portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ate Douma <...@douma.nu>
Subject Re: [J2] group and role hierarchy
Date Wed, 16 Jun 2004 16:58:38 GMT
I can do a review and apply the patch later tonight.

Regards,

Ate

David Le Strat wrote:

> Artem,
> 
> This is awesome.  Thank you for the patch.  I am
> leaving tonight and won't have time to apply the
> patch, does someone else have the time to take care of
> this?
> 
> Regards,
> 
> David.
> 
> --- "Grinshtein, Artem"
> <Artem.Grinshtein@t-systems.com> wrote:
> 
>>Hello,
>>
>>This is a patch for the security component that
>>enables hierarchical roles and groups. The patch
>>contains implementation of generalization and
>>agrregation strategies. The default strategy is
>>generalization. It's possible to set different
>>strategies for groups and roles.
>> 
>>The group/role hierarchy is resolved by adding
>>grope/role principals dependend on strategy to the
>>user's subject.
>>
>>Regards,
>>Artem
>>
>>
>>>-----Urspr√ľngliche Nachricht-----
>>>Von: David Le Strat [mailto:dlestrat@yahoo.com]
>>>Gesendet: Dienstag, 8. Juni 2004 03:27
>>>An: Jetspeed Developers List
>>>Betreff: Re: [J2] group and role hierarchy
>>>
>>>
>>>Artem,
>>>
>>>You are absolutely correct.  We need to tackle
>>
>>this,
>>
>>>The current implementation does not do a good job
>>
>>at
>>
>>>this yet. Patches are welcome ;)
>>>
>>>I believe that the most common implementation is
>>
>>the
>>
>>>generalization strategy.  This should be the
>>
>>default
>>
>>>in my mind.  Supporting multiple strategies is I
>>>believe a nice to have for now.  Thoughts?
>>>
>>>Regards,
>>>
>>>David.
>>>
>>>--- "Grinshtein, Artem"
>>><Artem.Grinshtein@t-systems.com> wrote:
>>>
>>>>Hello All,
>>>>
>>>>IMHO, the term "hierarchical" is not clearly
>>
>>defined
>>
>>>>in jetspeed.  There is more than one meaning for
>>>>hierarchical roles/groups according to
>>>>http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf.
>>
>>>>For example, there're 3 hierarchical roles:
>>>>-R1
>>>>--R1.1
>>>>--R1.2
>>>>with persmissions:
>>>>grand R1 { permission P1 }
>>>>grand R1.1 { permission P2 }
>>>>grand R1.2 { permission P3 }
>>>>
>>>>By a generalisation hierarchy ("is
>>
>>a"-hierarchy):
>>
>>>>R1 has [P1]
>>>>R1 has [P1,P2]
>>>>R1 has [P1,P3]
>>>>
>>>>and by a agrregation hierarchy ("part of")
>>>>R1 has [P1,P2,P3]
>>>>R1 has [P2]
>>>>R1 has [P3].
>>>>
>>>>What type of hierarchy will be supported? Does
>>
>>it
>>
>>>>make any sence to support different types?
>>>>
>>>>Regards,
>>>>Artem
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
> ---------------------------------------------------------------------
> 
>>>>To unsubscribe, e-mail:
>>>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail:
>>>>jetspeed-dev-help@jakarta.apache.org
>>>>
>>>
>>>
>>>
>>>	
>>>		
>>>__________________________________
>>>Do you Yahoo!?
>>>Friends.  Fun.  Try the all-new Yahoo! Messenger.
>>>http://messenger.yahoo.com/ 
>>>
>>>
>>
> ---------------------------------------------------------------------
> 
>>>To unsubscribe, e-mail:
>>
>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>
>>>For additional commands, e-mail:
>>
>>jetspeed-dev-help@jakarta.apache.org
>>
>>>
>>>Index:
>>
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> 
> ===================================================================
> 
>>RCS File:
>>
> 
> /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/AbstractSecurityTestcase.java
> 
>>retrieving revision 1.1
>>diff -u -r1.1
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> 
>>---
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> 
>>+++
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java
> 
>>16 Jun 2004 14:19:37 -0000
>>@@ -6,6 +6,13 @@
>>  */
>> package org.apache.jetspeed.security;
>> 
>>+import java.util.ArrayList;
>>+import java.util.Collection;
>>+import java.util.Iterator;
>>+import java.util.List;
>>+
>>+import javax.security.auth.Subject;
>>+
>> import
>>
> 
> org.apache.jetspeed.components.persistence.store.util.PersistenceSupportedTestCase;
> 
>> import
>>org.apache.jetspeed.security.impl.GroupManagerImpl;
>> import
>>
> 
> org.apache.jetspeed.security.impl.PermissionManagerImpl;
> 
>>@@ -54,5 +61,24 @@
>>     {
>>         super(arg0);
>>     }
>>+    
>>+    /**
>>+     * Returns subject's principals of type claz 
>>+     * 
>>+     * @param subject
>>+     * @param claz
>>+     * @return Returns subject's principals of type
>>claz
>>+     */
>>+    protected Collection getPrincipals( Subject
>>subject, Class claz){
>>+        List principals=new ArrayList();
>>+        for (Iterator iter =
>>subject.getPrincipals().iterator(); iter.hasNext();)
>>+        {
>>+            Object element = iter.next();
>>+            if ( claz.isInstance(element) ) 
>>+                principals.add(element);
>>+            
>>+        }
>>+        return principals;
>>+    }
>> 
>> }
>>Index:
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> 
> ===================================================================
> 
>>RCS File:
>>
> 
> /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestGroupManager.java
> 
>>retrieving revision 1.4
>>diff -u -r1.4
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> 
>>---
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> 
>>+++
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java
> 
>>16 Jun 2004 14:38:02 -0000
>>@@ -14,13 +14,9 @@
>>  */
>> package org.apache.jetspeed.security;
>> 
>>-import java.security.Principal;
>> import java.util.Collection;
>>-import java.util.HashSet;
>> import java.util.prefs.Preferences;
>> 
>>-import javax.security.auth.Subject;
>>-
>> import junit.framework.Test;
>> import junit.framework.TestSuite;
>> 
>>@@ -123,15 +119,10 @@
>>         try
>>         {
>>             gms.addUserToGroup("anonuser1",
>>"testusertogroup1.group1");
>>-            Collection principals =
>>
> 
> ums.getUser("anonuser1").getSubject().getPrincipals();
> 
>>-            Principal found =
>>-                SecurityHelper.getPrincipal(
>>-                    new Subject(false, new
>>HashSet(principals), new HashSet(), new HashSet()),
>>-                    GroupPrincipal.class);
>>-            assertNotNull("found principal is
>>null", found);
>>+            Collection principals =
>>
> 
> ums.getUser("anonuser1").getSubject().getPrincipals();
> 
>>       
>>             assertTrue(
>>-                "found principal should be
>>testusertogroup1.group1, " + found.getName(),
>>-               
>>found.getName().equals("testusertogroup1.group1"));
>>+                    "anonuser1 should contain
>>testusertogroup1.group1",
>>+                    principals.contains(new
>>GroupPrincipalImpl("testusertogroup1.group1")));
>>         }
>>         catch (SecurityException sex)
>>         {
>>@@ -208,10 +199,12 @@
>>         {
>>             gms.removeGroup("testgroup1.group1");
>>             Collection principals =
>>
> 
> ums.getUser("anonuser2").getSubject().getPrincipals();
> 
>>-            assertEquals(
>>-                "principal size should be == 3
>>after removing testgroup1.group1, for principals: "
>>+ principals.toString(),
>>-                3,
>>-                principals.size());
>>+            // because of hierarchical groups
>>+            //
>>+            //assertEquals(
>>+            //    "principal size should be == 3
>>after removing testgroup1.group1, for principals: "
>>+ principals.toString(),
>>+            //    3,
>>+            //    principals.size());
>>             assertFalse(
>>                 "anonuser2 should not contain
>>testgroup1.group1",
>>                 principals.contains(new
>>GroupPrincipalImpl("testgroup1.group1")));
>>Index:
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> 
> ===================================================================
> 
>>RCS File:
>>
> 
> /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRoleManager.java
> 
>>retrieving revision 1.4
>>diff -u -r1.4
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> 
>>---
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> 
>>+++
>>
> 
> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java
> 
>>16 Jun 2004 14:33:39 -0000
>>@@ -14,13 +14,9 @@
>>  */
>> package org.apache.jetspeed.security;
>> 
>>-import java.security.Principal;
>> import java.util.Collection;
>>-import java.util.HashSet;
>> import java.util.prefs.Preferences;
>> 
>>-import javax.security.auth.Subject;
>>-
>> import junit.framework.Test;
>> import junit.framework.TestSuite;
>> 
>>@@ -121,15 +117,11 @@
>>         try
>>         {
>>             rms.addRoleToUser("anonuser1",
>>"testusertorole1.role1");
>>+          
>>             Collection principals =
>>
> 
> ums.getUser("anonuser1").getSubject().getPrincipals();
> 
>>-            Principal found =
>>-                SecurityHelper.getPrincipal(
>>-                    new Subject(false, new
>>HashSet(principals), new HashSet(), new HashSet()),
>>-                    RolePrincipal.class);
>>-            assertNotNull("found principal is
>>null", found);
>>             assertTrue(
>>-                "found principal should be
>>testusertorole1.role1, " + found.getName(),
>>-               
>>found.getName().equals("testusertorole1.role1"));
>>+                "anonuser1 should contain
>>testusertorole1.role1",
>>+                principals.contains(new
>>RolePrincipalImpl("testusertorole1.role1")));
>>         }
>>         catch (SecurityException sex)
>>         {
>>@@ -207,10 +199,12 @@
>>         {
>>             rms.removeRole("testrole1.role1");
>>             Collection principals =
>>
> 
> ums.getUser("anonuser2").getSubject().getPrincipals();
> 
>>-            assertEquals(
>>-                "principal size should be == 3
>>after removing testrole1.role1, for principals: " +
>>principals.toString(),
>>
> 
> === message truncated ===>
> ---------------------------------------------------------------------
> 
>>To unsubscribe, e-mail:
>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail:
> 
> jetspeed-dev-help@jakarta.apache.org
> 
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
> http://promotions.yahoo.com/new_mail 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
> 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message