directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r587399 [2/2] - in /directory/sandbox/djencks/triplesec-jacc2: admin-api2/src/main/java/org/apache/directory/triplesec/admin/ admin-api2/src/test/java/org/apache/directory/triplesec/admin/ guardian-api/ guardian-api/src/main/java/org/apache...
Date Tue, 23 Oct 2007 06:15:49 GMT
Added: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.guardian.ldap;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.apache.directory.triplesec.guardian.GuardianException;
+import org.apache.directory.triplesec.guardian.Role;
+import org.apache.directory.triplesec.guardian.Session;
+import org.apache.directory.triplesec.guardian.SessionFactory;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class LdapSessionFactory implements SessionFactory
+{
+
+    private final DirContext ctx;
+
+
+    public LdapSessionFactory( DirContext ctx )
+    {
+        this.ctx = ctx;
+    }
+
+    public Session getSession( String userName )
+    {
+        SearchControls ctrls = new SearchControls();
+        ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+
+        NamingEnumeration<SearchResult> list = null;
+        try
+        {
+            //TODO fix base dn
+            list = ctx.search( "ou=users", "(uid=" + userName + ")", ctrls );
+            if ( list.hasMore() )
+            {
+                SearchResult result = list.next();
+                Set<String> session = getSession( result.getAttributes() );
+
+                return new Session( session );
+            } else
+            {
+                return new Session();
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed on search to find profile for profileId '" + userName;
+            throw new GuardianException( msg, e );
+        }
+        finally
+        {
+            if ( list != null )
+            {
+                try
+                {
+                    list.close();
+                }
+                catch ( NamingException e )
+                {
+//                    log.error( "Failed to close NamingEnumeration after profile search." );
+                }
+            }
+        }
+    }
+
+    protected Set<String> getSession( Attributes attrs ) throws NamingException
+    {
+        Set<String> roles = new HashSet<String>();
+
+        Attribute defaultRolesAttribute = attrs.get( "defaultRoles" );
+        if ( defaultRolesAttribute != null )
+        {
+            NamingEnumeration<?> grantsEnumeration = defaultRolesAttribute.getAll();
+            while ( grantsEnumeration.hasMore() )
+            {
+                String roleId = ( String ) grantsEnumeration.next();
+                roles.add( roleId );
+            }
+        }
+        return roles;
+    }
+
+}

Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapSessionFactory.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/test/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java Mon Oct 22 23:15:47 2007
@@ -21,13 +21,13 @@
 
 
 import java.security.Permission;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Iterator;
+import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
-import java.util.Arrays;
-import java.util.Map;
 
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
@@ -44,6 +44,7 @@
 import org.apache.directory.triplesec.guardian.Role;
 import org.apache.directory.triplesec.guardian.Session;
 import org.apache.directory.triplesec.guardian.StringPermission;
+import org.apache.directory.triplesec.guardian.GuardianException;
 import org.apache.directory.triplesec.integration.TriplesecIntegration;
 
 
@@ -64,6 +65,7 @@
     private Role role;
     private Permission permission;
     private LdapApplicationPolicy store;
+    private LdapSessionFactory sessionFactory;
     private static final long WAIT_TIME = 100000;
 
 
@@ -84,12 +86,13 @@
         super.setUp();
         Properties props = new Properties();
         props.setProperty( "applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications,dc=example,dc=com" );
-        props.setProperty( "applicationRDN", "appName=mockContext,appName=" + APP_NAME + ",ou=applications" );
+        props.setProperty( "applicationRDN", "appName=mockContext,appName=" + APP_NAME );
         props.setProperty( "applicationCredentials", "testing" );
 
         Class.forName( "org.apache.directory.triplesec.guardian.ldap.LdapConnectionDriver" );
         store = ( LdapApplicationPolicy ) ApplicationPolicyFactory.
                 newInstance( "ldap://localhost:"+super.getLdapPort()+"/dc=example,dc=com", props );
+        sessionFactory = new LdapSessionFactory(store.getContext());
     }
 
 
@@ -122,41 +125,41 @@
 //        }
 
 //        assertEquals( 12, store.getRolesById().size() );
-        Session p = store.getSession( "nonexistant" );
-        assertEquals(0, p.getRoles().size() );
+        Session p = sessionFactory.getSession( "nonexistant" );
+        assertEquals(0, p.getRoleIds().size() );
 
-        p = store.getSession( "mockProfilemockRolerg12" );
+        p = sessionFactory.getSession( "mockProfilemockRolerg12" );
         checkPermissions(p, "mockPerm1", "mockPerm2");
-        assertEquals( p, store.getSession( "mockProfilemockRolerg12" ) );
+        assertEquals( p, sessionFactory.getSession( "mockProfilemockRolerg12" ) );
 
-        p = store.getSession( "mockProfilemockRolepg1rg2" );
+        p = sessionFactory.getSession( "mockProfilemockRolepg1rg2" );
         checkPermissions(p, "mockPerm1", "mockPerm2");
-        assertEquals( p, store.getSession( "mockProfilemockRolepg1rg2" ) );
+        assertEquals( p, sessionFactory.getSession( "mockProfilemockRolepg1rg2" ) );
 
-        p = store.getSession( "mockProfilemockRolepd1rg1" );
+        p = sessionFactory.getSession( "mockProfilemockRolepd1rg1" );
         checkPermissions(p);
-        assertEquals( p, store.getSession( "mockProfilemockRolepd1rg1" ) );
+        assertEquals( p, sessionFactory.getSession( "mockProfilemockRolepd1rg1" ) );
 
-        p = store.getSession( "mockProfilemockRolerg(rg12)rd(pg1)" );
+        p = sessionFactory.getSession( "mockProfilemockRolerg(rg12)rd(pg1)" );
         checkPermissions(p, "mockPerm2");
-        assertEquals( p, store.getSession( "mockProfilemockRolerg(rg12)rd(pg1)" ) );
+        assertEquals( p, sessionFactory.getSession( "mockProfilemockRolerg(rg12)rd(pg1)" ) );
 
-        p = store.getSession( "mockProfilemockRolerg1(rg(rg12)rd1)" );
+        p = sessionFactory.getSession( "mockProfilemockRolerg1(rg(rg12)rd1)" );
         checkPermissions(p, "mockPerm1", "mockPerm2");
-        assertEquals( p, store.getSession( "mockProfilemockRolerg1(rg(rg12)rd1)" ) );
+        assertEquals( p, sessionFactory.getSession( "mockProfilemockRolerg1(rg(rg12)rd1)" ) );
 
-        p = store.getSession( "mockProfile5" );
+        p = sessionFactory.getSession( "mockProfile5" );
         checkPermissions(p, "mockPerm1", "mockPerm2");
-        assertEquals( p, store.getSession( "mockProfile5" ) );
+        assertEquals( p, sessionFactory.getSession( "mockProfile5" ) );
 
         store.close();
 
         try
         {
-            store.getSession( "asdf" );
-//            fail( "should never get here due to an exception" );
+            sessionFactory.getSession( "asdf" );
+            fail( "should never get here due to an exception" );
         }
-        catch ( IllegalStateException e )
+        catch ( GuardianException e )
         {
 
         }
@@ -169,7 +172,7 @@
         for ( Map.Entry<String, Permission> entry: perms.entrySet())
         {
             boolean expectImplies = exp.contains( entry.getKey() );
-            boolean implies = s.implies( entry.getValue() );
+            boolean implies = s.implies( entry.getValue(), store.getRolesById() );
             assertEquals("Permission: " + entry.getKey(), expectImplies, implies);
         }
     }
@@ -643,11 +646,11 @@
         // make sure that policy is updated with this changed perm
         assertEquals( this.permission, this.store.getPermissions().get( "mockPerm1" ) );
         //TODO figure out how to reimplement
-//        assertEquals( this.permission, this.store.getRoles().get( "mockRole1" ).getGrants().get( "mockPerm1" ) );
-//        assertEquals( this.permission, this.store.getRoles().get( "mockRole2" ).getGrants().get( "mockPerm1" ) );
-//        assertNull( this.store.getRoles().get( "mockRole0" ).getGrants().get( "mockPerm1" ) );
-//        assertNull( this.store.getRoles().get( "mockRole3" ).getGrants().get( "mockPerm1" ) );
-//        assertNull( this.store.getRoles().get( "mockRole4" ).getGrants().get( "mockPerm1" ) );
+//        assertEquals( this.permission, this.store.getRoleIds().get( "mockRole1" ).getGrants().get( "mockPerm1" ) );
+//        assertEquals( this.permission, this.store.getRoleIds().get( "mockRole2" ).getGrants().get( "mockPerm1" ) );
+//        assertNull( this.store.getRoleIds().get( "mockRole0" ).getGrants().get( "mockPerm1" ) );
+//        assertNull( this.store.getRoleIds().get( "mockRole3" ).getGrants().get( "mockPerm1" ) );
+//        assertNull( this.store.getRoleIds().get( "mockRole4" ).getGrants().get( "mockPerm1" ) );
 
         ctx.close();
     }

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldif/src/main/java/org/apache/directory/triplesec/guardian/ldif/LdifApplicationPolicy.java Mon Oct 22 23:15:47 2007
@@ -258,23 +258,6 @@
 */
 
 
-    public Session getSession( String userName ) throws GuardianException
-    {
-        if ( isClosed )
-        {
-            throw new IllegalStateException( "This policy object has been closed." );
-        }
-
-/*
-        if ( profileMap.containsKey( userName ) )
-        {
-            return profileMap.get( userName );
-        }
-*/
-
-        return null;
-    }
-
 
     public void close() throws GuardianException
     {

Modified: directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif Mon Oct 22 23:15:47 2007
@@ -379,6 +379,18 @@
 appName: mockApplication
 userPassword:: dGVzdGluZw==
 
+dn: ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+changetype: add
+objectClass: top
+objectClass: organizationalUnit
+ou: permissions
+
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+changetype: add
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
 dn: appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
 changetype: add
 objectClass: top
@@ -454,12 +466,6 @@
 objectClass: policyPermission
 permName: mockPerm9
 
-dn: ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
-changetype: add
-objectClass: top
-objectClass: organizationalUnit
-ou: roles
-
 dn: ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
 changetype: add
 objectClass: top
@@ -650,5 +656,9 @@
 uid: mockUser
 userpassword: mockUser
 roles: mockRole
+roles: roleId0
+roles: roleId1
 defaultRoles: mockRole
+defaultRoles: roleId0
+defaultRoles: roleId1
 

Modified: directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SafehausLoginModule.java Mon Oct 22 23:15:47 2007
@@ -36,8 +36,8 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.apache.directory.triplesec.guardian.ApplicationPolicy;
 import org.apache.directory.triplesec.guardian.Session;
+import org.apache.directory.triplesec.guardian.SessionFactory;
 import org.apache.directory.triplesec.otp.HotpErrorConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -63,7 +63,7 @@
     private CallbackHandler callbackHandler;
     private Map sharedState;
     private Map options;
-    private PolicyCallback policyCallback;
+    private SessionFactoryCallback policyCallback;
     private String name;
     private Session session;
     LoginModule module;
@@ -188,10 +188,10 @@
             throw new NullPointerException( msg );
         }
         
-        final ApplicationPolicy policy = policyCallback.getPolicy();
-        if ( policy == null )
+        final SessionFactory sessionFactory = policyCallback.getSessionFactory();
+        if ( sessionFactory == null )
         {
-            String msg = "Cannot login with null policy.";
+            String msg = "Cannot login with null sessionFactory.";
             log.error( msg );
             throw new NullPointerException( msg );
         }
@@ -202,7 +202,7 @@
         // -------------------------------------------------------------------
 
         final String passcode = passcodeCallback.getPasscode();
-        session = policy.getSession( profileId );
+        session = sessionFactory.getSession( profileId );
         if ( session == null )
         {
             log.info( "Profile " + profileId + " not found for user." );
@@ -378,7 +378,7 @@
         passwordCallback = new PasswordCallback( "Password: ", false );
         realmCallback = new RealmCallback();
         passcodeCallback = new PasscodeCallback();
-        policyCallback = new PolicyCallback();
+        policyCallback = new SessionFactoryCallback();
         
         // Save these values for delayed initialization of the Krb5LoginModule
         this.subject = subject;

Copied: directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SessionFactoryCallback.java (from r564847, directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java)
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SessionFactoryCallback.java?p2=directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SessionFactoryCallback.java&p1=directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java&r1=564847&r2=587399&rev=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/PolicyCallback.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/SessionFactoryCallback.java Mon Oct 22 23:15:47 2007
@@ -23,6 +23,7 @@
 import javax.security.auth.callback.Callback;
 
 import org.apache.directory.triplesec.guardian.ApplicationPolicy;
+import org.apache.directory.triplesec.guardian.SessionFactory;
 
 
 /**
@@ -32,17 +33,17 @@
  * @author <a href="mailto:akarasulu@apache.org">Alex Karasulu</a>
  * @version $Rev$
  */
-public class PolicyCallback implements Callback
+public class SessionFactoryCallback implements Callback
 {
-    ApplicationPolicy policy;
+    SessionFactory sessionFactory;
     
-    public void setPolicy( ApplicationPolicy policy )
+    public void setSessionFactory( SessionFactory sessionFactory )
     {
-        this.policy = policy;
+        this.sessionFactory = sessionFactory;
     }
     
-    public ApplicationPolicy getPolicy()
+    public SessionFactory getSessionFactory()
     {
-        return policy;
+        return sessionFactory;
     }
 }

Modified: directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipal.java Mon Oct 22 23:15:47 2007
@@ -22,7 +22,6 @@
 
 import java.security.Principal;
 
-import org.apache.directory.triplesec.guardian.RealmPolicy;
 import org.apache.directory.triplesec.guardian.Session;
 
 /**
@@ -31,29 +30,28 @@
 public class TriplesecRealmPrincipal implements Principal
 {
 
-    private final String profileId;
-    private final RealmPolicy realmPolicy;
+    private final String uid;
+    private final Session session;
 
-    public TriplesecRealmPrincipal( String profileId, RealmPolicy realmPolicy )
+    public TriplesecRealmPrincipal( String uid, Session session )
     {
-        this.profileId = profileId;
-        this.realmPolicy = realmPolicy;
+        this.uid = uid;
+        this.session = session;
     }
 
     public String getName()
     {
-        return profileId;
+        return uid;
     }
 
     /**
-     * Gets the Guardian authorization profile for this SafehausPrincipal.
+     * Gets the Guardian authorization session for this user.
      *
-     * @return the authorization Profile
+     * @return the current session for this user
      */
-    public Session getSession(String applicationName)
+    public Session getSession()
     {
-        return realmPolicy.getSession(profileId, applicationName);
-//        return realmPolicy.getProfile(profileId);
+        return session;
     }
 
 

Modified: directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/main/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java Mon Oct 22 23:15:47 2007
@@ -28,7 +28,7 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.callback.CallbackHandler;
 
-import org.apache.directory.triplesec.guardian.RealmPolicy;
+import org.apache.directory.triplesec.guardian.Session;
 
 /**
  * @version $Rev:564501 $ $Date:2007-08-10 00:58:38 -0700 (Fri, 10 Aug 2007) $
@@ -36,26 +36,26 @@
 public class TriplesecRealmPrincipalLoginModule implements LoginModule
 {
 
-    public static final String PROFILE_KEY = LdapBindLoginModule.PREFIX + "profileID";
-    public static final String POLICY_KEY = LdapBindLoginModule.PREFIX + "realmPolicy";
+    public static final String UID_KEY = LdapBindLoginModule.PREFIX + "uid";
+    public static final String SESSION_KEY = LdapBindLoginModule.PREFIX + "session";
 
     private Subject subject;
-    private String profileId;
-    private RealmPolicy realmPolicy;
+    private String uid;
+    private Session session;
     private Principal principal;
 
     public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
     {
         this.subject = subject;
-        profileId = ( String ) sharedState.get( PROFILE_KEY );
-        if ( profileId == null )
+        uid = ( String ) sharedState.get( UID_KEY );
+        if ( uid == null )
         {
-            throw new IllegalArgumentException( "No profileID supplied in sharedState" );
+            throw new IllegalArgumentException( "No uid supplied in sharedState" );
         }
-        realmPolicy = ( RealmPolicy ) options.get( POLICY_KEY );
-        if ( realmPolicy == null )
+        session = ( Session ) sharedState.get( SESSION_KEY );
+        if ( session == null )
         {
-            throw new IllegalArgumentException( "No realm policy in options" );
+            throw new IllegalArgumentException( "No session in sharedState" );
         }
     }
 
@@ -66,7 +66,7 @@
 
     public boolean commit() throws LoginException
     {
-        principal = new TriplesecRealmPrincipal( profileId, realmPolicy );
+        principal = new TriplesecRealmPrincipal( uid, session );
         subject.getPrincipals().add( principal );
         return true;
     }

Modified: directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jaas/src/test/java/org/apache/directory/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java Mon Oct 22 23:15:47 2007
@@ -56,7 +56,7 @@
 /*
         String profileId = "testProfile";
         Map<String, String> options1 = new HashMap<String, String>();
-        options1.put(TriplesecRealmPrincipalLoginModule.PROFILE_KEY, profileId );
+        options1.put(TriplesecRealmPrincipalLoginModule.UID_KEY, profileId );
         Map<String, RealmPolicy> options2 = new HashMap<String, RealmPolicy>();
         Permissions grants = new Permissions();
         grants.add( new StringPermission( "mockPerm0" ) );
@@ -65,7 +65,7 @@
         Roles roles = new Roles( appRdn, new Role[] {} );
         Profile profile = new Profile( new MockAppPolicy(appRdn), "mockProfile5", "trustin", roles, grants, denials, false );
 
-        options2.put( TriplesecRealmPrincipalLoginModule.POLICY_KEY, new MockRealmPolicy( profileId, appRdn, profile ) );
+        options2.put( TriplesecRealmPrincipalLoginModule.SESSION_KEY, new MockRealmPolicy( profileId, appRdn, profile ) );
 
         AppConfigurationEntry entry1 = new AppConfigurationEntry( StateInsertingLoginModule.class.getName(),
                 AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
@@ -103,12 +103,12 @@
         public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
         {
             this.sharedState = sharedState;
-            profileId = ( String ) options.get( TriplesecRealmPrincipalLoginModule.PROFILE_KEY);
+            profileId = ( String ) options.get( TriplesecRealmPrincipalLoginModule.UID_KEY );
         }
 
         public boolean login() throws LoginException
         {
-            sharedState.put( TriplesecRealmPrincipalLoginModule.PROFILE_KEY, profileId );
+            sharedState.put( TriplesecRealmPrincipalLoginModule.UID_KEY, profileId );
             return true;
         }
 

Added: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jacc;
+
+import java.util.List;
+
+import javax.naming.InvalidNameException;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface ContextIdToRdnMapper
+{
+
+    LdapDN toRdns(String contextId) throws InvalidNameException;
+}

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/ContextIdToRdnMapper.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java Mon Oct 22 23:15:47 2007
@@ -23,17 +23,26 @@
 import java.security.Permission;
 import java.security.PermissionCollection;
 import java.util.Enumeration;
+import java.util.List;
+import java.util.ListIterator;
 
+import javax.naming.InvalidNameException;
 import javax.naming.NamingException;
 import javax.security.jacc.PolicyConfiguration;
 import javax.security.jacc.PolicyContextException;
 
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.name.Rdn;
 import org.apache.directory.triplesec.admin.Application;
+import org.apache.directory.triplesec.admin.Applications;
 import org.apache.directory.triplesec.admin.Role;
 import org.apache.directory.triplesec.admin.persistence.EntityManager;
 import org.apache.directory.triplesec.admin.persistence.PCException;
+import org.apache.directory.triplesec.admin.persistence.PersistenceCapable;
 
 /**
+ * This handles provisioning the jacc security information from the app server into the ldap backend.
+ *
  * @version $Rev$ $Date$
  */
 public class DataPolicyConfiguration implements PolicyConfiguration
@@ -49,16 +58,61 @@
     public DataPolicyConfiguration( String contextID, TripleSecPolicyConfigurationFactory policyConfigurationFactory ) throws PolicyContextException
     {
         EntityManager entityManager = policyConfigurationFactory.getEntityManager();
-        Application context;
+        LdapDN rdnPath;
         try
         {
-            context = entityManager.find( Application.class, null, "appName=" + contextID + ",appName=mockApplication,ou=applications" );
-        } catch ( PCException e )
+            rdnPath = policyConfigurationFactory.getContextIdMapper().toRdns( contextID );
+        } catch ( InvalidNameException e )
+        {
+            throw new PolicyContextException( "Could not parse contextId to a ldapDN: " + contextID, e);
+        }
+        boolean newApp = false;
+        String dn = "ou=applications";
+        Application context = null;
+        PersistenceCapable ppc;
+        try
+        {
+            ppc = entityManager.find( Applications.class, null, dn);
+        } catch ( PCException e)
+        {
+            ppc = new Applications();
+            entityManager.persist( ppc, null);
+            try
+            {
+                ppc.getStateManager().commit();
+            } catch ( NamingException e1 )
+            {
+                throw new PolicyContextException("Could not create Applications at " + dn, e);
+            }
+        }
+
+        List<Rdn> rdns = rdnPath.getRdns();
+        for ( ListIterator<Rdn> li = rdns.listIterator( rdns.size() ); li.hasPrevious(); )
+        {
+            Rdn rdn = li.previous();
+            dn = rdn.getUpName() + "," + dn;
+            try
+            {
+                context = entityManager.find( Application.class, null, dn );
+            } catch ( PCException e )
+            {
+                context = new Application();
+                context.setAppName( ( String ) rdn.getUpValue() );
+                entityManager.persist( context, ppc );
+                try
+                {
+                    context.getStateManager().commit();
+                } catch ( NamingException e1 )
+                {
+                    throw new PolicyContextException("Could not create app at " + rdn, e);
+                }
+                newApp = true;
+            }
+            ppc = context;
+        }
+        if ( newApp )
         {
-            context = new Application();
-            context.setAppName( contextID );
             context.addRole( new Role( UNIVERSAL_ROLE_NAME, getRoleId(), "universal role" ) );
-            entityManager.persist( context, null );
         }
         this.context = context;
     }
@@ -153,6 +207,7 @@
 
     public void linkConfiguration( PolicyConfiguration policyConfiguration ) throws PolicyContextException
     {
+        //TODO figure out what to do.  Probably depends on how well ContextIdToRdnMapper works.
     }
 
     public void delete() throws PolicyContextException

Added: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jacc;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.InvalidNameException;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.name.Rdn;
+
+/**
+ * Test ContextIdMapper that accepts a . separated string such as foo.bar.my.app and produces an rdn for each level.
+ *
+ * @version $Rev:$ $Date:$
+ */
+public class SampleContextIdMapper implements ContextIdToRdnMapper
+{
+    public LdapDN toRdns( String contextId ) throws InvalidNameException
+    {
+        LdapDN result = new LdapDN();
+        String[] bits = contextId.split( "\\." );
+        for ( int i = bits.length - 1; i > -1; i-- )
+        {
+            String bit = bits[i];
+            Rdn rdn = new Rdn("appName", "appname", bit, bit);
+            result.add( rdn );
+        }
+        return result;
+    }
+}

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/SampleContextIdMapper.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java Mon Oct 22 23:15:47 2007
@@ -26,6 +26,7 @@
 import javax.security.jacc.PolicyContextException;
 
 import org.apache.directory.triplesec.guardian.Session;
+import org.apache.directory.triplesec.guardian.ApplicationPolicy;
 import org.apache.directory.triplesec.jaas.TriplesecRealmPrincipal;
 
 
@@ -42,12 +43,14 @@
     private final TripleSecPolicyConfigurationFactory factory;
     private DataPolicyConfiguration dataPolicyConfiguration;
     private int state;
+    private volatile ApplicationPolicy applicationPolicy;
 
-    TripleSecPolicyConfiguration( String contextID, TripleSecPolicyConfigurationFactory factory ) 
+    TripleSecPolicyConfiguration( String contextID, TripleSecPolicyConfigurationFactory factory, ApplicationPolicy applicationPolicy )
     {
         this.contextID = contextID;
-        this.state = OPEN;
+        this.state = applicationPolicy == null? OPEN: IN_SERVICE;
         this.factory = factory;
+        this.applicationPolicy = applicationPolicy;
     }
 
     public String getContextID() throws PolicyContextException
@@ -68,9 +71,9 @@
         {
             if ( principal instanceof TriplesecRealmPrincipal )
             {
-                Session profile = ( ( TriplesecRealmPrincipal ) principal ).getSession( contextID );
+                Session session = ( ( TriplesecRealmPrincipal ) principal ).getSession();
 
-                return profile.implies( permission );
+                return session.implies( permission, applicationPolicy.getRolesById() );
 
             }
         }
@@ -131,12 +134,14 @@
     public void delete() throws PolicyContextException
     {
         getDataPolicyConfiguration().delete();
+        applicationPolicy = null;
         state = DELETED;
     }
 
     public void commit() throws PolicyContextException
     {
         getDataPolicyConfiguration().commit();
+        applicationPolicy = factory.getApplicationPolicy( contextID );
         state = IN_SERVICE;
     }
 
@@ -152,6 +157,7 @@
     //  argument to cause the  corresponding policy statements to be deleted from the context.
     public void open( boolean remove )
     {
+        applicationPolicy = null;
         if ( remove )
         {
             //TODO Clear triplesec ldap for this contextId (??)

Modified: directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java Mon Oct 22 23:15:47 2007
@@ -26,17 +26,21 @@
 import java.util.Map;
 import java.util.Properties;
 
+import javax.naming.InvalidNameException;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.ldap.InitialLdapContext;
 import javax.security.jacc.PolicyConfiguration;
 import javax.security.jacc.PolicyConfigurationFactory;
 import javax.security.jacc.PolicyContextException;
-import javax.naming.directory.DirContext;
-import javax.naming.ldap.InitialLdapContext;
-import javax.naming.NamingException;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.triplesec.admin.persistence.EntityManager;
 import org.apache.directory.triplesec.admin.persistence.EntityManagerImpl;
+import org.apache.directory.triplesec.guardian.ApplicationPolicy;
+import org.apache.directory.triplesec.guardian.RealmPolicy;
 
 /**
  * @version $Rev$ $Date$
@@ -50,6 +54,8 @@
     private Properties ldapProperties;
     private DirContext ctx;
     private String rootDn;
+    private ContextIdToRdnMapper contextIdMapper;
+    private RealmPolicy realmPolicy;
 
     private Map<String, TripleSecPolicyConfiguration> configurations = new HashMap<String, TripleSecPolicyConfiguration>();
     public static final String LDAP_PROPERTIES_LOCATON_KEY = "org.apache.directory.triplesec.jacc.ldap.properties";
@@ -67,6 +73,8 @@
             }
             singleton = this;
         }
+        //TODO for testing
+        contextIdMapper = new SampleContextIdMapper();
     }
 
     public PolicyConfiguration getPolicyConfiguration( String contextID, boolean remove ) throws PolicyContextException
@@ -75,7 +83,7 @@
 
         if ( configuration == null )
         {
-            configuration = new TripleSecPolicyConfiguration( contextID, this );
+            configuration = new TripleSecPolicyConfiguration( contextID, this, null );
             configurations.put( contextID, configuration );
         } else
         {
@@ -86,12 +94,25 @@
         return configuration;
     }
 
+    ApplicationPolicy getApplicationPolicy( String contextID ) throws PolicyContextException
+    {
+        LdapDN dn;
+        try
+        {
+            dn = contextIdMapper.toRdns( contextID );
+        } catch ( InvalidNameException e )
+        {
+            throw new PolicyContextException( "Could not interpret contextID: " + contextID, e );
+        }
+        ApplicationPolicy applicationPolicy = realmPolicy.getApplicationPolicy( dn );
+        return applicationPolicy;
+    }
+
     public boolean inService( String contextID ) throws PolicyContextException
     {
-        PolicyConfiguration configuration = getPolicyConfiguration( contextID, false );
+        PolicyConfiguration configuration = getTripleSecPolicyConfiguration( contextID );
 
-        log.trace( "Policy configuration " + contextID + " put into service" );
-        return configuration.inService();
+        return configuration != null && configuration.inService();
     }
 
     static TripleSecPolicyConfigurationFactory getSingleton()
@@ -99,9 +120,16 @@
         return singleton;
     }
 
-    public TripleSecPolicyConfiguration getTripleSecPolicyConfiguration( String contextID )
+    public TripleSecPolicyConfiguration getTripleSecPolicyConfiguration( String contextID ) throws PolicyContextException
     {
-        return configurations.get( contextID );
+        TripleSecPolicyConfiguration configuration = configurations.get( contextID );
+        if ( configuration == null )
+        {
+            ApplicationPolicy applicationPolicy = getApplicationPolicy( contextID );
+            configuration = new TripleSecPolicyConfiguration( contextID, this, applicationPolicy );
+            configurations.put( contextID, configuration );
+        }
+        return configuration;
     }
 
     public synchronized void setLdapProperties( Properties ldapProperties )
@@ -109,6 +137,12 @@
         this.ldapProperties = ldapProperties;
     }
 
+
+    public synchronized void setRealmPolicy( RealmPolicy realmPolicy )
+    {
+        this.realmPolicy = realmPolicy;
+    }
+
     public synchronized DirContext getDirContext() throws PolicyContextException
     {
         if ( ctx == null )
@@ -174,5 +208,11 @@
     {
         DirContext ctx = getDirContext();
         return new EntityManagerImpl( ctx, rootDn );
+    }
+
+
+    public ContextIdToRdnMapper getContextIdMapper()
+    {
+        return contextIdMapper;
     }
 }

Added: directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java?rev=587399&view=auto
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java (added)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java Mon Oct 22 23:15:47 2007
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jacc;
+
+import junit.framework.TestCase;
+import org.apache.directory.shared.ldap.name.LdapDN;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SampleContextIdMapperTest extends TestCase
+{
+
+    public void testMapper() throws Exception
+    {
+        SampleContextIdMapper mapper = new SampleContextIdMapper();
+        LdapDN dn = mapper.toRdns( "a.b.c" );
+        assertEquals("appname=a,appname=b,appname=c", dn.getUpName());
+    }
+
+}

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/SampleContextIdMapperTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/jacc/src/test/java/org/apache/directory/triplesec/jacc/TripleSecPolicyIntegrationTest.java Mon Oct 22 23:15:47 2007
@@ -51,6 +51,10 @@
 import org.apache.directory.triplesec.guardian.RealmPolicyFactory;
 import org.apache.directory.triplesec.guardian.StoreConnectionException;
 import org.apache.directory.triplesec.guardian.StringPermission;
+import org.apache.directory.triplesec.guardian.SessionFactory;
+import org.apache.directory.triplesec.guardian.Session;
+import org.apache.directory.triplesec.guardian.ldap.LdapSessionFactory;
+import org.apache.directory.triplesec.guardian.ldap.LdapRealmPolicy;
 import org.apache.directory.triplesec.integration.TriplesecIntegration;
 import org.apache.directory.triplesec.jaas.LdapBindLoginModule;
 import org.apache.directory.triplesec.jaas.TriplesecRealmPrincipalLoginModule;
@@ -62,7 +66,8 @@
 {
     public final static String POLICY_CONFIG_FACTORY = "javax.security.jacc.PolicyConfigurationFactory.provider";
 
-    private static final String APP_NAME = "mockContext";
+    //TODO uses SampleContextIdMapper
+    private static final String APP_NAME = "mockContext1.mockApp.mockAppRealm";
 
     private static final String USER_NAME = "mockUser";
     private static final String USER_PW = "mockUser";
@@ -70,6 +75,7 @@
 
 
     private RealmPolicy realmPolicy;
+    private SessionFactory sessionFactory;
     private static final String BASE_URL = "dc=example,dc=com";
     private String providerUrl;
     private static boolean POLICY_INSTALLED = false;
@@ -93,7 +99,8 @@
         providerUrl = "ldap://localhost:" + super.getLdapPort() + "/" + BASE_URL;
         props = new Properties();
 //        props.setProperty("applicationRDN", "appName=" + APP_NAME + ",appName=mockApplication,ou=applications");
-        props.setProperty( "applicationRDN", "appName=mockApplication,ou=applications" );
+        //TODO this is ridiculous... need a way of loading apps when they start or are accessed. Or specifying which to look for
+        props.setProperty( "applicationRDN", "ou=applications" );
 //        props.setProperty("applicationPrincipalDN", "appName=" + APP_NAME + ",appName=mockApplication,ou=applications," + BASE_URL);
 //        props.setProperty("applicationCredentials", "testing");
         props.setProperty( "applicationPrincipalDN", "uid=admin,ou=system" );
@@ -156,30 +163,34 @@
      */
     public void xtestLogin() throws Exception
     {
+        realmPolicy = RealmPolicyFactory.newInstance( providerUrl, props );
+        ( ( TripleSecPolicyConfigurationFactory ) policyConfigurationFactory ).setRealmPolicy( realmPolicy );
+        sessionFactory = new LdapSessionFactory((( LdapRealmPolicy )realmPolicy).getCtx());
         PolicyContext.setContextID( APP_NAME );
         PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration( APP_NAME, false );
         policyConfiguration.commit();
         StringPermission perm = new StringPermission( PERM_NAME );
-        realmPolicy = RealmPolicyFactory.newInstance( providerUrl, props );
 
         checkPermission( perm );
     }
 
     public void testAddPermission() throws Exception
     {
+        realmPolicy = RealmPolicyFactory.newInstance( providerUrl, props );
+        sessionFactory = new LdapSessionFactory((( LdapRealmPolicy )realmPolicy).getCtx());
+        ( ( TripleSecPolicyConfigurationFactory ) policyConfigurationFactory ).setRealmPolicy( realmPolicy );
         StringPermission perm = new StringPermission( PERM_NAME );
         PolicyContext.setContextID( APP_NAME );
         PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration( APP_NAME, false );
         policyConfiguration.addToRole( ROLE, perm );
         policyConfiguration.commit();
-        realmPolicy = RealmPolicyFactory.newInstance( providerUrl, props );
 
         InitialDirContext ctx = getContext( providerUrl, props );
 
-        String contextDn = "roleName=" + ROLE + ",ou=roles,appName=mockContext,appName=mockApplication,ou=applications";
+        String contextDn = "roleName=" + ROLE + ",ou=roles,appName=mockContext1,appName=mockApp,appName=mockAppRealm,ou=applications";
         Attributes attrs = ctx.getAttributes( contextDn );
         //the name is generated and not the same as the string permission name
-        assertEquals("Actual permission name: " + ( String ) attrs.get( "grants" ).get(), "mockContextperm0", ( String ) attrs.get( "grants" ).get() );
+        assertEquals("Actual permission name: " + ( String ) attrs.get( "grants" ).get(), "mockContext1perm0", ( String ) attrs.get( "grants" ).get() );
 
         checkPermission( perm );
     }
@@ -230,13 +241,14 @@
         options.put( Context.PROVIDER_URL, providerUrl );
         options.put( Context.SECURITY_AUTHENTICATION, "simple" );
         options.put( LdapBindLoginModule.REALM_KEY, "example.com" );
-        options.put( TriplesecRealmPrincipalLoginModule.POLICY_KEY, realmPolicy );
         LoginModule module = new TriplesecRealmPrincipalLoginModule();
         Subject subject = new Subject();
 //        CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
         CallbackHandler callbackHandler = null;
         Map<String, Object> sharedState = new HashMap<String, Object>();
-        sharedState.put( TriplesecRealmPrincipalLoginModule.PROFILE_KEY, USER_NAME );
+        sharedState.put( TriplesecRealmPrincipalLoginModule.UID_KEY, USER_NAME );
+        Session session = sessionFactory.getSession( USER_NAME );
+        sharedState.put( TriplesecRealmPrincipalLoginModule.SESSION_KEY, session );
         module.initialize( subject, callbackHandler, sharedState, options );
         module.login();
         module.commit();

Modified: directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java?rev=587399&r1=587398&r2=587399&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java (original)
+++ directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java Mon Oct 22 23:15:47 2007
@@ -507,7 +507,7 @@
             // Strip the name once more; this will prevent this method
             // from throwing an exception when these entries are added
             // just beneath policyApplication entry.
-            name = ( LdapDN ) name.getPrefix( 1 );
+            name = ( LdapDN ) name.getPrefix( name.size() - 1 );
         }
 
 
@@ -520,18 +520,15 @@
                 Attributes entry = next.lookup( new LookupOperationContext( name ) );
                 Attribute attr = getObjectClass( entry );
                 NamingEnumeration e = attr.getAll();
+                boolean isPolicyApplication = false;
                 try
                 {
                     while( e.hasMore() )
                     {
                         if( "policyApplication".equalsIgnoreCase( (String) e.next() ) )
                         {
-                            if (ended) {
-                                throw new SchemaViolationException( "Non-policy entries cannot reside under policyApplication." );
-                            }
-                            started = true;
-                        } else if (started) {
-                            ended = true;
+                            isPolicyApplication = true;
+                            break;
                         }
                     }
                 }
@@ -539,6 +536,17 @@
                 {
                     e.close();
                 }
+                if (isPolicyApplication)
+                {
+                    if (ended)
+                    {
+                        throw new SchemaViolationException( "Non-policy entries cannot reside under policyApplication." );
+                    }
+                    started = true;
+                } else if ( started )
+                {
+                    ended = true;
+                }
             }
             catch( SchemaViolationException e )
             {
@@ -735,8 +743,7 @@
         rn = NamespaceTools.getRdnValue( rn ).trim();
 
         return ( rn.equalsIgnoreCase( "permissions" ) ||
-                 rn.equalsIgnoreCase( "roles" ) ||
-                 rn.equalsIgnoreCase( "profiles" ) );
+                 rn.equalsIgnoreCase( "roles" ) );
     }
 
     



Mime
View raw message