[jboss-cvs] JBossAS SVN: r79616 - in projects/security/security-jboss-sx/trunk: jbosssx/src/main/org/jboss/security/acl/config and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 16 22:44:13 EDT 2008
Author: sguilhen at redhat.com
Date: 2008-10-16 22:44:13 -0400 (Thu, 16 Oct 2008)
New Revision: 79616
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLConfiguration.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLDefinition.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/jboss-acl-config_1_0.xsd
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/acl/
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/acl/config/
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/acl/config/JBossACLSchemaBindingUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/jboss-acl.xml
Modified:
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLEntryImpl.java
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java
Log:
SECURITY-276: A schema (jboss-acl-config_1_0.xsd) has been created to allow the configuration of ACLs in an XML file. A JbossXB parser has also been created to parse the contents of this XML file and generate the corresponding ACL objects.
- JBossACLSchemaBindingUnitTestCase tests the creation of ACLs from an XML file that adheres to the jboss-acl-config_1_0.xsd.
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLEntryImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLEntryImpl.java 2008-10-17 02:33:46 UTC (rev 79615)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLEntryImpl.java 2008-10-17 02:44:13 UTC (rev 79616)
@@ -36,9 +36,9 @@
/**
* <p>
- * This class represents an entry in the Access Control List (ACL), and associates a permission
- * to an identity. This implementation only stores permissions of type {@code BitMaskPermission},
- * and can also only check permissions of that type.
+ * This class represents an entry in the Access Control List (ACL), and associates a permission to an identity. This
+ * implementation only stores permissions of type {@code BitMaskPermission}, and can also only check permissions of
+ * that type.
* </p>
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
@@ -70,8 +70,7 @@
/**
* <p>
- * Builds an instance of {@code ACLEntryImpl}. This constructor is required by the JPA
- * specification.
+ * Builds an instance of {@code ACLEntryImpl}. This constructor is required by the JPA specification.
* </p>
*/
ACLEntryImpl()
@@ -84,7 +83,7 @@
* </p>
*
* @param permission the {@code ACLPermission} granted to the associated identity.
- * @param identity the {@code Identity} for which the permission is being granted.
+ * @param identity the {@code Identity} for which the permission is being granted.
*/
public ACLEntryImpl(BitMaskPermission permission, Identity identity)
{
@@ -148,6 +147,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACLEntry#getIdentity()
*/
public Identity getIdentity()
@@ -157,6 +157,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACLEntry#getPermission()
*/
public ACLPermission getPermission()
@@ -166,6 +167,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACLEntry#checkPermission(org.jboss.security.acl.ACLPermission)
*/
public boolean checkPermission(ACLPermission permission)
@@ -182,6 +184,7 @@
/*
* (non-Javadoc)
+ *
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
@@ -190,9 +193,19 @@
if (obj instanceof ACLEntryImpl)
{
ACLEntryImpl entry = (ACLEntryImpl) obj;
- return entry.permission.getMaskValue() == this.permission.getMaskValue()
- && entry.getIdentity().getName().equals(this.identity.getName());
+ return entry.getIdentity().getName().equals(this.identity.getName());
}
return false;
}
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode()
+ {
+ return this.getIdentity().getName().hashCode();
+ }
}
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java 2008-10-17 02:33:46 UTC (rev 79615)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java 2008-10-17 02:44:13 UTC (rev 79616)
@@ -106,8 +106,13 @@
*/
public ACLImpl(Resource resource, Collection<ACLEntry> entries)
{
+ this(Util.getResourceAsString(resource), entries);
this.resource = resource;
- this.resourceAsString = Util.getResourceAsString(resource);
+ }
+
+ public ACLImpl(String resourceString, Collection<ACLEntry> entries)
+ {
+ this.resourceAsString = resourceString;
this.entries = new ArrayList<ACLEntryImpl>();
if (entries != null)
{
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLConfiguration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLConfiguration.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLConfiguration.java 2008-10-17 02:44:13 UTC (rev 79616)
@@ -0,0 +1,126 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl.config;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLImpl;
+
+/**
+ * <p>
+ * The {@code ACLConfiguration} class contains all ACL definitions that have been specified in an XML file according to
+ * the {@code jboss-acl-configuration} schema. Each definition is used to construct an {@code ACL} instance that will
+ * protect the specified resource according to the permissions that are assigned to each identity.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLConfiguration
+{
+
+ /** the set of ACL definitions keyed by their resource identifier. */
+ private final Map<String, ACLDefinition> definitions = new HashMap<String, ACLDefinition>();
+
+ /**
+ * <p>
+ * Adds a parsed {@code ACLDefinition} object to the map of definitions.
+ * </p>
+ *
+ * @param definition the {@code ACLDefinition} instance to be added.
+ */
+ public void addDefinition(Object definition)
+ {
+ if (definition instanceof ACLDefinition)
+ {
+ ACLDefinition aclDefinition = (ACLDefinition) definition;
+ this.definitions.put(aclDefinition.getResource(), aclDefinition);
+ }
+ }
+
+ /**
+ * <p>
+ * Creates and returns the {@code ACL} objects that correspond to the {@code acl-definition}s specified in the XML
+ * configuration file.
+ * </p>
+ *
+ * @return a {@code Collection<ACL>} containing the generated {@code ACL}s.
+ */
+ public Collection<ACL> getConfiguredACLs()
+ {
+ Collection<ACL> configuredACLs = new HashSet<ACL>();
+ for (ACLDefinition definition : this.definitions.values())
+ {
+ Set<ACLEntry> entries = this.getEntries(definition, new ArrayList<String>());
+ ACLImpl acl = new ACLImpl(definition.getResource(), entries);
+ configuredACLs.add(acl);
+ }
+ return configuredACLs;
+ }
+
+ /**
+ * <p>
+ * This method retrieves the set of {@code ACLEntry} objects that belong to an ACL, recursively getting the entries
+ * from the parent definitions when the extension configuration is used. An extending {@code ACLDefinition}
+ * "inherits" the entries from its parent and is free to add or override entries as needed.
+ * </p>
+ *
+ * @param definition the {@code ACLDefinition} that contains the data used to retrieve the entries.
+ * @param visitedACLs a {@code List} of the visited ACLs to detect circular dependencies.
+ * @return a {@code Set<ACLEntry>} containing the entries that will be used to create an {@code ACL} according to the
+ * specified definition.
+ * @throws RuntimeException if a circular dependency is detected among the {@code ACLDefinition} objects.
+ */
+ private Set<ACLEntry> getEntries(ACLDefinition definition, List<String> visitedACLs)
+ {
+ if (visitedACLs.contains(definition.getResource()))
+ throw new RuntimeException("Circular dependency between ACLs has been detected");
+
+ visitedACLs.add(definition.getResource());
+ if (definition.getBaseResource() != null)
+ {
+ ACLDefinition superDefinition = this.definitions.get(definition.getBaseResource());
+ if (superDefinition != null)
+ {
+ Set<ACLEntry> superEntries = this.getEntries(superDefinition, visitedACLs);
+ Set<ACLEntry> entries = definition.getEntries();
+ entries.addAll(superEntries);
+ return entries;
+ }
+ else
+ {
+ throw new RuntimeException("Parent ACL not found: " + definition.getBaseResource());
+ }
+ }
+ else
+ {
+ return definition.getEntries();
+ }
+ }
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLDefinition.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLDefinition.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLDefinition.java 2008-10-17 02:44:13 UTC (rev 79616)
@@ -0,0 +1,170 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl.config;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.xb.binding.GenericValueContainer;
+
+/**
+ * <p>
+ * A container for holding the contents parsed from a {@code <acl-definition>} section of {@code jboss-acl.xml}.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLDefinition implements GenericValueContainer
+{
+
+ private static Logger logger = Logger.getLogger(ACLDefinition.class);
+
+ private String resource;
+
+ private String baseResource;
+
+ private final Set<ACLEntry> entries = new HashSet<ACLEntry>();
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.xb.binding.GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
+ */
+ public void addChild(QName name, Object value)
+ {
+ logger.debug("addChild: name=" + name + ", value=" + value);
+
+ if ("resource".equals(name.getLocalPart()))
+ {
+ this.resource = (String) value;
+ }
+ else if ("extends".equals(name.getLocalPart()))
+ {
+ this.baseResource = (String) value;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.xb.binding.GenericValueContainer#instantiate()
+ */
+ public Object instantiate()
+ {
+ return this;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.xb.binding.GenericValueContainer#getTargetClass()
+ */
+ public Class<?> getTargetClass()
+ {
+ return ACLDefinition.class;
+ }
+
+ /**
+ * <p>
+ * Adds a parsed {@code ACLEntry} to the list of entries of this {@code ACLDefinition}.
+ * </p>
+ *
+ * @param entry the {@code ACLEntry} to be added.
+ */
+ public void addACLEntry(Object entry)
+ {
+ logger.debug("addEntry: " + entry);
+
+ if (entry instanceof ACLEntry)
+ this.entries.add((ACLEntry) entry);
+ }
+
+ /**
+ * <p>
+ * Obtains the configured {@code <acl-definition>} resource.
+ * </p>
+ *
+ * @return a {@code String} containing the resource as configured in the XML file.
+ */
+ public String getResource()
+ {
+ return resource;
+ }
+
+ /**
+ * <p>
+ * Obtains the configured {@code <acl-definition>} base-resource, as per the {@code extends} attribute in the XML
+ * file.
+ * </p>
+ *
+ * @return a {@code String} containing the base-resource as configured in the XML file, or {@code null} if no base
+ * resource is available.
+ */
+ public String getBaseResource()
+ {
+ return baseResource;
+ }
+
+ /**
+ * <p>
+ * Obtains the ACL entries that have been configured in this ACL definition.
+ * </p>
+ *
+ * @return a {@code List<ACLEntry>} containing the configured entries.
+ */
+ public Set<ACLEntry> getEntries()
+ {
+ return entries;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (obj instanceof ACLDefinition)
+ {
+ ACLDefinition other = (ACLDefinition) obj;
+ return this.resource.equals(other.resource);
+ }
+ return false;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode()
+ {
+ return this.resource.hashCode();
+ }
+
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLEntryHolder.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLEntryHolder.java 2008-10-17 02:44:13 UTC (rev 79616)
@@ -0,0 +1,147 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.IdentityFactory;
+import org.jboss.xb.binding.GenericValueContainer;
+
+/**
+ * <p>
+ * A container for creating {@code ACLEntry} objects when a jboss-acl configuration is parsed by JBoss XB.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLEntryHolder implements GenericValueContainer
+{
+
+ private static Logger logger = Logger.getLogger(ACLEntryHolder.class);
+
+ private Identity identity;
+
+ private CompositeACLPermission permission;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.xb.binding.GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
+ */
+ public void addChild(QName name, Object value)
+ {
+ logger.debug("addChild: name=" + name + ", value=" + value);
+
+ if ("identity-name".equals(name.getLocalPart()))
+ {
+ String identityName = (String) value;
+ this.identity = this.getIdentityFromString(identityName);
+ }
+ else if ("permissions".equals(name.getLocalPart()))
+ {
+ String permissions = (String) value;
+ this.permission = this.getPermissionsFromString(permissions);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.xb.binding.GenericValueContainer#instantiate()
+ */
+ public Object instantiate()
+ {
+ return new ACLEntryImpl(this.permission, this.identity);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.xb.binding.GenericValueContainer#getTargetClass()
+ */
+ public Class<?> getTargetClass()
+ {
+ return ACLEntry.class;
+ }
+
+ /**
+ * <p>
+ * Creates an {@code Identity} object from the specified {@code identityName} parameter.
+ * </p>
+ *
+ * @param identityName a {@code String} that represents the identity to be built.
+ * @return the constructed {@code Identity} instance, or {@code null} if the {@code Identity} object cannot be built.
+ */
+ private Identity getIdentityFromString(String identityName)
+ {
+ try
+ {
+ return IdentityFactory.createIdentity(identityName);
+ }
+ catch (Exception e)
+ {
+ logger.debug("Exception caught while constructing Identity object", e);
+ return null;
+ }
+ }
+
+ /**
+ * <p>
+ * Creates a {@code CompositeACLPermission} from the specified {@code permissionString} parameter.
+ * </p>
+ *
+ * @param permissionString a {@code String} containing the permissions assigned to the identity, separated by a comma
+ * (e.g. {@code CREATE,READ,UPDATE}).
+ * @return the constructed {@code CompositeACLPermission} object.
+ */
+ private CompositeACLPermission getPermissionsFromString(String permissionString)
+ {
+ List<BasicACLPermission> permissions = new ArrayList<BasicACLPermission>();
+ if (permissionString != null)
+ {
+ // extract each permission from the permission string.
+ String[] elements = permissionString.split(",");
+ for (String element : elements)
+ {
+ try
+ {
+ permissions.add(BasicACLPermission.valueOf(element));
+ }
+ catch (RuntimeException re)
+ {
+ logger.debug("No BasicACLPermission named " + element + " found", re);
+ }
+ }
+ }
+
+ return new CompositeACLPermission(permissions.toArray(new BasicACLPermission[permissions.size()]));
+ }
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/jboss-acl-config_1_0.xsd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/jboss-acl-config_1_0.xsd (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/jboss-acl-config_1_0.xsd 2008-10-17 02:44:13 UTC (rev 79616)
@@ -0,0 +1,62 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:jbsx="urn:jboss:jboss-acl-config:1.0"
+ xmlns="urn:jboss:jboss-acl-config:1.0"
+ xmlns:jbxb="http://www.jboss.org/xml/ns/jbxb"
+ targetNamespace="urn:jboss:jboss-acl-config:1.0"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <jbxb:schemaBindings>
+ <jbxb:package name="org.jboss.security.acl.config"/>
+ <jbxb:ignoreUnresolvedFieldOrClass>false</jbxb:ignoreUnresolvedFieldOrClass>
+ </jbxb:schemaBindings>
+ </xsd:appinfo>
+ </xsd:annotation>
+
+ <xsd:element name="jboss-acl" type="jbsx:ACLConfiguration"/>
+ <xsd:complexType name="ACLConfiguration">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <jbxb:class impl="org.jboss.security.acl.config.ACLConfiguration"/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element ref="jbsx:acl-definition" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:element name="acl-definition">
+ <xsd:complexType>
+ <xsd:annotation>
+ <xsd:appinfo>
+ <jbxb:class impl="org.jboss.security.acl.config.ACLDefinition"/>
+ <jbxb:addMethod name="addDefinition"/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element ref="jbsx:entry" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="resource" type="xsd:string" use="required"/>
+ <xsd:attribute name="extends" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="entry" type="jbsx:entryType"/>
+ <xsd:complexType name="entryType">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <jbxb:class impl="org.jboss.security.acl.config.ACLEntryHolder"/>
+ <jbxb:addMethod name="addACLEntry"/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element ref="jbsx:identity-name" minOccurs="1" maxOccurs="1"/>
+ <xsd:element ref="jbsx:permissions" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:element name="identity-name" type="xsd:string"/>
+ <xsd:element name="permissions" type="xsd:string"/>
+
+</xsd:schema>
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/acl/config/JBossACLSchemaBindingUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/acl/config/JBossACLSchemaBindingUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/acl/config/JBossACLSchemaBindingUnitTestCase.java 2008-10-17 02:44:13 UTC (rev 79616)
@@ -0,0 +1,156 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.acl.config;
+
+import java.util.Collection;
+
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLImpl;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.acl.config.ACLConfiguration;
+import org.jboss.security.identity.plugins.IdentityFactory;
+import org.jboss.test.AbstractJBossSXTest;
+import org.jboss.xb.binding.Unmarshaller;
+import org.jboss.xb.binding.UnmarshallerFactory;
+import org.jboss.xb.binding.sunday.unmarshalling.SchemaBinding;
+import org.jboss.xb.binding.sunday.unmarshalling.XsdBinder;
+
+/**
+ * <p>
+ * Tests the configuration of ACLs using an XML file that adheres to the {@code jboss-acl-configuration} schema.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class JBossACLSchemaBindingUnitTestCase extends AbstractJBossSXTest
+{
+
+ private final String schemaFile = "schema/jboss-acl-config_1_0.xsd";
+
+ private final String xmlFile = "config/jboss-acl.xml";
+
+ private ACLConfiguration configuration;
+
+ /**
+ * <p>
+ * Creates an instance of {@code JBossACLSchemaBindingUnitTestCase} with the specified name.
+ * </p>
+ *
+ * @param name a {@code String} containing the name of this test case.
+ */
+ public JBossACLSchemaBindingUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.test.AbstractJBossSXTest#setUp()
+ */
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ SchemaBinding schema = XsdBinder.bind(tcl.getResourceAsStream(schemaFile), null);
+ Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
+ this.configuration = (ACLConfiguration) unmarshaller.unmarshal(tcl.getResourceAsStream(xmlFile), schema);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.test.AbstractTestCaseWithSetup#tearDown()
+ */
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.configuration = null;
+ }
+
+ /**
+ * <p>
+ * Tests the correct creation of {@code ACL} objects according to the ACLs specified in the {@code jboss-acl.xml}
+ * test file.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testACLConfiguration() throws Exception
+ {
+ assertNotNull("Unexpected null ACLConfiguration", this.configuration);
+ Collection<ACL> configuredACLs = this.configuration.getConfiguredACLs();
+ assertEquals("Invalid number of ACLs found", 2, configuredACLs.size());
+
+ boolean validatedJavaCompACL = false;
+ boolean validatedJavaCompEnvACL = false;
+
+ // validate the two ACLs returned.
+ for (ACL acl : configuredACLs)
+ {
+ ACLImpl aclImpl = (ACLImpl) acl;
+ if (aclImpl.getResourceAsString().equals("org.jboss.jnp.NamingService:java/comp"))
+ {
+ assertEquals("Invalid number of entries", 2, aclImpl.getEntries().size());
+ // one entry should assign the CREATE,READ,UPDATE,DELETE permissions to Administrator.
+ ACLEntry entry = aclImpl.getEntry(IdentityFactory.createIdentity("Administrator"));
+ assertNotNull("Unexpected null value for Administrator entry", entry);
+ CompositeACLPermission expectedPermission = new CompositeACLPermission(BasicACLPermission.values());
+ assertEquals("Unexpected permissions assigned for Administrator", expectedPermission, entry.getPermission());
+ // the other entry should assign the READ permission to Guest.
+ entry = aclImpl.getEntry(IdentityFactory.createIdentity("Guest"));
+ assertNotNull("Unexpected null value for Guest entry", entry);
+ expectedPermission = new CompositeACLPermission(BasicACLPermission.READ);
+ assertEquals("Unexpected permissions assigned for Guest", expectedPermission, entry.getPermission());
+ validatedJavaCompACL = true;
+ }
+ else if (aclImpl.getResourceAsString().equals("org.jboss.jnp.NamingService:java/comp/env"))
+ {
+ assertEquals("Invalid number of entries", 3, aclImpl.getEntries().size());
+ // one entry should assign the CREATE,READ,UPDATE,DELETE permissions to Administrator.
+ ACLEntry entry = aclImpl.getEntry(IdentityFactory.createIdentity("Administrator"));
+ assertNotNull("Unexpected null value for Administrator entry", entry);
+ CompositeACLPermission expectedPermission = new CompositeACLPermission(BasicACLPermission.values());
+ assertEquals("Unexpected permissions assigned for Administrator", expectedPermission, entry.getPermission());
+ // one other entry should assign the READ,UPDATE permissions to Guest.
+ entry = aclImpl.getEntry(IdentityFactory.createIdentity("Guest"));
+ assertNotNull("Unexpected null value for Guest entry", entry);
+ expectedPermission = new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.UPDATE);
+ assertEquals("Unexpected permissions assigned for Guest", expectedPermission, entry.getPermission());
+ // the final entry should assign the READ,UPDATE permissions to Regular_User.
+ entry = aclImpl.getEntry(IdentityFactory.createIdentity("Regular_User"));
+ assertNotNull("Unexpected null value for Regular_User entry", entry);
+ expectedPermission = new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.UPDATE);
+ assertEquals("Unexpected permissions assigned for Regular_User", expectedPermission, entry.getPermission());
+ validatedJavaCompEnvACL = true;
+ }
+ else
+ fail("Invalid ACL found: " + aclImpl.getResourceAsString());
+ }
+ assertTrue("org.jboss.jnp.NamingService:java/comp ACL has not been validated", validatedJavaCompACL);
+ assertTrue("org.jboss.jnp.NamingService:java/comp/env ACL has not been validated", validatedJavaCompEnvACL);
+ }
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/jboss-acl.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/jboss-acl.xml (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/jboss-acl.xml 2008-10-17 02:44:13 UTC (rev 79616)
@@ -0,0 +1,30 @@
+<jboss-acl xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:jboss-acl-config:1.0"
+ xmlns="urn:jboss:jboss-acl-config:1.0"
+ xmlns:jbxb="urn:jboss:jboss-acl-config:1.0">
+
+ <acl-definition resource="org.jboss.jnp.NamingService:java/comp">
+ <entry>
+ <identity-name>Administrator</identity-name>
+ <permissions>CREATE,READ,UPDATE,DELETE</permissions>
+ </entry>
+ <entry>
+ <identity-name>Guest</identity-name>
+ <permissions>READ</permissions>
+ </entry>
+ </acl-definition>
+
+ <!-- An extends attribute allows an ACL to inherit all the entries from its parent ACL -->
+ <acl-definition resource="org.jboss.jnp.NamingService:java/comp/env" extends="org.jboss.jnp.NamingService:java/comp">
+ <entry>
+ <identity-name>Regular_User</identity-name>
+ <permissions>READ,UPDATE</permissions>
+ </entry>
+ <!-- This overrides the definition from the parent ACL -->
+ <entry>
+ <identity-name>Guest</identity-name>
+ <permissions>READ,UPDATE</permissions>
+ </entry>
+ </acl-definition>
+
+</jboss-acl>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list