[jboss-svn-commits] JBL Code SVN: r21423 - in labs/jbossrules/trunk/drools-guvnor/src: test/java/org/drools/guvnor/server and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon Aug 11 01:36:20 EDT 2008
Author: jervisliu
Date: 2008-08-11 01:36:19 -0400 (Mon, 11 Aug 2008)
New Revision: 21423
Added:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockRoleBasedPermissionStore.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionResolverTest.java
Removed:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedAuthenticator.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolverTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java
Modified:
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java
Log:
JBRULES-1706: Refactor security authenticator, seperate out the authorization code, so that users can use whatever authentication mechanism they perfer (e.g., ldap) to do the authentication. We also want to use the Role-based authorization by default.
Deleted: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -1,119 +0,0 @@
-package org.drools.guvnor.server.security;
-
-import static org.jboss.seam.ScopeType.APPLICATION;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Set;
-
-import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.Install;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.Startup;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.permission.PermissionResolver;
-
-/**
- * PermissionResolvers are chained together to resolve permission check, the check returns true if
- * one of the PermissionResolvers in the chain returns true.
- *
- * This PermissionResolver resolves category-based permissions. It returns true under following situations:
- * 1. The user is admin
- * Or
- * 2. The user has at least one analyst role, and at least one of the analyst role has access to requested category path.
- * Or
- * 3. The user does not have any Analyst role(eg, the user only has other roles like package.admin|package.developer|package.readonly)
- *
- *
- * @author Jervis Liu
- */
- at Name("org.drools.guvnor.server.security.categoryBasedPermissionResolver")
- at Scope(APPLICATION)
- at BypassInterceptors
- at Install(precedence = org.jboss.seam.annotations.Install.APPLICATION)
- at Startup
-public class CategoryBasedPermissionResolver implements PermissionResolver,
- Serializable {
-
- @Create
- public void create() {
- }
-
- /**
- * check permission
- *
- * @param requestedCategoryPath
- * the requestedCategoryPath must be an instance of CategoryPathType,
- * otherwise return false;
- * @param requestedRole
- * the requestedRole must be an instance of String, its value has to be one of the
- * followings: admin|analyst|package.admin|package.developer|package.readonly,
- * otherwise return false;
- * @return true if the permission can be granted on the requested category path with the
- * requested role; return false otherwise.
- *
- */
- public boolean hasPermission(Object requestedCategoryPath, String requestedRole) {
-
- //the admin can do everything
- if (Identity.instance().hasRole(RoleTypes.ADMIN)) {
- return true;
- }
-
- List<RoleBasedPermission> permissions = (List<RoleBasedPermission>) Contexts
- .getSessionContext().get("packageBasedPermission");
-
- String requestedPath;
- if (requestedCategoryPath instanceof CategoryPathType) {
- requestedPath = ((CategoryPathType)requestedCategoryPath).getCategoryPath();
- } else {
- // CategoryBasedPermissionResolver only grants permissions based on categoryPath.
- // Return false if the input is not a categoryPath, as this will be the responsibility
- //of other PermissionResolvers in the resolver chain.
- return false;
- }
-
-
-
- //category path based permission check only applies to analyst role. If there is no Analyst
- //role (e.g, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permisssion.
- boolean isPermitted = true;
- //return true when there is no analyst role, or one of the analyst role has permission to access this category
- for (RoleBasedPermission pbp : permissions) {
- if (RoleTypes.ANALYST.equals(pbp.getRole())) {
- isPermitted = false;
- if(isPermitted(requestedPath, pbp.getCategoryPath())) {
- return true;
- }
- }
- }
-
- return isPermitted;
- }
-
- private boolean isPermitted(String requestedPath, String allowedPath) {
- if(requestedPath == null || allowedPath == null) {
- return false;
- }
- return requestedPath.equals(allowedPath) || isSubPath(allowedPath, requestedPath);
- }
-
- boolean isSubPath(String parentPath, String subPath) {
- parentPath = (parentPath.startsWith("/")) ? parentPath.substring(1) : parentPath;
- subPath = (subPath.startsWith("/")) ? subPath.substring(1) : subPath;
- String[] parentTags = parentPath.split("/");
- String[] subTags = subPath.split("/");
- if (parentTags.length > subTags.length) return false;
- for (int i = 0; i < parentTags.length; i++) {
- if (!parentTags[i].equals(subTags[i])) return false;
- }
-
- return true;
- }
-
- public void filterSetByAction(Set<Object> targets, String action) {
- }
-}
Deleted: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/PackageBasedPermissionResolver.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -1,139 +0,0 @@
-package org.drools.guvnor.server.security;
-
-import static org.jboss.seam.ScopeType.APPLICATION;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Set;
-
-import org.drools.guvnor.server.ServiceImplementation;
-import org.drools.repository.PackageItem;
-import org.drools.repository.RulesRepositoryException;
-import org.jboss.seam.Component;
-import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.Install;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.Startup;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.permission.PermissionResolver;
-
-/**
- * PermissionResolvers are chained together to resolve permission check, the check returns true if
- * one of the PermissionResolvers in the chain returns true.
- *
- * This PermissionResolver resolves package-based permissions. It returns true under following situations:
- * 1. The user is admin
- * Or
- * 2. The user has one of the following roles package.admin|package.developer|package.readonly on the requested
- * package, and requested role requires lower privilege than assigned role(I.e., package.admin>package.developer>package.readonly)
- * Or
- * 3. The user is Analyst
- *
- *
- * @author Jervis Liu
- */
- at Name("org.drools.guvnor.server.security.packageBasedPermissionResolver")
- at Scope(APPLICATION)
- at BypassInterceptors
- at Install(precedence = org.jboss.seam.annotations.Install.APPLICATION)
- at Startup
-public class PackageBasedPermissionResolver implements PermissionResolver,
- Serializable {
-
- @Create
- public void create() {
- }
-
- /**
- * check permission
- *
- * @param requestedPackage
- * the requestedPackage must be an instance of PackageUUIDType or PackageNameType,
- * otherwise return false;
- * @param requestedRole
- * the requestedRole must be an instance of String, its value has to be one of the
- * followings: admin|analyst|package.admin|package.developer|package.readonly,
- * otherwise return false;
- * @return true if the permission can be granted on the requested packaged with the
- * requested role; return false otherwise.
- *
- */
- public boolean hasPermission(Object requestedPackage, String requestedRole) {
-
- //admin can do everything
- if (Identity.instance().hasRole(RoleTypes.ADMIN)) {
- return true;
- }
-
- List<RoleBasedPermission> permissions = (List<RoleBasedPermission>) Contexts
- .getSessionContext().get("packageBasedPermission");
-
- String targetUUDI = "";
-
- if (requestedPackage instanceof PackageUUIDType) {
- targetUUDI = ((PackageUUIDType) requestedPackage).getUUID();
- } else if (requestedPackage instanceof PackageNameType) {
- try {
- ServiceImplementation si = (ServiceImplementation) Component
- .getInstance("org.drools.guvnor.client.rpc.RepositoryService");
- PackageItem source = si.repository
- .loadPackage(((PackageNameType) requestedPackage)
- .getPackageName());
- targetUUDI = source.getUUID();
- } catch (RulesRepositoryException e) {
- return false;
- }
-
- } else {
- // PackageBasedPermissionResolver only grants permissions based on package info.
- // Return false if the input is not a package info, as this will be the responsibility
- //of other PermissionResolvers in the resolver chain.
- return false;
- }
-
-
-
- //package based permission check only applies to admin|package.admin|package.dev|package.readonly role.
- //For Analyst we always grant permission.
- for (RoleBasedPermission pbp : permissions) {
- if (RoleTypes.ANALYST.equals(pbp.getRole())) {
- return true;
- } else if (targetUUDI.equalsIgnoreCase(pbp.getPackageUUID())
- && isPermitted(requestedRole, pbp.getRole())) {
- return true;
- }
- }
-
- return false;
- }
-
- private boolean isPermitted(String requestedAction, String role) {
- if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(role)) {
- return true;
- } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(role)) {
- if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(requestedAction)) {
- return false;
- } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(requestedAction)) {
- return true;
- } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(requestedAction)) {
- return true;
- }
- } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(role)) {
- if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(requestedAction)) {
- return false;
- } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(requestedAction)) {
- return false;
- } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(requestedAction)) {
- return true;
- }
- }
-
- return false;
- }
-
- public void filterSetByAction(Set<Object> targets, String action) {
- }
-}
Deleted: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedAuthenticator.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedAuthenticator.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedAuthenticator.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -1,56 +0,0 @@
-package org.drools.guvnor.server.security;
-/*
- * Copyright 2005 JBoss Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-import java.util.List;
-import org.apache.log4j.Logger;
-
-import org.jboss.seam.Component;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.security.Identity;
-
-/**
- * Use this authenticator for role based authentication.
- * @author Jervis Liu
- */
- at Name("roleBasedAuthenticator")
-public class RoleBasedAuthenticator {
-
- private static final Logger log = Logger.getLogger(RoleBasedAuthenticator.class);
-
- public boolean authenticate() {
- if (SecurityServiceImpl.GUEST_LOGIN.equals( Identity.instance().getCredentials().getUsername())) {
- return false;
- }
- log.info( "User logged in via RoleBasedAuthenticator.");
-
- RoleBasedPermissionStore pbps = (RoleBasedPermissionStore) Component
- .getInstance("org.drools.guvnor.server.security.RoleBasedPermissionStore");
- List<RoleBasedPermission> permissions = pbps.getRoleBasedPermissionsByUserName(Identity.instance().getCredentials().getUsername());
-
- //The admin role is added into Identity so that we can call Identity.hadRole("admin")
- //later. Other permissions are stored in session context
- for(RoleBasedPermission p : permissions) {
- if(RoleTypes.ADMIN.equalsIgnoreCase(p.getRole())) {
- Identity.instance().addRole(RoleTypes.ADMIN);
- }
- }
- Contexts.getSessionContext().set("packageBasedPermission", permissions);
- return true;
- }
-}
\ No newline at end of file
Copied: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionResolver.java (from rev 21420, labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolver.java)
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionResolver.java (rev 0)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionResolver.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -0,0 +1,209 @@
+package org.drools.guvnor.server.security;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Set;
+
+import org.drools.guvnor.server.ServiceImplementation;
+import org.drools.repository.PackageItem;
+import org.drools.repository.RulesRepositoryException;
+import org.jboss.seam.Component;
+import org.jboss.seam.annotations.Create;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.permission.PermissionResolver;
+
+/**
+ * PermissionResolvers are chained together to resolve permission check, the check returns true if
+ * one of the PermissionResolvers in the chain returns true.
+ *
+ * This PermissionResolver resolves category-based permissions and package-based permissions.
+ *
+ * If the input is category-based request, it returns true under following situations:
+ *
+ * For category-based permissions:
+ * 1. The user is admin
+ * Or
+ * 2. The user has at least one analyst role, and at least one of the analyst role has access to requested category path.
+ * Or
+ * 3. The user does not have any Analyst role(eg, the user only has other roles like package.admin|package.developer|package.readonly)
+ *
+ * If the input is package-based request, it returns true under following situations:
+ * 1. The user is admin
+ * Or
+ * 2. The user has one of the following roles package.admin|package.developer|package.readonly on the requested
+ * package, and requested role requires lower privilege than assigned role(I.e., package.admin>package.developer>package.readonly)
+ * Or
+ * 3. The user is Analyst
+ *
+ *
+
+ * @author Jervis Liu
+ */
+ at Name("org.drools.guvnor.server.security.roleBasedPermissionResolver")
+ at Scope(APPLICATION)
+ at BypassInterceptors
+ at Install(precedence = org.jboss.seam.annotations.Install.APPLICATION)
+ at Startup
+public class RoleBasedPermissionResolver implements PermissionResolver,
+ Serializable {
+
+ private boolean enableRoleBasedAuthorization = false;
+
+ @Create
+ public void create() {
+ }
+
+ /**
+ * check permission
+ *
+ * @param requestedObject
+ * the requestedObject must be an instance of CategoryPathType,
+ * or PackageNameType or PackageUUIDType.
+ * Otherwise return false;
+ * @param requestedRole
+ * the requestedRole must be an instance of String, its value has to be one of the
+ * followings: admin|analyst|package.admin|package.developer|package.readonly,
+ * otherwise return false;
+ * @return true if the permission can be granted on the requested object with the
+ * requested role; return false otherwise.
+ *
+ */
+ public boolean hasPermission(Object requestedObject, String requestedRole) {
+ if (!((requestedObject instanceof CategoryPathType)
+ || (requestedObject instanceof PackageNameType)
+ || (requestedObject instanceof PackageUUIDType))) {
+ return false;
+ }
+
+ if (!enableRoleBasedAuthorization) {
+ return true;
+ }
+
+ RoleBasedPermissionStore pbps = (RoleBasedPermissionStore) Component
+ .getInstance("org.drools.guvnor.server.security.RoleBasedPermissionStore");
+ List<RoleBasedPermission> permissions = pbps
+ .getRoleBasedPermissionsByUserName(Identity.instance()
+ .getCredentials().getUsername());
+
+ for (RoleBasedPermission p : permissions) {
+ if (RoleTypes.ADMIN.equalsIgnoreCase(p.getRole())) {
+ return true;
+ }
+ }
+
+ if (requestedObject instanceof CategoryPathType) {
+ String requestedPath = ((CategoryPathType) requestedObject)
+ .getCategoryPath();
+
+ //category path based permission check only applies to analyst role. If there is no Analyst
+ //role (e.g, only other roles like admin|package.admin|package.dev|package.readonly) we always grant permisssion.
+ boolean isPermitted = true;
+ //return true when there is no analyst role, or one of the analyst role has permission to access this category
+ for (RoleBasedPermission pbp : permissions) {
+ if (RoleTypes.ANALYST.equals(pbp.getRole())) {
+ isPermitted = false;
+ if(isPermittedCategoryPath(requestedPath, pbp.getCategoryPath())) {
+ return true;
+ }
+ }
+ }
+
+ return isPermitted;
+ } else {
+ String targetUUDI = "";
+
+ if (requestedObject instanceof PackageUUIDType) {
+ targetUUDI = ((PackageUUIDType) requestedObject).getUUID();
+
+ } else if (requestedObject instanceof PackageNameType) {
+ try {
+ ServiceImplementation si = (ServiceImplementation) Component
+ .getInstance("org.drools.guvnor.client.rpc.RepositoryService");
+ PackageItem source = si.repository
+ .loadPackage(((PackageNameType) requestedObject)
+ .getPackageName());
+ targetUUDI = source.getUUID();
+ } catch (RulesRepositoryException e) {
+ return false;
+ }
+ }
+
+ //package based permission check only applies to admin|package.admin|package.dev|package.readonly role.
+ //For Analyst we always grant permission.
+ for (RoleBasedPermission pbp : permissions) {
+ if (RoleTypes.ANALYST.equals(pbp.getRole())) {
+ return true;
+ } else if (targetUUDI.equalsIgnoreCase(pbp.getPackageUUID())
+ && isPermittedPackage(requestedRole, pbp.getRole())) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+ }
+
+ private boolean isPermittedCategoryPath(String requestedPath, String allowedPath) {
+ if(requestedPath == null || allowedPath == null) {
+ return false;
+ }
+ return requestedPath.equals(allowedPath) || isSubPath(allowedPath, requestedPath);
+ }
+
+
+ private boolean isPermittedPackage(String requestedAction, String role) {
+ if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(role)) {
+ return true;
+ } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(role)) {
+ if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(requestedAction)) {
+ return true;
+ } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(requestedAction)) {
+ return true;
+ }
+ } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(role)) {
+ if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if (RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(requestedAction)) {
+ return false;
+ } else if (RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(requestedAction)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ boolean isSubPath(String parentPath, String subPath) {
+ parentPath = (parentPath.startsWith("/")) ? parentPath.substring(1) : parentPath;
+ subPath = (subPath.startsWith("/")) ? subPath.substring(1) : subPath;
+ String[] parentTags = parentPath.split("/");
+ String[] subTags = subPath.split("/");
+ if (parentTags.length > subTags.length) return false;
+ for (int i = 0; i < parentTags.length; i++) {
+ if (!parentTags[i].equals(subTags[i])) return false;
+ }
+
+ return true;
+ }
+
+ public void filterSetByAction(Set<Object> targets, String action) {
+ }
+
+ public boolean isEnableRoleBasedAuthorization() {
+ return enableRoleBasedAuthorization;
+ }
+
+ public void setEnableRoleBasedAuthorization(boolean enableRoleBasedAuthorization) {
+ this.enableRoleBasedAuthorization = enableRoleBasedAuthorization;
+ }
+}
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplSecurityTest.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -14,9 +14,9 @@
import org.drools.guvnor.client.rpc.TableDataResult;
import org.drools.guvnor.client.rpc.TableDataRow;
import org.drools.guvnor.client.rulelist.AssetItemGrid;
-import org.drools.guvnor.server.security.CategoryBasedPermissionResolver;
+import org.drools.guvnor.server.security.MockRoleBasedPermissionStore;
+import org.drools.guvnor.server.security.RoleBasedPermissionResolver;
import org.drools.guvnor.server.security.MockIdentity;
-import org.drools.guvnor.server.security.PackageBasedPermissionResolver;
import org.drools.guvnor.server.security.RoleBasedPermission;
import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.util.TestEnvironmentSessionHelper;
@@ -58,10 +58,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -71,7 +70,8 @@
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
"testLoadRuleAssetWithRoleBasedAuthrozationCat1"));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
//now lets see if we can access this asset with the permissions
@@ -113,10 +113,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -127,9 +126,9 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_READONLY,
package1Uuid, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
//now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid1);
@@ -169,10 +168,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return true
- midentity.setHasRole(true);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(false);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -180,9 +178,9 @@
"org.drools.guvnor.client.rpc.RepositoryService", impl);
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
// now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid);
assertNotNull(asset);
@@ -213,10 +211,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -227,9 +224,9 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_ADMIN,
packageUuid, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
//now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid);
assertNotNull(asset);
@@ -260,10 +257,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -274,9 +270,9 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.ANALYST,
null, "category1"));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
//now lets see if we can access this asset with the permissions
try {
RuleAsset asset = impl.loadRuleAsset(uuid);
@@ -311,10 +307,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -328,9 +323,9 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_ADMIN,
packageUuid, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
//now lets see if we can access this asset with the permissions
try {
RuleAsset asset = impl.loadRuleAsset(uuid);
@@ -417,11 +412,10 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
@@ -434,10 +428,10 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_DEVELOPER,
package2Uuid, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
TableDataResult res = impl.loadRuleListForCategories(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
AssetItemGrid.RULE_LIST_TABLE_ID);
@@ -487,10 +481,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -507,10 +500,10 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_DEVELOPER,
package3Uuid, null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
TableDataResult res = impl.loadRuleListForCategories(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1", 0, -1,
AssetItemGrid.RULE_LIST_TABLE_ID);
@@ -542,10 +535,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -555,7 +547,8 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_READONLY,
packageUuid, null));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
//now lets see if we can access this asset with the permissions
try {
@@ -589,10 +582,9 @@
Lifecycle.beginApplication(application);
Lifecycle.beginCall();
MockIdentity midentity = new MockIdentity();
- // this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- midentity.addPermissionResolver(new PackageBasedPermissionResolver());
- midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+ midentity.addPermissionResolver(resolver);
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
@@ -602,7 +594,8 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_DEVELOPER,
packageUuid, null));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
//now lets see if we can access this asset with the permissions
String uuid2 = impl.checkinVersion(asset);
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -67,9 +67,8 @@
import org.drools.guvnor.client.rpc.ValidatedResponse;
import org.drools.guvnor.client.rulelist.AssetItemGrid;
import org.drools.guvnor.server.ServiceImplementation;
-import org.drools.guvnor.server.security.CategoryBasedPermissionResolver;
+import org.drools.guvnor.server.security.RoleBasedPermissionResolver;
import org.drools.guvnor.server.security.MockIdentity;
-import org.drools.guvnor.server.security.PackageBasedPermissionResolver;
import org.drools.guvnor.server.security.PackageNameType;
import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.util.BRXMLPersistence;
@@ -2132,9 +2131,11 @@
MockIdentity mi = new MockIdentity();
mi.inject();
- mi.addRole(RoleTypes.ADMIN);
- mi.addPermissionResolver(new CategoryBasedPermissionResolver());
- mi.addPermissionResolver(new PackageBasedPermissionResolver());
+ //mi.addRole(RoleTypes.ADMIN);
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(false);
+ mi.addPermissionResolver(new RoleBasedPermissionResolver());
+ //mi.addPermissionResolver(new PackageBasedPermissionResolver());
}
Deleted: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolverTest.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolverTest.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -1,78 +0,0 @@
-package org.drools.guvnor.server.security;
-/*
- * Copyright 2005 JBoss Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.contexts.Lifecycle;
-import org.jboss.seam.security.Identity;
-
-import junit.framework.TestCase;
-
-public class CategoryBasedPermissionResolverTest extends TestCase {
-
- public void testAnalyst() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "631b3d79-5b67-42fb-83da-714624970a6b", null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2"));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- CategoryBasedPermissionResolver resolver = new CategoryBasedPermissionResolver();
- assertTrue(resolver.hasPermission(new CategoryPathType("category1"), null));
- assertTrue(resolver.hasPermission(new CategoryPathType("category2"), null));
- assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), null));
-
- assertTrue(resolver.hasPermission(new CategoryPathType("/category1/category2"), null));
-
- Lifecycle.endApplication();
- }
-
- public void testIsSubPath() {
- CategoryBasedPermissionResolver pr = new CategoryBasedPermissionResolver();
- assertTrue(pr.isSubPath("foo", "foo/bar"));
- assertTrue(pr.isSubPath("foo", "/foo/bar"));
- assertTrue(pr.isSubPath("/foo/bar", "/foo/bar"));
- assertFalse(pr.isSubPath("/foo/bar", "foo"));
-
- assertTrue(pr.isSubPath("foo", "foo/bar/baz"));
- assertTrue(pr.isSubPath("foo/bar", "foo/bar/baz"));
- assertFalse(pr.isSubPath("wang", "foo/bar/baz"));
- assertFalse(pr.isSubPath("wang/whee", "foo/bar/baz"));
-
- assertFalse(pr.isSubPath("foo1", "foo2"));
- assertTrue(pr.isSubPath("foo1", "foo1"));
-
- }
- }
\ No newline at end of file
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -25,6 +25,8 @@
import java.util.Set;
import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.core.Events;
+import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.permission.PermissionResolver;
import org.jboss.seam.security.permission.ResolverChain;
@@ -74,6 +76,16 @@
* Push this mock as the identity to Seam.
*/
public void inject() {
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", this);
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity",
+ this);
}
+
+ public Credentials getCredentials() {
+ return new Credentials() {
+ public String getUsername()
+ {
+ return "mockedUser";
+ }
+ };
+ }
}
\ No newline at end of file
Added: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockRoleBasedPermissionStore.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockRoleBasedPermissionStore.java (rev 0)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockRoleBasedPermissionStore.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -0,0 +1,30 @@
+package org.drools.guvnor.server.security;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.jcr.RepositoryException;
+
+import org.drools.repository.RulesRepository;
+import org.drools.repository.security.PermissionManager;
+import org.jboss.seam.annotations.AutoCreate;
+import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.Name;
+
+ at Name("org.drools.guvnor.server.security.RoleBasedPermissionStore")
+ at AutoCreate
+public class MockRoleBasedPermissionStore extends RoleBasedPermissionStore {
+
+ List<RoleBasedPermission> pbps;
+
+ public MockRoleBasedPermissionStore(List<RoleBasedPermission> pbps) {
+ this.pbps = pbps;
+ }
+
+ public List<RoleBasedPermission> getRoleBasedPermissionsByUserName(
+ String userName) {
+ return pbps;
+ }
+
+}
Deleted: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java 2008-08-11 01:52:30 UTC (rev 21422)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/PackageBasedPermissionResolverTest.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -1,164 +0,0 @@
-package org.drools.guvnor.server.security;
-/*
- * Copyright 2005 JBoss Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.contexts.Lifecycle;
-import org.jboss.seam.security.Identity;
-
-import junit.framework.TestCase;
-
-public class PackageBasedPermissionResolverTest extends TestCase {
-
- //admin: everything
- public void testAdmin() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return true
- midentity.setHasRole(true);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ADMIN, "631b3d79-5b67-42fb-83da-714624970a6b", null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
-
- assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.ADMIN));
- assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.ADMIN));
-
- Lifecycle.endApplication();
- }
-
- //Package.admin: everything for that package, including creating snapshots for that package.
- public void testPackageAdmin() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "631b3d79-5b67-42fb-83da-714624970a6b", null));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
- assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.PACKAGE_ADMIN));
- assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.PACKAGE_DEVELOPER));
- assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.PACKAGE_READONLY));
-
- assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", RoleTypes.PACKAGE_READONLY));
-
- Lifecycle.endApplication();
- }
-
- //Package.developer: everything for that package, NOT snapshots (can view snapshots of that package only)
- public void testPackageDeveloper() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_DEVELOPER, "47982482-7912-4881-97ec-e852494383d7", null));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
-
- assertFalse(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_ADMIN));
- assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_DEVELOPER));
- assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_READONLY));
-
- assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", RoleTypes.PACKAGE_READONLY));
-
- Lifecycle.endApplication();
- }
-
- //Package.readonly: read only as the name suggested
- public void testPackageReadOnly() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
-
- assertFalse(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_DEVELOPER));
- assertFalse(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_DEVELOPER));
- assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_READONLY));
-
- assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", RoleTypes.PACKAGE_READONLY));
-
- Lifecycle.endApplication();
- }
-
- public void testAnalyst() throws Exception {
- //Mock up SEAM contexts
- Map application = new HashMap<String, Object>();
- Lifecycle.beginApplication(application);
- Lifecycle.beginCall();
- MockIdentity midentity = new MockIdentity();
- //this makes Identity.hasRole("admin") return false
- midentity.setHasRole(false);
- Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
-
-
- List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
- pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
- Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
- PackageBasedPermissionResolver resolver = new PackageBasedPermissionResolver();
-
- assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.ANALYST));
- assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.ANALYST));
-
- Lifecycle.endApplication();
- }
-
-
-}
\ No newline at end of file
Copied: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionResolverTest.java (from rev 21420, labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/CategoryBasedPermissionResolverTest.java)
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionResolverTest.java (rev 0)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/RoleBasedPermissionResolverTest.java 2008-08-11 05:36:19 UTC (rev 21423)
@@ -0,0 +1,207 @@
+package org.drools.guvnor.server.security;
+/*
+ * Copyright 2005 JBoss Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.contexts.Lifecycle;
+import org.jboss.seam.security.Identity;
+
+import junit.framework.TestCase;
+
+public class RoleBasedPermissionResolverTest extends TestCase {
+
+ public void testCategoryBasedPermissionAnalyst() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "631b3d79-5b67-42fb-83da-714624970a6b", null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category2"));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertTrue(resolver.hasPermission(new CategoryPathType("category1"), null));
+ assertTrue(resolver.hasPermission(new CategoryPathType("category2"), null));
+ assertFalse(resolver.hasPermission(new CategoryPathType("category3/category3"), null));
+ assertTrue(resolver.hasPermission(new CategoryPathType("/category1/category2"), null));
+
+ Lifecycle.endApplication();
+ }
+
+ public void testIsSubPath() {
+ RoleBasedPermissionResolver pr = new RoleBasedPermissionResolver();
+ assertTrue(pr.isSubPath("foo", "foo/bar"));
+ assertTrue(pr.isSubPath("foo", "/foo/bar"));
+ assertTrue(pr.isSubPath("/foo/bar", "/foo/bar"));
+ assertFalse(pr.isSubPath("/foo/bar", "foo"));
+
+ assertTrue(pr.isSubPath("foo", "foo/bar/baz"));
+ assertTrue(pr.isSubPath("foo/bar", "foo/bar/baz"));
+ assertFalse(pr.isSubPath("wang", "foo/bar/baz"));
+ assertFalse(pr.isSubPath("wang/whee", "foo/bar/baz"));
+
+ assertFalse(pr.isSubPath("foo1", "foo2"));
+ assertTrue(pr.isSubPath("foo1", "foo1"));
+ }
+
+
+ //admin: everything
+ public void testPackageBasedPermissionAdmin() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ADMIN, "631b3d79-5b67-42fb-83da-714624970a6b", null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.ADMIN));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.ADMIN));
+
+ Lifecycle.endApplication();
+ }
+
+ //Package.admin: everything for that package, including creating snapshots for that package.
+ public void testPackageBasedPermissionPackageAdmin() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_ADMIN, "631b3d79-5b67-42fb-83da-714624970a6b", null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.PACKAGE_ADMIN));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.PACKAGE_DEVELOPER));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.PACKAGE_READONLY));
+
+ assertFalse(resolver.hasPermission("47982482-7912-4881-97ec-e852494383d7", RoleTypes.PACKAGE_READONLY));
+
+ Lifecycle.endApplication();
+ }
+
+ //Package.developer: everything for that package, NOT snapshots (can view snapshots of that package only)
+ public void testPackageBasedPermissionPackageDeveloper() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_DEVELOPER, "47982482-7912-4881-97ec-e852494383d7", null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertFalse(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_ADMIN));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_DEVELOPER));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_READONLY));
+
+ assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", RoleTypes.PACKAGE_READONLY));
+
+ Lifecycle.endApplication();
+ }
+
+ //Package.readonly: read only as the name suggested
+ public void testPackageBasedPermissionPackageReadOnly() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertFalse(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_DEVELOPER));
+ assertFalse(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_DEVELOPER));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.PACKAGE_READONLY));
+
+ assertFalse(resolver.hasPermission("631b3d79-5b67-42fb-83da-714624970a6b", RoleTypes.PACKAGE_READONLY));
+
+ Lifecycle.endApplication();
+ }
+
+ public void testPackageBasedPermissionAnalyst() throws Exception {
+ //Mock up SEAM contexts
+ Map application = new HashMap<String, Object>();
+ Lifecycle.beginApplication(application);
+ Lifecycle.beginCall();
+ MockIdentity midentity = new MockIdentity();
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", midentity);
+
+
+ List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.PACKAGE_READONLY, "47982482-7912-4881-97ec-e852494383d7", null));
+ pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null, "category1"));
+ MockRoleBasedPermissionStore store = new MockRoleBasedPermissionStore(pbps);
+ Contexts.getSessionContext().set("org.drools.guvnor.server.security.RoleBasedPermissionStore", store);
+
+ RoleBasedPermissionResolver resolver = new RoleBasedPermissionResolver();
+ resolver.setEnableRoleBasedAuthorization(true);
+
+ assertTrue(resolver.hasPermission(new PackageUUIDType("47982482-7912-4881-97ec-e852494383d7"), RoleTypes.ANALYST));
+ assertTrue(resolver.hasPermission(new PackageUUIDType("631b3d79-5b67-42fb-83da-714624970a6b"), RoleTypes.ANALYST));
+
+ Lifecycle.endApplication();
+ }
+
+ }
\ No newline at end of file
More information about the jboss-svn-commits
mailing list