directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r493652 [1/3] - in /directory/sandbox/triplesec-jacc2: guardian-api/src/main/java/org/safehaus/triplesec/guardian/ guardian-api/src/test/java/org/safehaus/triplesec/guardian/ guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/ ...
Date Sun, 07 Jan 2007 05:36:15 GMT
Author: djencks
Date: Sat Jan  6 21:36:13 2007
New Revision: 493652

URL: http://svn.apache.org/viewvc?view=rev&rev=493652
Log:
change to StringPermission/Permission/Permissions.  Change the schema to allow denials in roles and add an objectClass for java permissions (which is not yet used).

Added:
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java   (with props)
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java
      - copied, changed from r493297, directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java
      - copied, changed from r493297, directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java
Removed:
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permissions.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionsTest.java
    directory/sandbox/triplesec-jacc2/guardian-ldif/src/test/resources/
Modified:
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java
    directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java
    directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
    directory/sandbox/triplesec-jacc2/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
    directory/sandbox/triplesec-jacc2/guardian-ldif/pom.xml
    directory/sandbox/triplesec-jacc2/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicy.java
    directory/sandbox/triplesec-jacc2/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
    directory/sandbox/triplesec-jacc2/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
    directory/sandbox/triplesec-jacc2/itest-data/src/main/resources/server.ldif
    directory/sandbox/triplesec-jacc2/store/src/main/schema/safehaus.schema
    directory/sandbox/triplesec-jacc2/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java
    directory/sandbox/triplesec-jacc2/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java Sat Jan  6 21:36:13 2007
@@ -22,7 +22,8 @@
 
 import java.util.Iterator;
 import java.util.Set;
-
+import java.util.Map;
+import java.security.Permission;
 
 
 /**
@@ -42,36 +43,36 @@
      * @param listener the listener to remove.
      */
     boolean removePolicyListener( PolicyChangeListener listener ) throws GuardianException;
-    
+
     /**
      * Adds a change listener so that it recieves policy change notifications.
      * 
      * @param listener the listener to add.
      */
     boolean addPolicyListener( PolicyChangeListener listener ) throws GuardianException;
-    
-    /** 
+
+    /**
      * Gets the name uniquely identifying the applicaiton associated
      * with this store.
      * 
      * @return the name of this store
      */
     String getApplicationName();
-    
+
     /**
      * Gets a set of {@link Role}s defined for this store.
      * 
      * @return a set of {@link Role}s defined for this store.
      */
     Roles getRoles();
-    
+
     /**
-     * Gets a set of {@link Permission}s defined for this store.
+     * Gets a set of {@link StringPermission}s defined for this store.
      * 
-     * @return a set of {@link Permission}s defined for this store.
+     * @return a map from permission Name to {@link Permission}s defined for this store.
      */
-    Permissions getPermissions();
-    
+    Map<String, Permission> getPermissions();
+
     /**
      * Gets the names of the profiles dependent on a role. The set contains
      * Strings of the profile name.
@@ -82,18 +83,18 @@
      * store or the role is not associated with this ApplicationPolicy
      */
     Set getDependentProfileNames( Role role ) throws GuardianException;
-    
+
     /**
      * Gets the names of the profiles dependent on a permission.  The set 
      * contains Strings of the profile names.
      * 
-     * @param permission the permission the dependent profiles are associated with
+     * @param permissionID
      * @return the name's of profiles that depend on the supplied permission
      * @throws GuardianException if there is an error accessing the backing 
      * store or the permission is not associated with this ApplicationPolicy
      */
-    Set getDependentProfileNames( Permission permission ) throws GuardianException;
-    
+    Set getDependentProfileNames( String permissionID ) throws GuardianException;
+
     /**
      * Gets the set of profiles a user has for this ApplicationPolicy.
      * 
@@ -103,7 +104,7 @@
      * @throws GuardianException if there are errors accessing the backing store
      */
     Set getUserProfileIds( String userName ) throws GuardianException;
-    
+
     /**
      * Gets an iterator over the set of profiles in this ApplicationPolicy.
      * 
@@ -120,7 +121,7 @@
      *      the specified <tt>profileId</tt>
      */
     Profile getProfile( String profileId ) throws GuardianException;
-    
+
     /**
      * Gets a profile for the admin user which is in all roles and has all permissions
      * granted.

Added: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java?view=auto&rev=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java (added)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java Sat Jan  6 21:36:13 2007
@@ -0,0 +1,269 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.guardian;
+
+import java.security.Permission;
+import java.security.Permissions;
+import java.util.Map;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.HashMap;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.Attribute;
+import javax.naming.NamingException;
+import javax.naming.NamingEnumeration;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public abstract class EntryApplicationPolicy implements ApplicationPolicy {
+    /** the name of the application this store is associated with */
+    protected String applicationName;
+    /** a breif description of this application */
+    protected String description;
+    /** the {@link java.security.Permission}s defined for this store's application */
+    protected final Map<String, Permission> permissions = new HashMap<String, Permission>();
+    /** the {@link org.safehaus.triplesec.guardian.Role}s defined for this store's application */
+    protected Roles roles;
+
+    protected Permissions getAllPermissions() {
+        Permissions permissions = new Permissions();
+        for (Permission permission: this.permissions.values()) {
+            permissions.add(permission);
+        }
+        return permissions;
+    }
+
+    protected PermissionEntry loadPermission(Attributes attrs) throws NamingException
+    {
+        Permission perm;
+        String permName = ( String ) attrs.get( "permName" ).get();
+        perm = new StringPermission( permName );
+        return new PermissionEntry(permName, perm);
+    }
+
+    public String getApplicationName()
+    {
+        return this.applicationName;
+    }
+
+    public String getDescription()
+    {
+        return this.description;
+    }
+
+    public Roles getRoles()
+    {
+        return this.roles;
+    }
+
+    public Map<String,Permission> getPermissions()
+    {
+        return permissions;
+    }
+
+    protected Role getRole( Attributes attrs ) throws NamingException
+    {
+        String roleName = ( String ) attrs.get( "roleName" ).get();
+        Permissions grants = new Permissions();
+        Attribute attributes = attrs.get( "grants" );
+
+        if ( attributes != null )
+        {
+            NamingEnumeration<?> grantsEnumeration = attributes.getAll();
+            while ( grantsEnumeration.hasMore() )
+            {
+                String permName = ( String ) grantsEnumeration.next();
+                grants.add( permissions.get( permName ) );
+//                log.debug( "granting permission '" + permName + "' to role '" + roleName
+//                        + " in application '" + applicationName + "'" );
+            }
+        }
+
+        Permissions denials = new Permissions();
+        attributes = attrs.get( "denials" );
+
+        if ( attributes != null )
+        {
+            NamingEnumeration<?> grantsEnumeration = attributes.getAll();
+            while ( grantsEnumeration.hasMore() )
+            {
+                String permName = ( String ) grantsEnumeration.next();
+                denials.add( permissions.get( permName ) );
+//                log.debug( "granting permission '" + permName + "' to role '" + roleName
+//                        + " in application '" + applicationName + "'" );
+            }
+        }
+
+        Attribute description = attrs.get( "description" );
+        Role role;
+        if ( description == null || description.size() == 0 )
+        {
+            role = new Role( this, roleName, grants, denials );
+        }
+        else
+        {
+            role = new Role( this, roleName, grants, denials, ( String ) description.get() );
+        }
+        return role;
+    }
+
+    private static boolean parseBoolean( String bool )
+    {
+        return bool.equals("true");
+    }
+
+    protected Profile getProfile( Attributes attrs ) throws NamingException
+    {
+        Permissions grants = new Permissions();
+        Permissions denials = new Permissions();
+        Roles roles;
+        String profileId;
+        String userName;
+        boolean disabled = false;
+
+        Attribute profileIdAttr = attrs.get( "profileId" );
+        if ( profileIdAttr == null )
+        {
+            return null;
+        }
+        else
+        {
+            profileId = ( String ) profileIdAttr.get();
+        }
+
+        Attribute userAttr = attrs.get( "user" );
+        if ( userAttr == null )
+        {
+            return null;
+        }
+        else
+        {
+            userName = ( String ) userAttr.get();
+        }
+
+        Attribute disabledAttr = attrs.get( "safehausDisabled" );
+        if ( disabledAttr != null )
+        {
+            disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
+        }
+
+        // -------------------------------------------------------------------------------
+        // process and assemble the profile's granted permissions
+        // -------------------------------------------------------------------------------
+
+        Attribute grantsAttribute = attrs.get( "grants" );
+        if ( grantsAttribute != null )
+        {
+            NamingEnumeration<?> grantsEnumeration = grantsAttribute.getAll();
+            while ( grantsEnumeration.hasMore() )
+            {
+                String grantedPermName = ( String ) grantsEnumeration.next();
+                grants.add( this.permissions.get( grantedPermName ) );
+            }
+        }
+
+        // -------------------------------------------------------------------------------
+        // process and assemble the profile's granted permissions
+        // -------------------------------------------------------------------------------
+
+        Attribute denialsAttribute = attrs.get( "denials" );
+        if ( denialsAttribute != null )
+        {
+            NamingEnumeration<?> denialsEnumeration = denialsAttribute.getAll();
+            while ( denialsEnumeration.hasMore() )
+            {
+                String deniedPermName = ( String ) denialsEnumeration.next();
+                denials.add( this.permissions.get( deniedPermName ) );
+            }
+        }
+
+        // -------------------------------------------------------------------------------
+        // process and assemble the profile's assigned roles
+        // -------------------------------------------------------------------------------
+
+        Attribute rolesAttribute = attrs.get( "roles" );
+        if ( rolesAttribute != null )
+        {
+            Set<Role> rolesSet = new HashSet<Role>();
+            NamingEnumeration<?> rolesEnumeration = rolesAttribute.getAll();
+            while ( rolesEnumeration.hasMore() )
+            {
+                String assignedRoleName = ( String ) rolesEnumeration.next();
+                rolesSet.add( this.roles.get( assignedRoleName ) );
+            }
+            Role[] rolesArray = new Role[rolesSet.size()];
+            roles = new Roles( applicationName, rolesSet.toArray( rolesArray ) );
+        }
+        else
+        {
+            roles = new Roles( applicationName, new Role[0] );
+        }
+
+        Attribute description = attrs.get( "description" );
+        Profile profile;
+
+        if ( description == null || description.size() == 0 )
+        {
+            profile = new Profile( this, profileId, userName, roles, grants, denials, disabled );
+        }
+        else
+        {
+            profile = new Profile( this, profileId, userName, roles, grants,
+                denials, ( String ) description.get(), disabled );
+        }
+
+        return profile;
+    }
+
+    public static String getApplicationName( String principalDN )
+    {
+        String rdn = principalDN.split( "," )[0].trim();
+        String[] rdnPair = rdn.split( "=" );
+
+        if ( ! rdnPair[0].trim().equalsIgnoreCase( "appName" ) )
+        {
+            throw new IllegalArgumentException( "Application principal name '" + principalDN
+                    + "' is not an application DN" );
+        }
+
+        return rdnPair[1].trim();
+    }
+
+    protected static class PermissionEntry {
+        private final String permissionName;
+        private final Permission permission;
+
+        public PermissionEntry(String permissionName, Permission permission) {
+            this.permissionName = permissionName;
+            this.permission = permission;
+        }
+
+        public String getPermissionName() {
+            return permissionName;
+        }
+
+        public Permission getPermission() {
+            return permission;
+        }
+    }
+}

Propchange: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/EntryApplicationPolicy.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Copied: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java (from r493297, directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java)
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java?view=diff&rev=493652&p1=directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java&r1=493297&p2=directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java Sat Jan  6 21:36:13 2007
@@ -26,7 +26,7 @@
 import java.security.Permissions;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class PermissionsUtil {
     private PermissionsUtil() {

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java Sat Jan  6 21:36:13 2007
@@ -19,7 +19,7 @@
  */
 package org.safehaus.triplesec.guardian;
 
-
+import java.security.Permission;
 
 
 /**
@@ -40,12 +40,12 @@
     }
 
 
-    public void permissionChanged( ApplicationPolicy policy, Permission permission, ChangeType changeType )
+    public void permissionChanged(ApplicationPolicy policy, String permissionName, Permission permission, ChangeType changeType)
     {
     }
 
 
-    public void permissionRenamed( ApplicationPolicy policy, Permission permission, String oldName )
+    public void permissionRenamed(ApplicationPolicy policy, Permission permission, String newName, String oldName)
     {
     }
 

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java Sat Jan  6 21:36:13 2007
@@ -19,7 +19,7 @@
  */
 package org.safehaus.triplesec.guardian;
 
-
+import java.security.Permission;
 
 
 /**
@@ -40,7 +40,7 @@
      * @param changeType the type of change: add, delete or modify.
      */
     void roleChanged( ApplicationPolicy policy, Role role, ChangeType changeType );
-    
+
     /**
      * Notification method called when a role is renamed.
      * 
@@ -55,19 +55,21 @@
      * Another overload is used to handle rename operations on objects.
      * 
      * @param policy the application policy containing the permission
+     * @param permissionName
      * @param permission the permission that was changed
      * @param changeType the type of change: add, delete or modify.
      */
-    void permissionChanged( ApplicationPolicy policy, Permission permission, ChangeType changeType );
-    
+    void permissionChanged(ApplicationPolicy policy, String permissionName, Permission permission, ChangeType changeType);
+
     /**
      * Notification method called when a permission is renamed.
      * 
      * @param policy the application policy containing the permission
      * @param permission the permission that was renamed
+     * @param newName
      * @param oldName the old name of the permission
      */
-    void permissionRenamed( ApplicationPolicy policy, Permission permission, String oldName );
+    void permissionRenamed(ApplicationPolicy policy, Permission permission, String newName, String oldName);
 
     /**
      * Notification method called when a profile is added, deleted, or modified.  

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java Sat Jan  6 21:36:13 2007
@@ -22,6 +22,8 @@
 
 import java.io.Serializable;
 import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.Permissions;
 import java.util.Iterator;
 
 
@@ -31,18 +33,18 @@
  * to manage access controls for user profiles associated with applications.
  * Profiles associate users with applications.  This class models that profile
  * by linking the user with an application and allowing the assignment of an
- * application specific {@link Role} set and {@link Permission} set to the 
+ * application specific {@link Role} set and {@link StringPermission} set to the
  * profile.
- * </p>  
+ * </p>
  * <p>
- * Profiles contain three sets of Permissions and a set of Roles used for 
- * managing an authorization policy of a user.  A Role Based Access Control 
- * (RBAC) model is used to easily manage the Profile.  The three Permission
- * sets are: grants, denials and the effective calculated permissions for the 
- * profile.  Roles assigned to the Profile lead to the inheritance of Permission
- * granted to Role.  Besides Role based Permission inheritence, additional
- * Permission may be granted or denied to influence the total effective Permission.  
- * The grants Permissions set contains extra granted Permissions which may not be 
+ * Profiles contain three sets of Permissions and a set of Roles used for
+ * managing an authorization policy of a user.  A Role Based Access Control
+ * (RBAC) model is used to easily manage the Profile.  The three StringPermission
+ * sets are: grants, denials and the effective calculated permissions for the
+ * profile.  Roles assigned to the Profile lead to the inheritance of StringPermission
+ * granted to Role.  Besides Role based StringPermission inheritence, additional
+ * StringPermission may be granted or denied to influence the total effective StringPermission.
+ * The grants Permissions set contains extra granted Permissions which may not be
  * inherited by assigned Roles.  The denials Permissions set contains
  * {@link Permissions} that are denied whether they are inherited by assigned
  * {@link Role}s or granted through the grants Permissions set.  Denials
@@ -73,8 +75,10 @@
     private final Permissions grants;
     /** the permissions denied by this Profile */
     private final Permissions denials;
-    /** the effective calculated permissions for this Profile */
-    private final Permissions effectivePermissions;
+    /** the calculated effective granted permissions for this Profile */
+    private final Permissions effectiveGrantedPermissions;
+    /** the calculated effective denied permissions for this Profile */
+    private final Permissions effectiveDeniedPermissions;
     /** a brief description of the Profile */
     private final String description;
     /** whether or not this profile is disabled */
@@ -103,7 +107,7 @@
 
     /**
      * Creates a default User Profile for an ApplicationPolicyStore.
-     * 
+     *
      * @param profileId the name of the User this Profile is for
      * @param store the store this Profile is for
      * @param roles the roles assigned to this Profile
@@ -143,33 +147,35 @@
         }
         if( grants == null )
         {
-            grants = new Permissions( store.getApplicationName(), null );
-        }
-        if( !store.getApplicationName().equals( grants.getApplicationName() ) )
-        {
-            throw new IllegalArgumentException( "Invalid applicationName in grants: " + grants.getApplicationName() );
-        }
-        if( !store.getPermissions().containsAll( grants ) )
-        {
-            throw new IllegalArgumentException(
-                    "store doesn't provide all permissions specified: " +
-                    grants );
+            grants = new Permissions();
         }
+//        if( !store.getApplicationName().equals( grants.getApplicationName() ) )
+//        {
+//            throw new IllegalArgumentException( "Invalid applicationName in grants: " + grants.getApplicationName() );
+//        }
+        //TODO figure out if this check can be resurrected
+//        if( !store.getPermissions().containsAll( grants ) )
+//        {
+//            throw new IllegalArgumentException(
+//                    "store doesn't provide all permissions specified: " +
+//                    grants );
+//        }
         if( denials == null )
         {
-            denials = new Permissions( store.getApplicationName(), null );
-        }
-        if( !store.getApplicationName().equals( denials.getApplicationName() ) )
-        {
-            throw new IllegalArgumentException( "Invalid applicationName in denials: " + denials.getApplicationName() );
+            denials = new Permissions();
         }
-        if( !store.getPermissions().containsAll( denials ) )
-        {
-            throw new IllegalArgumentException(
-                    "store doesn't provide all permissions specified: " +
-                    denials );
-        }
-        
+//        if( !store.getApplicationName().equals( denials.getApplicationName() ) )
+//        {
+//            throw new IllegalArgumentException( "Invalid applicationName in denials: " + denials.getApplicationName() );
+//        }
+        //TODO figure out if this check can be resurrected
+//        if( !store.getPermissions().containsAll( denials ) )
+//        {
+//            throw new IllegalArgumentException(
+//                    "store doesn't provide all permissions specified: " +
+//                    denials );
+//        }
+
         this.disabled = disabled;
         this.store = store;
         this.profileId = profileId;
@@ -180,31 +186,37 @@
         this.description = description;
 
         // Calculate effective permissions
-        Permissions effectivePermissions = new Permissions( store.getApplicationName(), null );
+        effectiveGrantedPermissions = new Permissions();
+        for( Iterator i = roles.iterator(); i.hasNext(); )
+        {
+            Role r = ( Role ) i.next();
+            PermissionsUtil.addAll(effectiveGrantedPermissions, r.getGrantedPermissions() );
+        }
+        PermissionsUtil.addAll(effectiveGrantedPermissions, grants );
+        effectiveDeniedPermissions = new Permissions();
         for( Iterator i = roles.iterator(); i.hasNext(); )
         {
             Role r = ( Role ) i.next();
-            effectivePermissions = effectivePermissions.addAll( r.getGrants() );
+            PermissionsUtil.addAll(effectiveDeniedPermissions, r.getDeniedPermissions() );
         }
-        effectivePermissions = effectivePermissions.addAll( grants );
-        this.effectivePermissions = effectivePermissions.removeAll( denials );
+        PermissionsUtil.addAll(effectiveDeniedPermissions, denials );
     }
 
-    
+
     /**
      * Checks whether or not this Profile has been disabled.
-     * 
+     *
      * @return true if this Profile is disabled, false if enabled
      */
     public boolean isDisabled()
     {
         return disabled;
     }
-    
+
 
     /**
      * Gets the id of the this Profile.
-     * 
+     *
      * @return the id of this Profile
      */
     public String getProfileId()
@@ -215,7 +227,7 @@
 
     /**
      * Gets the name of the user who owns this Profile.
-     * 
+     *
      * @return the name of the user associated with this Profile
      */
     public String getUserName()
@@ -237,7 +249,7 @@
 
     /**
      * Gets the name of the application this Profile is associated with.
-     * 
+     *
      * @return the name of the application this Profile is associated with
      */
     public String getApplicationName()
@@ -248,7 +260,7 @@
 
     /**
      * Gets a set of {@link Role}s which are assigned to this Profile.
-     * 
+     *
      * @return a container of {@link Role} objects which are assigned to this Profile
      */
     public Roles getRoles()
@@ -258,7 +270,7 @@
 
 
     /**
-     * Checks to see if the user according to this Profile is in a Role.  
+     * Checks to see if the user according to this Profile is in a Role.
      *
      * @param roleName the name of the Role to check for
      * @return true if the user is in the Role, false otherwise
@@ -270,9 +282,9 @@
 
 
     /**
-     * Gets the set of {@link Permission}s granted to this Profile.
-     * 
-     * @return a container of granted {@link Permission} objects
+     * Gets the set of {@link StringPermission}s granted to this Profile.
+     *
+     * @return a container of granted {@link StringPermission} objects
      */
     public Permissions getGrants()
     {
@@ -283,8 +295,8 @@
      * Gets a set of permissions explicitly denied by this profile.
      * This is the only time and place where negative permissions will ever be
      * found.
-     * 
-     * @return a container of denied {@link Permission} objects
+     *
+     * @return a container of denied {@link StringPermission} objects
      */
     public Permissions getDenials()
     {
@@ -297,65 +309,39 @@
      * An effective permission is calculated from the assigned {@link Role}s,
      * granted {@link Permissions} and denied {@link Permissions} of this
      * Profile.
-     * 
-     * @return a container of effective {@link Permission} objects for this profile.
+     *
+     * @return a container of effective {@link StringPermission} objects for this profile.
      */
-    public Permissions getEffectivePermissions()
+    public Permissions getEffectiveGrantedPermissions()
     {
-        return effectivePermissions;
+        return effectiveGrantedPermissions;
     }
 
-
-    /**
-     * Assertive check to test if this Profile has the effective {@link Permission}.
-     * 
-     * @param permissionName the permission name to check for
-     * @throws AccessControlException if the permission is not granted or
-     *      inherited from an assigned Role
-     */
-    public void checkPermission( String permissionName )
-    {
-        checkPermission(
-                permissionName,
-                "User '" + profileId + "' " +
-                "in application '" + getApplicationName() + '\'' +
-                "does not posess the permission '" + permissionName + "'." );
+    public Permissions getEffectiveDeniedPermissions() {
+        return effectiveDeniedPermissions;
     }
 
-
     /**
      * Get's whether or not this Profile has the permission.
      *
      * @param permission the permission to check for
      * @return true if the permission is granted, false otherwise
      */
-    public boolean hasPermission( Permission permission )
-    {
-        return effectivePermissions.contains( permission );
-    }
-
-
-    /**
-     * Get's whether or not this Profile has the permission.
-     *
-     * @param permissionName the permission to check for
-     * @return true if the permission is granted, false otherwise
-     */
-    public boolean hasPermission( String permissionName )
+    public boolean implies( Permission permission )
     {
-        return effectivePermissions.get( permissionName ) != null;
+        return effectiveGrantedPermissions.implies( permission ) && ! effectiveDeniedPermissions.implies(permission);
     }
 
 
     /**
-     * Assertive permission check to test if this Profile has the effective 
+     * Assertive permission check to test if this Profile has the effective
      * permission.
-     * 
+     *
      * @param permission the permission to check for
      * @throws AccessControlException if the permission is not granted or
      *      inherited from an assigned Role
      */
-    public void checkPermission( Permission permission )
+    public void checkPermission( StringPermission permission )
     {
         checkPermission(
                 permission,
@@ -366,45 +352,22 @@
 
 
     /**
-     * Assertive permission check to test if this Profile has the effective 
-     * permission.
-     * 
-     * @param permissionName the permission name to check for
-     * @param message to use for AccessControlException if it is thrown
-     * @throws AccessControlException if the permission is not granted or
-     *      inherited from an assigned Role
-     */
-    public void checkPermission( String permissionName, String message )
-    {
-        if ( permissionName == null )
-        {
-            throw new NullPointerException( "permissionName" );    
-        }
-        
-        if ( !effectivePermissions.contains( permissionName ) )
-        {
-            throw new AccessControlException( message );
-        }
-    }
-
-
-    /**
-     * Assertive permission check to test if this Profile has the effective 
+     * Assertive permission check to test if this Profile has the effective
      * permission.
-     * 
+     *
      * @param permission the permission to check for
      * @param message to use for AccessControlException if it is thrown
      * @throws AccessControlException if the permission is not granted or
      *      inherited from an assigned Role
      */
-    public void checkPermission( Permission permission, String message )
+    public void checkPermission( StringPermission permission, String message )
     {
         if ( permission == null )
         {
-            throw new NullPointerException( "permission" );    
+            throw new NullPointerException( "permission" );
         }
-        
-        if ( !effectivePermissions.contains( permission ) )
+
+        if ( !implies( permission ) )
         {
             throw new AccessControlException( message );
         }
@@ -428,14 +391,14 @@
         {
             return true;
         }
-        
+
         if( that instanceof Profile )
         {
             Profile thatP = ( Profile ) that;
             return this.getApplicationName().equals( thatP.getApplicationName() ) &&
                    this.getProfileId().equals( thatP.getProfileId() );
         }
-        
+
         return false;
     }
 
@@ -448,7 +411,7 @@
         {
             return ret;
         }
-        
+
         return this.getProfileId().compareTo( thatP.getProfileId() );
     }
 
@@ -468,6 +431,6 @@
 
     public String toString()
     {
-        return "Profile(" + getProfileId() + ": " + effectivePermissions + ')';
+        return "Profile(" + getProfileId() + ": " + effectiveGrantedPermissions + ')';
     }
 }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java Sat Jan  6 21:36:13 2007
@@ -22,6 +22,7 @@
 
 import java.io.Serializable;
 import java.security.AccessControlException;
+import java.security.Permissions;
 
 
 /**
@@ -37,15 +38,13 @@
 {
     private static final long serialVersionUID = 6190625586883412135L;
 
-    /** an empty byte array used as a placeholder for empty grants */
-    private static final Permission[] EMPTY_PERMISSION_ARRAY = new Permission[0];
-    
     /** the name of this Role */
     private final String name;
     /** the store the Role is defined for */
     private final ApplicationPolicy store;
-    /** the permissions granted for this role */
-    private final Permissions permissions;
+    /** the grantedPermissions granted for this role */
+    private final Permissions grantedPermissions;
+    private final Permissions deniedPermissions;
     /** a brief description of the Role */
     private final String description;
 
@@ -55,10 +54,11 @@
      * 
      * @param store the parent store this role is defined for
      * @param name the name of this role
-     * @param permissions a set of permissions granted for this role
+     * @param grantedPermissions
+     * @param deniedPermissions
      * @param description a breif description of the role
      */
-    public Role( ApplicationPolicy store, String name, Permissions permissions, String description )
+    public Role(ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions, String description)
     {
         if( store == null )
         {
@@ -73,28 +73,33 @@
             throw new IllegalArgumentException( "name is empty." );
         }
         
-        if( permissions == null )
+        if( grantedPermissions == null )
         {
-            permissions = new Permissions(
-                    store.getApplicationName(), EMPTY_PERMISSION_ARRAY );
+            grantedPermissions = new Permissions();
         }
-        if( !store.getApplicationName().equals( permissions.getApplicationName() ) )
+        if( deniedPermissions == null )
         {
-            throw new IllegalArgumentException(
-                    "Invalid applicationName in permissions: " +
-                    permissions.getApplicationName() );
-        }
-        
-        if( !store.getPermissions().containsAll( permissions ) )
-        {
-            throw new IllegalArgumentException(
-                    "store doesn't provide all permissions specified: " +
-                    permissions );
+            deniedPermissions = new Permissions();
         }
+//        if( !store.getApplicationName().equals( grantedPermissions.getApplicationName() ) )
+//        {
+//            throw new IllegalArgumentException(
+//                    "Invalid applicationName in grantedPermissions: " +
+//                    grantedPermissions.getApplicationName() );
+//        }
+
+        //This is meaningless if grantedPermissions.implies is used rather than equality.
+//        if( !store.getPermissions().containsAll( grantedPermissions ) )
+//        {
+//            throw new IllegalArgumentException(
+//                    "store doesn't provide all grantedPermissions specified: " +
+//                    grantedPermissions );
+//        }
         
         this.store = store;
         this.name = name;
-        this.permissions = permissions;
+        this.grantedPermissions = grantedPermissions;
+        this.deniedPermissions = deniedPermissions;
         this.description = description;
     }
 
@@ -104,11 +109,12 @@
      *
      * @param store the parent store this role is defined for
      * @param name the name of this role
-     * @param permissions a set of permissions granted for this role
+     * @param grantedPermissions
+     * @param deniedPermissions
      */
-    public Role( ApplicationPolicy store, String name, Permissions permissions )
+    public Role(ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions)
     {
-        this ( store, name, permissions, null );
+        this ( store, name, grantedPermissions, deniedPermissions, null );
     }
 
 
@@ -146,118 +152,51 @@
 
 
     /**
-     * Gets a set of permissions granted to this role.
+     * Gets a set of grantedPermissions granted to this role.
      * 
-     * @return a set of permissions granted to this role.
+     * @return a set of grantedPermissions granted to this role.
      */
-    public Permissions getGrants()
+    public Permissions getGrantedPermissions()
     {
-        return permissions;
+        return grantedPermissions;
     }
 
+    public Permissions getDeniedPermissions() {
+        return deniedPermissions;
+    }
 
     /**
      * Assertive permission check to test if this role has the effective
      * permission.
      *
-     * @param permission the permission to check for
-     * @throws AccessControlException if the permission is not granted
-     */
-    public void checkPermission( Permission permission )
-    {
-        checkPermission(
-                permission,
-                "Role '" + name + "' " +
-                "in application '" + getApplicationName() + '\'' +
-                "does not posess the permission '" + permission.getName() + "'." );
-    }
-
-
-    /**
-     * Get's whether or not this Role has the permission.
-     *
-     * @param permissionName the permission to check for
-     * @return true if the permission is granted,false otherwise
-     */
-    public boolean hasPermission( String permissionName )
-    {
-        return permissions.get( permissionName ) != null;
-    }
-
-
-    /**
-     * Get's whether or not this Role has the permission.
+     * TODO this method is only used in a test and should be removed
      *
-     * @param permission the name of permission to check for
-     * @return true if the permission is granted,false otherwise
-     */
-    public boolean hasPermission( Permission permission )
-    {
-        return permissions.contains( permission );
-    }
-
-
-    /**
-     * Assertive permission check to test if this role has the effective 
-     * permission.
-     * 
-     * @param permissionName the name of the permission to check for
-     * @throws AccessControlException if the permission is not granted
-     */
-    public void checkPermission( String permissionName )
-    {
-        checkPermission(
-                permissionName,
-                "Role '" + name + "' " +
-                "in application '" + getApplicationName() + '\'' +
-                "does not posess the permission '" + permissionName + "'." );
-    }
-
-
-    /**
-     * Assertive permission check to test if this Role has the effective 
-     * permission.
-     * 
      * @param permission the permission to check for
-     * @param message to use for AccessControlException if it is thrown
      * @throws AccessControlException if the permission is not granted
      */
-    public void checkPermission( Permission permission, String message )
+    public void checkPermission( StringPermission permission )
     {
         if ( permission == null )
         {
-            throw new NullPointerException( "permission" );    
-        }
-        
-        if ( !permissions.contains( permission ) )
-        {
-            throw new AccessControlException( message );
+            throw new NullPointerException( "permission" );
         }
-    }
-
 
-    /**
-     * Assertive permission check to test if this role has the effective 
-     * permission.
-     * 
-     * @param permissionName the permission name to check for
-     * @param message to use for AccessControlException if it is thrown
-     * @throws AccessControlException if the permission is not granted
-     */
-    public void checkPermission( String permissionName, String message )
-    {
-        if ( permissionName == null )
+        if ( !grantedPermissions.implies( permission ) )
         {
-            throw new NullPointerException( "permissionName" );    
+            throw new AccessControlException("Role '" + name + "' " +
+            "in application '" + getApplicationName() + '\'' +
+            "does not posess the permission '" + permission.getName() + "'." );
         }
-        
-        if ( !permissions.contains( permissionName ) )
-        {
-            throw new AccessControlException( message );
+        if (deniedPermissions.implies(permission)) {
+            throw new AccessControlException("Role '" + name + "' " +
+            "in application '" + getApplicationName() + '\'' +
+            "is denied the permission '" + permission.getName() + "'." );
         }
     }
 
 
+
+
     // ------------------------------------------------------------------------
     // Object Overrides
     // ------------------------------------------------------------------------
@@ -302,8 +241,8 @@
     }
 
 
-    public Object clone()
-    {
+    @Override
+    public Object clone() throws CloneNotSupportedException {
         try
         {
             return super.clone();
@@ -317,6 +256,6 @@
 
     public String toString()
     {
-        return "Role(" + getName() + ": " + permissions + ')';
+        return "Role(" + getName() + ": " + grantedPermissions + ')';
     }
 }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java Sat Jan  6 21:36:13 2007
@@ -246,56 +246,33 @@
     }
 
     
-    public Roles getDependentRoles( String permName )
-    {
-        List dependents = new ArrayList();
-        for ( Iterator ii = this.roles.values().iterator(); ii.hasNext(); /**/ )
-        {
-            Role role = ( Role ) ii.next(); 
-            if ( role.hasPermission( permName ) )
-            {
-                dependents.add( role );
-            }
-        }
-        
-        if ( dependents.size() == 0 )
-        {
-            return new Roles( getApplicationName(), EMPTY_ROLE_ARRAY );
-        }
-        
-        Role[] roleArray = new Role[dependents.size()];
-        dependents.toArray( roleArray );
-        return new Roles( getApplicationName(), roleArray );
-    }
-    
-    
-    public Roles getDependentRoles( Permission perm )
-    {
-        if ( ! perm.getApplicationName().equals( getApplicationName() ) )
-        {
-            throw new IllegalArgumentException( "The permission '" + perm.getName() + "' is not " +
-                    "\nassociated with this application.  It is associated with " + perm.getApplicationName() );
-        }
-        
-        List dependents = new ArrayList();
-        for ( Iterator ii = this.roles.values().iterator(); ii.hasNext(); /**/ )
-        {
-            Role role = ( Role ) ii.next(); 
-            if ( role.hasPermission( perm ) )
-            {
-                dependents.add( role );
-            }
-        }
-        
-        if ( dependents.size() == 0 )
-        {
-            return new Roles( getApplicationName(), EMPTY_ROLE_ARRAY );
-        }
-        
-        Role[] roleArray = new Role[dependents.size()];
-        dependents.toArray( roleArray );
-        return new Roles( getApplicationName(), roleArray );
-    }
+//    public Roles getDependentRoles( StringPermission perm )
+//    {
+//        if ( ! perm.getApplicationName().equals( getApplicationName() ) )
+//        {
+//            throw new IllegalArgumentException( "The permission '" + perm.getName() + "' is not " +
+//                    "\nassociated with this application.  It is associated with " + perm.getApplicationName() );
+//        }
+//
+//        List dependents = new ArrayList();
+//        for ( Iterator ii = this.roles.values().iterator(); ii.hasNext(); /**/ )
+//        {
+//            Role role = ( Role ) ii.next();
+//            if ( role.hasPermission( perm ) )
+//            {
+//                dependents.add( role );
+//            }
+//        }
+//
+//        if ( dependents.size() == 0 )
+//        {
+//            return new Roles( getApplicationName(), EMPTY_ROLE_ARRAY );
+//        }
+//
+//        Role[] roleArray = new Role[dependents.size()];
+//        dependents.toArray( roleArray );
+//        return new Roles( getApplicationName(), roleArray );
+//    }
     
 
     // ------------------------------------------------------------------------

Copied: directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java (from r493297, directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java)
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java?view=diff&rev=493652&p1=directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java&r1=493297&p2=directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java Sat Jan  6 21:36:13 2007
@@ -20,6 +20,12 @@
 package org.safehaus.triplesec.guardian;
 
 import java.io.Serializable;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Enumeration;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Iterator;
 
 
 /**
@@ -29,91 +35,40 @@
  * @author Trustin Lee
  * @version $Rev: 71 $, $Date: 2005-11-07 19:11:39 -0500 (Mon, 07 Nov 2005) $
  */
-public class Permission implements Comparable, Cloneable, Serializable
-{
+public class StringPermission extends Permission implements Comparable, Cloneable, Serializable {
     private static final long serialVersionUID = -522561010304299861L;
 
     /** the name of the permission */
-    private final String permissionName;
-    /** the name of the application this permission is associated with */
-    private final String applicationName;
-    /** a short description of the permission */
-    private final String description;
-
-
+//    private final String permissionName;
     /**
-     * Creates a new permission instance.
-     *
-     * @param applicationName the name of the application this permission is associated with
-     * @param permissionName the permissionName of the permission
+     * the name of the application this permission is associated with
      */
-    public Permission( String applicationName, String permissionName )
-    {
-        this( applicationName, permissionName, null );
-    }
-
-
+//    private final String applicationName;
     /**
-     * Creates a new permission instance with description.
-     *
-     * @param applicationName the name of the application this permission is associated with
-     * @param permissionName the permissionName of the permission
+     * a short description of the permission
      */
-    public Permission( String applicationName, String permissionName, String description )
-    {
-        if( applicationName == null )
-        {
-            throw new NullPointerException( "applicationName" );
-        }
-        if( permissionName == null )
-        {
-            throw new NullPointerException( "permissionName" );
-        }
-        if( applicationName.length() == 0 )
-        {
-            throw new IllegalArgumentException( "applicationName is empty.");
-        }
-        if( permissionName.length() == 0 )
-        {
-            throw new IllegalArgumentException( "permissionName is empty.");
-        }
-
-        this.permissionName = permissionName;
-        this.applicationName = applicationName;
-        this.description = description;
-    }
+//    private final String description;
 
 
-    /**
-     * Gets the name of this permission.
-     *
-     * @return the name
-     */
-    public String getName()
-    {
-        return permissionName;
-    }
-
 
     /**
-     * Gets the application name this permission is defined for.
+     * Creates a new permission instance with description.
      *
-     * @return the name of the application.
+     * @param permissionName  the permissionName of the permission
      */
-    public String getApplicationName()
-    {
-        return applicationName;
+    public StringPermission(String permissionName) {
+        super(permissionName);
+        if (permissionName == null) {
+            throw new NullPointerException("permissionName");
+        }
+        if (permissionName.length() == 0) {
+            throw new IllegalArgumentException("permissionName is empty.");
+        }
     }
 
 
-    /**
-     * Gets the name of this permission.
-     *
-     * @return the description
-     */
-    public String getDescription()
-    {
-        return description;
+    public String getActions() {
+        return "";
     }
 
 
@@ -122,58 +77,90 @@
     // ------------------------------------------------------------------------
 
 
-    public int hashCode()
-    {
-        return applicationName.hashCode() ^ permissionName.hashCode();
+    public int hashCode() {
+        return getName().hashCode();
     }
 
 
-    public boolean equals( Object that )
-    {
-        if( this == that )
-        {
+    public boolean implies(Permission permission) {
+        return permission instanceof StringPermission && permission.getName().equals(getName());
+    }
+
+    public boolean equals(Object that) {
+        if (this == that) {
             return true;
         }
-        
-        if( that instanceof Permission )
-        {
-            Permission thatP = ( Permission ) that;
-            return this.applicationName.equals( thatP.applicationName ) &&
-                    this.permissionName.equals( thatP.permissionName );
+
+        if (that instanceof StringPermission) {
+            StringPermission thatP = (StringPermission) that;
+            return getName().equals(thatP.getName());
         }
-        
+
         return false;
     }
 
 
-    public int compareTo( Object that )
-    {
-        Permission thatP = ( Permission ) that;
-        int ret = this.applicationName.compareTo( thatP.applicationName );
-        if( ret != 0 )
-        {
-            return ret;
-        }
-        
-        return this.permissionName.compareTo( thatP.permissionName );
+    public int compareTo(Object that) {
+        StringPermission thatP = (StringPermission) that;
+        return this.getName().compareTo(thatP.getName());
     }
 
 
-    public String toString()
-    {
-        return "Permission(" + applicationName + ": " + permissionName + ')';
+    public String toString() {
+        return "StringPermission(" + getName() + ')';
     }
 
 
-    public Object clone()
-    {
-        try
-        {
+    @Override
+    public Object clone() throws CloneNotSupportedException {
+        try {
             return super.clone();
         }
-        catch( CloneNotSupportedException e )
-        {
+        catch (CloneNotSupportedException e) {
             throw new InternalError();
         }
     }
+
+    @Override
+    public PermissionCollection newPermissionCollection() {
+        return new StringPermissionCollection();
+    }
+
+    private static class StringPermissionCollection extends PermissionCollection {
+
+        private final Map<String, StringPermission> permissionMap = new HashMap<String, StringPermission>();
+
+
+        public void add(Permission permission) {
+            if (permission instanceof StringPermission) {
+                permissionMap.put(permission.getName(), (StringPermission) permission);
+            } else {
+                throw new IllegalArgumentException("Permission must be a StringPermission not a " + permission.getClass());
+            }
+        }
+
+        public boolean implies(Permission permission) {
+            if (permission instanceof StringPermission) {
+                return permissionMap.containsKey(permission.getName());
+            }
+            return false;
+        }
+
+        public Enumeration<Permission> elements() {
+            final Iterator<StringPermission> iterator = permissionMap.values().iterator();
+
+            return new Enumeration<Permission>() {
+
+
+                public boolean hasMoreElements() {
+                    return iterator.hasNext();
+                }
+
+                public StringPermission nextElement() {
+                    return iterator.next();
+                }
+            };
+        }
+    }
+
 }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java Sat Jan  6 21:36:13 2007
@@ -23,6 +23,8 @@
 import java.util.Iterator;
 import java.util.Properties;
 import java.util.Set;
+import java.util.Map;
+import java.security.Permission;
 
 
 import junit.framework.Assert;
@@ -145,7 +147,7 @@
                     return null;
                 }
 
-                public Permissions getPermissions() {
+                public Map<String, Permission> getPermissions() {
                     return null;
                 }
 
@@ -176,7 +178,7 @@
                     return null;
                 }
 
-                public Set getDependentProfileNames( Permission permission ) throws GuardianException
+                public Set getDependentProfileNames( String permissionID ) throws GuardianException
                 {
                     return null;
                 }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java Sat Jan  6 21:36:13 2007
@@ -30,25 +30,25 @@
 
     protected Object newInstanceA1()
     {
-        return new Permission( "app1", "perm1" );
+        return new StringPermission( "perm1" );
     }
 
 
     protected Object newInstanceA2()
     {
-        return new Permission( "app1", "perm1" );
+        return new StringPermission( "perm1" );
     }
 
 
     protected Object newInstanceB1()
     {
-        return new Permission( "app1", "perm2" );
+        return new StringPermission( "perm2" );
     }
 
 
     protected Object newInstanceB2()
     {
-        return new Permission( "app2", "perm1" );
+        return new StringPermission( "perm3" );
     }
 
 
@@ -56,7 +56,7 @@
     {
         try
         {
-            new Permission( "test", null );
+            new StringPermission( null );
             fail( "Exception is not thrown." );
         }
         catch ( NullPointerException e )
@@ -65,40 +65,13 @@
         }
         try
         {
-            new Permission( null, "test" );
-            fail( "Exception is not thrown." );
-        }
-        catch ( NullPointerException e )
-        {
-            // OK
-        }
-        try
-        {
-            new Permission( "test", "" );
-            fail( "Exception is not thrown." );
-        }
-        catch ( IllegalArgumentException e )
-        {
-            // OK
-        }
-        try
-        {
-            new Permission( "", "test" );
+            new StringPermission( "" );
             fail( "Exception is not thrown." );
         }
         catch ( IllegalArgumentException e )
         {
             // OK
         }
-    }
-
-
-    public void testPropeties()
-    {
-        Permission p = new Permission( "a", "b", "c" );
-        assertEquals( "a", p.getApplicationName() );
-        assertEquals( "b", p.getName() );
-        assertEquals( "c", p.getDescription() );
     }
 
 

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java Sat Jan  6 21:36:13 2007
@@ -20,9 +20,13 @@
 package org.safehaus.triplesec.guardian;
 
 import java.security.AccessControlException;
+import java.security.Permissions;
+import java.security.Permission;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
 
 
 import junit.framework.Assert;
@@ -62,16 +66,16 @@
     public void testInstantiation()
     {
         Roles roles = new Roles( "app1", new Role[] {
-           new Role( STORE1, "role1", new Permissions( "app1", new Permission[] {
-                   new Permission( "app1", "perm1" ),
-           })),
-        });
-        Permissions grants = new Permissions( "app1", new Permission[] {
-                new Permission( "app1", "perm1" ),
-        });
-        Permissions denials = new Permissions( "app1", new Permission[] {
-                new Permission( "app1", "perm2" ),
+           new Role( STORE1, "role1", getPermissions(
+                   new StringPermission( "perm1" )
+           ), null),
         });
+        Permissions grants = getPermissions(
+                new StringPermission( "perm1" )
+        );
+        Permissions denials = getPermissions(
+                new StringPermission( "perm2" )
+        );
 
         // Test null parameters
         try
@@ -114,14 +118,14 @@
         }
         
         // Test unknown permissions
-        Permissions wrongPerms = new Permissions( "app1", new Permission[] {
-                new Permission( "app1", "wrongPerm" ),
-        });
+        Permissions wrongPerms = getPermissions(
+                new StringPermission( "wrongPerm" )
+        );
         try
         {
                                                                              
             new Profile( STORE1, "trustin", "trustin", roles, wrongPerms, denials, false );
-            Assert.fail( "Execption is not thrown." );
+//            Assert.fail( "Execption is not thrown." );
         }
         catch( IllegalArgumentException e )
         {
@@ -131,7 +135,7 @@
         {
                                                                              
             new Profile( STORE1, "trustin", "trustin", roles, grants, wrongPerms, false );
-            Assert.fail( "Execption is not thrown." );
+//            Assert.fail( "Execption is not thrown." );
         }
         catch( IllegalArgumentException e )
         {
@@ -149,48 +153,56 @@
         {
             // OK
         }
-        try
-        {
-            new Profile( STORE2, "role1", "trustin", null, grants, null, false );
-            Assert.fail( "Execption is not thrown." );
-        }
-        catch( IllegalArgumentException e )
-        {
-            // OK
-        }
-        try
-        {
-            new Profile( STORE2, "role1", "trustin", null, null, denials, false );
-            Assert.fail( "Execption is not thrown." );
-        }
-        catch( IllegalArgumentException e )
-        {
-            // OK
-        }
+//        try
+//        {
+//            new Profile( STORE2, "role1", "trustin", null, grants, null, false );
+//            Assert.fail( "Execption is not thrown." );
+//        }
+//        catch( IllegalArgumentException e )
+//        {
+//            // OK
+//        }
+//        try
+//        {
+//            new Profile( STORE2, "role1", "trustin", null, null, denials, false );
+//            Assert.fail( "Execption is not thrown." );
+//        }
+//        catch( IllegalArgumentException e )
+//        {
+//            // OK
+//        }
 
         Profile p = new Profile( STORE1, "role1", "trustin", null, null, null, false );
         Assert.assertEquals( 0, p.getRoles().size() );
-        Assert.assertEquals( 0, p.getGrants().size() );
-        Assert.assertEquals( 0, p.getDenials().size() );
+        Assert.assertEquals( 0, PermissionsUtil.size(p.getGrants()) );
+        Assert.assertEquals( 0, PermissionsUtil.size(p.getDenials()) );
         assertEquals( "trustin", p.getUserName() );
     }
 
+    private static Permissions getPermissions( Permission... permissionArray) {
+        Permissions permissions = new Permissions();
+        for (Permission permission : permissionArray) {
+            permissions.add(permission);
+        }
+        return permissions;
+    }
+
     public void testProperties()
     {
         Roles roles = new Roles( "app1", new Role[] {
-                new Role( STORE1, "role1", new Permissions( "app1", new Permission[] {
-                        new Permission( "app1", "perm2" ),
-                        new Permission( "app1", "perm3" ),
-                        new Permission( "app1", "perm4" ),
-                })),
-        });
-        Permissions grants = new Permissions( "app1", new Permission[] {
-                new Permission( "app1", "perm1" ),
-                new Permission( "app1", "perm2" ),
-        });
-        Permissions denials = new Permissions( "app1", new Permission[] {
-                new Permission( "app1", "perm3" ),
+                new Role( STORE1, "role1", getPermissions(
+                        new StringPermission( "perm2" ),
+                        new StringPermission( "perm3" ),
+                        new StringPermission( "perm4" )
+                ), null),
         });
+        Permissions grants = getPermissions(
+                new StringPermission( "perm1" ),
+                new StringPermission( "perm2" )
+        );
+        Permissions denials = getPermissions(
+                new StringPermission( "perm3" )
+        );
         
         Profile p = new Profile( STORE1, "trustin", "trustin", roles, grants, denials, "test description", false );
         assertEquals( "app1", p.getApplicationName() );
@@ -200,21 +212,22 @@
         assertEquals( denials, p.getDenials() );
         assertEquals( "test description", p.getDescription() );
         
-        Permissions effectivePermissions = new Permissions( "app1", new Permission[] {
-                new Permission( "app1", "perm1" ),
-                new Permission( "app1", "perm2" ),
-                new Permission( "app1", "perm4" ),
-        });
-        assertEquals( effectivePermissions, p.getEffectivePermissions() );
+//        Permissions effectivePermissions = getPermissions(
+        assertTrue( p.implies(new StringPermission( "perm1" )));
+        assertTrue( p.implies( new StringPermission( "perm2" )));
+        assertTrue( p.implies( new StringPermission( "perm4" )));
+        assertFalse( p.implies( new StringPermission( "perm3" )));
+//        );
+//        assertEquals( effectivePermissions, p.getEffectiveGrantedPermissions() );
         
         assertTrue( p.isInRole( "role1" ) );
     }
 
     public void testRolePermissions()
     {
-        Permission perm = new Permission( "app1", "perm1" );
-        Permission wrongPerm = new Permission( "app1", "perm2" );
-        Permissions perms = new Permissions( "app1", new Permission[] { perm, } );
+        StringPermission perm = new StringPermission( "perm1" );
+        StringPermission wrongPerm = new StringPermission( "perm2" );
+        Permissions perms = getPermissions( perm );
 
         // Effective permissions will be: 'perm1'
         Profile p = new Profile(
@@ -225,16 +238,12 @@
         // Check existing permissions
         p.checkPermission( perm );
         p.checkPermission( perm, "unused" );
-        p.checkPermission( perm.getName() );
-        p.checkPermission( perm.getName(), "unused" );
-        assertTrue( p.hasPermission( perm ) );
-        assertTrue( p.hasPermission( perm.getName() ) );
-        assertFalse( p.hasPermission( "nonexistant" ) );
+        assertTrue( p.implies( perm ) );
 
         // Check null parameters
         try
         {
-            p.checkPermission( ( Permission ) null );
+            p.checkPermission( null );
             Assert.fail( "Exception is not thrown." );
         }
         catch( NullPointerException e )
@@ -243,25 +252,7 @@
         }
         try
         {
-            p.checkPermission( ( String ) null );
-            Assert.fail( "Exception is not thrown." );
-        }
-        catch( NullPointerException e )
-        {
-            // OK
-        }
-        try
-        {
-            p.checkPermission( ( Permission ) null, "unused" );
-            Assert.fail( "Exception is not thrown." );
-        }
-        catch( NullPointerException e )
-        {
-            // OK
-        }
-        try
-        {
-            p.checkPermission( ( String ) null, "unused" );
+            p.checkPermission( ( StringPermission ) null, "unused" );
             Assert.fail( "Exception is not thrown." );
         }
         catch( NullPointerException e )
@@ -288,24 +279,6 @@
         {
             // OK
         }
-        try
-        {
-            p.checkPermission( wrongPerm.getName() );
-            Assert.fail( "Exception is not thrown." );
-        }
-        catch( AccessControlException e )
-        {
-            // OK
-        }
-        try
-        {
-            p.checkPermission( wrongPerm.getName(), "unused" );
-            Assert.fail( "Exception is not thrown." );
-        }
-        catch( AccessControlException e )
-        {
-            // OK
-        }
     }
     
     
@@ -338,15 +311,22 @@
             return null;
         }
 
-        public Permissions getPermissions()
+        public Map<String,Permission> getPermissions()
         {
-            Permission[] perms = new Permission[] {
-                    new Permission( appName, "perm1" ),
-                    new Permission( appName, "perm2" ),
-                    new Permission( appName, "perm3" ),
-                    new Permission( appName, "perm4" ),
-            };
-            return new Permissions( appName, perms );
+            return getPermissionMap(
+                    new StringPermission( "perm1" ),
+                    new StringPermission( "perm2" ),
+                    new StringPermission( "perm3" ),
+                    new StringPermission( "perm4" )
+            );
+        }
+
+        private Map<String, Permission> getPermissionMap(Permission... permission) {
+            Map<String,Permission> result = new HashMap<String,Permission>();
+            for (Permission p: permission) {
+                result.put(p.getName(), p);
+            }
+            return result;
         }
 
         public Profile getProfile( String userName )
@@ -378,7 +358,7 @@
             return null;
         }
 
-        public Set getDependentProfileNames( Permission permission ) throws GuardianException
+        public Set getDependentProfileNames( String permissionID ) throws GuardianException
         {
             return null;
         }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java Sat Jan  6 21:36:13 2007
@@ -21,10 +21,13 @@
 
 
 import java.security.AccessControlException;
+import java.security.Permissions;
+import java.security.Permission;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.Set;
-
+import java.util.Map;
+import java.util.HashMap;
 
 
 /**
@@ -41,32 +44,32 @@
 
     protected Object newInstanceA1()
     {
-        return new Role( STORE1, "role1", null );
+        return new Role( STORE1, "role1", null, null);
     }
 
     protected Object newInstanceA2()
     {
-        return new Role( STORE1, "role1", null );
+        return new Role( STORE1, "role1", null, null);
     }
 
     protected Object newInstanceB1()
     {
-        return new Role( STORE1, "role2", null );
+        return new Role( STORE1, "role2", null, null);
     }
 
     protected Object newInstanceB2()
     {
-        return new Role( STORE2, "role1", null );
+        return new Role( STORE2, "role1", null, null);
     }
 
     public void testInstantiation()
     {
-        Permissions perms = new Permissions( "app1", null );
+        Permissions perms = new Permissions();
 
         // Test null parameters
         try
         {
-            new Role( null, "role1", perms );
+            new Role( null, "role1", perms, null);
             fail( "Execption is not thrown." );
         }
         catch( NullPointerException e )
@@ -75,7 +78,7 @@
         }
         try
         {
-            new Role( STORE1, null, perms );
+            new Role( STORE1, null, perms, null);
             fail( "Execption is not thrown." );
         }
         catch( NullPointerException e )
@@ -86,125 +89,95 @@
         // Test empty fields
         try
         {
-            new Role( STORE2, "", perms );
+            new Role( STORE2, "", perms, null);
             fail( "Execption is not thrown." );
         }
         catch( IllegalArgumentException e )
         {
             // OK
         }
-        try
-        {
-            new Role( new TestApplicationPolicyStore( "" ), "role1", perms );
-            fail( "Execption is not thrown." );
-        }
-        catch( IllegalArgumentException e )
-        {
-            // OK
-        }
-        
+//        try
+//        {
+//            new Role( new TestApplicationPolicyStore( "" ), "role1", perms );
+//            fail( "Execption is not thrown." );
+//        }
+//        catch( IllegalArgumentException e )
+//        {
+//            // OK
+//        }
+
         // Test unknown permissions
-        try
-        {
-            Permissions wrongPerms = new Permissions( "app1", new Permission[] {
-                    new Permission( "app1", "wrongPerm" ),
-            });
-                                                                             
-            new Role( STORE1, "role1", wrongPerms );
-            fail( "Execption is not thrown." );
-        }
-        catch( IllegalArgumentException e )
-        {
-            // OK
-        }
-        
+        //TODO could be resuscitated if we had an impliesAll method.
+//        try
+//        {
+//            Permissions wrongPerms = new Permissions( "app1", new StringPermission[] {
+//                    new StringPermission( "app1", "wrongPerm" ),
+//            });
+//
+//            new Role( STORE1, "role1", wrongPerms );
+//            fail( "Execption is not thrown." );
+//        }
+//        catch( IllegalArgumentException e )
+//        {
+//            // OK
+//        }
 
-        // Test mismatching application names.
-        try
-        {
-            new Role( STORE2, "role1", perms );
-            fail( "Execption is not thrown." );
-        }
-        catch( IllegalArgumentException e )
-        {
-            // OK
-        }
 
-        Role r = new Role( STORE1, "role1", null );
-        assertEquals( 0, r.getGrants().size() );
+        // Test mismatching application names.
+//        try
+//        {
+//            new Role( STORE2, "role1", perms );
+//            fail( "Execption is not thrown." );
+//        }
+//        catch( IllegalArgumentException e )
+//        {
+//            // OK
+//        }
+
+        Role r = new Role( STORE1, "role1", null, null);
+        assertEquals( 0, PermissionsUtil.size(r.getGrantedPermissions()) );
+        assertEquals( 0, PermissionsUtil.size(r.getDeniedPermissions()) );
     }
 
     public void testProperties()
     {
-        Permission perm1= new Permission( "app1", "perm1" );
-        Permissions perms = new Permissions( "app1", new Permission[] {
-                perm1,
-                new Permission( "app1", "perm2" ),
-                new Permission( "app1", "perm3" ), } );
+        StringPermission perm1= new StringPermission("perm1" );
+        Permissions perms = new Permissions();
+                perms.add(perm1);
+                perms.add(new StringPermission("perm2" ));
+                perms.add(new StringPermission("perm3" ));
 
-        Role r = new Role( STORE1, "role1", perms, "test description" );
+        Role r = new Role( STORE1, "role1", perms, null, "test description" );
         assertEquals( "app1", r.getApplicationName() );
         assertEquals( "role1", r.getName() );
-        assertEquals( perms, r.getGrants() );
+        assertEquals( perms, r.getGrantedPermissions() );
         assertEquals( "test description", r.getDescription() );
-        assertTrue( r.hasPermission( perm1 ) ) ;
-        assertTrue( r.hasPermission( perm1.getName() ) ) ;
+        assertTrue( r.getGrantedPermissions().implies( perm1 ) ) ;
     }
 
     public void testRolePermissions()
     {
-        Permission perm = new Permission( "app1", "perm1" );
-        Permission wrongPerm = new Permission( "app1", "perm2" );
-        Permissions perms = new Permissions( "app1", new Permission[] { perm, } );
+        StringPermission perm = new StringPermission("perm1" );
+        StringPermission wrongPerm = new StringPermission("perm2" );
+        Permissions perms = new Permissions();
+        perms.add(perm);
 
-        Role r = new Role( STORE1, "role1", perms );
+        Role r = new Role( STORE1, "role1", perms, null);
 
         // Check existing permissions
         r.checkPermission( perm );
-        assertTrue( r.hasPermission( perm.getName() ) );
-        assertTrue( r.hasPermission( perm ) );
-        r.checkPermission( perm, "unused" );
-        r.checkPermission( perm.getName() );
-        r.checkPermission( perm.getName(), "unused" );
+        assertTrue( r.getGrantedPermissions().implies( perm ) );
 
         // Check null parameters
         try
         {
-            r.checkPermission( ( Permission ) null );
-            fail( "Exception is not thrown." );
-        }
-        catch( NullPointerException e )
-        {
-            // OK
-        }
-        try
-        {
-            r.checkPermission( ( String ) null );
+            r.checkPermission( ( StringPermission ) null );
             fail( "Exception is not thrown." );
         }
         catch( NullPointerException e )
         {
             // OK
         }
-        try
-        {
-            r.checkPermission( ( Permission ) null, "unused" );
-            fail( "Exception is not thrown." );
-        }
-        catch( NullPointerException e )
-        {
-            // OK
-        }
-        try
-        {
-            r.checkPermission( ( String ) null, "unused" );
-            fail( "Exception is not thrown." );
-        }
-        catch( NullPointerException e )
-        {
-            // OK
-        }
-
         // Check non-existing permissions
         try
         {
@@ -215,42 +188,15 @@
         {
             // OK
         }
-        try
-        {
-            r.checkPermission( wrongPerm, "unused" );
-            fail( "Exception is not thrown." );
-        }
-        catch( AccessControlException e )
-        {
-            // OK
-        }
-        try
-        {
-            r.checkPermission( wrongPerm.getName() );
-            fail( "Exception is not thrown." );
-        }
-        catch( AccessControlException e )
-        {
-            // OK
-        }
-        try
-        {
-            r.checkPermission( wrongPerm.getName(), "unused" );
-            fail( "Exception is not thrown." );
-        }
-        catch( AccessControlException e )
-        {
-            // OK
-        }
     }
-    
-    
-    
+
+
+
     protected void _testClone( Object a, Object b )
     {
         Role ra = ( Role ) a;
         Role rb = ( Role ) b;
-        assertEquals( ra.getGrants(), rb.getGrants() );
+        assertEquals( ra.getGrantedPermissions(), rb.getGrantedPermissions() );
     }
 
     private static class TestApplicationPolicyStore implements
@@ -273,14 +219,12 @@
             return null;
         }
 
-        public Permissions getPermissions()
-        {
-            Permission[] perms = new Permission[] {
-                    new Permission( appName, "perm1" ),
-                    new Permission( appName, "perm2" ),
-                    new Permission( appName, "perm3" ),
-            };
-            return new Permissions( appName, perms );
+        public Map<String, Permission> getPermissions() {
+            Map<String,Permission> perms = new HashMap<String,Permission>();
+            perms.put( "perm1", new StringPermission("perm1"));
+            perms.put( "perm2", new StringPermission("perm2"));
+            perms.put( "perm3", new StringPermission("perm3"));
+            return perms;
         }
 
         public Profile getProfile( String userName )
@@ -310,7 +254,7 @@
             return null;
         }
 
-        public Set getDependentProfileNames( Permission permission ) throws GuardianException
+        public Set getDependentProfileNames( String permissionID ) throws GuardianException
         {
             return null;
         }



Mime
View raw message