portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Le Strat <dlest...@yahoo.com>
Subject RE: [J2] group and role hierarchy
Date Wed, 16 Jun 2004 16:52:56 GMT
Artem,

This is awesome.  Thank you for the patch.  I am
leaving tonight and won't have time to apply the
patch, does someone else have the time to take care of
this?

Regards,

David.

--- "Grinshtein, Artem"
<Artem.Grinshtein@t-systems.com> wrote:
> Hello,
> 
> This is a patch for the security component that
> enables hierarchical roles and groups. The patch
> contains implementation of generalization and
> agrregation strategies. The default strategy is
> generalization. It's possible to set different
> strategies for groups and roles.
>  
> The group/role hierarchy is resolved by adding
> grope/role principals dependend on strategy to the
> user's subject.
> 
> Regards,
> Artem
> 
> > -----Ursprüngliche Nachricht-----
> > Von: David Le Strat [mailto:dlestrat@yahoo.com]
> > Gesendet: Dienstag, 8. Juni 2004 03:27
> > An: Jetspeed Developers List
> > Betreff: Re: [J2] group and role hierarchy
> > 
> > 
> > Artem,
> > 
> > You are absolutely correct.  We need to tackle
> this,
> > The current implementation does not do a good job
> at
> > this yet. Patches are welcome ;)
> > 
> > I believe that the most common implementation is
> the
> > generalization strategy.  This should be the
> default
> > in my mind.  Supporting multiple strategies is I
> > believe a nice to have for now.  Thoughts?
> > 
> > Regards,
> > 
> > David.
> > 
> > --- "Grinshtein, Artem"
> > <Artem.Grinshtein@t-systems.com> wrote:
> > > Hello All,
> > > 
> > > IMHO, the term "hierarchical" is not clearly
> defined
> > > in jetspeed.  There is more than one meaning for
> > > hierarchical roles/groups according to
> > > http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf.
> 
> > > For example, there're 3 hierarchical roles:
> > > -R1
> > > --R1.1
> > > --R1.2
> > > with persmissions:
> > > grand R1 { permission P1 }
> > > grand R1.1 { permission P2 }
> > > grand R1.2 { permission P3 }
> > > 
> > > By a generalisation hierarchy ("is
> a"-hierarchy):
> > > R1 has [P1]
> > > R1 has [P1,P2]
> > > R1 has [P1,P3]
> > > 
> > > and by a agrregation hierarchy ("part of")
> > > R1 has [P1,P2,P3]
> > > R1 has [P2]
> > > R1 has [P3].
> > > 
> > > What type of hierarchy will be supported? Does
> it
> > > make any sence to support different types?
> > > 
> > > Regards,
> > > Artem
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >
> >
>
---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > > jetspeed-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > > jetspeed-dev-help@jakarta.apache.org
> > > 
> > 
> > 
> > 
> > 	
> > 		
> > __________________________________
> > Do you Yahoo!?
> > Friends.  Fun.  Try the all-new Yahoo! Messenger.
> > http://messenger.yahoo.com/ 
> > 
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> jetspeed-dev-help@jakarta.apache.org
> > 
> > 
> > Index:
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
>
===================================================================
> RCS File:
>
/home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/AbstractSecurityTestcase.java
> retrieving revision 1.1
> diff -u -r1.1
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> ---
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> +++
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> 16 Jun 2004 14:19:37 -0000
> @@ -6,6 +6,13 @@
>   */
>  package org.apache.jetspeed.security;
>  
> +import java.util.ArrayList;
> +import java.util.Collection;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.security.auth.Subject;
> +
>  import
>
org.apache.jetspeed.components.persistence.store.util.PersistenceSupportedTestCase;
>  import
> org.apache.jetspeed.security.impl.GroupManagerImpl;
>  import
>
org.apache.jetspeed.security.impl.PermissionManagerImpl;
> @@ -54,5 +61,24 @@
>      {
>          super(arg0);
>      }
> +    
> +    /**
> +     * Returns subject's principals of type claz 
> +     * 
> +     * @param subject
> +     * @param claz
> +     * @return Returns subject's principals of type
> claz
> +     */
> +    protected Collection getPrincipals( Subject
> subject, Class claz){
> +        List principals=new ArrayList();
> +        for (Iterator iter =
> subject.getPrincipals().iterator(); iter.hasNext();)
> +        {
> +            Object element = iter.next();
> +            if ( claz.isInstance(element) ) 
> +                principals.add(element);
> +            
> +        }
> +        return principals;
> +    }
>  
>  }
> Index:
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
>
===================================================================
> RCS File:
>
/home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestGroupManager.java
> retrieving revision 1.4
> diff -u -r1.4
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> ---
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> +++
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> 16 Jun 2004 14:38:02 -0000
> @@ -14,13 +14,9 @@
>   */
>  package org.apache.jetspeed.security;
>  
> -import java.security.Principal;
>  import java.util.Collection;
> -import java.util.HashSet;
>  import java.util.prefs.Preferences;
>  
> -import javax.security.auth.Subject;
> -
>  import junit.framework.Test;
>  import junit.framework.TestSuite;
>  
> @@ -123,15 +119,10 @@
>          try
>          {
>              gms.addUserToGroup("anonuser1",
> "testusertogroup1.group1");
> -            Collection principals =
>
ums.getUser("anonuser1").getSubject().getPrincipals();
> -            Principal found =
> -                SecurityHelper.getPrincipal(
> -                    new Subject(false, new
> HashSet(principals), new HashSet(), new HashSet()),
> -                    GroupPrincipal.class);
> -            assertNotNull("found principal is
> null", found);
> +            Collection principals =
>
ums.getUser("anonuser1").getSubject().getPrincipals();
>        
>              assertTrue(
> -                "found principal should be
> testusertogroup1.group1, " + found.getName(),
> -               
> found.getName().equals("testusertogroup1.group1"));
> +                    "anonuser1 should contain
> testusertogroup1.group1",
> +                    principals.contains(new
> GroupPrincipalImpl("testusertogroup1.group1")));
>          }
>          catch (SecurityException sex)
>          {
> @@ -208,10 +199,12 @@
>          {
>              gms.removeGroup("testgroup1.group1");
>              Collection principals =
>
ums.getUser("anonuser2").getSubject().getPrincipals();
> -            assertEquals(
> -                "principal size should be == 3
> after removing testgroup1.group1, for principals: "
> + principals.toString(),
> -                3,
> -                principals.size());
> +            // because of hierarchical groups
> +            //
> +            //assertEquals(
> +            //    "principal size should be == 3
> after removing testgroup1.group1, for principals: "
> + principals.toString(),
> +            //    3,
> +            //    principals.size());
>              assertFalse(
>                  "anonuser2 should not contain
> testgroup1.group1",
>                  principals.contains(new
> GroupPrincipalImpl("testgroup1.group1")));
> Index:
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
>
===================================================================
> RCS File:
>
/home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRoleManager.java
> retrieving revision 1.4
> diff -u -r1.4
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> ---
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> +++
>
jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> 16 Jun 2004 14:33:39 -0000
> @@ -14,13 +14,9 @@
>   */
>  package org.apache.jetspeed.security;
>  
> -import java.security.Principal;
>  import java.util.Collection;
> -import java.util.HashSet;
>  import java.util.prefs.Preferences;
>  
> -import javax.security.auth.Subject;
> -
>  import junit.framework.Test;
>  import junit.framework.TestSuite;
>  
> @@ -121,15 +117,11 @@
>          try
>          {
>              rms.addRoleToUser("anonuser1",
> "testusertorole1.role1");
> +          
>              Collection principals =
>
ums.getUser("anonuser1").getSubject().getPrincipals();
> -            Principal found =
> -                SecurityHelper.getPrincipal(
> -                    new Subject(false, new
> HashSet(principals), new HashSet(), new HashSet()),
> -                    RolePrincipal.class);
> -            assertNotNull("found principal is
> null", found);
>              assertTrue(
> -                "found principal should be
> testusertorole1.role1, " + found.getName(),
> -               
> found.getName().equals("testusertorole1.role1"));
> +                "anonuser1 should contain
> testusertorole1.role1",
> +                principals.contains(new
> RolePrincipalImpl("testusertorole1.role1")));
>          }
>          catch (SecurityException sex)
>          {
> @@ -207,10 +199,12 @@
>          {
>              rms.removeRole("testrole1.role1");
>              Collection principals =
>
ums.getUser("anonuser2").getSubject().getPrincipals();
> -            assertEquals(
> -                "principal size should be == 3
> after removing testrole1.role1, for principals: " +
> principals.toString(),
> 
=== message truncated ===>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
jetspeed-dev-help@jakarta.apache.org



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message