exo-jcr SVN: r2542 - in core/trunk/exo.core.component.security.core: src/main/java/org/exoplatform/services/security and 1 other directories.
8:39 a.m.
Author: nzamosenchuk
Date: 2010-06-10 09:39:04 -0400 (Thu, 10 Jun 2010)
New Revision: 2542
Added:
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
Modified:
core/trunk/exo.core.component.security.core/
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
Log:
EXOJCR-770: Removing setSubject permission, only single ModifyIdentity is now present.
EXOJCR-767: Adding the test, adding check for attribute modification.
Property changes on: core/trunk/exo.core.component.security.core
___________________________________________________________________
Name: svn:ignore
+ .project
.classpath
target
Modified:
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
===================================================================
---
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-10
12:48:48 UTC (rev 2541)
+++
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-10
13:39:04 UTC (rev 2542)
@@ -31,8 +31,6 @@
public class ConversationState
{
- private static final RuntimePermission SET_CURRENT_STATE_PERMISSION = new
RuntimePermission("setCurrentState");
-
/**
* "subject".
*/
@@ -74,12 +72,7 @@
*/
public static void setCurrent(ConversationState state)
{
- SecurityManager security = System.getSecurityManager();
- if (security != null)
- {
- security.checkPermission(SET_CURRENT_STATE_PERMISSION);
- }
-
+ checkPermissions();
current.set(state);
}
@@ -99,7 +92,7 @@
*/
public void setAttribute(String name, Object value)
{
- // TODO : need check is it allowed to set any attributes
+ checkPermissions();
this.attributes.put(name, value);
}
@@ -130,4 +123,15 @@
this.attributes.remove(name);
}
+ /**
+ * Checks if modification allowed
+ */
+ private static void checkPermissions()
+ {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+
security.checkPermission(PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION);
+ }
+ }
}
Modified:
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
===================================================================
---
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-10
12:48:48 UTC (rev 2541)
+++
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-10
13:39:04 UTC (rev 2542)
@@ -202,7 +202,7 @@
SecurityManager security = System.getSecurityManager();
if (security != null)
{
- security.checkPermission(PermissionConstants.SET_SUBJECT_PERMISSION);
+ security.checkPermission(PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
this.subject = subject;
}
Modified:
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
===================================================================
---
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java 2010-06-10
12:48:48 UTC (rev 2541)
+++
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java 2010-06-10
13:39:04 UTC (rev 2542)
@@ -26,8 +26,15 @@
public class PermissionConstants
{
- public static final RuntimePermission SET_SUBJECT_PERMISSION = new
RuntimePermission("setSubject");
-
+ /**
+ * Permission to modify {@link Identity}
+ */
public static final RuntimePermission MODIFY_IDENTITY_PERMISSION = new
RuntimePermission("modifyIdentity");
+ /**
+ * Permission to modify Conversation state
+ */
+ public static final RuntimePermission MODIFY_CONVERSATION_STATE_PERMISSION =
+ new RuntimePermission("modifyConversationState");
+
}
Modified:
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
===================================================================
---
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java 2010-06-10
12:48:48 UTC (rev 2541)
+++
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java 2010-06-10
13:39:04 UTC (rev 2542)
@@ -37,11 +37,6 @@
*/
public abstract class BaseSecurityTest extends TestCase
{
-
- public static final Permission SET_SUBJECT_PERMISSION = new
RuntimePermission("setSubject");
- public static final Permission MODIFY_IDENTITY_PERMISSION = new
RuntimePermission("modifyIdentity");
- public static final Permission ALL_PERMISSION = new AllPermission();
-
/**
*
*/
Modified:
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
===================================================================
---
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java 2010-06-10
12:48:48 UTC (rev 2541)
+++
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java 2010-06-10
13:39:04 UTC (rev 2542)
@@ -41,7 +41,7 @@
}
/**
- * Check that modification is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that modification is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testModifyRolesWithPermissions()
{
@@ -54,7 +54,7 @@
getIdentity().getRoles().clear();
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -63,7 +63,7 @@
}
/**
- * Check that setRoles is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that setRoles is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testSetRolesWithPermissions()
{
@@ -76,7 +76,7 @@
getIdentity().setRoles(new HashSet<String>());
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -85,7 +85,7 @@
}
/**
- * Check that modification is denied if no permission given
+ * Checks that modification is denied if no permission given
*/
public void testModifyRolesWithNoPermissions()
{
@@ -108,7 +108,7 @@
}
/**
- * Check that setRoles is denied if no permission given
+ * Checks that setRoles is denied if no permission given
*/
public void testSetWithRolesNoPermissions()
{
@@ -131,7 +131,7 @@
}
/**
- * Check that modification is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that modification is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testModifyMembershipsWithPermissions()
{
@@ -144,7 +144,7 @@
getIdentity().getMemberships().clear();
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -153,7 +153,7 @@
}
/**
- * Check that setMemberships is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that setMemberships is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testSetMembershipsWithPermissions()
{
@@ -167,7 +167,7 @@
getIdentity().setMemberships(new HashSet<MembershipEntry>());
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -176,7 +176,7 @@
}
/**
- * Check that modification is denied if no permission given
+ * Checks that modification is denied if no permission given
*/
public void testModifyMembershipsWithNoPermissions()
{
@@ -199,7 +199,7 @@
}
/**
- * Check that setMemberships is denied if no permission given
+ * Checks that setMemberships is denied if no permission given
*/
public void testSetWithMembershipsNoPermissions()
{
@@ -223,7 +223,7 @@
}
/**
- * Check setSubject is permitted with "setSubject" permission
+ * Checks setSubject is permitted with "setSubject" permission
*/
public void testSubjectWithSetSubjectPermissions()
{
@@ -236,7 +236,7 @@
getIdentity().setSubject(new Subject());
return null;
}
- }, SET_SUBJECT_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -245,7 +245,7 @@
}
/**
- * Check setSubject is denied without "setSubject" permission
+ * Checks setSubject is denied without "setSubject" permission
*/
public void testSubjectWithNoPermissions()
{
@@ -269,6 +269,7 @@
/**
* Creates dummy Identity for testing purposes
+ *
* @return
*/
private Identity getIdentity()
Added:
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
===================================================================
---
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
(rev 0)
+++
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java 2010-06-10
13:39:04 UTC (rev 2542)
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security;
+
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Collection;
+
+/**
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay
Zamosenchuk</a>
+ * @version $Id: TestStatePermissions.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class TestStatePermissions extends BaseSecurityTest
+{
+ private ConversationState state;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ Collection<MembershipEntry> memberships = null;
+
+ memberships = new ArrayList<MembershipEntry>();
+ memberships.add(new MembershipEntry("/group1", "*"));
+ memberships.add(new MembershipEntry("/group2", "member"));
+
+ Identity identity = new Identity("user", memberships);
+ state = new ConversationState(identity);
+ }
+
+ /**
+ * Checks that modification is permitted
+ */
+ public void testStateSetCurrentWithPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ ConversationState.setCurrent(state);
+ ConversationState.setCurrent(null);
+ return null;
+ }
+ }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with
required permissions.");
+ }
+ }
+
+ /**
+ * Checks that modification is denied if no permission given
+ */
+ public void testStateSetCurrentWithNoPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ ConversationState.setCurrent(state);
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+
+ /**
+ * Checks that modification is permitted
+ */
+ public void testStateSetAttributeWithPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ state.setAttribute("attribute", "value");
+ return null;
+ }
+ }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with
required permissions.");
+ }
+ }
+
+ /**
+ * Checks that modification is denied if no permission given
+ */
+ public void testStateSetAttributeWithNoPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ state.setAttribute("attribute", "value");
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+}
Property changes on:
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
5264
days inactive
5264
days old
exo-jcr-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
do-not-reply@jboss.org