Author: sohil.shah(a)jboss.com
Date: 2010-08-13 08:43:07 -0400 (Fri, 13 Aug 2010)
New Revision: 3825
Added:
portal/branches/portalsecurity/portal/src/main/java/META-INF/
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component-mustmatchall.properties
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component.properties
Modified:
portal/branches/portalsecurity/portal/pom.xml
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/UserACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/AbstractTestSharedPageACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/AbstractSecurityTest.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/portal/TestPortalACL.java
Log:
testsuite integration with rule based UserACL
Modified: portal/branches/portalsecurity/portal/pom.xml
===================================================================
--- portal/branches/portalsecurity/portal/pom.xml 2010-08-13 12:25:10 UTC (rev 3824)
+++ portal/branches/portalsecurity/portal/pom.xml 2010-08-13 12:43:07 UTC (rev 3825)
@@ -161,7 +161,6 @@
</execution>
</executions>
</plugin>
-
</plugins>
</build>
</project>
Added:
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component-mustmatchall.properties
===================================================================
---
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component-mustmatchall.properties
(rev 0)
+++
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component-mustmatchall.properties 2010-08-13
12:43:07 UTC (rev 3825)
@@ -0,0 +1,71 @@
+import java.util.Set
+import java.util.HashSet
+
+function boolean <function>(Set userRoles)
+{
+ String[] allowedRoles = new String[]{<roleList>};
+
+ for(Object local: userRoles)
+ {
+ String userRole = (String)local;
+ String[] userSplit = userRole.split(":");
+ String userMembershipType = null;
+ String userGroup = null;
+ if(userSplit.length < 2)
+ {
+ userMembershipType = "*";
+ userGroup = userRole;
+ }
+ else
+ {
+ userMembershipType = userSplit[0].trim();
+ userGroup = userSplit[1].trim();
+ }
+
+ for(String allowedRole: allowedRoles)
+ {
+ String[] allowedSplit = allowedRole.split(":");
+ String allowedMembershipType = null;
+ String allowedGroup = null;
+ if(allowedSplit.length < 2)
+ {
+ allowedMembershipType = "*";
+ allowedGroup = allowedRole;
+ }
+ else
+ {
+ allowedMembershipType = allowedSplit[0].trim();
+ allowedGroup = allowedSplit[1].trim();
+ }
+
+ if(userMembershipType.equals("*") ||
allowedMembershipType.equals("*"))
+ {
+ if(!userGroup.equals(allowedGroup))
+ {
+ return false;
+ }
+ }
+ else
+ {
+ if(!userMembershipType.equals(allowedMembershipType) ||
!userGroup.equals(allowedGroup))
+ {
+ return false;
+ }
+ }
+ }
+ }
+
+ return true;
+}
+
+rule "<ruleReference>"
+
+when
+$ruleName: String()
+$roles: HashSet()
+eval($ruleName.contains("<ruleReference>"))
+eval(<function>($roles))
+
+then
+insert(Boolean.TRUE);
+end
\ No newline at end of file
Added:
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component.properties
===================================================================
---
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component.properties
(rev 0)
+++
portal/branches/portalsecurity/portal/src/main/java/META-INF/exo-roles-component.properties 2010-08-13
12:43:07 UTC (rev 3825)
@@ -0,0 +1,71 @@
+import java.util.Set
+import java.util.HashSet
+
+function boolean <function>(Set userRoles)
+{
+ String[] allowedRoles = new String[]{<roleList>};
+
+ for(Object local: userRoles)
+ {
+ String userRole = (String)local;
+ String[] userSplit = userRole.split(":");
+ String userMembershipType = null;
+ String userGroup = null;
+ if(userSplit.length < 2)
+ {
+ userMembershipType = "*";
+ userGroup = userRole;
+ }
+ else
+ {
+ userMembershipType = userSplit[0].trim();
+ userGroup = userSplit[1].trim();
+ }
+
+ for(String allowedRole: allowedRoles)
+ {
+ String[] allowedSplit = allowedRole.split(":");
+ String allowedMembershipType = null;
+ String allowedGroup = null;
+ if(allowedSplit.length < 2)
+ {
+ allowedMembershipType = "*";
+ allowedGroup = allowedRole;
+ }
+ else
+ {
+ allowedMembershipType = allowedSplit[0].trim();
+ allowedGroup = allowedSplit[1].trim();
+ }
+
+ if(userMembershipType.equals("*") ||
allowedMembershipType.equals("*"))
+ {
+ if(userGroup.equals(allowedGroup))
+ {
+ return true;
+ }
+ }
+ else
+ {
+ if(userMembershipType.equals(allowedMembershipType) &&
userGroup.equals(allowedGroup))
+ {
+ return true;
+ }
+ }
+ }
+ }
+
+ return false;
+}
+
+rule "<ruleReference>"
+
+when
+$ruleName: String()
+$roles: HashSet()
+eval($ruleName.contains("<ruleReference>"))
+eval(<function>($roles))
+
+then
+insert(Boolean.TRUE);
+end
\ No newline at end of file
Modified:
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/UserACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/UserACL.java 2010-08-13
12:25:10 UTC (rev 3824)
+++
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/UserACL.java 2010-08-13
12:43:07 UTC (rev 3825)
@@ -25,13 +25,17 @@
import org.exoplatform.portal.config.model.Page;
import org.exoplatform.portal.config.model.PageNavigation;
import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.portal.config.security.plugin.JBossSecurityPlugin;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.portal.config.security.plugin.JBossSecurityPlugin;
+import org.exoplatform.portal.config.security.plugin.ExoEnforcementPoint;
+import org.exoplatform.portal.config.security.plugin.ExoPolicyProvisioner;
+import org.jboss.security.authz.agent.enforcement.EnforcementException;
+
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
@@ -157,9 +161,31 @@
portalCreatorGroups_ = defragmentPermission(allGroups);
//Start the Authz Security service
- //this.securityPlugin = new JBossSecurityPlugin();
- //this.securityPlugin.start();
+ this.securityPlugin = new JBossSecurityPlugin();
+ this.securityPlugin.start();
+
+ //bootstrap policy provisioning
+ ExoPolicyProvisioner policyProvisioner =
this.securityPlugin.getExoPolicyProvisioner();
+ policyProvisioner.setSuperuser(this.superUser_);
+ policyProvisioner.setGuestGroup(this.guestGroup_);
+ if(this.navigationCreatorMembershipType_ != null &&
this.navigationCreatorMembershipType_.trim().length() >0)
+ {
+
policyProvisioner.setNavigationCreatorMembershipType(this.navigationCreatorMembershipType_);
+ }
+ if(this.portalCreatorGroups_ != null &&
!this.portalCreatorGroups_.isEmpty())
+ {
+ policyProvisioner.setPortalCreatorGroups(this.portalCreatorGroups_);
+ }
+
+ //Initialize the PolicyProvisioner
+ policyProvisioner.initialize();
+
}
+
+ public JBossSecurityPlugin getSecurityPlugin()
+ {
+ return this.securityPlugin;
+ }
// TODO: unnecessary to keep potalACLPlugin
public void addPortalACLPlugin(PortalACLPlugin plugin)
@@ -231,7 +257,7 @@
public boolean hasPermission(PortalConfig pconfig)
{
- Identity identity = getIdentity();
+ /*Identity identity = getIdentity();
if (hasPermission(identity, pconfig.getEditPermission()))
{
pconfig.setModifiable(true);
@@ -239,49 +265,58 @@
}
pconfig.setModifiable(false);
String[] accessPerms = (pconfig.getAccessPermissions());
- for (String per : accessPerms)
+ if(accessPerms != null)
{
- if (hasPermission(identity, per))
- {
- return true;
- }
+ for (String per : accessPerms)
+ {
+ if (hasPermission(identity, per))
+ {
+ return true;
+ }
+ }
}
- return false;
+
+ return false;*/
+ try
+ {
+ //Use the JBoss Security Framework
+ ExoEnforcementPoint enforcementPoint =
this.securityPlugin.getExoEnforcementPoint();
+ Identity identity = this.getIdentity();
+ if(enforcementPoint.checkWriteAccess(identity, pconfig))
+ {
+ pconfig.setModifiable(true);
+ return true;
+ }
+ pconfig.setModifiable(false);
+ return enforcementPoint.checkReadAccess(identity, pconfig);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
}
public boolean hasEditPermission(PortalConfig pconfig)
{
- return hasPermission(getIdentity(), pconfig.getEditPermission());
+ //return hasPermission(getIdentity(), pconfig.getEditPermission());
+ try
+ {
+ //Use the JBoss Security Framework
+ ExoEnforcementPoint enforcementPoint =
this.securityPlugin.getExoEnforcementPoint();
+ Identity identity = this.getIdentity();
+ return enforcementPoint.checkWriteAccess(identity, pconfig);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
}
- /**
- * This method is equivalent to
<code>hasEditPermission(PortalConfig)</code>. That allows us
- * to check edit permission on a UIPortal, without converting UIPortal into
PortalConfig via
- * PortalDataMapper.
- *
- * @param ownerType the owner type
- * @param ownerId the owner id
- * @param editPermExpression the permission expression
- * @return true or false
- */
- public boolean hasEditPermissionOnPortal(String ownerType, String ownerId, String
editPermExpression)
- {
- Identity identity = this.getIdentity();
- if(superUser_.equals(identity.getUserId()))
- {
- return true;
- }
-
- if(PortalConfig.USER_TYPE.equals(ownerType)){
- return identity.getUserId().equals(ownerId);
- }
-
- return hasPermission(identity, editPermExpression);
- }
-
public boolean hasCreatePortalPermission()
{
- Identity identity = getIdentity();
+ /*Identity identity = getIdentity();
if (superUser_.equals(identity.getUserId()))
{
return true;
@@ -297,12 +332,22 @@
return true;
}
}
- return false;
+ return false;*/
+ try
+ {
+ ExoEnforcementPoint enforcementPoint =
this.securityPlugin.getExoEnforcementPoint();
+ return enforcementPoint.checkCreatePortalAccess(getIdentity());
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ throw new RuntimeException(e);
+ }
}
public boolean hasEditPermission(PageNavigation pageNav)
{
- Identity identity = getIdentity();
+ /*Identity identity = getIdentity();
if (superUser_.equals(identity.getUserId()))
{
pageNav.setModifiable(true);
@@ -336,12 +381,28 @@
{
return pageNav.getOwnerId().equals(identity.getUserId());
}
- return false;
+ return false;*/
+ try
+ {
+ ExoEnforcementPoint enforcementPoint =
this.securityPlugin.getExoEnforcementPoint();
+ Identity identity = this.getIdentity();
+ boolean hasWriteAccess = enforcementPoint.checkWriteAccess(identity, pageNav);
+ if(hasWriteAccess && superUser_.equals(identity.getUserId()))
+ {
+ pageNav.setModifiable(true);
+ }
+ return hasWriteAccess;
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ throw new RuntimeException(e);
+ }
}
public boolean hasPermission(Page page)
{
- Identity identity = getIdentity();
+ /*Identity identity = getIdentity();
if (PortalConfig.USER_TYPE.equals(page.getOwnerType()))
{
if (page.getOwnerId().equals(identity.getUserId()))
@@ -372,12 +433,31 @@
}
}
}
- return false;
+ return false;*/
+ try
+ {
+ ExoEnforcementPoint enforcementPoint =
this.securityPlugin.getExoEnforcementPoint();
+ Identity identity = this.getIdentity();
+ boolean hasWriteAccess = enforcementPoint.checkWriteAccess(identity, page);
+ if(hasWriteAccess)
+ {
+ page.setModifiable(true);
+ return true;
+ }
+
+ page.setModifiable(false);
+ return enforcementPoint.checkReadAccess(identity, page);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
}
public boolean hasEditPermission(Page page)
{
- Identity identity = getIdentity();
+ /*Identity identity = getIdentity();
if (PortalConfig.USER_TYPE.equals(page.getOwnerType()))
{
if (page.getOwnerId().equals(identity.getUserId()))
@@ -393,11 +473,55 @@
return true;
}
page.setModifiable(false);
- return false;
+ return false;*/
+ try
+ {
+ ExoEnforcementPoint enforcementPoint =
this.securityPlugin.getExoEnforcementPoint();
+ Identity identity = this.getIdentity();
+ boolean hasWriteAccess = enforcementPoint.checkWriteAccess(identity, page);
+ if(hasWriteAccess)
+ {
+ page.setModifiable(true);
+ return true;
+ }
+
+ page.setModifiable(false);
+ return false;
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
}
-
+
/**
+ * This method is equivalent to
<code>hasEditPermission(PortalConfig)</code>. That allows us
+ * to check edit permission on a UIPortal, without converting UIPortal into
PortalConfig via
+ * PortalDataMapper.
*
+ * @param ownerType the owner type
+ * @param ownerId the owner id
+ * @param editPermExpression the permission expression
+ * @return true or false
+ */
+ public boolean hasEditPermissionOnPortal(String ownerType, String ownerId, String
editPermExpression)
+ {
+ Identity identity = this.getIdentity();
+ if(superUser_.equals(identity.getUserId()))
+ {
+ return true;
+ }
+
+ if(PortalConfig.USER_TYPE.equals(ownerType)){
+ return identity.getUserId().equals(ownerId);
+ }
+
+ return hasPermission(identity, editPermExpression);
+ }
+
+ /**
+ *
* Minh Hoang TO - This method is equivalent to
* <code>hasEditPermission(Page)</code>. It allows us to check edit
* permission with a UIPage, without converting UIPage into Page via
@@ -424,6 +548,32 @@
{
return hasPermission(getIdentity(), expPerm);
}
+
+ public boolean hasPermission(Identity identity, String expPerm)
+ {
+ String currentUser = identity.getUserId();
+ if (superUser_.equals(currentUser))
+ {
+ return true;
+ }
+ if (expPerm == null)
+ {
+ return false;
+ }
+ if (EVERYONE.equals(expPerm))
+ {
+ return true;
+ }
+ Permission permission = new Permission();
+ permission.setPermissionExpression(expPerm);
+ String groupId = permission.getGroupId();
+ if (currentUser == null && groupId.equals(guestGroup_))
+ {
+ return true;
+ }
+ String membership = permission.getMembership();
+ return identity.isMemberOf(groupId, membership);
+ }
/**
* @param group
@@ -473,32 +623,6 @@
return id;
}
- public boolean hasPermission(Identity identity, String expPerm)
- {
- String currentUser = identity.getUserId();
- if (superUser_.equals(currentUser))
- {
- return true;
- }
- if (expPerm == null)
- {
- return false;
- }
- if (EVERYONE.equals(expPerm))
- {
- return true;
- }
- Permission permission = new Permission();
- permission.setPermissionExpression(expPerm);
- String groupId = permission.getGroupId();
- if (currentUser == null && groupId.equals(guestGroup_))
- {
- return true;
- }
- String membership = permission.getMembership();
- return identity.isMemberOf(groupId, membership);
- }
-
private List<String> defragmentPermission(String permission)
{
List<String> result = new ArrayList<String>();
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java 2010-08-13
12:25:10 UTC (rev 3824)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java 2010-08-13
12:43:07 UTC (rev 3825)
@@ -28,6 +28,8 @@
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.portal.config.security.plugin.ExoPolicyProvisioner;
+import org.exoplatform.portal.config.security.plugin.JBossSecurityPlugin;
import java.util.Collection;
import java.util.Collections;
@@ -45,6 +47,7 @@
protected UserACL ua;
protected User root, administrator, manager, user, guest;
+ protected JBossSecurityPlugin securityPlugin;
@Override
protected void setUp() throws Exception
@@ -70,7 +73,30 @@
this.manager = manager;
this.user = user;
this.guest = guest;
+ this.securityPlugin = this.ua.getSecurityPlugin();
}
+
+ protected void provisionPortalPolicy(PortalConfig portal) throws Exception
+ {
+ ExoPolicyProvisioner exoPolicyProvisioner =
this.securityPlugin.getExoPolicyProvisioner();
+
+ //Provision the Policy for this Resource
+ exoPolicyProvisioner.provision(portal);
+
+ //Debug
+ exoPolicyProvisioner.debug();
+ }
+
+ protected void provisionPagePolicy(Page page) throws Exception
+ {
+ ExoPolicyProvisioner exoPolicyProvisioner =
this.securityPlugin.getExoPolicyProvisioner();
+
+ //Provision the Policy for this Resource
+ exoPolicyProvisioner.provision(page);
+
+ //Debug
+ exoPolicyProvisioner.debug();
+ }
public class User
{
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/AbstractTestSharedPageACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/AbstractTestSharedPageACL.java 2010-08-13
12:25:10 UTC (rev 3824)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/AbstractTestSharedPageACL.java 2010-08-13
12:43:07 UTC (rev 3825)
@@ -31,12 +31,14 @@
protected abstract String getOwnerType();
- public void testPage()
+ public void testPage() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[0]);
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -53,12 +55,14 @@
assertFalse(guest.hasEditPermission(page));
}
- public void testPageAccessibleByEveryone()
+ public void testPageAccessibleByEveryone() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[]{"Everyone"});
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -75,13 +79,15 @@
assertFalse(guest.hasEditPermission(page));
}
- public void testPageEditableByEveryone()
+ public void testPageEditableByEveryone() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[0]);
page.setEditPermission("Everyone");
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -98,12 +104,14 @@
assertTrue(guest.hasEditPermission(page));
}
- public void testPageAccessibleByGuests()
+ public void testPageAccessibleByGuests() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[]{"whatever:/platform/guests"});
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -120,13 +128,15 @@
assertFalse(guest.hasEditPermission(page));
}
- public void testPageEditableByGuests()
+ public void testPageEditableByGuests() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[0]);
page.setEditPermission("whatever:/platform/guests");
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -143,12 +153,14 @@
assertTrue(guest.hasEditPermission(page));
}
- public void testPageAccessibleByEveryOneAndGuests()
+ public void testPageAccessibleByEveryOneAndGuests() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[]{"Everyone",
"whatever:/platform/guests"});
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -165,12 +177,14 @@
assertFalse(guest.hasEditPermission(page));
}
- public void testPageWithAccessPermission()
+ public void testPageWithAccessPermission() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[]{"manager:/manageable"});
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
@@ -190,13 +204,15 @@
assertFalse(guest.hasPermission(page));
}
- public void testPageWithEditPermission()
+ public void testPageWithEditPermission() throws Exception
{
Page page = new Page();
page.setOwnerType(getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[0]);
page.setEditPermission("manager:/manageable");
+
+ this.provisionPagePolicy(page);
//
assertTrue(root.hasPermission(page));
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java 2010-08-13
12:25:10 UTC (rev 3824)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java 2010-08-13
12:43:07 UTC (rev 3825)
@@ -28,12 +28,14 @@
*/
public class TestUserPageACL extends AbstractTestUserACL
{
- public void testUserPageIsAlwaysUsableOnlyByItsOwner()
+ public void testUserPageIsAlwaysUsableOnlyByItsOwner() throws Exception
{
Page page = new Page();
page.setOwnerType("user");
page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
+ this.provisionPagePolicy(page);
+
assertTrue(root.hasPermission(page));
assertFalse(administrator.hasPermission(page));
assertFalse(manager.hasPermission(page));
@@ -50,6 +52,8 @@
page.setOwnerType("user");
page.setOwnerId("user");
page.setAccessPermissions(new String[]{"manager:/manageable"});
+ this.provisionPagePolicy(page);
+
assertTrue(root.hasPermission(page));
assertFalse(administrator.hasPermission(page));
assertTrue(manager.hasPermission(page));
@@ -66,6 +70,8 @@
page.setOwnerType("user");
page.setOwnerId("user");
page.setEditPermission("manager:/manageable");
+ this.provisionPagePolicy(page);
+
assertTrue(root.hasPermission(page));
assertFalse(administrator.hasPermission(page));
assertFalse(manager.hasPermission(page));
@@ -83,6 +89,8 @@
page.setOwnerType("user");
page.setOwnerId("user");
page.setAccessPermissions(new String[]{"Everyone"});
+ this.provisionPagePolicy(page);
+
assertTrue(root.hasPermission(page));
assertTrue(administrator.hasPermission(page));
assertTrue(manager.hasPermission(page));
@@ -100,6 +108,8 @@
page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
page.setEditPermission("Everyone");
+ this.provisionPagePolicy(page);
+
assertTrue(root.hasPermission(page));
assertFalse(administrator.hasPermission(page));
assertFalse(manager.hasPermission(page));
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/AbstractSecurityTest.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/AbstractSecurityTest.java 2010-08-13
12:25:10 UTC (rev 3824)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/AbstractSecurityTest.java 2010-08-13
12:43:07 UTC (rev 3825)
@@ -49,9 +49,6 @@
@Override
protected void setUp() throws Exception
{
- securityPlugin = new JBossSecurityPlugin();
- securityPlugin.start();
-
// Setting up the initial state of data used during enforcement decisions
// Setup the UserACL instance
UserACLMetaData md = new UserACLMetaData();
@@ -66,6 +63,7 @@
// Initializes the UserACL instance
this.ua = new UserACL(md);
+ this.securityPlugin = this.ua.getSecurityPlugin();
// SetUp the mock identities
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/portal/TestPortalACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/portal/TestPortalACL.java 2010-08-13
12:25:10 UTC (rev 3824)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/portal/TestPortalACL.java 2010-08-13
12:43:07 UTC (rev 3825)
@@ -21,6 +21,7 @@
import org.exoplatform.portal.config.model.PortalConfig;
import org.exoplatform.portal.config.security.AbstractTestUserACL;
+import org.exoplatform.portal.config.security.plugin.ExoPolicyProvisioner;
/**
* @author <a href="mailto:julien.viet@exoplatform.com">Julien
Viet</a>
@@ -29,10 +30,11 @@
public class TestPortalACL extends AbstractTestUserACL
{
- public void testFoo()
+ public void testFoo() throws Exception
{
PortalConfig portal = new PortalConfig();
portal.setAccessPermissions(new String[0]);
+ this.provisionPortalPolicy(portal);
//
assertTrue(root.hasEditPermission(portal));
@@ -49,10 +51,11 @@
assertFalse(guest.hasPermission(portal));
}
- public void testPortalAccessible()
+ public void testPortalAccessible() throws Exception
{
PortalConfig portal = new PortalConfig();
portal.setAccessPermissions(new String[]{"manager:/manageable"});
+ this.provisionPortalPolicy(portal);
//
assertTrue(root.hasEditPermission(portal));
@@ -69,11 +72,12 @@
assertFalse(guest.hasPermission(portal));
}
- public void testPortalEditable()
+ public void testPortalEditable() throws Exception
{
PortalConfig portal = new PortalConfig();
portal.setAccessPermissions(new String[0]);
portal.setEditPermission("manager:/manageable");
+ this.provisionPortalPolicy(portal);
//
assertTrue(root.hasEditPermission(portal));
@@ -90,11 +94,12 @@
assertFalse(guest.hasPermission(portal));
}
- public void testPortalAccessibleAndEditable()
+ public void testPortalAccessibleAndEditable() throws Exception
{
PortalConfig portal = new PortalConfig();
portal.setAccessPermissions(new String[]{"manager:/manageable"});
portal.setEditPermission("manager:/manageable");
+ this.provisionPortalPolicy(portal);
//
assertTrue(root.hasEditPermission(portal));