus.triplesec.admin.Permission; +import org.safehaus.triplesec.admin.PermissionClass; import org.safehaus.triplesec.admin.Profile; import org.safehaus.triplesec.admin.Role; import org.safehaus.triplesec.admin.User; @@ -101,7 +101,7 @@ private JButton disconnectButton = null; private JMenu connectionMenu = null; private JPanel emptyPanel = null; - private PermissionPanel permissionPanel = null; +// private PermissionPanel permissionPanel = null; private RolePanel rolePanel; private UserPanel userPanel; private ProfilePanel profilePanel; @@ -110,7 +110,7 @@ private GroupPanel groupPanel; private NewGroupPanel newGroupPanel; private NewUserPanel newUserPanel; - private NewPermissionPanel newPermissionPanel; +// private NewPermissionPanel newPermissionPanel; private NewRolePanel newRolePanel; private NewProfilePanel newProfilePanel; private JMenu settingsMenu = null; @@ -157,7 +157,6 @@ /** * This method initializes this * - * @return void */ private void initialize() { @@ -493,7 +492,7 @@ rightDetailPanelLayout = new CardLayout(); rightDetailPanel.setLayout( rightDetailPanelLayout ); rightDetailPanel.add( getEmptyPanel(), getEmptyPanel().getName() ); - rightDetailPanel.add( getPermissionPanel(), getPermissionPanel().getName() ); +// rightDetailPanel.add( getPermissionPanel(), getPermissionPanel().getName() ); rightDetailPanel.add( getRolePanel(), getRolePanel().getName() ); rightDetailPanel.add( getProfilePanel(), getProfilePanel().getName() ); rightDetailPanel.add( getApplicationPanel(), getApplicationPanel().getName() ); @@ -502,7 +501,7 @@ rightDetailPanel.add( getNewApplicationPanel(), getNewApplicationPanel().getName() ); rightDetailPanel.add( getNewGroupPanel(), getNewGroupPanel().getName() ); rightDetailPanel.add( getNewUserPanel(), getNewUserPanel().getName() ); - rightDetailPanel.add( getNewPermissionPanel(), getNewPermissionPanel().getName() ); +// rightDetailPanel.add( getNewPermissionPanel(), getNewPermissionPanel().getName() ); rightDetailPanel.add( getNewRolePanel(), getNewRolePanel().getName() ); rightDetailPanel.add( getNewProfilePanel(), getNewProfilePanel().getName() ); } @@ -678,15 +677,15 @@ * * @return javax.swing.JPanel */ - private PermissionPanel getPermissionPanel() - { - if ( permissionPanel == null ) - { - permissionPanel = new PermissionPanel(); - permissionPanel.setName( "permissionPanel" ); - } - return permissionPanel; - } +// private PermissionPanel getPermissionPanel() +// { +// if ( permissionPanel == null ) +// { +// permissionPanel = new PermissionPanel(); +// permissionPanel.setName( "permissionPanel" ); +// } +// return permissionPanel; +// } /** @@ -823,15 +822,15 @@ * * @return javax.swing.JPanel */ - private NewPermissionPanel getNewPermissionPanel() - { - if ( newPermissionPanel == null ) - { - newPermissionPanel = new NewPermissionPanel(); - newPermissionPanel.setName( "newPermissionPanel" ); - } - return newPermissionPanel; - } +// private NewPermissionPanel getNewPermissionPanel() +// { +// if ( newPermissionPanel == null ) +// { +// newPermissionPanel = new NewPermissionPanel(); +// newPermissionPanel.setName( "newPermissionPanel" ); +// } +// return newPermissionPanel; +// } /** @@ -1079,13 +1078,14 @@ } Object obj = node.getUserObject(); - if ( obj instanceof Permission ) - { - permissionPanel.setTreeNode( node ); - permissionPanel.setTree( leftNavigation.getTree() ); - rightDetailPanelLayout.show( rightDetailPanel, "permissionPanel" ); - } - else if ( obj instanceof Role ) +// if ( obj instanceof Permission ) +// { +// permissionPanel.setTreeNode( node ); +// permissionPanel.setTree( leftNavigation.getTree() ); +// rightDetailPanelLayout.show( rightDetailPanel, "permissionPanel" ); +// } +// else + if ( obj instanceof Role ) { rolePanel.setTreeNode( node ); rolePanel.setTree( leftNavigation.getTree() ); @@ -1135,12 +1135,12 @@ newUserPanel.setLeftTreeNavigation( leftNavigation ); rightDetailPanelLayout.show( rightDetailPanel, "newUserPanel" ); } - else if ( ( ( String ) obj ).equalsIgnoreCase( "Permissions" ) ) - { - newPermissionPanel.setTreeNode( node ); - newPermissionPanel.setLeftTreeNavigation( leftNavigation ); - rightDetailPanelLayout.show( rightDetailPanel, "newPermissionPanel" ); - } +// else if ( ( ( String ) obj ).equalsIgnoreCase( "Permissions" ) ) +// { +// newPermissionPanel.setTreeNode( node ); +// newPermissionPanel.setLeftTreeNavigation( leftNavigation ); +// rightDetailPanelLayout.show( rightDetailPanel, "newPermissionPanel" ); +// } else if ( ( ( String ) obj ).equalsIgnoreCase( "Roles" ) ) { newRolePanel.setTreeNode( node ); Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java (original) +++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java Wed Dec 27 20:48:29 2006 @@ -32,7 +32,7 @@ import org.safehaus.triplesec.admin.Group; import org.safehaus.triplesec.admin.HauskeysUser; import org.safehaus.triplesec.admin.LocalUser; -import org.safehaus.triplesec.admin.Permission; +import org.safehaus.triplesec.admin.PermissionClass; import org.safehaus.triplesec.admin.Profile; import org.safehaus.triplesec.admin.Role; @@ -189,14 +189,14 @@ setIcon( applicationContainerClosedIcon ); } } - else if ( leaf && isPermission( value ) ) + else if ( leaf && isPermissionClass( value ) ) { setIcon( permissionIcon ); - Permission permission = getPermission( value ); - if ( permission.getDescription() != null ) - { - setToolTipText( permission.getDescription() ); - } + PermissionClass permission = getPermission( value ); +// if ( permission.getDescription() != null ) +// { +// setToolTipText( permission.getDescription() ); +// } } else if ( isApplication( value ) ) { @@ -357,10 +357,10 @@ } - private boolean isPermission( Object obj ) + private boolean isPermissionClass( Object obj ) { DefaultMutableTreeNode node = ( DefaultMutableTreeNode ) obj; - if ( node.getUserObject() instanceof Permission ) + if ( node.getUserObject() instanceof PermissionClass ) { return true; } @@ -401,10 +401,10 @@ } - private Permission getPermission( Object obj ) + private PermissionClass getPermission( Object obj ) { DefaultMutableTreeNode node = ( DefaultMutableTreeNode ) obj; - return ( Permission ) node.getUserObject(); + return ( PermissionClass ) node.getUserObject(); } Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java (original) +++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java Wed Dec 27 20:48:29 2006 @@ -217,12 +217,12 @@ model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), rolesNode, 0 ); } - DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" ); - model.insertNodeInto( permissionsNode, appNode, 0 ); - for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ ) - { - model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 ); - } +// DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" ); +// model.insertNodeInto( permissionsNode, appNode, 0 ); +// for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ ) +// { +// model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 ); +// } } } @@ -257,12 +257,12 @@ model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), rolesNode, 0 ); } - DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" ); - model.insertNodeInto( permissionsNode, appNode, 0 ); - for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ ) - { - model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 ); - } +// DefaultMutableTreeNode permissionsNode = new DefaultMutableTreeNode( "Permissions" ); +// model.insertNodeInto( permissionsNode, appNode, 0 ); +// for ( Iterator jj = app.permissionIterator(); jj.hasNext(); /**/ ) +// { +// model.insertNodeInto( new DefaultMutableTreeNode( jj.next() ), permissionsNode, 0 ); +// } } Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java (original) +++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java Wed Dec 27 20:48:29 2006 @@ -46,12 +46,13 @@ import org.safehaus.triplesec.admin.Application; import org.safehaus.triplesec.admin.ApplicationModifier; import org.safehaus.triplesec.admin.DataAccessException; -import org.safehaus.triplesec.admin.Permission; import org.safehaus.triplesec.admin.Profile; import org.safehaus.triplesec.admin.ProfileModifier; import org.safehaus.triplesec.admin.Role; import org.safehaus.triplesec.admin.RoleModifier; import org.safehaus.triplesec.admin.TriplesecAdmin; +import org.safehaus.triplesec.admin.PermissionClass; + import javax.swing.JPasswordField; @@ -113,7 +114,6 @@ /** * This method initializes this * - * @return void */ private void initialize() { @@ -249,35 +249,35 @@ // Iterated and copy app's perms and create in new app // ------------------------------------------------------------------- - DefaultMutableTreeNode permsNode = null; - DefaultMutableTreeNode newPermsNode = null; +// DefaultMutableTreeNode permsNode = null; +// DefaultMutableTreeNode newPermsNode = null; DefaultTreeModel model = ( DefaultTreeModel ) leftTreeNavigation.getTree().getModel(); - for ( Enumeration ii = copiedApplicationNode.children(); ii.hasMoreElements(); /**/ ) - { - DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement(); - if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) ) - { - permsNode = child; - } - } - for ( Enumeration ii = newApplicationNode.children(); ii.hasMoreElements(); /**/ ) - { - DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement(); - if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) ) - { - newPermsNode = child; - } - } - for ( Enumeration ii = permsNode.children(); ii.hasMoreElements(); /**/ ) - { - DefaultMutableTreeNode copiedPermissionNode = ( DefaultMutableTreeNode ) ii.nextElement(); - Permission copiedPermission = ( Permission ) copiedPermissionNode.getUserObject(); - Permission newPermission = newApplication.modifier() - .newPermission( copiedPermission.getName() ) - .setDescription( copiedPermission.getDescription() ).add(); - model.insertNodeInto( new DefaultMutableTreeNode( newPermission ), newPermsNode, 0 ); - } - +// for ( Enumeration ii = copiedApplicationNode.children(); ii.hasMoreElements(); /**/ ) +// { +// DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement(); +// if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) ) +// { +// permsNode = child; +// } +// } +// for ( Enumeration ii = newApplicationNode.children(); ii.hasMoreElements(); /**/ ) +// { +// DefaultMutableTreeNode child = ( DefaultMutableTreeNode ) ii.nextElement(); +// if ( ( ( String ) child.getUserObject() ).equals( "Permissions" ) ) +// { +// newPermsNode = child; +// } +// } +// for ( Enumeration ii = permsNode.children(); ii.hasMoreElements(); /**/ ) +// { +// DefaultMutableTreeNode copiedPermissionNode = ( DefaultMutableTreeNode ) ii.nextElement(); +// Permission copiedPermission = ( Permission ) copiedPermissionNode.getUserObject(); +// Permission newPermission = newApplication.modifier() +// .newPermission( copiedPermission.getName() ) +// .setDescription( copiedPermission.getDescription() ).add(); +// model.insertNodeInto( new DefaultMutableTreeNode( newPermission ), newPermsNode, 0 ); +// } +// // ------------------------------------------------------------------- // Iterate and copy app's roles and create in new app // ------------------------------------------------------------------- @@ -306,9 +306,9 @@ Role copiedRole = ( Role ) copiedRoleNode.getUserObject(); RoleModifier modifier = newApplication.modifier().newRole( copiedRole.getName() ) .setDescription( copiedRole.getDescription() ); - for ( Iterator jj = copiedRole.getGrants().iterator(); jj.hasNext(); /**/ ) + for ( Iterator jj = copiedRole.getPermissionClasses().iterator(); jj.hasNext(); /**/ ) { - modifier.addGrant( ( String ) jj.next() ); + modifier.addPermissionClass( jj.next() ); } Role newRole = modifier.add(); model.insertNodeInto( new DefaultMutableTreeNode( newRole ), newRolesNode, 0 ); @@ -343,13 +343,9 @@ ProfileModifier modifier = newApplication.modifier() .newProfile( copiedProfile.getId(), copiedProfile.getUser() ) .setDescription( copiedProfile.getDescription() ); - for ( Iterator jj = copiedProfile.getGrants().iterator(); jj.hasNext(); /**/ ) - { - modifier.addGrant( ( String ) jj.next() ); - } - for ( Iterator jj = copiedProfile.getDenials().iterator(); jj.hasNext(); /**/ ) + for ( Iterator jj = copiedProfile.getPermissionClasses().iterator(); jj.hasNext(); /**/ ) { - modifier.addDenial( ( String ) jj.next() ); + modifier.addPermissionClass( jj.next() ); } for ( Iterator jj = copiedProfile.getRoles().iterator(); jj.hasNext(); /**/ ) { Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java (original) +++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java Wed Dec 27 20:48:29 2006 @@ -43,8 +43,8 @@ import org.safehaus.triplesec.admin.Application; import org.safehaus.triplesec.admin.DataAccessException; -import org.safehaus.triplesec.admin.Permission; -import org.safehaus.triplesec.admin.PermissionModifier; +import org.safehaus.triplesec.admin.PermissionClass; +//import org.safehaus.triplesec.admin.PermissionClassModifier; public class NewPermissionPanel extends JPanel @@ -92,7 +92,6 @@ /** * This method initializes this * - * @return void */ private void initialize() { @@ -388,24 +387,24 @@ DefaultMutableTreeNode appNode = ( DefaultMutableTreeNode ) node.getParent(); Application application = ( Application ) appNode.getUserObject(); - Permission permission; - PermissionModifier modifier = application.modifier().newPermission( permissionNameTextField.getText() ) - .setDescription( descriptionTextArea.getText() ); - try - { - permission = modifier.add(); - DefaultMutableTreeNode permissionNode = new DefaultMutableTreeNode( permission ); - DefaultTreeModel model = ( DefaultTreeModel ) leftTreeNavigation.getTree().getModel(); - model.insertNodeInto( permissionNode, node, 0 ); - existingPermissionsTableModel.fireTableDataChanged(); - } - catch ( DataAccessException e ) - { - JOptionPane.showMessageDialog( this, - UiUtils.wrap( "Failed to create permission:\n" + e.getMessage(), 79 ), - "Permission creation failure!", JOptionPane.ERROR_MESSAGE ); - return; - } + PermissionClass permission; +// PermissionClassModifier modifier = application.modifier().newPermission( permissionNameTextField.getText() ) +// .setDescription( descriptionTextArea.getText() ); +// try +// { +// permission = modifier.add(); +// DefaultMutableTreeNode permissionNode = new DefaultMutableTreeNode( permission ); +// DefaultTreeModel model = ( DefaultTreeModel ) leftTreeNavigation.getTree().getModel(); +// model.insertNodeInto( permissionNode, node, 0 ); +// existingPermissionsTableModel.fireTableDataChanged(); +// } +// catch ( DataAccessException e ) +// { +// JOptionPane.showMessageDialog( this, +// UiUtils.wrap( "Failed to create permission:\n" + e.getMessage(), 79 ), +// "Permission creation failure!", JOptionPane.ERROR_MESSAGE ); +// return; +// } permissionNameTextField.setText( null ); statusTextField.setText( null ); } @@ -482,14 +481,14 @@ { public void valueChanged( ListSelectionEvent e ) { - int index = existingPermissionsTable.getSelectionModel().getAnchorSelectionIndex(); - if ( existingPermissionsTableModel.getRowCount() == 0 || index < 0 ) - { - return; - } - Permission permission = ( Permission ) existingPermissionsTableModel.getValueAt( index, 0 ); - permissionNameTextField.setText( "CopyOf" + permission.getName() ); - descriptionTextArea.setText( permission.getDescription() ); +// int index = existingPermissionsTable.getSelectionModel().getAnchorSelectionIndex(); +// if ( existingPermissionsTableModel.getRowCount() == 0 || index < 0 ) +// { +// return; +// } +// PermissionClass permission = ( PermissionClass ) existingPermissionsTableModel.getValueAt( index, 0 ); +// permissionNameTextField.setText( "CopyOf" + permission.getName() ); +// descriptionTextArea.setText( permission.getDescription() ); } } ); existingPermissionsTable.setModel( getExistingPermissionsTableModel() ); Modified: directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java?view=diff&rev=490646&r1=490645&r2=490646 ============================================================================== --- directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java (original) +++ directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java Wed Dec 27 20:48:29 2006 @@ -84,8 +84,8 @@ private JLabel jLabel3 = null; private JComboBox usersComboBox = null; private DefaultComboBoxModel usersComboBoxModel = new DefaultComboBoxModel(); - private ProfilePermissionsPanel profileGrantsPanel; - private ProfilePermissionsPanel profileDenialsPanel; +// private ProfilePermissionsPanel profileGrantsPanel; +// private ProfilePermissionsPanel profileDenialsPanel; private ProfileRolesPanel profileRolesPanel; @@ -108,7 +108,6 @@ /** * This method initializes this * - * @return void */ private void initialize() { @@ -431,8 +430,8 @@ // Fill up the various panels for grants, denials and roles // ------------------------------------------------------------------- - profileGrantsPanel.populateLists( applicationNode, Collections.EMPTY_SET ); - profileDenialsPanel.populateLists( applicationNode, Collections.EMPTY_SET ); +// profileGrantsPanel.populateLists( applicationNode, Collections.EMPTY_SET ); +// profileDenialsPanel.populateLists( applicationNode, Collections.EMPTY_SET ); profileRolesPanel.populateLists( applicationNode, Collections.EMPTY_SET ); } @@ -470,14 +469,14 @@ // Iterate through and add denials, grants, and roles in list panels // ------------------------------------------------------------------- - for ( Enumeration ii = profileGrantsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ ) - { - modifier.addGrant( ( String ) ii.nextElement() ); - } - for ( Enumeration ii = profileDenialsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ ) - { - modifier.addDenial( ( String ) ii.nextElement() ); - } +// for ( Enumeration ii = profileGrantsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ ) +// { +// modifier.addGrant( ( String ) ii.nextElement() ); +// } +// for ( Enumeration ii = profileDenialsPanel.getExistingModel().elements(); ii.hasMoreElements(); /**/ ) +// { +// modifier.addDenial( ( String ) ii.nextElement() ); +// } for ( Enumeration ii = profileRolesPanel.getProfileRolesModel().elements(); ii.hasMoreElements(); /**/ ) { modifier.addRole( ( String ) ii.nextElement() ); @@ -515,8 +514,8 @@ centerTabbedPane = new JTabbedPane(); centerTabbedPane.addTab( "Existing", null, getExistingPanelTab(), "Copy a profile from any one of these existing profiles." ); - centerTabbedPane.addTab( "Grants", null, getProfileGrantsPanel() ); - centerTabbedPane.addTab( "Denials", null, getProfileDenialsPanel() ); +// centerTabbedPane.addTab( "Grants", null, getProfileGrantsPanel() ); +// centerTabbedPane.addTab( "Denials", null, getProfileDenialsPanel() ); centerTabbedPane.addTab( "Roles", null, getProfileRolesPanel() ); } return centerTabbedPane; @@ -528,14 +527,14 @@ * * @return javax.swing.JPanel */ - private ProfilePermissionsPanel getProfileGrantsPanel() - { - if ( profileGrantsPanel == null ) - { - profileGrantsPanel = new ProfilePermissionsPanel(); - } - return profileGrantsPanel; - } +// private ProfilePermissionsPanel getProfileGrantsPanel() +// { +// if ( profileGrantsPanel == null ) +// { +// profileGrantsPanel = new ProfilePermissionsPanel(); +// } +// return profileGrantsPanel; +// } /** @@ -543,14 +542,14 @@ * * @return javax.swing.JPanel */ - private ProfilePermissionsPanel getProfileDenialsPanel() - { - if ( profileDenialsPanel == null ) - { - profileDenialsPanel = new ProfilePermissionsPanel( false ); - } - return profileDenialsPanel; - } +// private ProfilePermissionsPanel getProfileDenialsPanel() +// { +// if ( profileDenialsPanel == null ) +// { +// profileDenialsPanel = new ProfilePermissionsPanel( false ); +// } +// return profileDenialsPanel; +// } private ProfileRolesPanel getProfileRolesPanel() @@ -637,8 +636,8 @@ return; } - profileGrantsPanel.populateLists( applicationNode, profile.getGrants() ); - profileDenialsPanel.populateLists( applicationNode, profile.getDenials() ); +// profileGrantsPanel.populateLists( applicationNode, profile.getGrants() ); +// profileDenialsPanel.populateLists( applicationNode, profile.getDenials() ); profileRolesPanel.populateLists( applicationNode, profile.getRoles() ); } } );