portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ate Douma <...@douma.nu>
Subject Re: [J2] group and role hierarchy
Date Wed, 16 Jun 2004 22:51:15 GMT
Artem,

I reviewed and committed your patch.
Its a great improvement.
Thanks!

Ate Douma wrote:

> I can do a review and apply the patch later tonight.
> 
> Regards,
> 
> Ate
> 
> David Le Strat wrote:
> 
>> Artem,
>>
>> This is awesome.  Thank you for the patch.  I am
>> leaving tonight and won't have time to apply the
>> patch, does someone else have the time to take care of
>> this?
>>
>> Regards,
>>
>> David.
>>
>> --- "Grinshtein, Artem"
>> <Artem.Grinshtein@t-systems.com> wrote:
>>
>>> Hello,
>>>
>>> This is a patch for the security component that
>>> enables hierarchical roles and groups. The patch
>>> contains implementation of generalization and
>>> agrregation strategies. The default strategy is
>>> generalization. It's possible to set different
>>> strategies for groups and roles.
>>>
>>> The group/role hierarchy is resolved by adding
>>> grope/role principals dependend on strategy to the
>>> user's subject.
>>>
>>> Regards,
>>> Artem
>>>
>>>
>>>> -----Urspr√ľngliche Nachricht-----
>>>> Von: David Le Strat [mailto:dlestrat@yahoo.com]
>>>> Gesendet: Dienstag, 8. Juni 2004 03:27
>>>> An: Jetspeed Developers List
>>>> Betreff: Re: [J2] group and role hierarchy
>>>>
>>>>
>>>> Artem,
>>>>
>>>> You are absolutely correct.  We need to tackle
>>>
>>>
>>> this,
>>>
>>>> The current implementation does not do a good job
>>>
>>>
>>> at
>>>
>>>> this yet. Patches are welcome ;)
>>>>
>>>> I believe that the most common implementation is
>>>
>>>
>>> the
>>>
>>>> generalization strategy.  This should be the
>>>
>>>
>>> default
>>>
>>>> in my mind.  Supporting multiple strategies is I
>>>> believe a nice to have for now.  Thoughts?
>>>>
>>>> Regards,
>>>>
>>>> David.
>>>>
>>>> --- "Grinshtein, Artem"
>>>> <Artem.Grinshtein@t-systems.com> wrote:
>>>>
>>>>> Hello All,
>>>>>
>>>>> IMHO, the term "hierarchical" is not clearly
>>>
>>>
>>> defined
>>>
>>>>> in jetspeed.  There is more than one meaning for
>>>>> hierarchical roles/groups according to
>>>>> http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf.
>>>
>>>
>>>>> For example, there're 3 hierarchical roles:
>>>>> -R1
>>>>> --R1.1
>>>>> --R1.2
>>>>> with persmissions:
>>>>> grand R1 { permission P1 }
>>>>> grand R1.1 { permission P2 }
>>>>> grand R1.2 { permission P3 }
>>>>>
>>>>> By a generalisation hierarchy ("is
>>>
>>>
>>> a"-hierarchy):
>>>
>>>>> R1 has [P1]
>>>>> R1 has [P1,P2]
>>>>> R1 has [P1,P3]
>>>>>
>>>>> and by a agrregation hierarchy ("part of")
>>>>> R1 has [P1,P2,P3]
>>>>> R1 has [P2]
>>>>> R1 has [P3].
>>>>>
>>>>> What type of hierarchy will be supported? Does
>>>
>>>
>>> it
>>>
>>>>> make any sence to support different types?
>>>>>
>>>>> Regards,
>>>>> Artem
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>> ---------------------------------------------------------------------
>>
>>>>> To unsubscribe, e-mail:
>>>>> jetspeed-dev-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail:
>>>>> jetspeed-dev-help@jakarta.apache.org
>>>>>
>>>>
>>>>
>>>>
>>>>     
>>>>        
>>>> __________________________________
>>>> Do you Yahoo!?
>>>> Friends.  Fun.  Try the all-new Yahoo! Messenger.
>>>> http://messenger.yahoo.com/
>>>>
>>>
>> ---------------------------------------------------------------------
>>
>>>> To unsubscribe, e-mail:
>>>
>>>
>>> jetspeed-dev-unsubscribe@jakarta.apache.org
>>>
>>>> For additional commands, e-mail:
>>>
>>>
>>> jetspeed-dev-help@jakarta.apache.org
>>>
>>>>
>>>> Index:
>>>
>>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java

>>
>>
>> ===================================================================
>>
>>> RCS File:
>>>
>>
>> /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/AbstractSecurityTestcase.java

>>
>>
>>> retrieving revision 1.1
>>> diff -u -r1.1
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java

>>
>>
>>> ---
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java

>>
>>
>>> +++
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\AbstractSecurityTestcase.java

>>
>>
>>> 16 Jun 2004 14:19:37 -0000
>>> @@ -6,6 +6,13 @@
>>>  */
>>> package org.apache.jetspeed.security;
>>>
>>> +import java.util.ArrayList;
>>> +import java.util.Collection;
>>> +import java.util.Iterator;
>>> +import java.util.List;
>>> +
>>> +import javax.security.auth.Subject;
>>> +
>>> import
>>>
>>
>> org.apache.jetspeed.components.persistence.store.util.PersistenceSupportedTestCase;

>>
>>
>>> import
>>> org.apache.jetspeed.security.impl.GroupManagerImpl;
>>> import
>>>
>>
>> org.apache.jetspeed.security.impl.PermissionManagerImpl;
>>
>>> @@ -54,5 +61,24 @@
>>>     {
>>>         super(arg0);
>>>     }
>>> +    +    /**
>>> +     * Returns subject's principals of type claz +     * +     * 
>>> @param subject
>>> +     * @param claz
>>> +     * @return Returns subject's principals of type
>>> claz
>>> +     */
>>> +    protected Collection getPrincipals( Subject
>>> subject, Class claz){
>>> +        List principals=new ArrayList();
>>> +        for (Iterator iter =
>>> subject.getPrincipals().iterator(); iter.hasNext();)
>>> +        {
>>> +            Object element = iter.next();
>>> +            if ( claz.isInstance(element) ) +                
>>> principals.add(element);
>>> +            +        }
>>> +        return principals;
>>> +    }
>>>
>>> }
>>> Index:
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java

>>
>>
>> ===================================================================
>>
>>> RCS File:
>>>
>>
>> /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestGroupManager.java

>>
>>
>>> retrieving revision 1.4
>>> diff -u -r1.4
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java

>>
>>
>>> ---
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java

>>
>>
>>> +++
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestGroupManager.java

>>
>>
>>> 16 Jun 2004 14:38:02 -0000
>>> @@ -14,13 +14,9 @@
>>>  */
>>> package org.apache.jetspeed.security;
>>>
>>> -import java.security.Principal;
>>> import java.util.Collection;
>>> -import java.util.HashSet;
>>> import java.util.prefs.Preferences;
>>>
>>> -import javax.security.auth.Subject;
>>> -
>>> import junit.framework.Test;
>>> import junit.framework.TestSuite;
>>>
>>> @@ -123,15 +119,10 @@
>>>         try
>>>         {
>>>             gms.addUserToGroup("anonuser1",
>>> "testusertogroup1.group1");
>>> -            Collection principals =
>>>
>>
>> ums.getUser("anonuser1").getSubject().getPrincipals();
>>
>>> -            Principal found =
>>> -                SecurityHelper.getPrincipal(
>>> -                    new Subject(false, new
>>> HashSet(principals), new HashSet(), new HashSet()),
>>> -                    GroupPrincipal.class);
>>> -            assertNotNull("found principal is
>>> null", found);
>>> +            Collection principals =
>>>
>>
>> ums.getUser("anonuser1").getSubject().getPrincipals();
>>
>>>                   assertTrue(
>>> -                "found principal should be
>>> testusertogroup1.group1, " + found.getName(),
>>> -               found.getName().equals("testusertogroup1.group1"));
>>> +                    "anonuser1 should contain
>>> testusertogroup1.group1",
>>> +                    principals.contains(new
>>> GroupPrincipalImpl("testusertogroup1.group1")));
>>>         }
>>>         catch (SecurityException sex)
>>>         {
>>> @@ -208,10 +199,12 @@
>>>         {
>>>             gms.removeGroup("testgroup1.group1");
>>>             Collection principals =
>>>
>>
>> ums.getUser("anonuser2").getSubject().getPrincipals();
>>
>>> -            assertEquals(
>>> -                "principal size should be == 3
>>> after removing testgroup1.group1, for principals: "
>>> + principals.toString(),
>>> -                3,
>>> -                principals.size());
>>> +            // because of hierarchical groups
>>> +            //
>>> +            //assertEquals(
>>> +            //    "principal size should be == 3
>>> after removing testgroup1.group1, for principals: "
>>> + principals.toString(),
>>> +            //    3,
>>> +            //    principals.size());
>>>             assertFalse(
>>>                 "anonuser2 should not contain
>>> testgroup1.group1",
>>>                 principals.contains(new
>>> GroupPrincipalImpl("testgroup1.group1")));
>>> Index:
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java

>>
>>
>> ===================================================================
>>
>>> RCS File:
>>>
>>
>> /home/cvspublic/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRoleManager.java

>>
>>
>>> retrieving revision 1.4
>>> diff -u -r1.4
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java

>>
>>
>>> ---
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java

>>
>>
>>> +++
>>>
>>
>> jakarta-jetspeed-2\components\security\src\test\org\apache\jetspeed\security\TestRoleManager.java

>>
>>
>>> 16 Jun 2004 14:33:39 -0000
>>> @@ -14,13 +14,9 @@
>>>  */
>>> package org.apache.jetspeed.security;
>>>
>>> -import java.security.Principal;
>>> import java.util.Collection;
>>> -import java.util.HashSet;
>>> import java.util.prefs.Preferences;
>>>
>>> -import javax.security.auth.Subject;
>>> -
>>> import junit.framework.Test;
>>> import junit.framework.TestSuite;
>>>
>>> @@ -121,15 +117,11 @@
>>>         try
>>>         {
>>>             rms.addRoleToUser("anonuser1",
>>> "testusertorole1.role1");
>>> +                      Collection principals =
>>>
>>
>> ums.getUser("anonuser1").getSubject().getPrincipals();
>>
>>> -            Principal found =
>>> -                SecurityHelper.getPrincipal(
>>> -                    new Subject(false, new
>>> HashSet(principals), new HashSet(), new HashSet()),
>>> -                    RolePrincipal.class);
>>> -            assertNotNull("found principal is
>>> null", found);
>>>             assertTrue(
>>> -                "found principal should be
>>> testusertorole1.role1, " + found.getName(),
>>> -               found.getName().equals("testusertorole1.role1"));
>>> +                "anonuser1 should contain
>>> testusertorole1.role1",
>>> +                principals.contains(new
>>> RolePrincipalImpl("testusertorole1.role1")));
>>>         }
>>>         catch (SecurityException sex)
>>>         {
>>> @@ -207,10 +199,12 @@
>>>         {
>>>             rms.removeRole("testrole1.role1");
>>>             Collection principals =
>>>
>>
>> ums.getUser("anonuser2").getSubject().getPrincipals();
>>
>>> -            assertEquals(
>>> -                "principal size should be == 3
>>> after removing testrole1.role1, for principals: " +
>>> principals.toString(),
>>>
>>
>> === message truncated ===>
>> ---------------------------------------------------------------------
>>
>>> To unsubscribe, e-mail:
>>> jetspeed-dev-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail:
>>
>>
>> jetspeed-dev-help@jakarta.apache.org
>>
>>
>>
>>     
>>        
>> __________________________________
>> Do you Yahoo!?
>> New and Improved Yahoo! Mail - 100MB free storage!
>> http://promotions.yahoo.com/new_mail
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
>>
>>
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
> 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message