6:16 a.m.
Author: sohil.shah(a)jboss.com
Date: 2009-10-05 07:16:15 -0400 (Mon, 05 Oct 2009)
New Revision: 816
Added:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/AbstractPOJOTestCase.java
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestRoleBasedSecurity.java
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestTimeBasedSecurity.java
Removed:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java
Modified:
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java
Log:
adding time based security usecase
Modified:
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java
===================================================================
---
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java 2009-10-04
14:13:31 UTC (rev 815)
+++
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -23,6 +23,7 @@
import java.util.List;
import java.util.ArrayList;
+import java.util.Date;
/**
* Just a mock AuthenticatedSession that carries security related information about the
logged in user...
@@ -46,10 +47,12 @@
private String username;
private List<String> roles;
+ private Date accessTime;
public AuthenticatedSession()
{
this.roles = new ArrayList<String>();
+ this.accessTime = new Date(); //making this currentTime
}
public String getUsername()
@@ -76,4 +79,14 @@
{
this.roles.add(role);
}
+
+ public Date getAccessTime()
+ {
+ return accessTime;
+ }
+
+ public void setAccessTime(Date accessTime)
+ {
+ this.accessTime = accessTime;
+ }
}
Modified:
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java
===================================================================
---
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java 2009-10-04
14:13:31 UTC (rev 815)
+++
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.net.URI;
+import java.util.Calendar;
import org.apache.log4j.Logger;
@@ -36,6 +37,7 @@
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.action.Read;
import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.components.environment.TimeOfDay;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
@@ -109,6 +111,12 @@
{
action = new Write();
}
+
+ //TimeOfDay expressing accesstime information
+ TimeOfDay accessTime = new TimeOfDay();
+ Calendar access = Calendar.getInstance();
+ access.setTime(session.getAccessTime());
+ accessTime.setTimeofDay(access);
//Create an EnforcementContext and start the "Enforcement Phase" with the
security framework----------------------------------------------------------------------
EnforcementContext context = new EnforcementContext();
@@ -117,6 +125,7 @@
context.setAttribute("method", action);
context.setAttribute("identity", identity);
context.setAttribute("roles", roles);
+ context.setAttribute("accessTime", accessTime);
//Process the result from Enforcement Phase
execution-------------------------------------------------------------------------------------------------------------
EnforcementResponse response = this.getEnforcer().checkAccess(context);
Modified:
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java
===================================================================
---
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java 2009-10-04
14:13:31 UTC (rev 815)
+++
authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -23,6 +23,7 @@
import java.net.URI;
import java.util.Set;
+import java.util.Calendar;
import org.apache.log4j.Logger;
import org.jboss.security.authz.bootstrap.ServiceContainer;
@@ -36,6 +37,7 @@
import org.jboss.security.authz.components.action.Write;
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.environment.TimeOfDay;
import org.jboss.security.authz.samples.pojo.Pojo;
@@ -50,12 +52,28 @@
{
private static Logger log = Logger.getLogger(SecurityProvisioning.class);
- public void bootup()
+ public static final int rbac = 1;
+ public static final int timebased = 2;
+
+ public void bootup(int usecaseType)
{
try
{
// Provision POJO Policy
- this.provisionPOJOPolicy();
+ switch(usecaseType)
+ {
+ case rbac:
+ this.provisionRBACPOJOPolicy();
+ break;
+
+ case timebased:
+ this.provisionTimebasedPOJOPolicy();
+ break;
+
+ default:
+ this.provisionRBACPOJOPolicy();
+ break;
+ }
Set<Policy> policies = this.getProvisioner().readAllPolicies();
for(Policy policy: policies)
@@ -70,7 +88,7 @@
}
}
//
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void provisionPOJOPolicy() throws Exception
+ private void provisionRBACPOJOPolicy() throws Exception
{
// SetUp Resource
URIResource resource = new URIResource();
@@ -87,16 +105,54 @@
writeRoles.setMustMatchAll(false);
writeRoles.addName("admin");
+ //Make the POJO inaccessible after 5:30 pm
+ Calendar restriction = Calendar.getInstance();
+ restriction.set(Calendar.HOUR_OF_DAY, 17);
+ restriction.set(Calendar.MINUTE, 30);
+ TimeOfDay accessTimeRestriction = new TimeOfDay();
+ accessTimeRestriction.setTimeofDay(restriction);
+
// Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
+
+ //role based rule
context.addPolicyRule(Effect.PERMIT, read, readRoles,"allowExpression");
- context.addPolicyRule(Effect.PERMIT, write, writeRoles,"allowExpression");
+ context.addPolicyRule(Effect.PERMIT, write,
writeRoles,"allowExpression");
// Store the policy into the Policy Server
this.getProvisioner().deploy(context);
- }
+ }
+ private void provisionTimebasedPOJOPolicy() throws Exception
+ {
+ // SetUp Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI(Pojo.class.getName()));
+
+ Read read = new Read();
+
+
+ //Make the POJO inaccessible after 5:30 pm
+ Calendar officeHours = Calendar.getInstance();
+ officeHours.set(Calendar.HOUR_OF_DAY, 17);
+ officeHours.set(Calendar.MINUTE, 30);
+ TimeOfDay accessTimeRestriction = new TimeOfDay();
+ accessTimeRestriction.setTimeofDay(officeHours);
+
+
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+
+ //time based rule
+ context.addPolicyRule(Effect.PERMIT, read,
accessTimeRestriction,"matchIfBefore");
+ context.addPolicyRule(Effect.DENY, read,
accessTimeRestriction,"matchIfAfter");
+
+ // Store the policy into the Policy Server
+ this.getProvisioner().deploy(context);
+ }
+
private PolicyProvisioner getProvisioner()
{
return (PolicyProvisioner)
ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
Added:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/AbstractPOJOTestCase.java
===================================================================
---
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/AbstractPOJOTestCase.java
(rev 0)
+++
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/AbstractPOJOTestCase.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -0,0 +1,50 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.samples.pojo;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+
+import junit.framework.TestCase;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public abstract class AbstractPOJOTestCase extends TestCase
+{
+ private static Logger log = Logger.getLogger(AbstractPOJOTestCase.class);
+
+ public void setUp() throws Exception
+ {
+ // Bootstrap the Security Service
+ ServiceContainer.bootstrap();
+
+ // Start in Anonymous mode....each testcase will select its own
+ // authentication scenario
+ AuthenticatedSession.activeSession.set(null);
+ }
+
+ public void tearDown() throws Exception
+ {
+ ServiceContainer.shutdown();
+ }
+}
Copied:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestRoleBasedSecurity.java
(from rev 815,
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java)
===================================================================
---
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestRoleBasedSecurity.java
(rev 0)
+++
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestRoleBasedSecurity.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -0,0 +1,228 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authz.samples.pojo;
+
+import java.util.Calendar;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.samples.pojo.provisioning.SecurityProvisioning;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestRoleBasedSecurity extends AbstractPOJOTestCase
+{
+ private static Logger log = Logger.getLogger(TestRoleBasedSecurity.class);
+
+ private SecurityProvisioning provisioning;
+
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ // Bootup the system with the appropriate Policies
+ provisioning = new SecurityProvisioning();
+ provisioning.bootup(SecurityProvisioning.rbac);
+ }
+
+ public void testAsAnonymous() throws Exception
+ {
+ boolean readGranted = true;
+ boolean writeGranted = true;
+
+ Pojo pojo = new Pojo();
+
+ try
+ {
+ // Write Action on the Pojo
+ pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!");
+ writeGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ writeGranted = false;
+ }
+ else
+ {
+ log.error(this, r);
+ throw r;
+ }
+ }
+
+ try
+ {
+ String sensitiveData = pojo.getSensitiveData();
+ log.info(sensitiveData);
+ assertEquals("Data Must Match!!", sensitiveData,
+ "This is Top Secret Data!!! Protect Me!!");
+ readGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ readGranted = false;
+ }
+ else
+ {
+ throw r;
+ }
+ }
+
+ assertFalse("Read Access Must *Not* be Granted!!", readGranted);
+ assertFalse("Write Access Must *Not* be Granted!!", writeGranted);
+ }
+
+ public void testAsUser() throws Exception
+ {
+ boolean readGranted = false;
+ boolean writeGranted = true;
+
+ this.loginAsUser();
+ Pojo pojo = new Pojo();
+
+ // Read Action on the Pojo
+ try
+ {
+ String sensitiveData = pojo.getSensitiveData();
+ log.info(sensitiveData);
+ assertNull("Data Must be Null!!", sensitiveData);
+ readGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ readGranted = false;
+ }
+ else
+ {
+ throw r;
+ }
+ }
+
+ // Write Action on the Pojo
+ try
+ {
+ pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!");
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ writeGranted = false;
+ }
+ else
+ {
+ throw r;
+ }
+ }
+
+ assertTrue("Read Access Must be Granted!!", readGranted);
+ assertFalse("Write Access Must *Not* be Granted!!", writeGranted);
+ }
+
+ public void testAsAdmin() throws Exception
+ {
+ boolean readGranted = false;
+ boolean writeGranted = false;
+
+ this.loginAsAdmin();
+ Pojo pojo = new Pojo();
+
+ try
+ {
+ // Write Action on the Pojo
+ pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!");
+ writeGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ writeGranted = false;
+ }
+ else
+ {
+ log.error(this, r);
+ throw r;
+ }
+ }
+
+ try
+ {
+ String sensitiveData = pojo.getSensitiveData();
+ log.info(sensitiveData);
+ assertEquals("Data Must Match!!", sensitiveData,
+ "This is Top Secret Data!!! Protect Me!!");
+ readGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ readGranted = false;
+ }
+ else
+ {
+ throw r;
+ }
+ }
+
+ assertTrue("Read Access Must be Granted!!", readGranted);
+ assertTrue("Write Access Must be Granted!!", writeGranted);
+ }
+ //
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void loginAsAdmin()
+ {
+ AuthenticatedSession session = new AuthenticatedSession();
+
+ session.setUsername("admin");
+ session.addRole("admin");
+ // session.addRole("/system/admin/badassdude/blah/blah");
+
+ Calendar accessTime = Calendar.getInstance();
+ accessTime.set(Calendar.HOUR_OF_DAY, 8);
+ accessTime.set(Calendar.MINUTE, 0);
+ session.setAccessTime(accessTime.getTime());
+
+ AuthenticatedSession.activeSession.set(session);
+ }
+
+ private void loginAsUser()
+ {
+ AuthenticatedSession session = new AuthenticatedSession();
+
+ session.setUsername("user");
+ session.addRole("regular");
+
+ Calendar accessTime = Calendar.getInstance();
+ accessTime.set(Calendar.HOUR_OF_DAY, 8);
+ accessTime.set(Calendar.MINUTE, 0);
+ session.setAccessTime(accessTime.getTime());
+
+ AuthenticatedSession.activeSession.set(session);
+ }
+}
Property changes on:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestRoleBasedSecurity.java
___________________________________________________________________
Name: svn:mergeinfo
+
Deleted:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java
===================================================================
---
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java 2009-10-04
14:13:31 UTC (rev 815)
+++
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -1,231 +0,0 @@
-/*
- * JBoss, a division of Red Hat
- * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authz.samples.pojo;
-
-import org.apache.log4j.Logger;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.samples.pojo.provisioning.SecurityProvisioning;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class TestSecurePojo extends TestCase
-{
- private static Logger log = Logger.getLogger(TestSecurePojo.class);
-
- private SecurityProvisioning provisioning;
-
- public void setUp() throws Exception
- {
- // Bootstrap the Security Service
- ServiceContainer.bootstrap();
-
- // Bootup the system with the appropriate Policies
- provisioning = new SecurityProvisioning();
- provisioning.bootup();
-
- // Start in Anonymous mode....each testcase will select its own
- // authentication scenario
- AuthenticatedSession.activeSession.set(null);
- }
-
- public void tearDown() throws Exception
- {
- ServiceContainer.shutdown();
- }
-
- public void testAsAnonymous() throws Exception
- {
- boolean readGranted = true;
- boolean writeGranted = true;
-
- Pojo pojo = new Pojo();
-
- try
- {
- // Write Action on the Pojo
- pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!");
- writeGranted = true;
- }
- catch (Exception r)
- {
- if (r instanceof IllegalAccessException)
- {
- writeGranted = false;
- }
- else
- {
- log.error(this, r);
- throw r;
- }
- }
-
- try
- {
- String sensitiveData = pojo.getSensitiveData();
- log.info(sensitiveData);
- assertEquals("Data Must Match!!", sensitiveData,
- "This is Top Secret Data!!! Protect Me!!");
- readGranted = true;
- }
- catch (Exception r)
- {
- if (r instanceof IllegalAccessException)
- {
- readGranted = false;
- }
- else
- {
- throw r;
- }
- }
-
- assertFalse("Read Access Must *Not* be Granted!!", readGranted);
- assertFalse("Write Access Must *Not* be Granted!!", writeGranted);
- }
-
- public void testAsUser() throws Exception
- {
- boolean readGranted = false;
- boolean writeGranted = true;
-
- this.loginAsUser();
- Pojo pojo = new Pojo();
-
- // Read Action on the Pojo
- try
- {
- String sensitiveData = pojo.getSensitiveData();
- log.info(sensitiveData);
- assertNull("Data Must be Null!!", sensitiveData);
- readGranted = true;
- }
- catch (Exception r)
- {
- if (r instanceof IllegalAccessException)
- {
- readGranted = false;
- }
- else
- {
- throw r;
- }
- }
-
- // Write Action on the Pojo
- try
- {
- pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!");
- }
- catch (Exception r)
- {
- if (r instanceof IllegalAccessException)
- {
- writeGranted = false;
- }
- else
- {
- throw r;
- }
- }
-
- assertTrue("Read Access Must be Granted!!", readGranted);
- assertFalse("Write Access Must *Not* be Granted!!", writeGranted);
- }
-
- public void testAsAdmin() throws Exception
- {
- boolean readGranted = false;
- boolean writeGranted = false;
-
- this.loginAsAdmin();
- Pojo pojo = new Pojo();
-
- try
- {
- // Write Action on the Pojo
- pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!");
- writeGranted = true;
- }
- catch (Exception r)
- {
- if (r instanceof IllegalAccessException)
- {
- writeGranted = false;
- }
- else
- {
- log.error(this, r);
- throw r;
- }
- }
-
- try
- {
- String sensitiveData = pojo.getSensitiveData();
- log.info(sensitiveData);
- assertEquals("Data Must Match!!", sensitiveData,
- "This is Top Secret Data!!! Protect Me!!");
- readGranted = true;
- }
- catch (Exception r)
- {
- if (r instanceof IllegalAccessException)
- {
- readGranted = false;
- }
- else
- {
- throw r;
- }
- }
-
- assertTrue("Read Access Must be Granted!!", readGranted);
- assertTrue("Write Access Must be Granted!!", writeGranted);
- }
-
- //
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void loginAsAdmin()
- {
- AuthenticatedSession session = new AuthenticatedSession();
-
- session.setUsername("admin");
- session.addRole("admin");
- // session.addRole("/system/admin/badassdude/blah/blah");
-
- AuthenticatedSession.activeSession.set(session);
- }
-
- private void loginAsUser()
- {
- AuthenticatedSession session = new AuthenticatedSession();
-
- session.setUsername("user");
- session.addRole("regular");
-
- AuthenticatedSession.activeSession.set(session);
- }
-}
Added:
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestTimeBasedSecurity.java
===================================================================
---
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestTimeBasedSecurity.java
(rev 0)
+++
authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestTimeBasedSecurity.java 2009-10-05
11:16:15 UTC (rev 816)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authz.samples.pojo;
+
+import java.util.Calendar;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.samples.pojo.provisioning.SecurityProvisioning;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestTimeBasedSecurity extends AbstractPOJOTestCase
+{
+ private static Logger log = Logger.getLogger(TestTimeBasedSecurity.class);
+
+ private SecurityProvisioning provisioning;
+
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ // Bootup the system with the appropriate Policies
+ provisioning = new SecurityProvisioning();
+ provisioning.bootup(SecurityProvisioning.timebased);
+ }
+
+ public void testAsUser() throws Exception
+ {
+ boolean readGranted = false;
+ this.loginOfficeHours();
+ Pojo pojo = new Pojo();
+ // Read Action on the Pojo
+ try
+ {
+ pojo.getSensitiveData();
+ readGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ readGranted = false;
+ }
+ else
+ {
+ throw r;
+ }
+ }
+ assertTrue("Read Access Must be Granted!!", readGranted);
+
+ this.loginAfterHours();
+ // Read Action on the Pojo
+ try
+ {
+ pojo.getSensitiveData();
+ readGranted = true;
+ }
+ catch (Exception r)
+ {
+ if (r instanceof IllegalAccessException)
+ {
+ readGranted = false;
+ }
+ else
+ {
+ throw r;
+ }
+ }
+ assertFalse("Read Access Must *Not* be Granted!!", readGranted);
+ }
+ //
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void loginOfficeHours()
+ {
+ AuthenticatedSession session = new AuthenticatedSession();
+
+ session.setUsername("user");
+ session.addRole("regular");
+
+ Calendar accessTime = Calendar.getInstance();
+ accessTime.set(Calendar.HOUR_OF_DAY, 8);
+ accessTime.set(Calendar.MINUTE, 0);
+ session.setAccessTime(accessTime.getTime());
+
+ AuthenticatedSession.activeSession.set(session);
+ }
+
+ private void loginAfterHours()
+ {
+ AuthenticatedSession session = new AuthenticatedSession();
+
+ session.setUsername("user");
+ session.addRole("regular");
+
+ Calendar accessTime = Calendar.getInstance();
+ accessTime.set(Calendar.HOUR_OF_DAY, 18);
+ accessTime.set(Calendar.MINUTE, 0);
+ session.setAccessTime(accessTime.getTime());
+
+ AuthenticatedSession.activeSession.set(session);
+ }
+}