directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r491704 - in /directory/sandbox/triplesec-jacc: admin-api/src/main/java/org/safehaus/triplesec/admin/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/ admin-api/src/tes...
Date Mon, 01 Jan 2007 23:49:10 GMT
Author: djencks
Date: Mon Jan  1 15:49:09 2007
New Revision: 491704

URL: http://svn.apache.org/viewvc?view=rev&rev=491704
Log:
Fix a lot of bugs so at least some of the jacc permission installation works.  Includes a simple test.

Added:
    directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml   (with props)
    directory/sandbox/triplesec-jacc/jacc/src/test/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/org/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/
    directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java   (with props)
Modified:
    directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java
    directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
    directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java
    directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java
    directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
    directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
    directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
    directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif
    directory/sandbox/triplesec-jacc/jaas/pom.xml
    directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
    directory/sandbox/triplesec-jacc/jacc/pom.xml
    directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
    directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java
    directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java
    directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java

Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/DataAccessException.java Mon Jan  1 15:49:09 2007
@@ -35,4 +35,14 @@
     {
         super( msg );
     }
+    
+    public DataAccessException( String msg, Throwable t )
+    {
+        super( msg, t );
+    }
+
+    public DataAccessException( Throwable t )
+    {
+        super( t );
+    }
 }

Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java Mon Jan  1 15:49:09 2007
@@ -28,7 +28,7 @@
 import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class PermissionActions extends AdministeredEntity implements Constants {
 
@@ -39,7 +39,7 @@
         Date modifyTimestamp, PermissionActionsDao dao, String permissionName, Set<String> actions) {
         super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
         this.permissionName = permissionName;
-        this.actions = new HashSet<String>(actions);
+        this.actions = actions == null? new HashSet<String>(): new HashSet<String>(actions);
     }
 
     public String getPermissionName() {

Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java Mon Jan  1 15:49:09 2007
@@ -44,13 +44,13 @@
     PermissionClass rename(  String contextDn, String newPermClassName, PermissionClass permClass )
         throws DataAccessException;
 
-    PermissionClass load( String applicationName, String name )
+    PermissionClass load( String contextDn, String name )
         throws DataAccessException;
 
-    boolean has( String applicationName, String name )
+    boolean has( String contextDn, String name )
         throws DataAccessException;
 
-    Iterator permissionClassNameIterator( String applicationName )
+    Iterator permissionClassNameIterator( String contextDn )
         throws DataAccessException;
 
 }

Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java Mon Jan  1 15:49:09 2007
@@ -138,11 +138,11 @@
         catch ( NamingException e )
         {
             log.error( "Unexpected failure", e );
-            throw new DataAccessException( e.getMessage() );
+            throw new DataAccessException( e.getMessage(), e );
         }
     }
-    
-    
+
+
     public void delete( String contextDn, String permClassName )
         throws DataAccessException
     {
@@ -172,7 +172,7 @@
         String permClassName  ) throws DataAccessException
     {
         String rdn = getRelativeDn( contextDn, permClassName );
-        
+
 //        try
 //        {
 //            ctx.modifyAttributes( rdn, mods );
@@ -196,18 +196,18 @@
 //            log.error( msg, e );
 //            throw new NoSuchEntryException( msg );
 //        }
-        
+
         return new PermissionClass( creatorsName, createTimestamp, this.principalName,
             new Date( System.currentTimeMillis() ), this, permClassName, null, null  );
     }
-    
-    
+
+
     public PermissionClass rename( String contextDn, String newPermClassName, PermissionClass permClass )
         throws DataAccessException
     {
         String oldRdn = getRelativeDn( contextDn, permClass.getPermissionClassName() );
         String newRdn = getRelativeDn( contextDn, newPermClassName );
-        
+
         try
         {
             ctx.rename( oldRdn, newRdn );
@@ -236,13 +236,13 @@
             log.error( msg, e );
             throw new DataAccessException( msg );
         }
-        
+
         return new PermissionClass( permClass.getCreatorsName(), permClass.getCreateTimestamp(), principalName,
-            new Date( System.currentTimeMillis() ), 
+            new Date( System.currentTimeMillis() ),
             this, newPermClassName, permClass.getGrants(), permClass.getDenials() );
     }
-    
-    
+
+
     public PermissionClass load( String contextDn, String permClassName )
         throws DataAccessException
     {
@@ -286,13 +286,13 @@
         return new PermissionClass( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this,
             permClassName, grants, denials );
     }
-    
-    
+
+
     public boolean has( String appName, String permClassName )
         throws DataAccessException
     {
         String rdn = getRelativeDn( appName, permClassName );
-        
+
         try
         {
             ctx.getAttributes( rdn );
@@ -307,8 +307,8 @@
             return false;
         }
     }
-    
-    
+
+
     public Iterator permissionClassNameIterator( String contextDn ) throws DataAccessException
     {
         SearchControls controls = new SearchControls();
@@ -332,7 +332,7 @@
     // Private utility methods
     // -----------------------------------------------------------------------
 
-    
+
     private String getRelativeDn( String contextDn, String permName )
     {
         StringBuffer buf = new StringBuffer();

Modified: directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java Mon Jan  1 15:49:09 2007
@@ -142,7 +142,9 @@
             modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
 
             for (Iterator iterator = permissionClassDao.permissionClassNameIterator(rdn); iterator.hasNext();) {
-                permissionClasses.add((PermissionClass) iterator.next());
+                String permissionClassName = (String) iterator.next();
+                PermissionClass permissionClass = permissionClassDao.load(rdn, permissionClassName);
+                permissionClasses.add(permissionClass);
             }
             
         }

Modified: directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java Mon Jan  1 15:49:09 2007
@@ -53,17 +53,17 @@
     private DirContext ctx;
     private TriplesecAdmin admin;
 
-    
+
     public IntegrationTest() throws Exception
     {
         super();
     }
 
-    
+
     public void setUp() throws Exception
     {
         super.setUp();
-        
+
         props = new Properties();
         props.setProperty( DaoFactory.IMPLEMENTATION_CLASS, LdapDaoFactory.class.getName() );
         props.setProperty( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
@@ -76,14 +76,14 @@
         factory = DaoFactory.createInstance( props );
         ctx = new InitialDirContext( props );
         admin = new TriplesecAdmin( props );
-        
+
         assertNotNull( factory );
     }
 
-    
+
     /**
      * Tests the following {@link LdapPermissionClassDao} methods:
-     * 
+     *
      * <ul>
      *   <li>{@link PermissionClassDao#delete(String, String)}</li>
      *   <li>{@link PermissionClassDao#load(String, String)}</li>
@@ -93,17 +93,25 @@
      *   <li>{@link PermissionClassDao#permissionClassNameIterator(String)}</li>
      * </ul>
      */
-    public void XtestPermissionClassDao() throws Exception
+    public void testPermissionClassDao() throws Exception
     {
         PermissionClassDao dao = factory.getPermissionClassDao();
-        
+
+        PermissionActions permissionActions = new PermissionActions(null, null, null, null, factory.getPermissionActionsDao(), "foo", null);
+        Set<PermissionActions> grants = new HashSet<PermissionActions>();
+        grants.add(permissionActions);
         // add a permission via add( String, String )
-        dao.add( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications", getName() + "0", null, null );
-        Attributes attrs = ctx.getAttributes( "permClassName=" + getName() + "0, " + "" +
-                "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications" );
-        assertEquals( getName() + "0", ( String ) attrs.get( "permClassName" ).get() );
+        String contextDn = "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications";
+        String permClassName = getName() + "0";
+        dao.add( contextDn, permClassName, grants, null );
+        String permClassDn = "permClassName=" + permClassName + "," + contextDn;
+        Attributes attrs = ctx.getAttributes( permClassDn );
+        assertEquals( permClassName, ( String ) attrs.get( "permClassName" ).get() );
         assertNull( attrs.get( "description" ) );
-        
+
+        Attributes permAttrs = ctx.getAttributes("grant=foo," + permClassDn);
+        assertEquals( "foo", ( String ) permAttrs.get( "grant" ).get() );
+
         // add a permission via add( String, StringPermission )
 //        PermissionModifier modifier = new PermissionModifier( dao, "mockApplication", getName() + "1" );
 //        modifier.setDescription( "a non-null description" ).add();

Modified: directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java (original)
+++ directory/sandbox/triplesec-jacc/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java Mon Jan  1 15:49:09 2007
@@ -274,14 +274,15 @@
      */
     private void init() throws Exception
     {
-        this.resourcesDirectory = new File ( System.getProperties().getProperty( 
+        resourcesDirectory = new File ( System.getProperties().getProperty(
             RESOURCES_DIRECTORY, "src/test/resources" ) );
 
         if ( ! resourcesDirectory.exists() )
         {
             String msg = "The configuration resources directory '" +
                     resourcesDirectory + "' does not exist will search classpath for resources";
-            fail( msg );
+            resourcesDirectory = null;
+            log.error( msg );
         }
 
         // --------------------------------------------------------------------
@@ -312,18 +313,20 @@
         File webappsDir = new File( serverHome, "webapps" );
         webappsDir.mkdir();
         initWebapps( webappsDir );
-        
-        FileUtils.copyFileToDirectory( new File( resourcesDirectory, "server.xml" ), confDir );
-        File [] ldifFiles = resourcesDirectory.listFiles( new FileFilter()
-        {
-            public boolean accept( File file )
+
+        if (resourcesDirectory != null) {
+            FileUtils.copyFileToDirectory( new File( resourcesDirectory, "server.xml" ), confDir );
+            File [] ldifFiles = resourcesDirectory.listFiles( new FileFilter()
             {
-                return file.getName().endsWith( "ldif" );
+                public boolean accept( File file )
+                {
+                    return file.getName().endsWith( "ldif" );
+                }
+            });
+            for ( int ii = 0; ii < ldifFiles.length; ii++ )
+            {
+                FileUtils.copyFileToDirectory( ldifFiles[ii], confDir );
             }
-        });
-        for ( int ii = 0; ii < ldifFiles.length; ii++ )
-        {
-            FileUtils.copyFileToDirectory( ldifFiles[ii], confDir );
         }
     }
 

Modified: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.ldif Mon Jan  1 15:49:09 2007
@@ -349,6 +349,16 @@
 objectClass: organizationalUnit
 ou: roles
 
+dn: roleName=org.apache.directory.triplesec.jacc.unchecked,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: org.apache.directory.triplesec.jacc.unchecked
+
+dn: roleName=org.apache.directory.triplesec.jacc.excluded,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: org.apache.directory.triplesec.jacc.excluded
+
 dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
 objectClass: policyRole
 objectClass: top
@@ -454,7 +464,7 @@
 dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
 objectClass: top
 objectClass: policyProfile
-profileId: mockProfile0 
+profileId: mockProfile0
 user: akarasulu
 
 dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com

Added: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml?view=auto&rev=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml (added)
+++ directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml Mon Jan  1 15:49:09 2007
@@ -0,0 +1,250 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+  "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+    <property name="properties">
+      <props>
+        <prop key="java.naming.security.authentication">simple</prop>
+        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+        <prop key="java.naming.security.credentials">secret</prop>
+        <prop key="java.naming.provider.url">dc=example,dc=com</prop>
+        <prop key="java.naming.factory.state">org.safehaus.triplesec.store.ProfileStateFactory</prop>
+        <prop key="java.naming.factory.object">org.safehaus.triplesec.store.ProfileObjectFactory</prop>
+
+        <prop key="kdc.primary.realm">EXAMPLE.COM</prop>
+        <prop key="kdc.principal">krbtgt/EXAMPLE.COM@EXAMPLE.COM</prop>
+        <prop key="kdc.encryption.types">des-cbc-md5 des3-cbc-sha1 des3-cbc-md5 des-cbc-md4 des-cbc-crc</prop>
+        <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
+        <prop key="kdc.java.naming.security.credentials">secret</prop>
+
+        <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
+        <prop key="changepw.java.naming.security.credentials">secret</prop>
+        <prop key="changepw.principal">kadmin/changepw@EXAMPLE.COM</prop>
+
+        <!-- All times are in minutes -->
+        <prop key="kdc.allowable.clockskew">5</prop>
+        <prop key="kdc.tgs.maximum.ticket.lifetime">1440</prop>
+        <prop key="kdc.tgs.maximum.renewable.lifetime">10080</prop>
+        <prop key="kdc.pa.enc.timestamp.required">true</prop>
+        <prop key="kdc.tgs.empty.addresses.allowed">true</prop>
+        <prop key="kdc.tgs.forwardable.allowed">true</prop>
+        <prop key="kdc.tgs.proxiable.allowed">true</prop>
+        <prop key="kdc.tgs.postdate.allowed">true</prop>
+        <prop key="kdc.tgs.renewable.allowed">true</prop>
+
+        <prop key="safehaus.entry.basedn">ou=Users,dc=example,dc=com</prop>
+        <prop key="safehaus.load.testdata">true</prop>
+        <prop key="kerberos.sam.type.7">org.safehaus.triplesec.verifier.hotp.DefaultHotpSamVerifier</prop>
+      </props>
+    </property>
+  </bean>
+
+  <bean id="configuration" class="org.safehaus.triplesec.configuration.MutableTriplesecStartupConfiguration">
+    <property name="workingDirectory"><value>partitions</value></property>
+    <property name="allowAnonymousAccess"><value>false</value></property>
+    <property name="accessControlEnabled"><value>true</value></property>
+    <property name="ldapPort"><value>10389</value></property>
+    <property name="enableKerberos"><value>true</value></property>
+    <property name="enableNtp"><value>false</value></property>
+    <property name="enableChangePassword"><value>true</value></property>
+
+    <!-- Uncomment below to have the server load entries on startup!        -->
+    <!-- ldifDirectory property can point to a relative file, directory or  -->
+    <!-- can point to an absolute path to either using the URL path         -->
+    <!-- notation: i.e. file:///Users/jack/apacheds/ldifs                   -->
+
+    <!-- Entries will optionally be filtered using LdifLoadFilters in the   -->
+    <!-- order specified.  The included Krb5KdcEntryFilter will filter      -->
+    <!-- kerberos principals creating keys for them using their             -->
+    <!-- userPassword attribute if present.                                 -->
+
+    <!-- If missing the Triplesec server will use LDIF files under the conf -->
+    <!-- directory where it has been installed.                             -->
+
+    <!--
+    <property name="ldifDirectory">
+      <value>example.ldif</value>
+    </property>
+    -->
+    <property name="ldifFilters">
+      <list>
+        <bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
+      </list>
+    </property>
+
+    <property name="activationConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.ActivationConfiguration">
+        <property name="enableDecoyMidlet"><value>true</value></property>
+        <property name="otpLength"><value>6</value></property>
+        <property name="midletNameAttribute"><value>midletNameAttribute</value></property>
+      </bean>  
+    </property>    
+    
+    <property name="smsConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.SmsConfiguration">
+        <property name="smsUsername"><value>hauskeys</value></property>
+        <property name="smsPassword"><value>secret</value></property>
+        <property name="smsAccountName"><value>demo</value></property>
+        <property name="smsTransportUrl"><value>http://www.nbroadcasting.com/customers/messages/Sender.asp</value></property>
+      </bean>  
+    </property>    
+    
+    <property name="smtpConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.SmtpConfiguration">
+        <property name="smtpAuthenticate"><value>false</value></property>
+        <!-- uncomment and set above property if authentication is required by mail server
+             <property name="smtpUsername"><value>hauskeys</value></property>
+             <property name="smtpPassword"><value>secret</value></property>
+             -->
+             <property name="smtpHost"><value>localhost</value></property>
+             <property name="smtpSubject"><value>Triplesec Account Activated</value></property>
+             <property name="smtpFrom"><value>dev@safehaus.org</value></property>
+           </bean>  
+         </property>    
+         
+    <property name="contextPartitionConfigurations">
+      <set>
+        <ref bean="examplePartitionConfiguration"/>
+      </set>
+    </property>
+    <property name="bootstrapSchemas">
+      <set>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CoreSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CosineSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.ApacheSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CollectiveSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.JavaSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.SystemSchema"/>
+        <bean class="org.safehaus.triplesec.store.schema.SafehausSchema"/>
+      </set>
+    </property>
+    
+    <property name="extendedOperationHandlers">
+      <list>
+        <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
+        <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
+      </list>
+    </property>  
+
+    <property name="interceptorConfigurations">
+      <list>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>normalizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.normalization.NormalizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authenticationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authn.AuthenticationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>referralService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.referral.ReferralService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authz.AuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>defaultAuthorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authz.DefaultAuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>exceptionService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.exception.ExceptionService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>schemaService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.schema.SchemaService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>subentryService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.subtree.SubentryService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>operationalAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.operational.OperationalAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>collectiveAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.collective.CollectiveAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>eventService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.event.EventService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>policyProtectionService</value></property>
+          <property name="interceptor">
+            <bean class="org.safehaus.triplesec.store.interceptor.PolicyProtectionInterceptor" />
+          </property>
+        </bean>
+      </list>
+    </property>
+  </bean>
+  
+  <bean id="examplePartitionConfiguration" class="org.apache.directory.server.core.configuration.MutablePartitionConfiguration">
+    <property name="name"><value>example</value></property>
+    <property name="suffix"><value>dc=example,dc=com</value></property>
+    <property name="indexedAttributes">
+      <set>
+        <value>objectClass</value>
+        <value>ou</value>
+        <value>dc</value>
+        <value>uid</value>
+        <value>profileId</value>
+        <value>roles</value>
+        <!--<value>grants</value>-->
+        <!--<value>denials</value>-->
+        <value>krb5PrincipalName</value>
+      </set>
+    </property>
+    <property name="contextEntry">
+      <value>
+        objectClass: top
+        objectClass: domain
+        objectClass: extensibleObject
+        dc: example
+        administrativeRole: accessControlSpecificArea
+        administrativeRole: collectiveAttributeSpecificArea
+      </value>
+    </property>
+  </bean>
+
+  <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+    <property name="customEditors">
+      <map>
+        <entry key="javax.naming.directory.Attributes">
+          <bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
+        </entry>
+      </map>
+   </property>
+  </bean>
+</beans>

Propchange: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/triplesec-jacc/itest-data/src/main/resources/server.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: directory/sandbox/triplesec-jacc/jaas/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/pom.xml?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jaas/pom.xml Mon Jan  1 15:49:09 2007
@@ -60,6 +60,7 @@
             <groupId>${pom.groupId}</groupId>
             <artifactId>triplesec-integration</artifactId>
             <version>${pom.version}</version>
+            <scope>test</scope>
         </dependency>
 
         <dependency>

Modified: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java Mon Jan  1 15:49:09 2007
@@ -36,10 +36,11 @@
 
 import org.safehaus.triplesec.guardian.RealmPolicy;
 import org.safehaus.triplesec.guardian.RealmPolicyFactory;
+import org.safehaus.triplesec.guardian.StringPermission;
 import org.safehaus.triplesec.integration.TriplesecIntegration;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class SafehausLoginModuleIntegrationTest extends TriplesecIntegration {
 
@@ -109,6 +110,9 @@
         assertEquals(1, subject.getPrincipals().size());
         Principal p = subject.getPrincipals().iterator().next();
         assertTrue(p instanceof SafehausPrincipal);
+        assertTrue(((SafehausPrincipal)p).getAuthorizationProfile("mockApplication").implies(new StringPermission("mockPerm0")));
+        assertTrue(((SafehausPrincipal)p).getAuthorizationProfile("mockApplication").implies(new StringPermission("mockPerm1")));
+        assertFalse(((SafehausPrincipal)p).getAuthorizationProfile("mockApplication").implies(new StringPermission("mockPerm2")));
     }
 
     private static class TestCallbackHandler implements CallbackHandler {

Modified: directory/sandbox/triplesec-jacc/jacc/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/pom.xml?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jacc/pom.xml Mon Jan  1 15:49:09 2007
@@ -44,6 +44,26 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>triplesec-guardian-ldap</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>triplesec-integration</artifactId>
+            <version>${pom.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>triplesec-itest-data</artifactId>
+            <version>${pom.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
             <groupId>org.apache.geronimo.specs</groupId>
             <artifactId>geronimo-j2ee-jacc_1.0_spec</artifactId>
         </dependency>
@@ -69,6 +89,95 @@
             </plugin>
         </plugins>
     </build>
-    
+    <profiles>
+        <profile>
+            <id>no-integration-tests</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <systemProperties>
+                                <property>
+                                    <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+                                    <value>${basedir}/src/test</value>
+                                </property>
+                            </systemProperties>
+
+                            <excludes>
+                                <exclude>**/*ITest.java</exclude>
+                                <exclude>**/*IntegrationTest.java</exclude>
+                            </excludes>
+                        </configuration>
+                    </plugin>
+                    <plugin>
+                        <artifactId>maven-antrun-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>validate</phase>
+                                <configuration>
+                                    <tasks>
+                                        <echo>
+                                            =================================================================
+                                            W A R N I N G
+                                            -------------
+
+                                            Integration tests have been disabled. To enable integration
+                                            tests run maven with the -Dintegration switch.
+                                            =================================================================
+                                        </echo>
+                                    </tasks>
+                                </configuration>
+                                <goals>
+                                    <goal>run</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>integration</id>
+            <activation>
+                <property>
+                    <name>integration</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>dependency-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>unpack-itest-data</id>
+                                <phase>compile</phase>
+                                <goals>
+                                    <goal>unpack</goal>
+                                </goals>
+                                <configuration>
+                                    <artifactItems>
+                                        <artifactItem>
+                                            <groupId>${pom.groupId}</groupId>
+                                            <artifactId>triplesec-itest-data</artifactId>
+                                            <version>${pom.version}</version>
+                                        </artifactItem>
+                                    </artifactItems>
+                                    <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+                                </configuration>
+                            </execution>
+
+                        </executions>
+                    </plugin>
+
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
 </project>
 

Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java Mon Jan  1 15:49:09 2007
@@ -110,12 +110,13 @@
     }
 
     public void delete() throws PolicyContextException {
-        state = DELETED;
         getDataPolicyConfiguration().delete();
+        state = DELETED;
     }
 
     public void commit() throws PolicyContextException {
         getDataPolicyConfiguration().commit();
+        state = IN_SERVICE;
     }
 
     public boolean inService() throws PolicyContextException {

Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Permission.java Mon Jan  1 15:49:09 2007
@@ -28,16 +28,15 @@
 import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class Permission {
 
     private final String name;
     private final Set<String> actionsSet = new HashSet<String>();
 
-    public Permission(String name, String action) {
+    public Permission(String name) {
         this.name = name;
-        this.actionsSet.add(action);
     }
 
     public String getName() {

Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/PermissionClass.java Mon Jan  1 15:49:09 2007
@@ -29,11 +29,12 @@
 import org.safehaus.triplesec.admin.DataAccessException;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class PermissionClass {
 
     private final String permissionClassName;
+    private final boolean hasActions = false;
     private final Map<String, Permission> grants = new HashMap<String, Permission>();
     private final Map<String, Permission> denials = new HashMap<String, Permission>();
 
@@ -83,16 +84,16 @@
         StringBuffer buf = new StringBuffer();
         buf.append( "permClassName=" ).append( permName );
         buf.append(",").append( contextDn );
-        buf.append(",");
         return buf.toString();
     }
 
     private void addPermission(String permissionName, String actions, Map<String, Permission> permissionMap) {
         Permission permission = permissionMap.get(permissionName);
         if (permission == null) {
-            permission = new Permission(permissionName, actions);
+            permission = new Permission(permissionName);
             permissionMap.put(permissionName, permission);
-        } else {
+        }
+        if (hasActions) {
             permission.addActions(actions);
         }
     }

Modified: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java?view=diff&rev=491704&r1=491703&r2=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java (original)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/data/Role.java Mon Jan  1 15:49:09 2007
@@ -29,7 +29,7 @@
 import org.safehaus.triplesec.admin.dao.RoleDao;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class Role {
 
@@ -60,6 +60,7 @@
         PermissionClass permissionClass = permissionClasses.get(permissionClassName);
         if (permissionClass == null) {
             permissionClass = new PermissionClass(permissionClassName);
+            addPermissionClass(permissionClass);
         }
         return permissionClass;
     }
@@ -81,7 +82,7 @@
         StringBuffer buf = new StringBuffer();
         buf.append( "roleName=" ).append( roleName );
         buf.append( ",ou=Roles,appName=" ).append( appName );
-        buf.append( ",ou=Applications," );
+        buf.append( ",ou=Applications" );
         return buf.toString();
     }
 

Added: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java?view=auto&rev=491704
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java (added)
+++ directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java Mon Jan  1 15:49:09 2007
@@ -0,0 +1,275 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jacc;
+
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Policy;
+import java.security.PrivilegedAction;
+import java.security.AccessControlException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.InitialDirContext;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyConfiguration;
+
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.RealmPolicyFactory;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.safehaus.triplesec.guardian.StoreConnectionException;
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+import org.safehaus.triplesec.jaas.ProfileIdCallback;
+import org.safehaus.triplesec.jaas.SafehausLoginModule;
+import org.safehaus.triplesec.admin.dao.DaoFactory;
+import org.safehaus.triplesec.admin.dao.ldap.LdapDaoFactory;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class TripleSecPolicyIntegrationTest extends TriplesecIntegration {
+    public final static String POLICY_CONFIG_FACTORY = "javax.security.jacc.PolicyConfigurationFactory.provider";
+
+    private static final String APP_NAME = "mockApplication";
+
+    private RealmPolicy realmPolicy;
+    private static final String BASE_URL = "dc=example,dc=com";
+    private String providerUrl;
+    private static boolean POLICY_INSTALLED = false;
+    private PolicyConfigurationFactory policyConfigurationFactory;
+    private Properties props;
+
+    public TripleSecPolicyIntegrationTest() throws Exception {
+        super();
+    }
+
+    public TripleSecPolicyIntegrationTest(String string) throws Exception {
+        super(string);
+    }
+
+    protected void setUp() throws Exception {
+        super.setUp();
+        providerUrl = "ldap://localhost:" + super.getLdapPort() + "/" + BASE_URL;
+        props = new Properties();
+        props.setProperty("applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications," + BASE_URL);
+        props.setProperty("applicationCredentials", "testing");
+        props.setProperty( DaoFactory.IMPLEMENTATION_CLASS, LdapDaoFactory.class.getName() );
+        props.setProperty( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
+        props.setProperty( "java.naming.provider.url", "ldap://localhost:" + getLdapPort() + "/dc=example,dc=com" );
+        props.setProperty( "java.naming.security.principal", "uid=admin,ou=system" );
+        props.setProperty( "java.naming.security.credentials", "secret" );
+        props.setProperty( "java.naming.security.authentication", "simple" );
+
+        Class.forName("org.safehaus.triplesec.guardian.ldap.LdapConnectionDriver");
+
+
+        if (!POLICY_INSTALLED) {
+            Policy policy = new TripleSecPolicy();
+            policy.refresh();
+            Policy.setPolicy(policy);
+
+            POLICY_INSTALLED = true;
+        }
+
+        System.setProperty(POLICY_CONFIG_FACTORY, TripleSecPolicyConfigurationFactory.class.getName());
+        Thread currentThread = Thread.currentThread();
+        ClassLoader oldClassLoader = currentThread.getContextClassLoader();
+        currentThread.setContextClassLoader(this.getClass().getClassLoader());
+        try {
+            policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+        } finally {
+            currentThread.setContextClassLoader(oldClassLoader);
+        }
+        ((TripleSecPolicyConfigurationFactory)policyConfigurationFactory).setLdapProperties(props);
+    }
+
+
+    protected void tearDown() throws Exception {
+        super.tearDown();
+        if (realmPolicy != null) {
+            realmPolicy.close();
+        }
+        realmPolicy = null;
+    }
+
+
+    /**
+     * N.B. this test tends to fail run in IDE's due to a ProtectionDomain on the stack
+     * that does not have any Principals.
+     *
+     * N.B. this test succeeds when it is the only test.  Disabling since the other test is more interesting.
+     *
+     * @throws Exception
+     */
+    public void XtestLogin() throws Exception {
+        PolicyContext.setContextID(APP_NAME);
+        PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(APP_NAME, false);
+        policyConfiguration.commit();
+        StringPermission perm = new StringPermission("mockPerm0");
+        realmPolicy = RealmPolicyFactory.newInstance(providerUrl, props);
+
+        checkPermission(perm);
+    }
+
+    public void testAddPermission() throws Exception {
+        StringPermission perm = new StringPermission("mockPerm100");
+        PolicyContext.setContextID(APP_NAME);
+        PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(APP_NAME, false);
+        policyConfiguration.addToRole("mockRole1", perm);
+        policyConfiguration.commit();
+        realmPolicy = RealmPolicyFactory.newInstance(providerUrl, props);
+
+        InitialDirContext ctx = getContext(providerUrl, props);
+
+        String contextDn = "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications";
+        String permClassDn = "permClassName=" + perm.getClass().getName() + "," + contextDn;
+        Attributes attrs = ctx.getAttributes( permClassDn );
+        assertEquals( perm.getClass().getName(), ( String ) attrs.get( "permClassName" ).get() );
+        assertNull( attrs.get( "description" ) );
+
+        Attributes permAttrs = ctx.getAttributes("grant=mockPerm100," + permClassDn);
+        assertEquals( "mockPerm100", ( String ) permAttrs.get( "grant" ).get() );
+
+        checkPermission(perm);
+    }
+
+    private InitialDirContext getContext(String url, Properties info) {
+        if ( url == null )
+        {
+            throw new IllegalArgumentException( "A non-null url must be provided." );
+        }
+
+        String application = info.getProperty( "applicationPrincipalDN" );
+        if ( application == null )
+        {
+            throw new IllegalArgumentException( "An applicationPrincipalDN property value must be provided." );
+        }
+
+        String password = info.getProperty( "applicationCredentials" );
+        if ( password == null )
+        {
+            throw new IllegalArgumentException( "The applicationCredentials property must be provided" );
+        }
+
+        Hashtable env = new Hashtable();
+        env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
+        env.put( Context.PROVIDER_URL, url );
+        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
+        env.put( Context.SECURITY_PRINCIPAL, info.get( "applicationPrincipalDN" ) );
+        env.put( Context.SECURITY_CREDENTIALS, info.get( "applicationCredentials" ) );
+
+        InitialDirContext ictx;
+        try
+        {
+            ictx = new InitialDirContext( env );
+        }
+        catch ( NamingException e )
+        {
+            env.remove( Context.SECURITY_CREDENTIALS ); // remove credentials before printing to log
+            throw new StoreConnectionException( "Failed to obtain initial context for " + env, e );
+        }
+        return ictx;
+    }
+
+
+    private void checkPermission(StringPermission perm) throws LoginException {
+        Map<String, Object> options = new HashMap<String, Object>();
+        options.put(Context.PROVIDER_URL, providerUrl);
+        options.put(Context.SECURITY_AUTHENTICATION, "simple");
+        options.put(SafehausLoginModule.REALM_KEY, "example.com");
+        options.put(SafehausLoginModule.REALM_POLICY_KEY, realmPolicy);
+        SafehausLoginModule module = new SafehausLoginModule();
+        Subject subject = new Subject();
+        CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
+        Map<String, Object> sharedState = new HashMap<String, Object>();
+        module.initialize(subject, callbackHandler, sharedState, options);
+        module.login();
+        module.commit();
+
+        final AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
+            public Object run() {
+                return AccessController.getContext();
+            }
+        }, null);
+        acc.checkPermission(perm);
+
+        assertTrue((Boolean)Subject.doAsPrivileged(subject, new PrivilegedAction() {
+
+            public Object run() {
+                try {
+                    acc.checkPermission(new StringPermission("mockPerm0"));
+                    return true;
+                } catch (AccessControlException  e) {
+                    return false;
+                }
+            }
+        }, null));
+        assertTrue((Boolean)Subject.doAs(subject, new PrivilegedAction() {
+
+            public Object run() {
+                try {
+                    acc.checkPermission(new StringPermission("mockPerm0"));
+                    return true;
+                } catch (AccessControlException  e) {
+                    return false;
+                }
+            }
+        }));
+    }
+
+    private static class TestCallbackHandler implements CallbackHandler {
+        private final String name;
+        private final String profileId;
+        private final char[] password;
+
+        public TestCallbackHandler(String name, String profileId, char[] password) {
+            this.name = name;
+            this.profileId = profileId;
+            this.password = password;
+        }
+
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+            for (Callback callback : callbacks) {
+                if (callback instanceof NameCallback) {
+                    ((NameCallback) callback).setName(name);
+                } else if (callback instanceof PasswordCallback) {
+                    ((PasswordCallback) callback).setPassword(password);
+                } else if (callback instanceof ProfileIdCallback) {
+                    ((ProfileIdCallback) callback).setProfileId(profileId);
+                }
+            }
+        }
+    }
+}

Propchange: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/triplesec-jacc/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message