directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r493652 [2/3] - in /directory/sandbox/triplesec-jacc2: guardian-api/src/main/java/org/safehaus/triplesec/guardian/ guardian-api/src/test/java/org/safehaus/triplesec/guardian/ guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/ ...
Date Sun, 07 Jan 2007 05:36:15 GMT
Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java Sat Jan  6 21:36:13 2007
@@ -19,12 +19,14 @@
  */
 package org.safehaus.triplesec.guardian;
 
+import java.security.Permission;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.Map;
 import java.util.Set;
 
-
 import junit.framework.Assert;
 
 
@@ -45,25 +47,25 @@
     protected Object newInstanceA1()
     {
         return new Roles( "app1", new Role[] {
-                new Role( STORE1, "role1", null ),
-                new Role( STORE1, "role2", null ),
-                new Role( STORE1, "role3", null ),
+                new Role( STORE1, "role1", null, null ),
+                new Role( STORE1, "role2", null, null ),
+                new Role( STORE1, "role3", null, null ),
         });
     }
 
     protected Object newInstanceA2()
     {
         return new Roles( "app1", new Role[] {
-                new Role( STORE1, "role1", null ),
-                new Role( STORE1, "role2", null ),
-                new Role( STORE1, "role3", null ),
+                new Role( STORE1, "role1", null, null ),
+                new Role( STORE1, "role2", null, null ),
+                new Role( STORE1, "role3", null, null ),
         });
     }
 
     protected Object newInstanceB1()
     {
         return new Roles( "app1", new Role[] {
-                new Role( STORE1, "role1", null ),
+                new Role( STORE1, "role1", null, null ),
         });
     }
 
@@ -106,7 +108,7 @@
         try
         {
             new Roles( "app1", new Role[] {
-                    new Role( STORE2, "role1", null ),
+                    new Role( STORE2, "role1", null, null ),
             });
             Assert.fail( "Execption is not thrown." );
         }
@@ -120,9 +122,9 @@
     
     public void testProperties()
     {
-        Role r1 = new Role( STORE1, "role1", null );
-        Role r2 = new Role( STORE1, "role2", null );
-        Role r3 = new Role( STORE1, "role3", null );
+        Role r1 = new Role( STORE1, "role1", null, null );
+        Role r2 = new Role( STORE1, "role2", null, null );
+        Role r3 = new Role( STORE1, "role3", null, null );
         Roles roles = new Roles( "app1", new Role[] {
                 r1, r2, r3,
         });
@@ -155,14 +157,14 @@
     public void testSetOperations()
     {
         Roles roles1 = new Roles( "app1", new Role[] {
-                new Role( STORE1, "role1", null ),
+                new Role( STORE1, "role1", null, null ),
         });
         Roles roles2 = new Roles( "app1", new Role[] {
-                new Role( STORE1, "role2", null ),
+                new Role( STORE1, "role2", null, null ),
         });
         Roles roles12 = new Roles( "app1", new Role[] {
-                new Role( STORE1, "role1", null ),
-                new Role( STORE1, "role2", null ),
+                new Role( STORE1, "role1", null, null ),
+                new Role( STORE1, "role2", null, null ),
         });
         Roles wrongRoles = new Roles( "wrongApp", null );
         
@@ -222,6 +224,7 @@
     }
     
     
+/*
     public void testGetDependentRoles()
     {
         Role role1 = new Role( STORE1, "role1", STORE1.getPermissions() );
@@ -239,19 +242,20 @@
         dependents = roles12.getDependentRoles( "perm99" );
         assertEquals( 0, dependents.size() );
 
-        dependents = roles12.getDependentRoles( new Permission( "app1", "perm99" ) );
+        dependents = roles12.getDependentRoles( new StringPermission( "app1", "perm99" ) );
         assertEquals( 0, dependents.size() );
         
         try
         {
-            dependents = roles12.getDependentRoles( new Permission( "blah", "perm99" ) );
+            dependents = roles12.getDependentRoles( new StringPermission( "blah", "perm99" ) );
             fail( "Should never get here due to an exception" );
         }
         catch ( IllegalArgumentException e )
         {
         }
     }
-    
+*/
+
     
     public static void main( String[] args )
     {
@@ -277,14 +281,12 @@
             return null;
         }
         
-        public Permissions getPermissions()
-        {
-            Permission[] perms = new Permission[] {
-                    new Permission( appName, "perm1" ),
-                    new Permission( appName, "perm2" ),
-                    new Permission( appName, "perm3" ),
-            };
-            return new Permissions( appName, perms );
+        public Map<String, Permission> getPermissions() {
+            Map<String,Permission> perms = new HashMap<String,Permission>();
+            perms.put( "perm1", new StringPermission("perm1"));
+            perms.put( "perm2", new StringPermission("perm2"));
+            perms.put( "perm3", new StringPermission("perm3"));
+            return perms;
         }
         
         public Profile getProfile( String userName )
@@ -314,7 +316,7 @@
             return null;
         }
 
-        public Set getDependentProfileNames( Permission permission ) throws GuardianException
+        public Set getDependentProfileNames( String permissionID ) throws GuardianException
         {
             return null;
         }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java Sat Jan  6 21:36:13 2007
@@ -20,9 +20,22 @@
 package org.safehaus.triplesec.guardian.mock;
 
 
-import org.safehaus.triplesec.guardian.*;
-
-import java.util.*;
+import java.security.Permissions;
+import java.security.Permission;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.Roles;
+import org.safehaus.triplesec.guardian.StringPermission;
 
 
 /**
@@ -34,7 +47,7 @@
 class MockApplicationPolicy implements ApplicationPolicy
 {
     private final Roles roles;
-    private final Permissions perms;
+    private final Map<String,Permission> perms = new HashMap<String,Permission>();
     private final String name;
     private final Map profileByName;
 
@@ -43,56 +56,74 @@
     {
         name = "mockApplication";
         profileByName = new HashMap();
-        Set permSet = new HashSet();
         Set roleSet = new HashSet();
 
         // --------------------------------------------------------------------------------
         // add permissions
         // --------------------------------------------------------------------------------
 
-        Permission perm0 = new Permission( name, "mockPerm0" ); permSet.add( perm0 );
-        Permission perm1 = new Permission( name, "mockPerm1" ); permSet.add( perm1 );
-        Permission perm2 = new Permission( name, "mockPerm2" ); permSet.add( perm2 );
-        Permission perm3 = new Permission( name, "mockPerm3" ); permSet.add( perm3 );
-        Permission perm4 = new Permission( name, "mockPerm4" ); permSet.add( perm4 );
-        Permission perm5 = new Permission( name, "mockPerm5" ); permSet.add( perm5 );
-        Permission perm6 = new Permission( name, "mockPerm6" ); permSet.add( perm6 );
-        Permission perm7 = new Permission( name, "mockPerm7" ); permSet.add( perm7 );
-        Permission perm8 = new Permission( name, "mockPerm8" ); permSet.add( perm8 );
-        Permission perm9 = new Permission( name, "mockPerm9" ); permSet.add( perm9 );
+        StringPermission perm0 = new StringPermission("mockPerm0" ); perms.put( "mockPerm0", perm0 );
+        StringPermission perm1 = new StringPermission("mockPerm1" ); perms.put( "mockPerm1", perm1 );
+        StringPermission perm2 = new StringPermission("mockPerm2" ); perms.put( "mockPerm2", perm2 );
+        StringPermission perm3 = new StringPermission("mockPerm3" ); perms.put( "mockPerm3", perm3 );
+        StringPermission perm4 = new StringPermission("mockPerm4" ); perms.put( "mockPerm4", perm4 );
+        StringPermission perm5 = new StringPermission("mockPerm5" ); perms.put( "mockPerm5", perm5 );
+        StringPermission perm6 = new StringPermission("mockPerm6" ); perms.put( "mockPerm6", perm6 );
+        StringPermission perm7 = new StringPermission("mockPerm7" ); perms.put( "mockPerm7", perm7 );
+        StringPermission perm8 = new StringPermission("mockPerm8" ); perms.put( "mockPerm8", perm8 );
+        StringPermission perm9 = new StringPermission("mockPerm9" ); perms.put( "mockPerm9", perm9 );
 
-        Permission[] permArray = ( Permission[] ) permSet.toArray( new Permission[0] );
-        perms = new Permissions( name, permArray );
 
         // --------------------------------------------------------------------------------
         // add roles
         // --------------------------------------------------------------------------------
 
         // role without any permissions toggled
-        Permissions grants = new Permissions( name, new Permission[0] );
-        Role role0 = new Role( this, "mockRole0", grants );
+        Permissions grants = new Permissions();
+        Role role0 = new Role( this, "mockRole0", grants, null);
         roleSet.add( role0 );
 
         // role with permission mockPerm0
-        grants = new Permissions( name, new Permission[] {perm0});
-        Role role1 = new Role( this, "mockRole1", grants );
+        grants = new Permissions();
+        grants.add(perm0);
+        Role role1 = new Role( this, "mockRole1", grants, null);
         roleSet.add( role1 );
 
         // role with permission mockPerm1
-        grants = new Permissions( name, new Permission[] {perm1});
-        Role role2 = new Role( this, "mockRole2", grants );
+        grants = new Permissions();
+        grants.add(perm1);
+        Role role2 = new Role( this, "mockRole2", grants, null);
         roleSet.add( role2 );
 
         // role with permission mockPerm2 and mochPerm3
-        grants = new Permissions( name, new Permission[] {perm2, perm3});
-        Role role3 = new Role( this, "mockRole3", grants );
+        grants = new Permissions();
+        grants.add(perm2);
+        grants.add(perm3);
+        Role role3 = new Role( this, "mockRole3", grants, null);
         roleSet.add( role3 );
 
         // role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
-        grants = new Permissions( name, new Permission[] {perm4, perm5, perm6, perm7, perm9});
-        Role role4 = new Role( this, "mockRole4", grants );
+        grants = new Permissions();
+        grants.add(perm4);
+        grants.add(perm5);
+        grants.add(perm6);
+        grants.add(perm7);
+        grants.add(perm9);
+        Role role4 = new Role( this, "mockRole4", grants, null);
         roleSet.add( role4 );
 
+        // role with permission mockPerm4, mockPerm5, mockPerm6, mockPerm7, mockPerm9
+        grants = new Permissions();
+        grants.add(perm4);
+        grants.add(perm5);
+        grants.add(perm6);
+        grants.add(perm7);
+        grants.add(perm9);
+        Permissions denials = new Permissions();
+        denials.add(perm6);
+        Role role5 = new Role( this, "mockRole5", grants, denials);
+        roleSet.add( role5 );
+
         Role[] rolesArray = ( Role [] ) roleSet.toArray( new Role[0] );
         roles = new Roles( name, rolesArray );
 
@@ -101,40 +132,55 @@
         // --------------------------------------------------------------------------------
 
         // a profile that has no permissions at all, and no roles (basis case)
-        grants = new Permissions( name, new Permission[0] );
-        Permissions denials = new Permissions( name, new Permission[0] );
+        grants = new Permissions();
+        denials = new Permissions();
         Roles roles = new Roles( name, new Role[0] );
         Profile profile = new Profile( this, "mockProfile0", "trustin", roles, grants, denials, false );
         profileByName.put( profile.getProfileId(), profile );
 
         // a profile for checking union of role1 and role2 - inherits perm0 and perm1
-        grants = new Permissions( name, new Permission[0] );
-        denials = new Permissions( name, new Permission[0] );
+        grants = new Permissions();
+        denials = new Permissions();
         roles = new Roles( name, new Role[] { role1, role2 } );
         profile = new Profile( this, "mockProfile1", "trustin", roles, grants, denials, false );
         profileByName.put( profile.getProfileId(), profile );
 
         // a profile for checking union of roles with grants - granted perm0 and inherits perm1
-        grants = new Permissions( name, new Permission[] { perm0 } );
-        denials = new Permissions( name, new Permission[0] );
+        grants = new Permissions();
+        grants.add(perm0 );
+        denials = new Permissions();
         roles = new Roles( name, new Role[] { role2 } );
         profile = new Profile( this, "mockProfile2", "trustin", roles, grants, denials, false );
         profileByName.put( profile.getProfileId(), profile );
 
         // a profile for checking union of roles with grants - granted perm0, perm7 and inherits perm2 and perm3
-        grants = new Permissions( name, new Permission[] { perm0, perm7 } );
-        denials = new Permissions( name, new Permission[0] );
+        grants = new Permissions();
+        grants.add(perm0);
+        grants.add(perm7);
+        denials = new Permissions();
         roles = new Roles( name, new Role[] { role3 } );
         profile = new Profile( this, "mockProfile3", "trustin", roles, grants, denials, false );
         profileByName.put( profile.getProfileId(), profile );
 
         // a profile for checking union of roles with grants and denials
         // granted perm0, in role3 and role4 but denied inherited perm7
-        grants = new Permissions( name, new Permission[] { perm0 } );
-        denials = new Permissions( name, new Permission[] { perm7 } );
+        grants = new Permissions();
+        grants.add(perm0);
+        denials = new Permissions();
+        denials.add(perm7);
         roles = new Roles( name, new Role[] { role3, role4 } );
         profile = new Profile( this, "mockProfile4", "trustin", roles, grants, denials, false );
         profileByName.put( profile.getProfileId(), profile );
+
+        // a profile for checking union of roles with grants and denials
+        // granted perm0, in role3 and role4 but denied inherited perm7
+        grants = new Permissions();
+        grants.add(perm0);
+        denials = new Permissions();
+        denials.add(perm7);
+        roles = new Roles( name, new Role[] { role3, role4, role5 } );
+        profile = new Profile( this, "mockProfile5", "trustin", roles, grants, denials, false );
+        profileByName.put( profile.getProfileId(), profile );
     }
 
 
@@ -150,7 +196,7 @@
     }
 
 
-    public Permissions getPermissions()
+    public Map<String,Permission> getPermissions()
     {
         return perms;
     }
@@ -191,7 +237,7 @@
     }
 
 
-    public Set getDependentProfileNames( Permission permission ) throws GuardianException
+    public Set getDependentProfileNames( String permissionID ) throws GuardianException
     {
         return null;
     }

Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java Sat Jan  6 21:36:13 2007
@@ -23,6 +23,8 @@
 import junit.framework.TestCase;
 import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
 import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.safehaus.triplesec.guardian.PermissionsUtil;
 
 
 /**
@@ -34,6 +36,7 @@
 public class MockApplicationPolicyTest extends TestCase
 {
     MockApplicationPolicy store;
+    private static final String APP_NAME = "mockApplication";
 
     protected void setUp() throws Exception
     {
@@ -53,29 +56,29 @@
 
     public void testProfile0()
     {
-        assertEquals( 5, store.getRoles().size() );
+        assertEquals( 6, store.getRoles().size() );
         Profile p = store.getProfile( "mockProfile0" );
-        assertTrue( p.getEffectivePermissions().isEmpty() );
+        assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
         assertTrue( p.getRoles().isEmpty() );
     }
 
     public void testProfile1()
     {
         Profile p = store.getProfile( "mockProfile1" );
-        assertEquals( 2, p.getEffectivePermissions().size() );
-        assertTrue( p.hasPermission( "mockPerm0" ) );
-        assertTrue( p.hasPermission( "mockPerm1" ) );
-        assertFalse( p.hasPermission( "mockPerm3") );
+        assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+        assertTrue( p.implies( new StringPermission("mockPerm0" )));
+        assertTrue( p.implies( new StringPermission("mockPerm1" )));
+        assertFalse( p.implies( new StringPermission("mockPerm3")));
         assertEquals( 2, p.getRoles().size() );
     }
 
     public void testProfile2()
     {
         Profile p = store.getProfile( "mockProfile2" );
-        assertEquals( 2, p.getEffectivePermissions().size() );
-        assertTrue( p.hasPermission( "mockPerm0" ) );
-        assertTrue( p.hasPermission( "mockPerm1" ) );
-        assertFalse( p.hasPermission( "mockPerm3") );
+        assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+        assertTrue( p.implies( new StringPermission("mockPerm0" )));
+        assertTrue( p.implies( new StringPermission("mockPerm1" )));
+        assertFalse( p.implies( new StringPermission("mockPerm3")));
         assertEquals( 1, p.getRoles().size() );
         assertTrue( p.getRoles().contains( "mockRole2" ) );
     }
@@ -83,12 +86,12 @@
     public void testProfile3()
     {
         Profile p = store.getProfile( "mockProfile3" );
-        assertEquals( 4, p.getEffectivePermissions().size() );
-        assertTrue( p.hasPermission( "mockPerm0" ) );
-        assertTrue( p.hasPermission( "mockPerm7" ) );
-        assertTrue( p.hasPermission( "mockPerm2" ) );
-        assertTrue( p.hasPermission( "mockPerm3" ) );
-        assertFalse( p.hasPermission( "mockPerm4" ) );
+        assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+        assertTrue( p.implies( new StringPermission("mockPerm0" )));
+        assertTrue( p.implies( new StringPermission("mockPerm7" )));
+        assertTrue( p.implies( new StringPermission("mockPerm2" )));
+        assertTrue( p.implies( new StringPermission("mockPerm3" )));
+        assertFalse( p.implies( new StringPermission("mockPerm4" )));
         assertEquals( 1, p.getRoles().size() );
         assertTrue( p.getRoles().contains( "mockRole3" ) );
     }
@@ -96,21 +99,46 @@
     public void testProfile4()
     {
         Profile p = store.getProfile( "mockProfile4" );
-        assertEquals( 7, p.getEffectivePermissions().size() );
-        assertTrue( p.hasPermission( "mockPerm0" ) );
-        assertFalse( p.hasPermission( "mockPerm1" ) );
-        assertTrue( p.hasPermission( "mockPerm2" ) );
-        assertTrue( p.hasPermission( "mockPerm3" ) );
-        assertTrue( p.hasPermission( "mockPerm4" ) );
-        assertTrue( p.hasPermission( "mockPerm5" ) );
-        assertTrue( p.hasPermission( "mockPerm6" ) );
-        assertFalse( p.hasPermission( "mockPerm7" ) );
-        assertFalse( p.hasPermission( "mockPerm8" ) );
-        assertTrue( p.hasPermission( "mockPerm9" ) );
+        assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+        assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+        assertTrue( p.implies( new StringPermission("mockPerm0" )));
+        assertFalse( p.implies( new StringPermission("mockPerm1" )));
+        assertTrue( p.implies( new StringPermission("mockPerm2" )));
+        assertTrue( p.implies( new StringPermission("mockPerm3" )));
+        assertTrue( p.implies( new StringPermission("mockPerm4" )));
+        assertTrue( p.implies( new StringPermission("mockPerm5" )));
+        assertTrue( p.implies( new StringPermission("mockPerm6" )));
+        assertFalse( p.implies( new StringPermission("mockPerm7" )));
+        assertFalse( p.implies( new StringPermission("mockPerm8" )));
+        assertTrue( p.implies( new StringPermission("mockPerm9" )));
 
-        assertFalse( p.hasPermission( "mockPerm14" ) );
+        assertFalse( p.implies( new StringPermission("mockPerm14" )));
         assertEquals( 2, p.getRoles().size() );
         assertTrue( p.getRoles().contains( "mockRole3" ) );
         assertTrue( p.getRoles().contains( "mockRole4" ) );
+    }
+
+    public void testProfile5()
+    {
+        Profile p = store.getProfile( "mockProfile5" );
+        assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+        assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+        assertTrue( p.implies( new StringPermission("mockPerm0" )));
+        assertFalse( p.implies( new StringPermission("mockPerm1" )));
+        assertTrue( p.implies( new StringPermission("mockPerm2" )));
+        assertTrue( p.implies( new StringPermission("mockPerm3" )));
+        assertTrue( p.implies( new StringPermission("mockPerm4" )));
+        assertTrue( p.implies( new StringPermission("mockPerm5" )));
+        //from denial in role5
+        assertFalse( p.implies( new StringPermission("mockPerm6" )));
+        assertFalse( p.implies( new StringPermission("mockPerm7" )));
+        assertFalse( p.implies( new StringPermission("mockPerm8" )));
+        assertTrue( p.implies( new StringPermission("mockPerm9" )));
+
+        assertFalse( p.implies( new StringPermission("mockPerm14" )));
+        assertEquals( 3, p.getRoles().size() );
+        assertTrue( p.getRoles().contains( "mockRole3" ) );
+        assertTrue( p.getRoles().contains( "mockRole4" ) );
+        assertTrue( p.getRoles().contains( "mockRole5" ) );
     }
 }

Modified: directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java?view=diff&rev=493652&r1=493651&r2=493652
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java Sat Jan  6 21:36:13 2007
@@ -20,19 +20,37 @@
 package org.safehaus.triplesec.guardian.ldap;
 
 
-import org.safehaus.triplesec.guardian.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.security.Permission;
+import java.security.Permissions;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
 
-import javax.naming.directory.*;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
 import javax.naming.event.EventDirContext;
 import javax.naming.event.NamespaceChangeListener;
 import javax.naming.event.NamingEvent;
 import javax.naming.event.NamingExceptionEvent;
 import javax.naming.event.ObjectChangeListener;
-import javax.naming.NamingException;
-import javax.naming.NamingEnumeration;
-import java.util.*;
+
+import org.safehaus.triplesec.guardian.ChangeType;
+import org.safehaus.triplesec.guardian.EntryApplicationPolicy;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.Roles;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -41,22 +59,14 @@
  * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
  * @version $Rev: 72 $
  */
-class LdapApplicationPolicy implements ApplicationPolicy
+class LdapApplicationPolicy extends EntryApplicationPolicy
 {
     private static final String[] PROF_ID = new String[] { "profileId" };
     /** the logger interface for this class */
     private static Logger log = LoggerFactory.getLogger( LdapApplicationPolicy.class );
-    /** the name of the application this store is associated with */
-    private final String applicationName;
     /** the application base relative name to the context given: "appName=<applicationName\>,ou=applications" */
     private final String baseRdn;
-    /** a breif description of this application */
-    private String description;
 
-    /** the {@link Permission}s defined for this store's application */
-    private Permissions permissions;
-    /** the {@link Role}s defined for this store's application */
-    private Roles roles;
     /** the JNDI Context at the base under which ou=applications can be found */
     private DirContext ctx;
     /** the profile for the admin user with all rights in all roles */
@@ -76,9 +86,9 @@
         {
             throw new NullPointerException( "ctx cannot be null" );
         }
-            
+
         this.ctx = ctx;
-        
+
         // extract the applicationName from the applicationPrincipalDN
         applicationName = getApplicationName( info.getProperty( "applicationPrincipalDN" ) );
 
@@ -87,16 +97,16 @@
         buf.append( applicationName );
         buf.append( ",ou=applications" );
         baseRdn = buf.toString();
-        
+
         // load the set of permissions associated with this application
         loadPermissions();
 
         // load the set of roles associated with this application
         loadRoles();
-        
+
         // setup the administrator with all permissions and roles
-        adminProfile = new Profile( this, "admin", "admin", roles, permissions, 
-            new Permissions( applicationName, new Permission[0] ), false );
+        adminProfile = new Profile( this, "admin", "admin", roles, getAllPermissions(),
+            new Permissions( ), false );
 
         try
         {
@@ -116,11 +126,11 @@
         {
             log.error( "failed to read application entry: appName=" + applicationName + ",ou=applications" );
         }
-        
+
         initializeNotifications();
     }
 
-    
+
     private boolean initializeNotifications()
     {
         // attempt to get an event context and register for notifications
@@ -140,7 +150,7 @@
         }
     }
 
-    
+
     private Role getRoleFromStore( String roleName ) throws NamingException
     {
         SearchControls ctrls = new SearchControls();
@@ -152,18 +162,18 @@
         buf.append( roleName );
         buf.append( ",ou=roles," );
         buf.append( baseRdn );
-        
+
         try
         {
-            NamingEnumeration list = ctx.search( buf.toString(), "(objectClass=policyRole)", ctrls );
+            NamingEnumeration<SearchResult> list = ctx.search( buf.toString(), "(objectClass=policyRole)", ctrls );
             if ( list.hasMore() )
             {
-                SearchResult result = ( SearchResult ) list.next();
+                SearchResult result = list.next();
                 Role role = getRole( result.getAttributes() );
                 log.debug( "fetching role '" + role.getName() + "' for application '" + applicationName + "'" );
                 return role;
             }
-            
+
             return null;
         }
         catch ( NamingException e )
@@ -173,26 +183,26 @@
             throw new GuardianException( msg, e );
         }
     }
-    
-    
+
+
     /**
      * 
      * @throws GuardianException
      */
     private void loadRoles() throws GuardianException
     {
-        Set roleSet = new HashSet();
+        Set<Role> roleSet = new HashSet<Role>();
         SearchControls ctrls = new SearchControls();
-        ctrls.setReturningAttributes( new String[] { "roleName", "grants" } );
+        ctrls.setReturningAttributes( new String[] { "roleName", "grants", "denials" } );
         ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
 
         try
         {
-            NamingEnumeration list = ctx.search( "ou=roles," + baseRdn,
+            NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + baseRdn,
                     "(objectClass=policyRole)", ctrls );
             while ( list.hasMore() )
             {
-                SearchResult result = ( SearchResult ) list.next();
+                SearchResult result = list.next();
                 Role role = getRole( result.getAttributes() );
                 roleSet.add( role );
                 log.debug( "loading role '" + role.getName() + "' for application '" + applicationName + "'" );
@@ -206,29 +216,27 @@
         }
 
         Role[] roleArray = new Role[roleSet.size()];
-        roleArray = ( Role[] ) roleSet.toArray( roleArray );
+        roleArray = roleSet.toArray( roleArray );
         this.roles = new Roles( applicationName, roleArray );
     }
 
 
     private void loadPermissions() throws GuardianException
     {
-        Set permSet = new HashSet();
         SearchControls ctrls = new SearchControls();
         ctrls.setReturningAttributes( new String[] { "permName" } );
         ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-
         try
         {
-            NamingEnumeration list = ctx.search( "ou=permissions," + baseRdn,
+            NamingEnumeration<SearchResult> list = ctx.search( "ou=permissions," + baseRdn,
                     "(objectClass=policyPermission)", ctrls );
             while ( list.hasMore() )
             {
-                SearchResult result = ( SearchResult ) list.next();
+                SearchResult result = list.next();
                 String permName = ( String ) result.getAttributes().get( "permName" ).get();
-                Permission perm = getPermission( result.getAttributes() );
+                PermissionEntry permEntry = loadPermission( result.getAttributes());
+                permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
                 log.debug( "loading permission " + permName + " for application " + applicationName );
-                permSet.add( perm );
             }
         }
         catch ( NamingException e )
@@ -238,215 +246,8 @@
             throw new GuardianException( msg, e );
         }
 
-        Permission[] permArray = new Permission[permSet.size()];
-        permArray = ( Permission[] ) permSet.toArray( permArray );
-        this.permissions = new Permissions( applicationName, permArray );
     }
-    
-    
-    private Permission getPermission( Attributes attrs ) throws NamingException
-    {
-        Permission perm;
-        String permName = ( String ) attrs.get( "permName" ).get();
-        Attribute description = attrs.get( "description" );
-        if ( description != null )
-        {
-            perm = new Permission( applicationName, permName, ( String ) description.get() );
-        }
-        else
-        {
-            perm = new Permission( applicationName, permName );
-        }
-        return perm;
-    }
-
-
-    public String getApplicationName()
-    {
-        return this.applicationName;
-    }
-
-
-    public String getDescription()
-    {
-        return this.description;
-    }
-
-
-    public Roles getRoles()
-    {
-        return this.roles;
-    }
-
-
-    public Permissions getPermissions()
-    {
-        return permissions;
-    }
-
-    
-    private Role getRole( Attributes attrs ) throws NamingException
-    {
-        String roleName = ( String ) attrs.get( "roleName" ).get();
-        Set permSet = new HashSet();
-        Attribute attributes = attrs.get( "grants" );
-
-        if ( attributes != null )
-        {
-            NamingEnumeration grantsEnumeration = attrs.get( "grants" ).getAll();
-            while ( grantsEnumeration.hasMore() )
-            {
-                String permName = ( String ) grantsEnumeration.next();
-                permSet.add( permissions.get( permName ) );
-                log.debug( "granting permission '" + permName + "' to role '" + roleName
-                        + " in application '" + applicationName + "'" );
-            }
-        }
-        Permission[] permArray = new Permission[permSet.size()];
-        Permissions grants = new Permissions( applicationName, ( Permission[] ) permSet.toArray( permArray ) );
-
-        Attribute description = attrs.get( "description" );
-        Role role;
-        if ( description == null || description.size() == 0 )
-        {
-            role = new Role( this, roleName, grants );
-        }
-        else
-        {
-            role = new Role( this, roleName, grants, ( String ) description.get() );
-        }
-        return role;
-    }
-    
-
-    private static boolean parseBoolean( String bool )
-    {
-        if ( bool.equals( "true" ) )
-        {
-            return true;
-        }
-        
-        return false;
-    }
-
-    
-    private Profile getProfile( Attributes attrs ) throws NamingException
-    {
-        Permissions grants;
-        Permissions denials;
-        Roles roles;
-        String profileId;
-        String userName;
-        boolean disabled = false;
-        
-        Attribute profileIdAttr = attrs.get( "profileId" );
-        if ( profileIdAttr == null )
-        {
-            return null;
-        }
-        else 
-        {
-            profileId = ( String ) profileIdAttr.get();
-        }
-
-        Attribute userAttr = attrs.get( "user" );
-        if ( userAttr == null )
-        {
-            return null;
-        }
-        else 
-        {
-            userName = ( String ) userAttr.get();
-        }
-
-        Attribute disabledAttr = attrs.get( "safehausDisabled" );
-        if ( disabledAttr != null )
-        {
-            disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
-        }
-
-        // -------------------------------------------------------------------------------
-        // process and assemble the profile's granted permissions
-        // -------------------------------------------------------------------------------
-
-        Attribute grantsAttribute = attrs.get( "grants" );
-        if ( grantsAttribute != null )
-        {
-            Set grantsSet = new HashSet();
-            NamingEnumeration grantsEnumeration = grantsAttribute.getAll();
-            while ( grantsEnumeration.hasMore() )
-            {
-                String grantedPermName = ( String ) grantsEnumeration.next();
-                grantsSet.add( this.permissions.get( grantedPermName ) );
-            }
-            Permission[] grantsArray = new Permission[grantsSet.size()];
-            grants = new Permissions( applicationName, ( Permission[] ) grantsSet.toArray( grantsArray ) );
-        }
-        else
-        {
-            grants = new Permissions( applicationName, new Permission[0] );
-        }
-
-        // -------------------------------------------------------------------------------
-        // process and assemble the profile's granted permissions
-        // -------------------------------------------------------------------------------
-
-        Attribute denialsAttribute = attrs.get( "denials" );
-        if ( denialsAttribute != null )
-        {
-            Set denialsSet = new HashSet();
-            NamingEnumeration denialsEnumeration = denialsAttribute.getAll();
-            while ( denialsEnumeration.hasMore() )
-            {
-                String deniedPermName = ( String ) denialsEnumeration.next();
-                denialsSet.add( this.permissions.get( deniedPermName ) );
-            }
-            Permission[] denialsArray = new Permission[denialsSet.size()];
-            denials = new Permissions( applicationName, ( Permission[] ) denialsSet.toArray( denialsArray ) );
-        }
-        else
-        {
-            denials = new Permissions( applicationName, new Permission[0] );
-        }
-
-        // -------------------------------------------------------------------------------
-        // process and assemble the profile's assigned roles
-        // -------------------------------------------------------------------------------
-
-        Attribute rolesAttribute = attrs.get( "roles" );
-        if ( rolesAttribute != null )
-        {
-            Set rolesSet = new HashSet();
-            NamingEnumeration rolesEnumeration = rolesAttribute.getAll();
-            while ( rolesEnumeration.hasMore() )
-            {
-                String assignedRoleName = ( String ) rolesEnumeration.next();
-                rolesSet.add( this.roles.get( assignedRoleName ) );
-            }
-            Role[] rolesArray = new Role[rolesSet.size()];
-            roles = new Roles( applicationName, ( Role[] ) rolesSet.toArray( rolesArray ) );
-        }
-        else
-        {
-            roles = new Roles( applicationName, new Role[0] );
-        }
 
-        Attribute description = attrs.get( "description" );
-        Profile profile;
-
-        if ( description == null || description.size() == 0 )
-        {
-            profile = new Profile( this, profileId, userName, roles, grants, denials, disabled );
-        }
-        else
-        {
-            profile = new Profile( this, profileId, userName, roles, grants, 
-                denials, ( String ) description.get(), disabled );
-        }
-        
-        return profile;
-    }
-    
 
     public Profile getProfile( String profileId )
     {
@@ -459,23 +260,23 @@
         {
             return adminProfile;
         }
-        
+
         /*
-         * Searching via one level scope for a profile is better than base scope lookups because
-         * if the profile is not present search will not fail but return zero entries.  Base scope
-         * searches will raise an exception since the search base will be missing.  Plus profileId
-         * shall be indexed by default.
-         */
+        * Searching via one level scope for a profile is better than base scope lookups because
+        * if the profile is not present search will not fail but return zero entries.  Base scope
+        * searches will raise an exception since the search base will be missing.  Plus profileId
+        * shall be indexed by default.
+        */
         SearchControls ctrls = new SearchControls();
         ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
 
-        NamingEnumeration list = null;
+        NamingEnumeration<SearchResult> list = null;
         try
         {
             list = ctx.search( "ou=profiles," + baseRdn, "(profileId=" + profileId + ")", ctrls );
             if ( list.hasMore() )
             {
-                SearchResult result = ( SearchResult ) list.next();
+                SearchResult result = list.next();
                 Profile profile = getProfile( result.getAttributes() );
 
                 if ( log.isDebugEnabled() )
@@ -525,7 +326,7 @@
         {
             return;
         }
-        
+
         try
         {
             ctx.close();
@@ -538,23 +339,8 @@
     }
 
 
-    static String getApplicationName( String principalDN )
-    {
-        String rdn = principalDN.split( "," )[0].trim();
-        String[] rdnPair = rdn.split( "=" );
-
-        if ( ! rdnPair[0].trim().equalsIgnoreCase( "appName" ) )
-        {
-            throw new IllegalArgumentException( "Application principal name '" + principalDN
-                    + "' is not an application DN" );
-        }
+    private List<PolicyChangeListener> listeners = new ArrayList<PolicyChangeListener>();
 
-        return rdnPair[1].trim();
-    }
-
-    
-    private List listeners = new ArrayList();
-    
 
     public boolean removePolicyListener( PolicyChangeListener listener )
     {
@@ -568,105 +354,105 @@
         {
             return false;
         }
-        
+
         listeners.add( listener );
         return true;
     }
 
 
-    public Set getDependentProfileNames( Role role ) throws GuardianException
+    public Set<String> getDependentProfileNames( Role role ) throws GuardianException
     {
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         controls.setReturningAttributes( PROF_ID );
-        
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        Set profiles = new HashSet();
+        NamingEnumeration<SearchResult> results;
+        Set<String> profiles = new HashSet<String>();
         profiles.add( "admin" );
-        
+
         StringBuffer filter = new StringBuffer();
         filter.append( "(& (objectClass=policyProfile) (roles=" );
         filter.append( role.getName() );
         filter.append( ") )" );
-        
+
         try
         {
             results = ctx.search( baseProfilesRdn, filter.toString(), controls );
             while ( results.hasMore() )
             {
-                SearchResult result = ( SearchResult ) results.next();
-                
+                SearchResult result = results.next();
+
                 if ( result.getAttributes().get( "profileId" ) != null )
                 {
-                    profiles.add( result.getAttributes().get( "profileId" ).get() );
+                    profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
                 }
             }
         }
         catch ( NamingException e )
         {
-            throw new GuardianException( "Failed to lookup profiles dependent on role '" + 
+            throw new GuardianException( "Failed to lookup profiles dependent on role '" +
                 role.getName() + "' while searching the directory" );
         }
-        
+
         return profiles;
     }
 
-    
-    public Set getDependentProfileNames( Permission permission ) throws GuardianException
+
+    public Set<String> getDependentProfileNames( String permissionID ) throws GuardianException
     {
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         controls.setReturningAttributes( PROF_ID );
-        
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        Set profiles = new HashSet();
+        NamingEnumeration<SearchResult> results;
+        Set<String> profiles = new HashSet<String>();
         profiles.add( "admin" );
-        
+
         StringBuffer filter = new StringBuffer();
         filter.append( "(& (objectClass=policyProfile) (| (grants=" );
-        filter.append( permission.getName() );
+        filter.append( permissionID );
         filter.append( ") (denials=" );
-        filter.append( permission.getName() );
+        filter.append( permissionID );
         filter.append( ") ) )" );
-        
+
         try
         {
             results = ctx.search( baseProfilesRdn, filter.toString(), controls );
             while ( results.hasMore() )
             {
-                SearchResult result = ( SearchResult ) results.next();
-                
+                SearchResult result = results.next();
+
                 if ( result.getAttributes().get( "profileId" ) != null )
                 {
-                    profiles.add( result.getAttributes().get( "profileId" ).get() );
+                    profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
                 }
             }
         }
         catch ( NamingException e )
         {
-            throw new GuardianException( "Failed to lookup profiles dependent on permission '" + 
-                permission.getName() + "' while searching the directory" );
+            throw new GuardianException( "Failed to lookup profiles dependent on permission '" +
+                permissionID + "' while searching the directory" );
         }
-        
+
         return profiles;
     }
 
-    
+
     private boolean hasObjectClass( Attribute oc, String value ) throws NamingException
     {
         if ( oc == null )
         {
             throw new NullPointerException( "expecting non-null object class (oc arg)" );
         }
-        
+
         if ( value == null )
         {
             throw new NullPointerException( "expecting non-null object class value (value arg)" );
         }
-        
-        NamingEnumeration all = oc.getAll();
+
+        NamingEnumeration<?> all = oc.getAll();
         while( all.hasMore() )
         {
             String candidate = ( String ) all.next();
@@ -675,10 +461,10 @@
                 return true;
             }
         }
-        
+
         return false;
     }
-    
+
 
     /**
      * An event transducer that converts JNDI notifications of change into
@@ -707,7 +493,7 @@
                     buf.append( "\tentry     = " ).append( entry ).append( "\n" );
                 }
                 log.debug( buf.toString() );
-                
+
                 if ( evt.getNewBinding() != null )
                 {
                     log.debug( "Binding Class = " + evt.getNewBinding().getClass() );
@@ -717,18 +503,18 @@
 
         public void objectChanged( NamingEvent evt )
         {
-            SearchResult result = null;
-            Attributes entry = null;
-            Attribute oc = null;
-            
+            SearchResult result;
+            Attributes entry;
+            Attribute oc;
+
             /*
-             * Workaround until https://issues.apache.org/jira/browse/DIRSERVER-587 
-             * is fixed.  We simply lookup the object on the server rather than use
-             * the attributes delivered to us.
-             */
+            * Workaround until https://issues.apache.org/jira/browse/DIRSERVER-587
+            * is fixed.  We simply lookup the object on the server rather than use
+            * the attributes delivered to us.
+            */
             result = ( SearchResult ) evt.getNewBinding();
             String name = result.getName();
-            
+
             if ( name.indexOf( applicationName ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -738,7 +524,7 @@
                 }
                 return;
             }
-            
+
             try
             {
                 entry = ctx.getAttributes( name );
@@ -747,11 +533,12 @@
             {
                 log.error( "Cannot deliver policy change notification.  " +
                         "Failed to lookup entry attributes for " + name, e1 );
+                return;
             }
 
             logEvent( evt, entry );
             oc = entry.get( "objectClass" );
-            
+
             try
             {
                 if ( hasObjectClass( oc, "policyApplication" ) )
@@ -759,37 +546,40 @@
                     log.info( "Received notification that the policyApplication has changed." );
                     return;
                 }
-                
+
                 if ( hasObjectClass( oc, "policyPermission" ) )
                 {
-                    String permName = ( String ) entry.get( "permName" ).get();
+                    PermissionEntry newPermEntry = loadPermission(entry);
+                    Permission oldPermission = permissions.put(newPermEntry.getPermissionName(), newPermEntry.getPermission());
                     if ( log.isDebugEnabled() )
                     {
-                        log.debug( "Received notification that a policyPermission " + permName + " has changed." );
+                        log.debug( "Received notification that a policyPermission " + newPermEntry.getPermissionName() + " has changed." );
                     }
-                    
+
+                    //TODO modify roles and profiles using this permission
                     /*
-                     * 1. Need to update/replace the permission itelf in Permissions.
-                     * 2. Need to update/replace all roles that now depend on this permission in Roles.
-                     * 3. Let user application know that the permission has changed.
-                     */
+                    * 1. Need to update/replace the permission itelf in Permissions.
+                    * 2. Need to update/replace all roles that now depend on this permission in Roles.
+                    * 3. Let user application know that the permission has changed.
+                    */
+/*
                     Permissions permissions = LdapApplicationPolicy.this.permissions;
-                    Permission newPermission = getPermission( entry );
-                    Permission oldPermission = permissions.get( newPermission.getName() );
+                    StringPermission newPermission = getPermission( entry );
+                    StringPermission oldPermission = permissions.get( newPermission.getName() );
                     Roles dependentRoles = LdapApplicationPolicy.this.roles.getDependentRoles( oldPermission );
-                    Permissions newPermissions = new Permissions( applicationName, new Permission[] { newPermission } );
-                    Permissions oldPermissions = new Permissions( applicationName, new Permission[] { oldPermission } );
+                    Permissions newPermissions = new Permissions( applicationName, new StringPermission[] { newPermission } );
+                    Permissions oldPermissions = new Permissions( applicationName, new StringPermission[] { oldPermission } );
                     permissions = permissions.removeAll( oldPermissions );
                     permissions = permissions.addAll( newPermissions );
                     LdapApplicationPolicy.this.permissions = permissions;
-                    
+
                     List oldRoleList = new ArrayList();
                     List newRoleList = new ArrayList();
-                    for ( Iterator ii = dependentRoles.iterator(); ii.hasNext(); /* */ )
+                    for ( Iterator ii = dependentRoles.iterator(); ii.hasNext(); )
                     {
                         Role oldRole = ( Role ) ii.next();
                         oldRoleList.add( oldRole );
-                        
+
                         Role newRole = getRoleFromStore( oldRole.getName() );
                         newRoleList.add( newRole );
                     }
@@ -798,34 +588,32 @@
                     Roles oldRoles = new Roles( applicationName, oldRolesArray );
                     Roles roles = LdapApplicationPolicy.this.roles;
                     roles = roles.removeAll( oldRoles );
-                    
+
                     Role[] newRolesArray = new Role[newRoleList.size()];
                     newRolesArray = ( Role[] ) newRoleList.toArray( newRolesArray );
                     Roles newRoles = new Roles( applicationName, newRolesArray );
                     roles = roles.addAll( newRoles );
-                    
+
                     LdapApplicationPolicy.this.roles = roles;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionChanged( LdapApplicationPolicy.this, newPermission, 
-                            ChangeType.MODIFY );
+                    */
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.permissionChanged(LdapApplicationPolicy.this, newPermEntry.getPermissionName(), newPermEntry.getPermission(),
+                                ChangeType.MODIFY);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyRole" ) )
                 {
                     String roleName = ( String ) entry.get( "roleName" ).get();
-                    
+
                     if ( log.isDebugEnabled() )
                     {
                         log.debug( "Received notification that a policyRole " + roleName + " has changed." );
                     }
-                    
+
                     /*
-                     * 1. Need to update/replace the role itelf in Roles.
-                     * 2. Let user application know that the Role has changed.
-                     */
+                    * 1. Need to update/replace the role itelf in Roles.
+                    * 2. Let user application know that the Role has changed.
+                    */
 
                     Role newRole = getRole( entry );
                     Roles roles = LdapApplicationPolicy.this.roles;
@@ -834,34 +622,30 @@
                     Roles newRoles = new Roles( applicationName, new Role[] { newRole } );
                     roles = roles.addAll( newRoles );
                     LdapApplicationPolicy.this.roles = roles;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleChanged( LdapApplicationPolicy.this, newRole, ChangeType.MODIFY );
+
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleChanged(LdapApplicationPolicy.this, newRole, ChangeType.MODIFY);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyProfile" ) )
                 {
                     String profileId = ( String ) entry.get( "profileId" ).get();
-                    
+
                     if ( log.isDebugEnabled() )
                     {
                         log.debug( "Received notification that a policyProfile " + profileId + " has changed." );
                     }
-                    
+
                     /*
-                     * 1. Let user application know that the Profile has changed.
-                     */
-                    
+                    * 1. Let user application know that the Profile has changed.
+                    */
+
                     Profile profile = getProfile( entry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.MODIFY );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.MODIFY);
                     }
                 }
-                else 
+                else
                 {
                     if ( log.isInfoEnabled() )
                     {
@@ -870,8 +654,8 @@
                 }
 
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+                    new Permissions( ), false );
             }
             catch ( NamingException e )
             {
@@ -901,7 +685,7 @@
             Attribute oc = entry.get( "objectClass" );
             String name = result.getName();
             logEvent( evt, entry );
-            
+
             if ( name.indexOf( applicationName ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -911,7 +695,7 @@
                 }
                 return;
             }
-            
+
             try
             {
                 if ( hasObjectClass( oc, "policyPermission" ) )
@@ -920,16 +704,11 @@
                      * 1. Need to add the permission to the permissions of the application
                      * 2. Need to notify of the permission's addition to all listeners
                      */
-                    Permission permission = getPermission( entry );
-                    Permissions permissions = LdapApplicationPolicy.this.permissions;
-                    permissions = permissions.addAll( new Permissions( applicationName, 
-                        new Permission[] { permission } ) );
-                    LdapApplicationPolicy.this.permissions = permissions;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionChanged( LdapApplicationPolicy.this, permission, ChangeType.ADD );
+                    PermissionEntry permEntry = loadPermission( entry);
+                    permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
+
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.permissionChanged(LdapApplicationPolicy.this, permEntry.getPermissionName(), permEntry.getPermission(), ChangeType.ADD);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyRole" ) )
@@ -941,10 +720,9 @@
                     Role role = getRole( entry );
                     add( role );
 
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleChanged( LdapApplicationPolicy.this, role, ChangeType.ADD );
+                    for (Object listener1 : listeners) {
+                        PolicyChangeListener listener = (PolicyChangeListener) listener1;
+                        listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.ADD);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyProfile" ) )
@@ -953,10 +731,9 @@
                      * 1. Need to notify of the profile's addition to all listeners
                      */
                     Profile profile = getProfile( entry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.ADD );
+                    for (Object listener1 : listeners) {
+                        PolicyChangeListener listener = (PolicyChangeListener) listener1;
+                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.ADD);
                     }
                 }
                 else
@@ -964,10 +741,10 @@
                     System.out.println( "Entry '" + name + "' ignored!" );
                     return;
                 }
-                
+
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+                    new Permissions( ), false );
             }
             catch ( NamingException e )
             {
@@ -983,7 +760,7 @@
             Attribute oc = entry.get( "objectClass" );
             String name = result.getName();
             logEvent( evt, entry );
-            
+
             if ( name.indexOf( applicationName ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -993,7 +770,7 @@
                 }
                 return;
             }
-            
+
             try
             {
                 if ( hasObjectClass( oc, "policyPermission" ) )
@@ -1002,17 +779,10 @@
                      * 1. Need to remove the permission from the permissions of the application
                      * 2. Need to notify of the permission's removal to all listeners
                      */
-                    String profileId = ( String ) entry.get( "permName" ).get();
-                    Permissions permissions = LdapApplicationPolicy.this.permissions;
-                    Permission permission = permissions.get( profileId );
-                    permissions = permissions.removeAll( new Permissions( applicationName, 
-                        new Permission[] { permission } ) );
-                    LdapApplicationPolicy.this.permissions = permissions;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionChanged( LdapApplicationPolicy.this, permission, ChangeType.DEL );
+                    String permName = ( String ) entry.get( "permName" ).get();
+                    Permission permission = permissions.remove(permName);
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.permissionChanged(LdapApplicationPolicy.this, permName, permission, ChangeType.DEL);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyRole" ) )
@@ -1024,10 +794,8 @@
                     String roleName = ( String ) entry.get( "roleName" ).get();
                     Role role = removeRole( roleName );
 
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleChanged( LdapApplicationPolicy.this, role, ChangeType.DEL );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.DEL);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyProfile" ) )
@@ -1036,10 +804,8 @@
                      * 1. Need to notify of the profile's addition to all listeners
                      */
                     Profile profile = getProfile( entry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.DEL );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.DEL);
                     }
                 }
                 else
@@ -1049,8 +815,8 @@
                 }
 
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+                    new Permissions( ), false );
             }
             catch ( NamingException e )
             {
@@ -1072,7 +838,7 @@
             String newName = evt.getNewBinding().getName();
             Attributes newEntry = ( ( SearchResult ) evt.getNewBinding() ).getAttributes();
             Attribute oc = newEntry.get( "objectClass" );
-            
+
             if ( oldName.indexOf( applicationName ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -1082,34 +848,31 @@
                 }
                 return;
             }
-            
+
             try
             {
                 String oldProfileId = getRdn( oldName );
                 oldProfileId = getRdnValue( oldProfileId );
-                
+
                 if ( hasObjectClass( oc, "policyPermission" ) )
                 {
                     removePermission( oldProfileId );
-                    Permission newPermission = getPermission( newEntry );
-                    add( newPermission );
-                    
-                    for ( int ii = 0; ii  < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionRenamed( LdapApplicationPolicy.this, newPermission, oldProfileId );
+                    PermissionEntry permEntry = loadPermission( newEntry );
+                    add( permEntry );
+
+                    for (Object listener1 : listeners) {
+                        PolicyChangeListener listener = (PolicyChangeListener) listener1;
+                        listener.permissionRenamed(LdapApplicationPolicy.this, permEntry.getPermission(), newName, oldProfileId);
                     }
-                }            
+                }
                 else if ( hasObjectClass( oc, "policyRole" ) )
                 {
                     removeRole( oldProfileId );
                     Role newRole = getRole( newEntry );
                     add( newRole );
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleRenamed( LdapApplicationPolicy.this, newRole, oldProfileId );
+
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleRenamed(LdapApplicationPolicy.this, newRole, oldProfileId);
                     }
                 }
                 else if ( hasObjectClass( oc, "policyProfile" ) )
@@ -1118,10 +881,8 @@
                      * 1. Need to notify of the profile's addition to all listeners
                      */
                     Profile profile = getProfile( newEntry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileRenamed( LdapApplicationPolicy.this, profile, oldProfileId );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileRenamed(LdapApplicationPolicy.this, profile, oldProfileId);
                     }
                 }
                 else
@@ -1131,8 +892,8 @@
                 }
 
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, getAllPermissions(),
+                    new Permissions( ), false );
             }
             catch ( NamingException e )
             {
@@ -1140,8 +901,8 @@
             }
         }
     }
-    
-    
+
+
     /**
      * Gets the value of a single name component of a distinguished name.
      * 
@@ -1168,7 +929,7 @@
             return null;
         }
 
-        int commaIndex = -1;
+        int commaIndex;
         if ( ( commaIndex = name.indexOf( ',' ) ) == -1 )
         {
             return name;
@@ -1184,7 +945,7 @@
         this.roles = this.roles.addAll( addedRoles );
     }
 
-    
+
     private Role removeRole( String roleName )
     {
         Role role = this.roles.get( roleName );
@@ -1192,58 +953,54 @@
         this.roles = this.roles.removeAll( removedRoles );
         return role;
     }
-    
-    
-    private void add( Permission permission )
+
+
+    private void add( PermissionEntry permEntry )
     {
-        Permissions addedPermissions = new Permissions( applicationName, new Permission[] { permission } );
-        this.permissions = this.permissions.addAll( addedPermissions );
+        permissions.put( permEntry.getPermissionName(), permEntry.getPermission() );
     }
 
-    
+
     private Permission removePermission( String permName )
     {
-        Permission permission = this.permissions.get( permName );
-        Permissions removedPermissions = new Permissions( applicationName, new Permission[] { permission } );
-        this.permissions = this.permissions.removeAll( removedPermissions );
-        return permission;
+        return permissions.remove( permName );
     }
 
 
-    public Set getUserProfileIds( String userName ) throws GuardianException
+    public Set<String> getUserProfileIds( String userName ) throws GuardianException
     {
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         controls.setReturningAttributes( PROF_ID );
-        
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        Set profiles = new HashSet();
-        
+        NamingEnumeration<SearchResult> results;
+        Set<String> profiles = new HashSet<String>();
+
         StringBuffer filter = new StringBuffer();
         filter.append( "(& (objectClass=policyProfile) (user=" );
         filter.append( userName );
         filter.append( ") )" );
-        
+
         try
         {
             results = ctx.search( baseProfilesRdn, filter.toString(), controls );
             while ( results.hasMore() )
             {
-                SearchResult result = ( SearchResult ) results.next();
-                
+                SearchResult result = results.next();
+
                 if ( result.getAttributes().get( "profileId" ) != null )
                 {
-                    profiles.add( result.getAttributes().get( "profileId" ).get() );
+                    profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
                 }
             }
         }
         catch ( NamingException e )
         {
-            throw new GuardianException( "Failed to lookup profiles for user '" + 
+            throw new GuardianException( "Failed to lookup profiles for user '" +
                 userName + "' while searching the directory" );
         }
-        
+
         return profiles;
     }
 
@@ -1253,9 +1010,9 @@
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         controls.setReturningAttributes( PROF_ID );
-        
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
+        NamingEnumeration<SearchResult> results;
         try
         {
             results = ctx.search( baseProfilesRdn, "(objectClass=policyProfile)", controls );
@@ -1272,4 +1029,5 @@
     {
         return adminProfile;
     }
+
 }



Mime
View raw message