directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r587399 [1/2] - in /directory/sandbox/djencks/triplesec-jacc2: admin-api2/src/main/java/org/apache/directory/triplesec/admin/ admin-api2/src/test/java/org/apache/directory/triplesec/admin/ guardian-api/ guardian-api/src/main/java/org/apache...
Date Tue, 23 Oct 2007 06:15:49 GMT
Author: djencks
Date: Mon Oct 22 23:15:47 2007
New Revision: 587399

URL: http://svn.apache.org/viewvc?rev=587399&view=rev
Log:
jacc works with hierarchical apps and roles

Added:
    directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java   (with props)
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java   (with props)
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java   (with props)
    directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SessionFactoryCallback.java
      - copied, changed from r564847, directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java   (with props)
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java   (with props)
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java   (with props)
Removed:
    directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java
Modified:
    directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java
    directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java
    directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
    directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java
    directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java
    directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
    directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
    directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
    directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java

Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Application.java Mon Oct 22 23:15:47 2007
@@ -37,7 +37,7 @@
 
 public class Application implements PersistenceCapable
 {
-    public static String PARENT_APPLICATION_RDN = "ou=applications";
+//    public static String PARENT_APPLICATION_RDN = "ou=applications";
 
     private static final SearchControls PERMISSIONS_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, Permission.attrs, false, false );
     private static final String PERMISSIONS_QUERY = "(& (permName=*) (objectClass=policyPermission) )";
@@ -47,34 +47,27 @@
     private static final String ROLES_QUERY = "(& (roleName=*) (objectClass=policyRole) )";
     private static final HiddenChild ROLES_SPACER = new HiddenChild( "ou=roles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
 
-//    private static final SearchControls PROFILES_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, Profile.attrs, false, false );
-//    private static final String PROFILES_QUERY = "(& (profileId=*) (objectClass=policyProfile) )";
-//    private static final HiddenChild PROFILES_SPACER = new HiddenChild( "ou=profiles", new BasicAttributes( "objectClass", "OrganizationalUnit", true ) );
-
     private static final int APPNAME_INDEX = 0;
     private static final int DESCRIPTION_INDEX = 1;
     private static final int PASSWORD_INDEX = 2;
 
     static final int PERMISSIONS_INDEX = 0;
     static final int ROLES_INDEX = 1;
-//    static final int PROFILES_INDEX = 2;
 
     private final StateManager stateManager;
 
     public Application()
     {
         stateManager = new StateManager<Application>( this );
-        stateManager.setRdn( new SimpleRdn( "appName", null, PARENT_APPLICATION_RDN ) );
+        stateManager.setRdn( new SimpleRdn( "appName", null, null ) );
         stateManager.addField( new SingleValuedField<String>( "description", null ) );
         stateManager.addField( new SingleValuedField<String>( "userPassword", null ) );
 
         stateManager.addMap( new ChildMap<Permission>( this, Permission.class, "ou=permissions", PERMISSIONS_CONTROLS, PERMISSIONS_QUERY ) );
         stateManager.addMap( new ChildMap<Role>( this, Role.class, "ou=roles", ROLES_CONTROLS, ROLES_QUERY ) );
-//        stateManager.addMap( new ChildMap<Profile>( this, Profile.class, "ou=profiles", PROFILES_CONTROLS, PROFILES_QUERY ) );
 
         stateManager.addHiddenChild( PERMISSIONS_SPACER );
         stateManager.addHiddenChild( ROLES_SPACER );
-//        stateManager.addHiddenChild( PROFILES_SPACER );
 
         stateManager.setState( State.EMPTY );
     }
@@ -157,6 +150,7 @@
 
     public Role getRole( String roleId )
     {
+        //TODO should this work on name or id?
         ChildMap<Role> map = stateManager.getChildMap( ROLES_INDEX );
         return map.get( roleId );
     }

Added: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.admin;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.directory.triplesec.admin.persistence.PersistenceCapable;
+import org.apache.directory.triplesec.admin.persistence.StateManager;
+import org.apache.directory.triplesec.admin.persistence.SimpleRdn;
+import org.apache.directory.triplesec.admin.persistence.State;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Applications implements PersistenceCapable
+{
+    private final StateManager stateManager;
+
+
+    public Applications()
+    {
+        stateManager = new StateManager<Applications>( this );
+        stateManager.setRdn( new SimpleRdn( "ou", "applications", null ) );
+        stateManager.setState( State.EMPTY );
+    }
+
+    public StateManager getStateManager()
+    {
+        return stateManager;
+    }
+
+    public Attributes getAttributes()
+    {
+        return new BasicAttributes( Constants.OBJECT_CLASS_ID, Constants.ORGANIZATIONAL_UNIT_OC, true );
+    }
+
+    public void parentSet( StateManager parentSm )
+    {
+    }
+}

Propchange: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Applications.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/main/java/org/apache/directory/triplesec/admin/Constants.java Mon Oct 22 23:15:47 2007
@@ -33,6 +33,7 @@
     String GROUP_OF_UNIQUE_NAMES_OC = "groupOfUniqueNames";
     String UID_OBJECT_OC = "uidObject";
     String EXTENSIBLE_OBJECT_OC = "extensibleObject";
+    String ORGANIZATIONAL_UNIT_OC = "organizationalUnit";
     String ORGANIZATIONAL_PERSON_OC = "organizationalPerson";
     String PERSON_OC = "person";
     String INET_ORG_PERSON_OC = "inetOrgPerson";

Modified: directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/admin-api2/src/test/java/org/apache/directory/triplesec/admin/IntegrationTest.java Mon Oct 22 23:15:47 2007
@@ -80,7 +80,7 @@
 //        assertNotNull( factory );
 
         entityManager = new EntityManagerImpl( ctx, null );
-        Application.PARENT_APPLICATION_RDN = "appName=mockApplication,ou=applications";
+//        Application.PARENT_APPLICATION_RDN = "appName=mockApplication,ou=applications";
     }
 
 
@@ -198,9 +198,11 @@
         assertNotNull( app1.getPermission( "mockPerm0" ) );
 
         // create a new application
+        Applications apps = entityManager.find(Applications.class, null, "ou=applications");
+        Application parent = entityManager.find(Application.class, apps, "appName=mockApplication");
         Application app2 = new Application( "testContext", "foo", "secret" );
         assertEquals( State.EMPTY, app2.getStateManager().getState() );
-        entityManager.persist( app2, null );
+        entityManager.persist( app2, parent );
         assertEquals( State.NEW, app2.getStateManager().getState() );
         app2.getStateManager().commit();
         assertEquals( State.CLEAN, app2.getStateManager().getState() );
@@ -379,9 +381,9 @@
         assertEquals( 1, profile.getDenials().size() );
         assertTrue( profile.getDenials().contains( app.getPermission( "mockPerm4" ) ) );
         assertFalse( profile.getDenials().contains( app.getPermission( "bogus" ) ) );
-        assertEquals( 1, profile.getRoles().size() );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
-        assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+        assertEquals( 1, profile.getRoleIds().size() );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+        assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
 
         // lookup and confirm values again
         profile = app.getProfile( "testProfile" );
@@ -396,9 +398,9 @@
         assertEquals( 1, profile.getDenials().size() );
         assertTrue( profile.getDenials().contains( app.getPermission( "mockPerm4" ) ) );
         assertFalse( profile.getDenials().contains( app.getPermission( "bogus" ) ) );
-        assertEquals( 1, profile.getRoles().size() );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
-        assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+        assertEquals( 1, profile.getRoleIds().size() );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+        assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
 
         // remove existing grant, add two new ones, remove existing grant, add a role and modify
         profile.removeGrant( app.getPermission( "mockPerm1" ) );
@@ -417,10 +419,10 @@
         assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm2" ) ) );
         assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm3" ) ) );
         assertFalse( profile.getGrants().contains( app.getPermission( "bogus" ) ) );
-        assertEquals( 2, profile.getRoles().size() );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole3" ) ) );
-        assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+        assertEquals( 2, profile.getRoleIds().size() );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole3" ) ) );
+        assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
 
         // rename the profile, test values, look it up again and test values again
         profile.setProfileId( "renamedProfile" );
@@ -435,10 +437,10 @@
         assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm2" ) ) );
         assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm3" ) ) );
         assertFalse( profile.getGrants().contains( app.getPermission( "bogus" ) ) );
-        assertEquals( 2, profile.getRoles().size() );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole3" ) ) );
-        assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+        assertEquals( 2, profile.getRoleIds().size() );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole3" ) ) );
+        assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
 
         profile = app.getProfile( "renamedProfile" );
         assertNotNull( profile );
@@ -450,10 +452,10 @@
         assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm2" ) ) );
         assertTrue( profile.getGrants().contains( app.getPermission( "mockPerm3" ) ) );
         assertFalse( profile.getGrants().contains( app.getPermission( "bogus" ) ) );
-        assertEquals( 2, profile.getRoles().size() );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole2" ) ) );
-        assertTrue( profile.getRoles().contains( app.getRole( "mockRole3" ) ) );
-        assertFalse( profile.getRoles().contains( app.getRole( "bogus" ) ) );
+        assertEquals( 2, profile.getRoleIds().size() );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole2" ) ) );
+        assertTrue( profile.getRoleIds().contains( app.getRole( "mockRole3" ) ) );
+        assertFalse( profile.getRoleIds().contains( app.getRole( "bogus" ) ) );
 
         // delete the profile
         app.removeProfile( profile );

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/pom.xml Mon Oct 22 23:15:47 2007
@@ -31,5 +31,17 @@
     neutral manner.  Separate driver implementations are designed for 
     accessing different policy store types.
   </description>
-  <packaging>jar</packaging>  
+  <packaging>jar</packaging>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.directory.shared</groupId>
+      <artifactId>shared-ldap</artifactId>
+    </dependency>
+    <dependency>
+      <artifactId>nlog4j</artifactId>
+      <groupId>org.slf4j</groupId>
+      <scope>provided</scope>
+    </dependency>
+  </dependencies>
 </project>

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -25,6 +25,8 @@
 import java.util.Map;
 import java.security.Permission;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
+
 
 /**
  * The policy store for an application whose access policy is managed by Triplesec.
@@ -57,7 +59,7 @@
      * 
      * @return the name of this store
      */
-    String getApplicationRelativeDistinguishedName();
+    LdapDN getApplicationRelativeDistinguishedName();
 
     /**
      * Gets a set of {@link Role}s defined for this store.
@@ -72,70 +74,6 @@
      * @return a map from permission Name to {@link Permission}s defined for this store.
      */
     Map<String, Permission> getPermissions();
-
-    /**
-     * Get (the default?) session for the named user
-     * @param userName name of the user for the session
-     * @return (default?) set of roles (session) for the user
-     */
-    Session getSession(String userName);
-
-    /**
-     * Gets the names of the profiles dependent on a role. The set contains
-     * Strings of the profile name.
-     * 
-     * @param role the role the dependent profiles are associated with
-     * @return the name's of profiles that depend on the supplied role
-     * @throws GuardianException if there is an error accessing the backing 
-     * store or the role is not associated with this ApplicationPolicy
-     */
-//    Set getDependentProfileNames( Role role ) throws GuardianException;
-
-    /**
-     * Gets the names of the profiles dependent on a permission.  The set 
-     * contains Strings of the profile names.
-     * 
-     * @param permissionID
-     * @return the name's of profiles that depend on the supplied permission
-     * @throws GuardianException if there is an error accessing the backing 
-     * store or the permission is not associated with this ApplicationPolicy
-     */
-//    Set getDependentProfileNames( String permissionID ) throws GuardianException;
-
-    /**
-     * Gets the set of profiles a user has for this ApplicationPolicy.
-     * 
-     * @param userName the name of the user to get the profile ids for
-     * @return a set of profile ids as Strings or the empty set if the userName is 
-     * invalid or does not have profiles defined
-     * @throws GuardianException if there are errors accessing the backing store
-     */
-//    Set getUserProfileIds( String userName ) throws GuardianException;
-
-    /**
-     * Gets an iterator over the set of profiles in this ApplicationPolicy.
-     * 
-     * @return an iterator over profileId Strings
-     * @throws GuardianException if there are errors accessing the backing store
-     */
-//    Iterator getProfileIdIterator() throws GuardianException;
-
-    /**
-     * Gets this user's authorization {@link Session} for the application.
-     *
-     * @param profileId the name of the user to get the {@link Session} for
-     * @return the {@link Session} for the application or null if no profile exists for
-     *      the specified <tt>profileId</tt>
-     */
-//    Profile getProfile( String profileId ) throws GuardianException;
-
-    /**
-     * Gets a profile for the admin user which is in all roles and has all permissions
-     * granted.
-     * 
-     * @return the admin user profile with all rights
-     */
-//    Profile getAdminProfile();
 
     /**
      * Gets a breif description of this ApplicationPolicy.

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -27,16 +27,16 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
 import java.util.List;
+import java.util.Map;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
+
 /**
  * @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
  */
@@ -45,7 +45,7 @@
     /**
      * the name of the application this store is associated with
      */
-    protected String applicationRdn;
+    protected LdapDN applicationRdn;
     /**
      * a breif description of this application
      */
@@ -139,7 +139,7 @@
         return ( String ) attr.get();
     }
 
-    public String getApplicationRelativeDistinguishedName()
+    public LdapDN getApplicationRelativeDistinguishedName()
     {
         return this.applicationRdn;
     }
@@ -244,73 +244,6 @@
                 }
             }
         }
-        return roles;
-    }
-
-    private static boolean parseBoolean( String bool )
-    {
-        return bool.equals( "true" );
-    }
-
-    protected Set<Role> getSession( Attributes attrs ) throws NamingException
-    {
-        Set<Role> roles = new HashSet<Role>();
-/*
-        String profileId;
-        String userName;
-        boolean disabled = false;
-
-        Attribute profileIdAttr = attrs.get( "profileId" );
-        if ( profileIdAttr == null )
-        {
-            return null;
-        } else
-        {
-            profileId = ( String ) profileIdAttr.get();
-        }
-
-        Attribute userAttr = attrs.get( "user" );
-        if ( userAttr == null )
-        {
-            return null;
-        } else
-        {
-            userName = ( String ) userAttr.get();
-        }
-
-        Attribute disabledAttr = attrs.get( "triplesecDisabled" );
-        if ( disabledAttr != null )
-        {
-            disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
-        }
-*/
-
-        // -------------------------------------------------------------------------------
-        // process and assemble the profile's granted permissions
-        // -------------------------------------------------------------------------------
-
-        Attribute defaultRolesAttribute = attrs.get( "defaultRoles" );
-        if ( defaultRolesAttribute != null )
-        {
-            NamingEnumeration<?> grantsEnumeration = defaultRolesAttribute.getAll();
-            while ( grantsEnumeration.hasMore() )
-            {
-                String roleId = ( String ) grantsEnumeration.next();
-                Role role = rolesById.get( roleId );
-                if ( role != null )
-                {
-                    roles.add( role );
-                }
-                else
-                {
-// this is OK, role could be present only in another application
-//                    throw new NamingException("No role named " + roleId + " found: known names: " + rolesById.keySet());
-                }
-            }
-        }
-
-
-
         return roles;
     }
 

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryRealmPolicy.java Mon Oct 22 23:15:47 2007
@@ -22,30 +22,37 @@
 
 import java.util.Map;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
+
 /**
  * @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
  */
-public class EntryRealmPolicy implements RealmPolicy {
+public abstract class EntryRealmPolicy implements RealmPolicy
+{
 
-    private final Map<String, ApplicationPolicy> applicationPolicies;
+    private final Map<LdapDN, ApplicationPolicy> applicationPolicies;
 
-    public EntryRealmPolicy( Map<String, ApplicationPolicy> applicationPolicies )
+    public EntryRealmPolicy( Map<LdapDN, ApplicationPolicy> applicationPolicies )
     {
         this.applicationPolicies = applicationPolicies;
     }
 
-    public Session getSession( String profileId, String applicationRdn ) throws GuardianException
+    public ApplicationPolicy getApplicationPolicy( LdapDN dn ) throws GuardianException
     {
-        ApplicationPolicy applicationPolicy = applicationPolicies.get(applicationRdn);
-        if ( applicationPolicy != null) {
-            return applicationPolicy.getSession( profileId );
+        ApplicationPolicy applicationPolicy = applicationPolicies.get( dn );
+        if ( applicationPolicy == null )
+        {
+            applicationPolicy = newApplicationPolicy( dn );
+            applicationPolicies.put( dn, applicationPolicy );
         }
-        return null;
+        return applicationPolicy;
     }
 
+    protected abstract ApplicationPolicy newApplicationPolicy( LdapDN dn ) throws GuardianException;
+
     public void close()
     {
-        for ( ApplicationPolicy applicationPolicy: applicationPolicies.values() )
+        for ( ApplicationPolicy applicationPolicy : applicationPolicies.values() )
         {
             applicationPolicy.close();
         }

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/RealmPolicy.java Mon Oct 22 23:15:47 2007
@@ -20,7 +20,7 @@
 
 package org.apache.directory.triplesec.guardian;
 
-import java.util.Set;
+import org.apache.directory.shared.ldap.name.LdapDN;
 
 /**
  * Supplies a profile (role?) for a given sub-application and profileId (roleId)
@@ -29,7 +29,7 @@
  */
 public interface RealmPolicy
 {
-    Session getSession( String uid, String applicationRdn ) throws GuardianException;
+    ApplicationPolicy getApplicationPolicy( LdapDN dn ) throws GuardianException;
 
     void close();
 }

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Role.java Mon Oct 22 23:15:47 2007
@@ -26,6 +26,8 @@
 import java.util.ArrayList;
 import java.util.Collection;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
+
 
 /**
  * An application role.  Roles are application specific and contain a set
@@ -176,7 +178,7 @@
      *
      * @return the name of the application this Role is defined for.
      */
-    public String getApplicationRelativeDistinguishedName()
+    public LdapDN getApplicationRelativeDistinguishedName()
     {
         return store.getApplicationRelativeDistinguishedName();
     }

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/Session.java Mon Oct 22 23:15:47 2007
@@ -23,37 +23,39 @@
 import java.security.Permission;
 import java.util.Set;
 import java.util.HashSet;
+import java.util.Map;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class Session
 {
 
-    private final Set<Role> roles;
+    private final Set<String> roleIds;
 
 
     public Session()
     {
-        roles = new HashSet<Role>();
+        roleIds = new HashSet<String>();
     }
 
-    public Session( Set<Role> roles )
+    public Session( Set<String> roles )
     {
-        this.roles = roles;
+        this.roleIds = roles;
     }
 
 
-    public Set<Role> getRoles()
+    public Set<String> getRoleIds()
     {
-        return roles;
+        return roleIds;
     }
 
-    public boolean implies( Permission p )
+    public boolean implies( Permission p, Map<String, Role> roleMap )
     {
-        for ( Role role : roles )
+        for ( String roleId : roleIds )
         {
-            if ( role.implies( p ) )
+            Role role = roleMap.get(roleId);
+            if ( role != null && role.implies( p ) )
             {
                 return true;
             }
@@ -75,7 +77,7 @@
 
         Session session = ( Session ) o;
 
-        if ( roles != null ? !roles.equals( session.roles ) : session.roles != null )
+        if ( roleIds != null ? !roleIds.equals( session.roleIds ) : session.roleIds != null )
         {
             return false;
         }
@@ -85,6 +87,6 @@
 
     public int hashCode()
     {
-        return ( roles != null ? roles.hashCode() : 0 );
+        return ( roleIds != null ? roleIds.hashCode() : 0 );
     }
 }

Added: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.guardian;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface SessionFactory
+{
+
+    /**
+     * Get (the default?) session for the named user
+     * @param userName name of the user for the session
+     * @return (default?) set of roles (session) for the user
+     */
+    Session getSession(String userName);
+
+}

Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/SessionFactory.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/ApplicationPolicyFactoryTest.java Mon Oct 22 23:15:47 2007
@@ -25,8 +25,11 @@
 import java.util.Properties;
 import java.util.Set;
 
+import javax.naming.InvalidNameException;
+
 import junit.framework.Assert;
 import junit.framework.TestCase;
+import org.apache.directory.shared.ldap.name.LdapDN;
 
 public class ApplicationPolicyFactoryTest extends TestCase
 {
@@ -54,7 +57,7 @@
         Assert.assertTrue( ApplicationPolicyFactory.registerDriver( testDriver2 ) );
         Assert.assertFalse( ApplicationPolicyFactory.registerDriver( testDriver1 ) );
         ApplicationPolicy testStore = ApplicationPolicyFactory.newInstance( "test2:dummy", new Properties() );
-        Assert.assertEquals( "appName=Test,ou=applications", testStore.getApplicationRelativeDistinguishedName() );
+        Assert.assertEquals( "appname=Test,ou=applications", testStore.getApplicationRelativeDistinguishedName().toString() );
         
         // Deregister driver and make sure it doesn't work.
         Assert.assertTrue( ApplicationPolicyFactory.deregisterDriver( testDriver1.getClass() ) );
@@ -137,8 +140,14 @@
         public ApplicationPolicy newApplicationPolicy(String url, Properties info) throws GuardianException {
             return new ApplicationPolicy()
             {
-                public String getApplicationRelativeDistinguishedName() {
-                    return "appName=Test,ou=applications";
+                public LdapDN getApplicationRelativeDistinguishedName() {
+                    try
+                    {
+                        return new LdapDN("appName=Test,ou=applications");
+                    } catch ( InvalidNameException e )
+                    {
+                        throw new RuntimeException(e);
+                    }
                 }
 
                 public Map<String, Role> getRolesById()
@@ -147,10 +156,6 @@
                 }
 
                 public Map<String, Permission> getPermissions() {
-                    return null;
-                }
-
-                public Session getSession(String userName) {
                     return null;
                 }
 

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/RoleTest.java Mon Oct 22 23:15:47 2007
@@ -29,6 +29,10 @@
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.InvalidNameException;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+
 
 /**
  * @author <a href="mailto:akarasulu@apache.org">Alex Karasulu</a>
@@ -36,11 +40,28 @@
  */
 public class RoleTest extends AbstractEntityTest
 {
-    private static final ApplicationPolicy STORE1 = new TestApplicationPolicyStore(
-            "app1" );
+    private static final ApplicationPolicy STORE1;
+
+    private static final ApplicationPolicy STORE2;
+
+    static
+    {
+        try
+        {
+            STORE1 = new TestApplicationPolicyStore(
+                    new LdapDN( "appName=app1" ) );
+            STORE2 = new TestApplicationPolicyStore(
+                    new LdapDN( "appName=app2" ) );
+        } catch ( InvalidNameException e )
+        {
+            throw new RuntimeException(e);
+        }
+    }
 
-    private static final ApplicationPolicy STORE2 = new TestApplicationPolicyStore(
-            "app2" );
+    public void testLdapDNHashCode() throws Exception
+    {
+        assertFalse( STORE1.getApplicationRelativeDistinguishedName().hashCode() == STORE2.getApplicationRelativeDistinguishedName().hashCode());
+    }
 
     protected Object newInstanceA1()
     {
@@ -138,7 +159,7 @@
         assertEquals( 0, PermissionsUtil.size( r.getDeniedPermissions() ) );
     }
 
-    public void testProperties()
+    public void testProperties() throws InvalidNameException
     {
         StringPermission perm1 = new StringPermission( "perm1" );
         Permissions perms = new Permissions();
@@ -147,7 +168,7 @@
         perms.add( new StringPermission( "perm3" ) );
 
         Role r = new Role( STORE1, "role1", "role1", perms, null, null, null, "test description" );
-        assertEquals( "app1", r.getApplicationRelativeDistinguishedName() );
+        assertEquals( new LdapDN("appName=app1"), r.getApplicationRelativeDistinguishedName() );
         assertEquals( "role1", r.getName() );
         assertEquals( perms, r.getGrantedPermissions() );
         assertEquals( "test description", r.getDescription() );
@@ -199,14 +220,14 @@
     private static class TestApplicationPolicyStore implements
             ApplicationPolicy
     {
-        private final String appName;
+        private final LdapDN appName;
 
-        public TestApplicationPolicyStore( String appName )
+        public TestApplicationPolicyStore( LdapDN appName )
         {
             this.appName = appName;
         }
 
-        public String getApplicationRelativeDistinguishedName()
+        public LdapDN getApplicationRelativeDistinguishedName()
         {
             return appName;
         }
@@ -223,11 +244,6 @@
             perms.put( "perm2", new StringPermission( "perm2" ) );
             perms.put( "perm3", new StringPermission( "perm3" ) );
             return perms;
-        }
-
-        public Session getSession( String userName )
-        {
-            return null;
         }
 
         public String getDescription()

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -29,11 +29,15 @@
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.InvalidNameException;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.triplesec.guardian.ApplicationPolicy;
 import org.apache.directory.triplesec.guardian.GuardianException;
 import org.apache.directory.triplesec.guardian.PolicyChangeListener;
 import org.apache.directory.triplesec.guardian.Role;
 import org.apache.directory.triplesec.guardian.Session;
+import org.apache.directory.triplesec.guardian.SessionFactory;
 import org.apache.directory.triplesec.guardian.StringPermission;
 
 
@@ -43,18 +47,24 @@
  * @author <a href="mailto:akarasulu@apache.org">Alex Karasulu</a>
  * @version $Rev: 72 $
  */
-class MockApplicationPolicy implements ApplicationPolicy
+class MockApplicationPolicy implements ApplicationPolicy, SessionFactory
 {
     private final Map<String, Role> roleByName = new HashMap<String, Role>();
     private final Map<String, Permission> perms = new HashMap<String, Permission>();
-    private final String name;
-    private final Map<String, Set<Role>> sessionByName;
+    private final LdapDN name;
+    private final Map<String, Set<String>> sessionByName;
 
 
     public MockApplicationPolicy()
     {
-        name = "mockApplication";
-        sessionByName = new HashMap<String, Set<Role>>();
+        try
+        {
+            name = new LdapDN( "appName=mockApplication" );
+        } catch ( InvalidNameException e )
+        {
+            throw new RuntimeException( e );
+        }
+        sessionByName = new HashMap<String, Set<String>>();
 
         // --------------------------------------------------------------------------------
         // add permissions
@@ -138,22 +148,22 @@
         // a profile that has no permissions at all, and no roles (basis case)
         grants = new Permissions();
         denials = new Permissions();
-        Set<Role> roles = new HashSet<Role>();
+        Set<String> roles = new HashSet<String>();
         sessionByName.put( "mockProfile0", roles );
 
         // a profile for checking union of role1 and role2 - inherits perm0 and perm1
         grants = new Permissions();
         denials = new Permissions();
-        roles = new HashSet<Role>();
-        roles.add( role1 );
-        roles.add( role2 );
+        roles = new HashSet<String>();
+        roles.add( role1.getId() );
+        roles.add( role2.getId() );
         sessionByName.put( "mockProfile1", roles );
 
         // a profile for checking union of roles with grants - granted perm0 and inherits perm1
         grants = new Permissions();
         grants.add( perm0 );
         denials = new Permissions();
-        roles = Collections.singleton( role2 );
+        roles = Collections.singleton( role2.getId() );
         sessionByName.put( "mockProfile2", roles );
 
         // a profile for checking union of roles with grants - granted perm0, perm7 and inherits perm2 and perm3
@@ -161,7 +171,7 @@
         grants.add( perm0 );
         grants.add( perm7 );
         denials = new Permissions();
-        roles = Collections.singleton( role3 );
+        roles = Collections.singleton( role3.getId() );
         sessionByName.put( "mockProfile3", roles );
 
         // a profile for checking union of roles with grants and denials
@@ -170,9 +180,9 @@
         grants.add( perm0 );
         denials = new Permissions();
         denials.add( perm7 );
-        roles = new HashSet<Role>();
-        roles.add( role3 );
-        roles.add( role4 );
+        roles = new HashSet<String>();
+        roles.add( role3.getId() );
+        roles.add( role4.getId() );
         sessionByName.put( "mockProfile4", roles );
 
         // a profile for checking union of roles with grants and denials
@@ -181,15 +191,15 @@
         grants.add( perm0 );
         denials = new Permissions();
         denials.add( perm7 );
-        roles = new HashSet<Role>();
-        roles.add( role3 );
-        roles.add( role4 );
-        roles.add( role5 );
+        roles = new HashSet<String>();
+        roles.add( role3.getId() );
+        roles.add( role4.getId() );
+        roles.add( role5.getId() );
         sessionByName.put( "mockProfile5", roles );
     }
 
 
-    public String getApplicationRelativeDistinguishedName()
+    public LdapDN getApplicationRelativeDistinguishedName()
     {
         return name;
     }

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/test/java/org/apache/directory/triplesec/guardian/mock/MockApplicationPolicyTest.java Mon Oct 22 23:15:47 2007
@@ -58,16 +58,16 @@
         assertEquals( 6, store.getRolesById().size() );
         Session p = store.getSession( "mockProfile0" );
 //        assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
-        assertTrue( p.getRoles().isEmpty() );
+        assertTrue( p.getRoleIds().isEmpty() );
     }
 
     public void testProfile1()
     {
         Session p = store.getSession( "mockProfile1" );
-        assertTrue( p.implies( new StringPermission("mockPerm0" )));
-        assertTrue( p.implies( new StringPermission("mockPerm1" )));
-        assertFalse( p.implies( new StringPermission("mockPerm3")));
-        assertEquals( 2, p.getRoles().size() );
+        assertTrue( p.implies( new StringPermission("mockPerm0" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
+        assertFalse( p.implies( new StringPermission("mockPerm3"), store.getRolesById()));
+        assertEquals( 2, p.getRoleIds().size() );
     }
 
     public void testProfile2()
@@ -75,10 +75,10 @@
         Session p = store.getSession( "mockProfile2" );
 //        assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
 //        assertTrue( p.implies( new StringPermission("mockPerm0" )));
-        assertTrue( p.implies( new StringPermission("mockPerm1" )));
+        assertTrue( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
 //        assertFalse( p.implies( new StringPermission("mockPerm3")));
-        assertEquals( 1, p.getRoles().size() );
-        assertTrue( p.getRoles( ).iterator().next().getName().equals( "mockRole2" ) );
+        assertEquals( 1, p.getRoleIds().size() );
+        assertTrue( p.getRoleIds( ).iterator().next().equals( "mockRole2" ) );
     }
 
     public void testProfile3()
@@ -87,11 +87,11 @@
 //        assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
 //        assertTrue( p.implies( new StringPermission("mockPerm0" )));
 //        assertTrue( p.implies( new StringPermission("mockPerm7" )));
-        assertTrue( p.implies( new StringPermission("mockPerm2" )));
-        assertTrue( p.implies( new StringPermission("mockPerm3" )));
+        assertTrue( p.implies( new StringPermission("mockPerm2" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm3" ), store.getRolesById()));
 //        assertFalse( p.implies( new StringPermission("mockPerm4" )));
-        assertEquals( 1, p.getRoles().size() );
-        assertTrue( p.getRoles( ).iterator().next().getName().equals( "mockRole3" ) );
+        assertEquals( 1, p.getRoleIds().size() );
+        assertTrue( p.getRoleIds( ).iterator().next().equals( "mockRole3" ) );
     }
 
     public void testProfile4()
@@ -100,18 +100,18 @@
 //        assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
 //        assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
 //        assertTrue( p.implies( new StringPermission("mockPerm0" )));
-        assertFalse( p.implies( new StringPermission("mockPerm1" )));
-        assertTrue( p.implies( new StringPermission("mockPerm2" )));
-        assertTrue( p.implies( new StringPermission("mockPerm3" )));
-        assertTrue( p.implies( new StringPermission("mockPerm4" )));
-        assertTrue( p.implies( new StringPermission("mockPerm5" )));
-        assertTrue( p.implies( new StringPermission("mockPerm6" )));
-        assertTrue( p.implies( new StringPermission("mockPerm7" )));
-        assertFalse( p.implies( new StringPermission("mockPerm8" )));
-        assertTrue( p.implies( new StringPermission("mockPerm9" )));
+        assertFalse( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm2" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm3" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm4" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm5" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm6" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm7" ), store.getRolesById()));
+        assertFalse( p.implies( new StringPermission("mockPerm8" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm9" ), store.getRolesById()));
 
-        assertFalse( p.implies( new StringPermission("mockPerm14" )));
-        assertEquals( 2, p.getRoles().size() );
+        assertFalse( p.implies( new StringPermission("mockPerm14" ), store.getRolesById()));
+        assertEquals( 2, p.getRoleIds().size() );
 //        assertTrue( p.isInRole( "mockRole3" ) );
 //        assertTrue( p.isInRole( "mockRole4" ) );
     }
@@ -122,19 +122,19 @@
 //        assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
 //        assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
 //        assertTrue( p.implies( new StringPermission("mockPerm0" )));
-        assertFalse( p.implies( new StringPermission("mockPerm1" )));
-        assertTrue( p.implies( new StringPermission("mockPerm2" )));
-        assertTrue( p.implies( new StringPermission("mockPerm3" )));
-        assertTrue( p.implies( new StringPermission("mockPerm4" )));
-        assertTrue( p.implies( new StringPermission("mockPerm5" )));
+        assertFalse( p.implies( new StringPermission("mockPerm1" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm2" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm3" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm4" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm5" ), store.getRolesById()));
         //from denial in role5
-        assertTrue( p.implies( new StringPermission("mockPerm6" )));
-        assertTrue( p.implies( new StringPermission("mockPerm7" )));
-        assertFalse( p.implies( new StringPermission("mockPerm8" )));
-        assertTrue( p.implies( new StringPermission("mockPerm9" )));
+        assertTrue( p.implies( new StringPermission("mockPerm6" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm7" ), store.getRolesById()));
+        assertFalse( p.implies( new StringPermission("mockPerm8" ), store.getRolesById()));
+        assertTrue( p.implies( new StringPermission("mockPerm9" ), store.getRolesById()));
 
-        assertFalse( p.implies( new StringPermission("mockPerm14" )));
-        assertEquals( 3, p.getRoles().size() );
+        assertFalse( p.implies( new StringPermission("mockPerm14" ), store.getRolesById()));
+        assertEquals( 3, p.getRoleIds().size() );
 //        assertTrue( p.isInRole( "mockRole3" ) );
 //        assertTrue( p.isInRole( "mockRole4" ) );
 //        assertTrue( p.isInRole( "mockRole5" ) );

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -28,8 +28,8 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.Collections;
 
+import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
@@ -43,12 +43,13 @@
 import javax.naming.event.NamingExceptionEvent;
 import javax.naming.event.ObjectChangeListener;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.name.Rdn;
 import org.apache.directory.triplesec.guardian.ChangeType;
 import org.apache.directory.triplesec.guardian.EntryApplicationPolicy;
 import org.apache.directory.triplesec.guardian.GuardianException;
 import org.apache.directory.triplesec.guardian.PolicyChangeListener;
 import org.apache.directory.triplesec.guardian.Role;
-import org.apache.directory.triplesec.guardian.Session;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -61,26 +62,43 @@
  */
 class LdapApplicationPolicy extends EntryApplicationPolicy
 {
-    private static final String[] PROF_ID = new String[] { "profileId" };
-    /** the logger interface for this class */
+    private static final String[] PROF_ID = new String[] {"profileId"};
+    /**
+     * the logger interface for this class
+     */
     private static Logger log = LoggerFactory.getLogger( LdapApplicationPolicy.class );
 
-    /** the realm JNDI Context at the base under which ou=applications can be found */
+    /**
+     * the realm JNDI Context at the base under which ou=applications can be found
+     */
     private DirContext ctx;
+    private static final LdapDN APPLICATIONS_RDN;
+
+    private static final Rdn ROLES_RDN;
+
+    static
+    {
+        try
+        {
+            APPLICATIONS_RDN = new LdapDN( "ou=applications" );
+            ROLES_RDN = new Rdn( "ou=roles" );
+        } catch ( InvalidNameException e )
+        {
+            throw new RuntimeException( e );
+        }
+    }
     /** the profile for the admin user with all rights in all roles */
 //    private Profile adminProfile;
 
-    private final List<String> appDns;
-
 
     /**
      * Creates an instance of the LDAP ApplicationPolicyStore.
      *
      * @param ctx the realm base context under which ou=applications and ou=users can be found
-     * @param applicationRdn relative distinguished name for this app context inside ctx
+     * @param dn  relative distinguished name for this app context inside ctx
      * @throws GuardianException if failures are encountered while loading objects from the backing store
      */
-    public LdapApplicationPolicy( DirContext ctx, String applicationRdn ) throws GuardianException
+    public LdapApplicationPolicy( DirContext ctx, LdapDN dn ) throws GuardianException
     {
         if ( ctx == null )
         {
@@ -90,8 +108,13 @@
         this.ctx = ctx;
 
         // extract the applicationRdn from the applicationPrincipalDN
-        this.applicationRdn = applicationRdn;
-        appDns = getAppPath(applicationRdn);
+        try
+        {
+            this.applicationRdn = ( LdapDN ) new LdapDN(dn).addAll(0, APPLICATIONS_RDN);
+        } catch ( InvalidNameException e )
+        {
+            throw new GuardianException(e);
+        }
         // load the set of permissions associated with this application
         loadPermissions();
 
@@ -110,8 +133,7 @@
             if ( descriptionAttr == null || descriptionAttr.size() == 0 )
             {
                 description = null;
-            }
-            else
+            } else
             {
                 description = ( String ) descriptionAttr.get();
             }
@@ -127,10 +149,10 @@
     private List<String> getAppPath( String applicationRdn )
     {
         List<String> appDns = new ArrayList<String>();
-        while (applicationRdn.startsWith( "appName"))
+        while ( applicationRdn.startsWith( "appName" ) )
         {
-            appDns.add(0, applicationRdn);
-            applicationRdn = applicationRdn.substring( applicationRdn.indexOf( ',') + 1);
+            appDns.add( 0, applicationRdn );
+            applicationRdn = applicationRdn.substring( applicationRdn.indexOf( ',' ) + 1 );
         }
 
         return appDns;
@@ -158,42 +180,43 @@
 
 
     /**
-     * 
      * @throws GuardianException
      */
     private void loadRoles() throws GuardianException
     {
         SearchControls ctrls = new SearchControls();
-        ctrls.setReturningAttributes( new String[] { "roleName", "roleId", "grants", "denials", "grantedRoles", "deniedRoles" } );
+        ctrls.setReturningAttributes( new String[] {"roleName", "roleId", "grants", "denials", "grantedRoles", "deniedRoles"} );
         ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
 
         List<Map<String, Attributes>> appRoleAttributes = new ArrayList<Map<String, Attributes>>();
         try
         {
-            for ( String appDn: appDns )
+            for ( int i = 2; i <= applicationRdn.getRdns().size(); i++ )
             {
+                LdapDN dn = ( LdapDN ) applicationRdn.getPrefix( i );
+                dn.add( ROLES_RDN );
                 Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
-                NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + appDn,
+                NamingEnumeration<SearchResult> list = ctx.search( dn,
                         "(objectClass=policyRole)", ctrls );
                 while ( list.hasMore() )
                 {
                     SearchResult result = list.next();
                     Attributes attributes = result.getAttributes();
-                    String roleId = getStringAttribute(attributes, "roleId");
-                    roleAttributes.put(roleId, attributes);
+                    String roleId = getStringAttribute( attributes, "roleId" );
+                    roleAttributes.put( roleId, attributes );
                 }
-                appRoleAttributes.add(roleAttributes);
+                appRoleAttributes.add( roleAttributes );
             }
 
             int end = appRoleAttributes.size();
             int pos = 0;
-            for ( Map<String, Attributes> roleAttributes: appRoleAttributes )
+            for ( Map<String, Attributes> roleAttributes : appRoleAttributes )
             {
-                List<Map<String, Attributes>> childRoleAttributes = appRoleAttributes.subList( pos++, end);
+                List<Map<String, Attributes>> childRoleAttributes = appRoleAttributes.subList( pos++, end );
 
-                for (String roleId: roleAttributes.keySet())
+                for ( String roleId : roleAttributes.keySet() )
                 {
-                    addRole(roleId, childRoleAttributes);
+                    addRole( roleId, childRoleAttributes );
                 }
             }
         }
@@ -209,7 +232,7 @@
     private void loadPermissions() throws GuardianException
     {
         SearchControls ctrls = new SearchControls();
-        ctrls.setReturningAttributes( new String[] { "permName", "permJavaClass", "permJavaName", "permJavaActions" } );
+        ctrls.setReturningAttributes( new String[] {"permName", "permJavaClass", "permJavaName", "permJavaActions"} );
         ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         try
         {
@@ -218,8 +241,8 @@
             while ( list.hasMore() )
             {
                 SearchResult result = list.next();
-                PermissionEntry permEntry = loadPermission( result.getAttributes());
-                permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
+                PermissionEntry permEntry = loadPermission( result.getAttributes() );
+                permissions.put( permEntry.getPermissionName(), permEntry.getPermission() );
                 log.debug( "loading permission " + permEntry.getPermissionName() + " for application " + applicationRdn );
             }
         }
@@ -232,74 +255,6 @@
 
     }
 
-
-    public Session getSession( String userName )
-    {
-        if ( ctx == null )
-        {
-            throw new IllegalStateException( "This ApplicationProfileStore has been closed." );
-        }
-
-        /*
-        * Searching via one level scope for a profile is better than base scope lookups because
-        * if the profile is not present search will not fail but return zero entries.  Base scope
-        * searches will raise an exception since the search base will be missing.  Plus profileId
-        * shall be indexed by default.
-        */
-        SearchControls ctrls = new SearchControls();
-        ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-
-        NamingEnumeration<SearchResult> list = null;
-        try
-        {
-            //TODO fix base dn
-            list = ctx.search( "ou=users", "(uid=" + userName + ")", ctrls );
-            if ( list.hasMore() )
-            {
-                SearchResult result = list.next();
-                Set<Role> session = getSession( result.getAttributes() );
-
-                if ( log.isDebugEnabled() )
-                {
-                    log.debug( "loaded profile '" + userName + "' in application '" + applicationRdn + "'" );
-                }
-
-                return new Session(session);
-            }
-            else
-            {
-                if ( log.isInfoEnabled() )
-                {
-                    log.info( "Profile search for profileId '" + userName + "' in application '"
-                            + applicationRdn + "' failed to return an entry." );
-                }
-
-                return new Session();
-            }
-        }
-        catch ( NamingException e )
-        {
-            String msg = "Failed on search to find profile for profileId '" + userName + "' in '" + applicationRdn + "'";
-            log.error( msg, e );
-            throw new GuardianException( msg, e );
-        }
-        finally
-        {
-            if ( list != null )
-            {
-                try
-                {
-                    list.close();
-                }
-                catch ( NamingException e )
-                {
-                    log.error( "Failed to close NamingEnumeration after profile search." );
-                }
-            }
-        }
-    }
-
-
     public void close() throws GuardianException
     {
         if ( ctx == null )
@@ -365,14 +320,14 @@
 
                 if ( result.getAttributes().get( "profileId" ) != null )
                 {
-                    profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
+                    profiles.add( ( String ) result.getAttributes().get( "profileId" ).get() );
                 }
             }
         }
         catch ( NamingException e )
         {
             throw new GuardianException( "Failed to lookup profiles dependent on role '" +
-                role.getName() + "' while searching the directory" );
+                    role.getName() + "' while searching the directory" );
         }
 
         return profiles;
@@ -406,14 +361,14 @@
 
                 if ( result.getAttributes().get( "profileId" ) != null )
                 {
-                    profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
+                    profiles.add( ( String ) result.getAttributes().get( "profileId" ).get() );
                 }
             }
         }
         catch ( NamingException e )
         {
             throw new GuardianException( "Failed to lookup profiles dependent on permission '" +
-                permissionID + "' while searching the directory" );
+                    permissionID + "' while searching the directory" );
         }
 
         return profiles;
@@ -433,7 +388,7 @@
         }
 
         NamingEnumeration<?> all = oc.getAll();
-        while( all.hasMore() )
+        while ( all.hasMore() )
         {
             String candidate = ( String ) all.next();
             if ( candidate.equalsIgnoreCase( value ) )
@@ -445,10 +400,15 @@
         return false;
     }
 
+    public DirContext getContext()
+    {
+        return ctx;
+    }
+
 
     /**
      * An event transducer that converts JNDI notifications of change into
-     * Guardian policy change notifications.  
+     * Guardian policy change notifications.
      */
     class JndiListener implements ObjectChangeListener, NamespaceChangeListener
     {
@@ -467,8 +427,7 @@
                 if ( entry == null )
                 {
                     buf.append( "\tentry     = " ).append( "null" ).append( "\n" );
-                }
-                else
+                } else
                 {
                     buf.append( "\tentry     = " ).append( entry ).append( "\n" );
                 }
@@ -483,6 +442,10 @@
 
         public void objectChanged( NamingEvent evt )
         {
+            if ( true )
+            {
+                return;
+            }
             SearchResult result;
             Attributes entry;
             Attribute oc;
@@ -495,7 +458,8 @@
             result = ( SearchResult ) evt.getNewBinding();
             String name = result.getName();
 
-            //TODO this test is very very wrong.  
+/*
+            //TODO this test is very very wrong.
             if ( name.toLowerCase( ).indexOf( applicationRdn.toLowerCase( ) ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -505,6 +469,7 @@
                 }
                 return;
             }
+*/
 
             try
             {
@@ -530,8 +495,8 @@
 
                 if ( hasObjectClass( oc, "policyPermission" ) )
                 {
-                    PermissionEntry newPermEntry = loadPermission(entry);
-                    Permission oldPermission = permissions.put(newPermEntry.getPermissionName(), newPermEntry.getPermission());
+                    PermissionEntry newPermEntry = loadPermission( entry );
+                    Permission oldPermission = permissions.put( newPermEntry.getPermissionName(), newPermEntry.getPermission() );
                     if ( log.isDebugEnabled() )
                     {
                         log.debug( "Received notification that a policyPermission " + newPermEntry.getPermissionName() + " has changed." );
@@ -577,12 +542,12 @@
 
                     LdapApplicationPolicy.this.roles = roles;
                     */
-                    for (PolicyChangeListener listener : listeners) {
-                        listener.permissionChanged(LdapApplicationPolicy.this, newPermEntry.getPermissionName(), newPermEntry.getPermission(),
-                                ChangeType.MODIFY);
+                    for ( PolicyChangeListener listener : listeners )
+                    {
+                        listener.permissionChanged( LdapApplicationPolicy.this, newPermEntry.getPermissionName(), newPermEntry.getPermission(),
+                                ChangeType.MODIFY );
                     }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
+                } else if ( hasObjectClass( oc, "policyRole" ) )
                 {
                     String roleName = ( String ) entry.get( "roleName" ).get();
 
@@ -651,8 +616,7 @@
             if ( enabled )
             {
                 log.info( "Re-enabled notifications" );
-            }
-            else
+            } else
             {
                 log.error( "Could not re-enable notifications.  Notifications will no longer be recieved." );
             }
@@ -661,12 +625,17 @@
 
         public void objectAdded( NamingEvent evt )
         {
+            if ( true )
+            {
+                return;
+            }
             SearchResult result = ( SearchResult ) evt.getNewBinding();
             Attributes entry = result.getAttributes();
             Attribute oc = entry.get( "objectClass" );
             String name = result.getName();
             logEvent( evt, entry );
 
+/*
             if ( name.indexOf( applicationRdn ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -676,6 +645,7 @@
                 }
                 return;
             }
+*/
 
             try
             {
@@ -685,14 +655,14 @@
                      * 1. Need to add the permission to the permissions of the application
                      * 2. Need to notify of the permission's addition to all listeners
                      */
-                    PermissionEntry permEntry = loadPermission( entry);
-                    permissions.put(permEntry.getPermissionName(), permEntry.getPermission());
+                    PermissionEntry permEntry = loadPermission( entry );
+                    permissions.put( permEntry.getPermissionName(), permEntry.getPermission() );
 
-                    for (PolicyChangeListener listener : listeners) {
-                        listener.permissionChanged(LdapApplicationPolicy.this, permEntry.getPermissionName(), permEntry.getPermission(), ChangeType.ADD);
+                    for ( PolicyChangeListener listener : listeners )
+                    {
+                        listener.permissionChanged( LdapApplicationPolicy.this, permEntry.getPermissionName(), permEntry.getPermission(), ChangeType.ADD );
                     }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
+                } else if ( hasObjectClass( oc, "policyRole" ) )
                 {
                     /*
                      * 1. Need to add the role to the roles of the application
@@ -736,12 +706,17 @@
 
         public void objectRemoved( NamingEvent evt )
         {
+            if ( true )
+            {
+                return;
+            }
             SearchResult result = ( SearchResult ) evt.getOldBinding();
             Attributes entry = result.getAttributes();
             Attribute oc = entry.get( "objectClass" );
             String name = result.getName();
             logEvent( evt, entry );
 
+/*
             if ( name.indexOf( applicationRdn ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -751,6 +726,7 @@
                 }
                 return;
             }
+*/
 
             try
             {
@@ -761,12 +737,12 @@
                      * 2. Need to notify of the permission's removal to all listeners
                      */
                     String permName = ( String ) entry.get( "permName" ).get();
-                    Permission permission = permissions.remove(permName);
-                    for (PolicyChangeListener listener : listeners) {
-                        listener.permissionChanged(LdapApplicationPolicy.this, permName, permission, ChangeType.DEL);
+                    Permission permission = permissions.remove( permName );
+                    for ( PolicyChangeListener listener : listeners )
+                    {
+                        listener.permissionChanged( LdapApplicationPolicy.this, permName, permission, ChangeType.DEL );
                     }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
+                } else if ( hasObjectClass( oc, "policyRole" ) )
                 {
                     /*
                      * 1. Need to remove the role from the roles of the application
@@ -778,8 +754,7 @@
 //                    for (PolicyChangeListener listener : listeners) {
 //                        listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.DEL);
 //                    }
-                }
-                else if ( hasObjectClass( oc, "policyProfile" ) )
+                } else if ( hasObjectClass( oc, "policyProfile" ) )
                 {
                     /*
                      * 1. Need to notify of the profile's addition to all listeners
@@ -788,8 +763,7 @@
 //                    for (PolicyChangeListener listener : listeners) {
 //                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.DEL);
 //                    }
-                }
-                else
+                } else
                 {
                     System.out.println( "Entry '" + name + "' ignored!" );
                     return;
@@ -808,6 +782,10 @@
 
         public void objectRenamed( NamingEvent evt )
         {
+            if ( true )
+            {
+                return;
+            }
             logEvent( evt, null );
             /*
              * For permissions and roles we need to first remove the old object from 
@@ -820,6 +798,7 @@
             Attributes newEntry = ( ( SearchResult ) evt.getNewBinding() ).getAttributes();
             Attribute oc = newEntry.get( "objectClass" );
 
+/*
             if ( oldName.indexOf( applicationRdn ) == -1 )
             {
                 if ( log.isWarnEnabled() )
@@ -829,6 +808,7 @@
                 }
                 return;
             }
+*/
 
             try
             {
@@ -841,12 +821,12 @@
                     PermissionEntry permEntry = loadPermission( newEntry );
                     add( permEntry );
 
-                    for (Object listener1 : listeners) {
-                        PolicyChangeListener listener = (PolicyChangeListener) listener1;
-                        listener.permissionRenamed(LdapApplicationPolicy.this, permEntry.getPermission(), newName, oldProfileId);
+                    for ( Object listener1 : listeners )
+                    {
+                        PolicyChangeListener listener = ( PolicyChangeListener ) listener1;
+                        listener.permissionRenamed( LdapApplicationPolicy.this, permEntry.getPermission(), newName, oldProfileId );
                     }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
+                } else if ( hasObjectClass( oc, "policyRole" ) )
                 {
 //                    removeRole( oldProfileId );
 //                    Role newRole = getRole( newEntry );
@@ -855,8 +835,7 @@
 //                    for (PolicyChangeListener listener : listeners) {
 //                        listener.roleRenamed(LdapApplicationPolicy.this, newRole, oldProfileId);
 //                    }
-                }
-                else if ( hasObjectClass( oc, "policyProfile" ) )
+                } else if ( hasObjectClass( oc, "policyProfile" ) )
                 {
                     /*
                      * 1. Need to notify of the profile's addition to all listeners
@@ -865,8 +844,7 @@
 //                    for (PolicyChangeListener listener : listeners) {
 //                        listener.profileRenamed(LdapApplicationPolicy.this, profile, oldProfileId);
 //                    }
-                }
-                else
+                } else
                 {
                     System.out.println( "Rename of entry '" + oldName + "' to '" + newName + "' ignored!" );
                     return;
@@ -920,14 +898,14 @@
 
                 if ( result.getAttributes().get( "profileId" ) != null )
                 {
-                    profiles.add( (String) result.getAttributes().get( "profileId" ).get() );
+                    profiles.add( ( String ) result.getAttributes().get( "profileId" ).get() );
                 }
             }
         }
         catch ( NamingException e )
         {
             throw new GuardianException( "Failed to lookup profiles for user '" +
-                userName + "' while searching the directory" );
+                    userName + "' while searching the directory" );
         }
 
         return profiles;

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapConnectionDriver.java Mon Oct 22 23:15:47 2007
@@ -25,6 +25,7 @@
 
 import javax.naming.Context;
 import javax.naming.NamingException;
+import javax.naming.InvalidNameException;
 import javax.naming.directory.InitialDirContext;
 
 import org.apache.directory.triplesec.guardian.ApplicationPolicy;
@@ -34,6 +35,7 @@
 import org.apache.directory.triplesec.guardian.StoreConnectionException;
 import org.apache.directory.triplesec.guardian.RealmPolicy;
 import org.apache.directory.triplesec.guardian.RealmPolicyFactory;
+import org.apache.directory.shared.ldap.name.LdapDN;
 
 
 /**
@@ -64,7 +66,7 @@
     {
         InitialDirContext ictx = getContext( info, url );
 
-        String applicationRdn = getApplicationRdn( info );
+        LdapDN applicationRdn = getApplicationRdn( info );
 
         return new LdapApplicationPolicy( ictx, applicationRdn );
     }
@@ -73,18 +75,22 @@
     {
         InitialDirContext ictx = getContext( info, url );
 
-        String applicationRdn = getApplicationRdn( info );
-
-        return new LdapRealmPolicy( ictx, applicationRdn );
+        return new LdapRealmPolicy( ictx );
     }
 
-    private String getApplicationRdn( Properties info )
+    private LdapDN getApplicationRdn( Properties info )
     {
         String applicationRdn = info.getProperty("applicationRDN");
         if (applicationRdn == null) {
             throw new IllegalArgumentException( "The ApplicationRDN property must be provided" );
         }
-        return applicationRdn;
+        try
+        {
+            return new LdapDN(applicationRdn);
+        } catch ( InvalidNameException e )
+        {
+            throw new GuardianException(e);
+        }
     }
 
     private InitialDirContext getContext( Properties info, String url )

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapRealmPolicy.java Mon Oct 22 23:15:47 2007
@@ -25,11 +25,11 @@
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.triplesec.guardian.ApplicationPolicy;
 import org.apache.directory.triplesec.guardian.EntryRealmPolicy;
 import org.apache.directory.triplesec.guardian.GuardianException;
@@ -39,50 +39,65 @@
  *
  * @version $Rev$
  */
-class LdapRealmPolicy extends EntryRealmPolicy
+public class LdapRealmPolicy extends EntryRealmPolicy
 {
 
     /**
      * the realm JNDI Context at the base under which ou=applications can be found
      */
     private static final String[] ATTRS = {"appName"};
-    private static final SearchControls APPS_CONTROLS = new SearchControls( SearchControls.ONELEVEL_SCOPE, 0, 0, ATTRS, false, false );
+    private static final SearchControls APPS_CONTROLS = new SearchControls( SearchControls.SUBTREE_SCOPE, 0, 0, ATTRS, false, false );
     private static final String APPS_QUERY = "(& (appName=*) (objectClass=policyApplication) )";
 
+    private final DirContext ctx;
 
     /**
      * Creates an instance of the LDAP ApplicationPolicyStore.
      *
      * @param ctx            the realm base context under which ou=applications and ou=users can be found
-     * @param applicationRdn relative distinguished name for this app context inside ctx
      * @throws org.apache.directory.triplesec.guardian.GuardianException
      *          if failures are encountered while loading objects from the backing store
      */
-    public LdapRealmPolicy( DirContext ctx, String applicationRdn ) throws GuardianException
+    public LdapRealmPolicy( DirContext ctx ) throws GuardianException
     {
-        super( buildApplicationPolicies( ctx, applicationRdn ) );
+        super( buildApplicationPolicies( ctx, null ) );
+        this.ctx = ctx;
     }
 
-    private static Map<String, ApplicationPolicy> buildApplicationPolicies( DirContext ctx, String applicationRdn )
+    private static Map<LdapDN, ApplicationPolicy> buildApplicationPolicies( DirContext ctx, String applicationRdn )
     {
-        Map<String, ApplicationPolicy> applicationPolicies = new HashMap<String, ApplicationPolicy>();
+        Map<LdapDN, ApplicationPolicy> applicationPolicies = new HashMap<LdapDN, ApplicationPolicy>();
+/*
         try
         {
             for ( NamingEnumeration<SearchResult> ne = ctx.search( applicationRdn, APPS_QUERY, APPS_CONTROLS ); ne.hasMoreElements(); )
             {
                 SearchResult result = ne.nextElement();
                 String dn = result.getName();
-                Attribute attr = result.getAttributes().get("appName");
-                String contextId = ( String ) attr.get();
+//                Attribute attr = result.getAttributes().get("appName");
+//                String contextId = ( String ) attr.get();
                 String pcRdn = dn + "," + applicationRdn;
+                String nameInNamespace = result.getNameInNamespace();
+                LdapDN ldapDn = new LdapDN(nameInNamespace);
                 ApplicationPolicy applicationPolicy = new LdapApplicationPolicy( ctx, pcRdn );
-                applicationPolicies.put( contextId, applicationPolicy );
+                applicationPolicies.put( ldapDn, applicationPolicy );
             }
         } catch ( NamingException e )
         {
             throw new GuardianException( e );
         }
+*/
         return applicationPolicies;
     }
 
+    protected ApplicationPolicy newApplicationPolicy( LdapDN dn ) throws GuardianException
+    {
+        return new LdapApplicationPolicy( ctx, dn );
+    }
+
+
+    public DirContext getCtx()
+    {
+        return ctx;
+    }
 }



Mime
View raw message