[jboss-cvs] JBossAS SVN: r65247 - in branches/JBPAPP_4_2_0_GA_CP: testsuite/src/main/org/jboss/test/jacc/test and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Sep 7 17:44:46 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-09-07 17:44:45 -0400 (Fri, 07 Sep 2007)
New Revision: 65247
Added:
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/TestJBossPolicyConfiguration.java
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/WebPermissionsValidationTestCase.java
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/security/jacc/webperm/
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/security/jacc/webperm/web.xml
Modified:
branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/web/WebPermissionMapping.java
Log:
JBPAPP-328: Get in the fix made by JBAS-4691
Modified: branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/web/WebPermissionMapping.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/web/WebPermissionMapping.java 2007-09-07 20:54:56 UTC (rev 65246)
+++ branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/web/WebPermissionMapping.java 2007-09-07 21:44:45 UTC (rev 65247)
@@ -206,24 +206,45 @@
// Create the unchecked permissions WebUserDataPermissions
Iterator transportContraints = info.getTransportMethods();
- while( transportContraints.hasNext() )
+ while( transportContraints.hasNext())
{
Map.Entry transportMethods = (Map.Entry) transportContraints.next();
String transport = (String) transportMethods.getKey();
Set methods = (Set) transportMethods.getValue();
httpMethods = new String[methods.size()];
methods.toArray(httpMethods);
- if(info.getExcludedMethods() == null)
- {
- WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport);
- pc.addToUncheckedPolicy(wudp);
-
- if("NONE".equals(transport))
- {
- WebUserDataPermission wudp1 = new WebUserDataPermission(info.pattern, null);
- pc.addToUncheckedPolicy(wudp1);
- }
- }
+
+ /**
+ * If you have any excluding auth-constraint, then add an unchecked
+ * permission for the non-excluded methods
+ */
+ if(info.getExcludedMethods() != null)
+ {
+ pc.addToUncheckedPolicy(new WebUserDataPermission(qurl, info.getMissingMethods(), null ));
+ continue;
+ }
+
+ // Dealing with non-excluded methods now
+ String[] allMethods = WebSecurityMetaData.ALL_HTTP_METHOD_NAMES;
+ boolean ALL_METHODS_FLAG = Arrays.equals(allMethods, httpMethods);
+ WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport);
+ pc.addToUncheckedPolicy(wudp);
+
+ //Create an unchecked permission for the missing methods
+ String[] missingMethods = info.getMissingMethods();
+ if(!Arrays.equals(allMethods,missingMethods))
+ pc.addToUncheckedPolicy(new WebUserDataPermission(qurl,missingMethods, null ));
+
+ /**
+ * A WebResourcePermission and a WebUserDataPermission must be added to the unchecked
+ * policy statements for each url-pattern in the DD and the default pattern, "/",
+ * that is not combined by the webresource-collection elements of the deployment descriptor
+ * with every HTTP method value. (JACC 1.0: Section 3.1.3.1)
+ */
+ //Add a null permission if not already added
+ boolean unsecureTransport = transport == null || "NONE".equals(transport);
+ if(!ALL_METHODS_FLAG && unsecureTransport )
+ pc.addToUncheckedPolicy(new WebUserDataPermission(qurl, null, null ));
}
}
Added: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/TestJBossPolicyConfiguration.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/TestJBossPolicyConfiguration.java (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/TestJBossPolicyConfiguration.java 2007-09-07 21:44:45 UTC (rev 65247)
@@ -0,0 +1,154 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.jacc.test;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.util.Enumeration;
+import java.util.HashMap;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+//$Id$
+
+/**
+ * Policy Configuration used for permissions validation
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 18, 2006
+ * @version $Revision$
+ */
+public class TestJBossPolicyConfiguration implements PolicyConfiguration
+{
+ private String contextID;
+
+ private Permissions excludedPolicy = new Permissions();
+ private Permissions uncheckedPolicy = new Permissions();
+
+ private HashMap<String,Permissions> rolePerms = new HashMap<String,Permissions>();
+
+
+ public TestJBossPolicyConfiguration(String contextID)
+ {
+ this.contextID = contextID;
+ }
+
+ public void addToExcludedPolicy(Permission permission) throws PolicyContextException
+ {
+ this.excludedPolicy.add(permission);
+ }
+
+ public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException
+ {
+ Enumeration<Permission> en = permissions.elements();
+ while(en.hasMoreElements())
+ addToExcludedPolicy(en.nextElement());
+ }
+
+ public void addToRole(String roleName, Permission permission) throws PolicyContextException
+ {
+ Permissions p = rolePerms.get(roleName);
+ if(p == null)
+ p = new Permissions();
+ p.add(permission);
+ rolePerms.put(roleName, p);
+ }
+
+ public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException
+ {
+ Enumeration<Permission> en = permissions.elements();
+ while(en.hasMoreElements())
+ addToRole(roleName,en.nextElement());
+ }
+
+ public void addToUncheckedPolicy(Permission permission) throws PolicyContextException
+ {
+ this.uncheckedPolicy.add(permission);
+ }
+
+ public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException
+ {
+ Enumeration<Permission> en = permissions.elements();
+ while(en.hasMoreElements())
+ addToUncheckedPolicy(en.nextElement());
+ }
+
+ public void commit() throws PolicyContextException
+ {
+ }
+
+ public void delete() throws PolicyContextException
+ {
+ }
+
+ public String getContextID() throws PolicyContextException
+ {
+ return this.contextID;
+ }
+
+ public boolean inService() throws PolicyContextException
+ {
+ return false;
+ }
+
+ public void linkConfiguration(PolicyConfiguration link) throws PolicyContextException
+ {
+ }
+
+ public void removeExcludedPolicy() throws PolicyContextException
+ {
+ this.excludedPolicy = null;
+ }
+
+ public void removeRole(String roleName) throws PolicyContextException
+ {
+ Permissions p = this.rolePerms.get(roleName);
+ if(p != null)
+ {
+ p = null;
+ rolePerms.remove(roleName);
+ }
+ }
+
+ public void removeUncheckedPolicy() throws PolicyContextException
+ {
+ this.uncheckedPolicy = null;
+ }
+
+ //Value added methods
+
+ public Permissions getExcludedPolicy()
+ {
+ return excludedPolicy;
+ }
+
+ public Permissions getUncheckedPolicy()
+ {
+ return uncheckedPolicy;
+ }
+
+ public Permissions getPermissionsForRole(String roleName)
+ {
+ return this.rolePerms.get(roleName);
+ }
+}
Added: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/WebPermissionsValidationTestCase.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/WebPermissionsValidationTestCase.java (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/jacc/test/WebPermissionsValidationTestCase.java 2007-09-07 21:44:45 UTC (rev 65247)
@@ -0,0 +1,107 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.jacc.test;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.security.Permissions;
+
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.jboss.metadata.WebMetaData;
+import org.jboss.test.JBossTestCase;
+import org.jboss.web.WebPermissionMapping;
+import org.w3c.dom.Document;
+
+//$Id$
+
+/**
+ * Validate the parsing of web.xml and the creation of JACC Permissions
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 18, 2006
+ * @version $Revision$
+ */
+public class WebPermissionsValidationTestCase extends JBossTestCase
+{
+ private boolean DEBUG = true;
+
+ public WebPermissionsValidationTestCase(String name)
+ {
+ super(name);
+ }
+
+ public WebMetaData getWebMetaData(InputStream webxml)
+ throws Exception
+ {
+ WebMetaData wmd = new WebMetaData();
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ Document doc = factory.newDocumentBuilder().parse(webxml);
+ wmd.importXml(doc.getDocumentElement());
+ return wmd;
+ }
+
+ public void testWebPermissions() throws Exception
+ {
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ URL webxml = cl.getResource("security/jacc/webperm/web.xml");
+ assertNotNull("web.xml exists?", webxml);
+ WebMetaData wmd = getWebMetaData(webxml.openStream());
+ TestJBossPolicyConfiguration tpc = new TestJBossPolicyConfiguration("dummy");
+ WebPermissionMapping.createPermissions(wmd, tpc);
+ checkUncheckedPermissions(tpc.getUncheckedPolicy());
+ checkExcludedPermissions(tpc.getExcludedPolicy());
+ if(DEBUG)
+ {
+ System.out.println("Unchecked=" + tpc.getUncheckedPolicy().toString());
+ System.out.println("Excluded=" + tpc.getExcludedPolicy().toString());
+ }
+ }
+
+
+ private void checkUncheckedPermissions(Permissions p)
+ {
+ //WebResourcePermissions
+ assertTrue(p.implies(new WebResourcePermission("/unchecked.jsp", (String) null)));
+ assertTrue(p.implies(new WebResourcePermission("/sslprotected.jsp", "DELETE,HEAD,OPTIONS,PUT,TRACE")));
+ assertTrue(p.implies(new WebResourcePermission("/:/secured.jsp:/unchecked.jsp:/excluded.jsp:/sslprotected.jsp",
+ (String) null)));
+ assertTrue(p.implies(new WebResourcePermission("/excluded.jsp", "DELETE,HEAD,OPTIONS,PUT,TRACE")));
+ assertTrue(p.implies(new WebResourcePermission("/secured.jsp", "DELETE,HEAD,OPTIONS,PUT,TRACE")));
+
+ //WebUserDataPermissions
+ assertTrue(p.implies(new WebUserDataPermission("/sslprotected.jsp", "GET,POST:CONFIDENTIAL")));
+ assertTrue(p.implies(new WebUserDataPermission("/secured.jsp", (String) null)));
+ assertTrue(p.implies(new WebUserDataPermission("/:/unchecked.jsp:/secured.jsp:/sslprotected.jsp:/excluded.jsp",
+ (String) null)));
+ assertTrue(p.implies(new WebUserDataPermission("/sslprotected.jsp", "DELETE,HEAD,OPTIONS,PUT,TRACE")));
+ assertTrue(p.implies(new WebUserDataPermission("/unchecked.jsp", (String) null)));
+ assertTrue(p.implies(new WebUserDataPermission("/excluded.jsp", "DELETE,HEAD,OPTIONS,PUT,TRACE")));
+ }
+
+ private void checkExcludedPermissions(Permissions p)
+ {
+ assertTrue(p.implies(new WebResourcePermission("/excluded.jsp", "GET,POST")));
+ assertTrue(p.implies(new WebUserDataPermission("/excluded.jsp", "GET,POST")));
+ }
+}
Added: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/security/jacc/webperm/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/security/jacc/webperm/web.xml (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/security/jacc/webperm/web.xml 2007-09-07 21:44:45 UTC (rev 65247)
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ <display-name>jacc_toolsContracts</display-name>
+ <servlet>
+ <display-name>unchecked</display-name>
+ <servlet-name>unchecked</servlet-name>
+ <jsp-file>/unchecked.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <display-name>excluded</display-name>
+ <servlet-name>excluded</servlet-name>
+ <jsp-file>/excluded.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <display-name>secured</display-name>
+ <servlet-name>secured</servlet-name>
+ <jsp-file>/secured.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ <security-role-ref>
+ <role-name>ADM</role-name>
+ <role-link>Administrator</role-link>
+ </security-role-ref>
+ </servlet>
+ <servlet>
+ <display-name>sslprotected</display-name>
+ <servlet-name>sslprotected</servlet-name>
+ <jsp-file>/sslprotected.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ <security-role-ref>
+ <role-name>ADM</role-name>
+ <role-link>Administrator</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>MGR</role-name>
+ <role-link>Manager</role-link>
+ </security-role-ref>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>unchecked</servlet-name>
+ <url-pattern>/unchecked.jsp</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>excluded</servlet-name>
+ <url-pattern>/excluded.jsp</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>secured</servlet-name>
+ <url-pattern>/secured.jsp</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>sslprotected</servlet-name>
+ <url-pattern>/sslprotected.jsp</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>54</session-timeout>
+ </session-config>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit4</web-resource-name>
+ <url-pattern>/unchecked.jsp</url-pattern>
+ <http-method>POST</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit5</web-resource-name>
+ <url-pattern>/excluded.jsp</url-pattern>
+ <http-method>POST</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint/>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit6</web-resource-name>
+ <url-pattern>/sslprotected.jsp</url-pattern>
+ <http-method>POST</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Administrator</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit3</web-resource-name>
+ <url-pattern>/secured.jsp</url-pattern>
+ <http-method>POST</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Administrator</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+ <security-role>
+ <role-name>Administrator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Manager</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+</web-app>
More information about the jboss-cvs-commits
mailing list