Author: sohil.shah(a)jboss.com
Date: 2010-01-19 13:39:36 -0500 (Tue, 19 Jan 2010)
New Revision: 1104
Added:
authz/trunk/portal-profile/src/test/resources/portal-policy.xml
Removed:
authz/trunk/portal-profile/src/main/resources/portal-policy.xml
Modified:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
Log:
refactoring
Deleted: authz/trunk/portal-profile/src/main/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 18:25:13
UTC (rev 1103)
+++ authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 18:39:36
UTC (rev 1104)
@@ -1,152 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<portal-security>
- <!--
- Demonstrates Application Level Authorization
-
- Security Rule:
- The specified topics "1234 and 5678" are available only when:
- * User is an Employee or a Partner
- * Time of Access falls between the specified range
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">1234</parameter>
- </request-parameters>
- </portlet-resource>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">5678</parameter>
- </request-parameters>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>employees</role-name>
- <role-name>partners</role-name>
- </roles>
- </auth-constraint>
- <!--
- <auth-constraint>
- <ip-address allow="true">
- <ip-range>
- <address-from></address-from>
- <address-to></address-to>
- </ip-range>
- </ip-address>
- </auth-constraint>
- -->
- <!--
- <auth-constraint>
- <time allow="true">
- <from></from>
- <to></to>
- </time>
- </auth-constraint>
- -->
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Application Level Authorization
-
- Security Rule:
- The specified topics "1111 and 2222" are available only when:
- * User is 18 years or older
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">1111</parameter>
- </request-parameters>
- </portlet-resource>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">2222</parameter>
- </request-parameters>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <preferences allow="true">
- <preference name="age">>=18</preference>
- </preferences>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
-
- Security Rule: The Forums Portlet is available in VIEW, HELP, and EDIT mode when:
- * User is a member of the Community
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <modes>
- <mode>VIEW</mode>
- <mode>HELP</mode>
- <mode>EDIT</mode>
- </modes>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>community</role-name>
- </roles>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
-
- Security Rule: The Forums Portlet is available in ADMIN mode when:
- * User is an Admin
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <modes>
- <mode>ADMIN</mode>
- </modes>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>admin</role-name>
- </roles>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Configuration for the Portal Enforcement Engine
- -->
- <enforcement-config>
- <!--
- default value, (false)
- If resource match is set to "policy-match-mandatory=true", it means
that if there is an http request to the web application,
- that does not have any specified/matching "security policy" for it,
then this access should be "Denied".
-
- The default value is set to "false" since this makes Policy
Provisioning less intensive for most web applications. This means that if
- a "Policy" is not specified for a http request, it means that resource
does not need to be "protected", and access should be "Granted".
-
- The protection can be increased depending on the application by changing this to
"true". In which case only Http Requests that have a matching "Security
Policy" will
- be considered for "Access Control". All others will be
"Denied" access.
- -->
- <policy-match-mandatory>false</policy-match-mandatory>
- </enforcement-config>
-</portal-security>
\ No newline at end of file
Modified:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19
18:25:13 UTC (rev 1103)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19
18:39:36 UTC (rev 1104)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.portal.component;
import java.net.URI;
+import java.util.Calendar;
import junit.framework.TestCase;
@@ -32,6 +33,7 @@
import org.jboss.security.authz.agent.services.PolicyComposer;
import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.environment.TimeOfDay;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Effect;
@@ -56,7 +58,7 @@
this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
}
//------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testModeSecurity() throws Exception
+ public void testPortletModeSecurity() throws Exception
{
PortletResource portletResource = new PortletResource();
portletResource.setUri(new URI("/classic/public/forumpage/forum"));
@@ -86,7 +88,7 @@
log.info(policy.generateSystemPolicy());
}
- public void testTopicSecurity() throws Exception
+ public void testForumTopicSecurity() throws Exception
{
PortletResource portletResource = new PortletResource();
portletResource.setUri(new URI("/classic/public/forumpage/forum"));
@@ -107,4 +109,29 @@
log.info("------------------------------------------------------------------");
log.info(policy.generateSystemPolicy());
}
+
+ public void testTimebasedForumTopicSecurity() throws Exception
+ {
+ PortletResource portletResource = new PortletResource();
+ portletResource.setUri(new URI("/classic/public/forumpage/forum"));
+ portletResource.addParameter("topicId", "1111");
+
+ TimeOfDay timeOfDay = new TimeOfDay();
+ Calendar after5pm = Calendar.getInstance();
+ after5pm.set(Calendar.HOUR_OF_DAY, 17);
+ after5pm.set(Calendar.MINUTE, 0);
+ after5pm.set(Calendar.SECOND, 0);
+ after5pm.set(Calendar.MILLISECOND, 0);
+ timeOfDay.setTimeofDay(after5pm);
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(portletResource);
+ context.addPolicyRule(Effect.DENY, new ViewMode(), timeOfDay,
"matchIfAfter");
+
+ Policy policy = new MockPolicy("testTimebasedForumTopicSecurity",
this.policyComposer.compose(context));
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
}
Copied: authz/trunk/portal-profile/src/test/resources/portal-policy.xml (from rev 1103,
authz/trunk/portal-profile/src/main/resources/portal-policy.xml)
===================================================================
--- authz/trunk/portal-profile/src/test/resources/portal-policy.xml
(rev 0)
+++ authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-19 18:39:36
UTC (rev 1104)
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<portal-security>
+ <!--
+ Demonstrates Application Level Authorization
+
+ Security Rule:
+ The specified topics "1234 and 5678" are available only when:
+ * User is an Employee or a Partner
+ * Time of Access falls between the specified range
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1234</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">5678</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>employees</role-name>
+ <role-name>partners</role-name>
+ </roles>
+ </auth-constraint>
+ <!--
+ <auth-constraint>
+ <ip-address allow="true">
+ <ip-range>
+ <address-from></address-from>
+ <address-to></address-to>
+ </ip-range>
+ </ip-address>
+ </auth-constraint>
+ -->
+ <!--
+ <auth-constraint>
+ <time allow="true">
+ <from></from>
+ <to></to>
+ </time>
+ </auth-constraint>
+ -->
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Application Level Authorization
+
+ Security Rule:
+ The specified topics "1111 and 2222" are available only when:
+ * User is 18 years or older
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1111</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">2222</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <preferences allow="true">
+ <preference name="age">>=18</preference>
+ </preferences>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
+ Security Rule: The Forums Portlet is available in VIEW, HELP, and EDIT mode when:
+ * User is a member of the Community
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>VIEW</mode>
+ <mode>HELP</mode>
+ <mode>EDIT</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>community</role-name>
+ </roles>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
+ Security Rule: The Forums Portlet is available in ADMIN mode when:
+ * User is an Admin
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>ADMIN</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>admin</role-name>
+ </roles>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Configuration for the Portal Enforcement Engine
+ -->
+ <enforcement-config>
+ <!--
+ default value, (false)
+ If resource match is set to "policy-match-mandatory=true", it means
that if there is an http request to the web application,
+ that does not have any specified/matching "security policy" for it,
then this access should be "Denied".
+
+ The default value is set to "false" since this makes Policy
Provisioning less intensive for most web applications. This means that if
+ a "Policy" is not specified for a http request, it means that resource
does not need to be "protected", and access should be "Granted".
+
+ The protection can be increased depending on the application by changing this to
"true". In which case only Http Requests that have a matching "Security
Policy" will
+ be considered for "Access Control". All others will be
"Denied" access.
+ -->
+ <policy-match-mandatory>false</policy-match-mandatory>
+ </enforcement-config>
+</portal-security>
\ No newline at end of file
Property changes on: authz/trunk/portal-profile/src/test/resources/portal-policy.xml
___________________________________________________________________
Name: svn:mergeinfo
+
Show replies by date