Author: sohil.shah(a)jboss.com Date: 2010-01-19 19:57:26 -0500 (Tue, 19 Jan 2010) New Revision: 1107 Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java Removed: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java Log: refactoring Deleted: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20 00:47:19 UTC (rev 1106) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107) @@ -1,302 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ -package org.jboss.security.authz.portal.configuration; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.Map; -import java.util.HashMap; -import java.util.Collection; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import org.apache.log4j.Logger; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import org.jboss.security.authz.agent.services.CompositionContext; -import org.jboss.security.authz.agent.services.PolicyComposer; -import org.jboss.security.authz.components.action.Operation; -import org.jboss.security.authz.components.subject.Roles; -import org.jboss.security.authz.model.Effect; -import org.jboss.security.authz.model.PolicyMetaData; -import org.jboss.security.authz.policy.server.spi.PolicyConfig; - -import org.jboss.security.authz.portal.component.resource.PortletResource; -import org.jboss.security.authz.portal.component.action.ViewMode; -import org.jboss.security.authz.portal.component.action.AdminMode; -import org.jboss.security.authz.portal.component.action.EditMode; -import org.jboss.security.authz.portal.component.action.HelpMode; - -/** - * Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML - * - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - */ -public class PortalObjectPolicyConfig implements PolicyConfig -{ - private static Logger log = Logger.getLogger(PortalObjectPolicyConfig.class); - - private PolicyComposer policyComposer; - - public PolicyComposer getPolicyComposer() - { - return policyComposer; - } - - public void setPolicyComposer(PolicyComposer policyComposer) - { - this.policyComposer = policyComposer; - } - - public PortalObjectPolicyConfig() - { - - } - //-----PolicyConfig Implementation-------------------------------------------------------------------------------------------------------------------------- - public Set<PolicyMetaData> configure(String easyDomainXml) - { - InputStream xmlStream = null; - try - { - Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>(); - - xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes()); - DocumentBuilder builder = DocumentBuilderFactory.newInstance() - .newDocumentBuilder(); - Document document = builder.parse(xmlStream); - - NodeList securityConstraints = document - .getElementsByTagName("security-constraint"); - Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>(); - for (int i = 0, length = securityConstraints.getLength(); i < length; i++) - { - Element securityConstraint = (Element) securityConstraints.item(i); - - // Parse out information related to access control based on user roles - NodeList roleNodes = securityConstraint.getElementsByTagName("roles"); - Roles allowRoles = new Roles(); - Roles denyRoles = new Roles(); - if (roleNodes != null) - { - for (int j = 0; j < roleNodes.getLength(); j++) - { - boolean allow = true; - Element roles = (Element) roleNodes.item(j); - - allow = Boolean.parseBoolean(roles.getAttribute("allow").trim()); - - NodeList roleNames = roles.getElementsByTagName("role-name"); - if (roleNames != null) - { - for (int k = 0; k < roleNames.getLength(); k++) - { - Element roleName = (Element) roleNames.item(k); - String role = roleName.getTextContent().trim(); - - if (allow) - { - allowRoles.addName(role); - } - else - { - denyRoles.addName(role); - } - } - } - } - } - - - // Parse out the resources and actions upon which the Policies must be - // created - Element portletResourceCollection = (Element) securityConstraint - .getElementsByTagName("portlet-resource-collection").item(0); - NodeList resources = portletResourceCollection - .getElementsByTagName("portlet-resource"); - if (resources != null) - { - for (int j = 0; j < resources.getLength(); j++) - { - // SetUp the Portlet Resource - PortletResource policyResource = new PortletResource(); - Element portletResource = (Element) resources.item(j); - Element portletName = (Element) portletResource.getElementsByTagName( - "portlet-name").item(0); - - policyResource.setUri(new URI(portletName.getTextContent().trim())); - - this.parseParameters(policyResource, portletResource); - - // Setup the Action Targets to be secured on this resource - List<Operation> secureModes = this - .parseSecureModes(portletResource); - - if (secureModes != null && !secureModes.isEmpty()) - { - // SetUp Policy Composition Context - CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString()); - - if(context == null) - { - context = new CompositionContext(); - context.setPolicyTarget(policyResource); - } - - for (Operation secureMode : secureModes) - { - if (!allowRoles.isEmpty()) - { - context.addPolicyRule(Effect.PERMIT, secureMode, - allowRoles, "allowExpression"); - } - - if (!denyRoles.isEmpty()) - { - context.addPolicyRule(Effect.DENY, secureMode, denyRoles, - "denyExpression"); - } - } - - if(!policyResource.getUri().toString().startsWith("/window")) - { - // Generate the Policy - PolicyMetaData policyMetaData = this.policyComposer - .compose(context); - policies.add(policyMetaData); - } - else - { - windowPolicyContexts.put(policyResource.getUri().toString(), context); - } - } - } - } - } - - if(!windowPolicyContexts.isEmpty()) - { - Collection<CompositionContext> contexts = windowPolicyContexts.values(); - for(CompositionContext context: contexts) - { - PolicyMetaData policyMetaData = this.policyComposer - .compose(context); - policies.add(policyMetaData); - } - } - - return policies; - } - catch (Exception e) - { - log.error(this, e); - throw new RuntimeException(e); - } - finally - { - try - { - if (xmlStream != null) - { - xmlStream.close(); - } - } - catch (IOException ioe) - { - log.warn(this, ioe); - } - } - } - //--------------------------------------------------------------------------------------------------------------------------------------------------------------- - private void parseParameters(PortletResource policyResource, Element portletResourceElem) - throws Exception - { - // Process Parameters - Element parameters = (Element) portletResourceElem.getElementsByTagName( - "request-parameters").item(0); - if (parameters != null) - { - NodeList params = parameters.getElementsByTagName("parameter"); - if (params != null) - { - for (int i = 0, length = params.getLength(); i < length; i++) - { - Element parameter = (Element) params.item(i); - - String name = parameter.getAttribute("name").trim(); - String value = parameter.getTextContent().trim(); - - policyResource.addParameter(name, value); - } - } - } - } - - private List<Operation> parseSecureModes(Element portletResource) - throws Exception - { - List<Operation> secureModes = new ArrayList<Operation>(); - - NodeList modes = portletResource.getElementsByTagName("mode"); - if (modes != null && modes.getLength()>0) - { - for (int i = 0; i < modes.getLength(); i++) - { - Element modeElem = (Element) modes.item(i); - - String mode = modeElem.getTextContent(); - - if (mode.equalsIgnoreCase("view")) - { - secureModes.add(new ViewMode()); - } - else if (mode.equalsIgnoreCase("edit")) - { - secureModes.add(new EditMode()); - } - else if (mode.equalsIgnoreCase("admin")) - { - secureModes.add(new AdminMode()); - } - else if (mode.equalsIgnoreCase("help")) - { - secureModes.add(new HelpMode()); - } - } - } - else - { - secureModes.add(new ViewMode()); - } - - return secureModes; - } -} Copied: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java (from rev 1106, authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java) =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java (rev 0) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107) @@ -0,0 +1,302 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.portal.configuration; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.Map; +import java.util.HashMap; +import java.util.Collection; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.log4j.Logger; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; +import org.jboss.security.authz.components.action.Operation; +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.model.PolicyMetaData; +import org.jboss.security.authz.policy.server.spi.PolicyConfig; + +import org.jboss.security.authz.portal.component.resource.PortletResource; +import org.jboss.security.authz.portal.component.action.ViewMode; +import org.jboss.security.authz.portal.component.action.AdminMode; +import org.jboss.security.authz.portal.component.action.EditMode; +import org.jboss.security.authz.portal.component.action.HelpMode; + +/** + * Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class PortletPolicyConfig implements PolicyConfig +{ + private static Logger log = Logger.getLogger(PortletPolicyConfig.class); + + private PolicyComposer policyComposer; + + public PolicyComposer getPolicyComposer() + { + return policyComposer; + } + + public void setPolicyComposer(PolicyComposer policyComposer) + { + this.policyComposer = policyComposer; + } + + public PortletPolicyConfig() + { + + } + //-----PolicyConfig Implementation-------------------------------------------------------------------------------------------------------------------------- + public Set<PolicyMetaData> configure(String easyDomainXml) + { + InputStream xmlStream = null; + try + { + Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>(); + + xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes()); + DocumentBuilder builder = DocumentBuilderFactory.newInstance() + .newDocumentBuilder(); + Document document = builder.parse(xmlStream); + + NodeList securityConstraints = document + .getElementsByTagName("security-constraint"); + Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>(); + for (int i = 0, length = securityConstraints.getLength(); i < length; i++) + { + Element securityConstraint = (Element) securityConstraints.item(i); + + // Parse out information related to access control based on user roles + NodeList roleNodes = securityConstraint.getElementsByTagName("roles"); + Roles allowRoles = new Roles(); + Roles denyRoles = new Roles(); + if (roleNodes != null) + { + for (int j = 0; j < roleNodes.getLength(); j++) + { + boolean allow = true; + Element roles = (Element) roleNodes.item(j); + + allow = Boolean.parseBoolean(roles.getAttribute("allow").trim()); + + NodeList roleNames = roles.getElementsByTagName("role-name"); + if (roleNames != null) + { + for (int k = 0; k < roleNames.getLength(); k++) + { + Element roleName = (Element) roleNames.item(k); + String role = roleName.getTextContent().trim(); + + if (allow) + { + allowRoles.addName(role); + } + else + { + denyRoles.addName(role); + } + } + } + } + } + + + // Parse out the resources and actions upon which the Policies must be + // created + Element portletResourceCollection = (Element) securityConstraint + .getElementsByTagName("portlet-resource-collection").item(0); + NodeList resources = portletResourceCollection + .getElementsByTagName("portlet-resource"); + if (resources != null) + { + for (int j = 0; j < resources.getLength(); j++) + { + // SetUp the Portlet Resource + PortletResource policyResource = new PortletResource(); + Element portletResource = (Element) resources.item(j); + Element portletName = (Element) portletResource.getElementsByTagName( + "portlet-name").item(0); + + policyResource.setUri(new URI(portletName.getTextContent().trim())); + + this.parseParameters(policyResource, portletResource); + + // Setup the Action Targets to be secured on this resource + List<Operation> secureModes = this + .parseSecureModes(portletResource); + + if (secureModes != null && !secureModes.isEmpty()) + { + // SetUp Policy Composition Context + CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString()); + + if(context == null) + { + context = new CompositionContext(); + context.setPolicyTarget(policyResource); + } + + for (Operation secureMode : secureModes) + { + if (!allowRoles.isEmpty()) + { + context.addPolicyRule(Effect.PERMIT, secureMode, + allowRoles, "allowExpression"); + } + + if (!denyRoles.isEmpty()) + { + context.addPolicyRule(Effect.DENY, secureMode, denyRoles, + "denyExpression"); + } + } + + if(!policyResource.getUri().toString().startsWith("/window")) + { + // Generate the Policy + PolicyMetaData policyMetaData = this.policyComposer + .compose(context); + policies.add(policyMetaData); + } + else + { + windowPolicyContexts.put(policyResource.getUri().toString(), context); + } + } + } + } + } + + if(!windowPolicyContexts.isEmpty()) + { + Collection<CompositionContext> contexts = windowPolicyContexts.values(); + for(CompositionContext context: contexts) + { + PolicyMetaData policyMetaData = this.policyComposer + .compose(context); + policies.add(policyMetaData); + } + } + + return policies; + } + catch (Exception e) + { + log.error(this, e); + throw new RuntimeException(e); + } + finally + { + try + { + if (xmlStream != null) + { + xmlStream.close(); + } + } + catch (IOException ioe) + { + log.warn(this, ioe); + } + } + } + //--------------------------------------------------------------------------------------------------------------------------------------------------------------- + private void parseParameters(PortletResource policyResource, Element portletResourceElem) + throws Exception + { + // Process Parameters + Element parameters = (Element) portletResourceElem.getElementsByTagName( + "request-parameters").item(0); + if (parameters != null) + { + NodeList params = parameters.getElementsByTagName("parameter"); + if (params != null) + { + for (int i = 0, length = params.getLength(); i < length; i++) + { + Element parameter = (Element) params.item(i); + + String name = parameter.getAttribute("name").trim(); + String value = parameter.getTextContent().trim(); + + policyResource.addParameter(name, value); + } + } + } + } + + private List<Operation> parseSecureModes(Element portletResource) + throws Exception + { + List<Operation> secureModes = new ArrayList<Operation>(); + + NodeList modes = portletResource.getElementsByTagName("mode"); + if (modes != null && modes.getLength()>0) + { + for (int i = 0; i < modes.getLength(); i++) + { + Element modeElem = (Element) modes.item(i); + + String mode = modeElem.getTextContent(); + + if (mode.equalsIgnoreCase("view")) + { + secureModes.add(new ViewMode()); + } + else if (mode.equalsIgnoreCase("edit")) + { + secureModes.add(new EditMode()); + } + else if (mode.equalsIgnoreCase("admin")) + { + secureModes.add(new AdminMode()); + } + else if (mode.equalsIgnoreCase("help")) + { + secureModes.add(new HelpMode()); + } + } + } + else + { + secureModes.add(new ViewMode()); + } + + return secureModes; + } +} Property changes on: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java ___________________________________________________________________ Name: svn:mergeinfo + Deleted: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java =================================================================== --- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20 00:47:19 UTC (rev 1106) +++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107) @@ -1,221 +0,0 @@ -/****************************************************************************** - * JBoss, a division of Red Hat * - * Copyright 2006, Red Hat Middleware, LLC, and individual * - * contributors as indicated by the @authors tag. See the * - * copyright.txt in the distribution for a full listing of * - * individual contributors. * - * * - * This is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as * - * published by the Free Software Foundation; either version 2.1 of * - * the License, or (at your option) any later version. * - * * - * This software is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * - * Lesser General Public License for more details. * - * * - * You should have received a copy of the GNU Lesser General Public * - * License along with this software; if not, write to the Free * - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * - ******************************************************************************/ -package org.jboss.security.authz.portal.provisioning; - -import java.util.Set; -import java.io.InputStream; -import java.net.URI; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; - -import org.jboss.security.authz.bootstrap.ServiceContainer; -import org.jboss.security.authz.agent.enforcement.EnforcementContext; -import org.jboss.security.authz.agent.enforcement.EnforcementResponse; -import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; -import org.jboss.security.authz.agent.services.PolicyComposer; - -import org.jboss.security.authz.components.subject.Roles; -import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.model.PolicyMetaData; - -import org.jboss.security.authz.tools.GeneralTool; -import org.jboss.security.authz.policy.server.spi.PolicyConfig; - -import org.jboss.security.authz.portal.component.resource.PortletResource; -import org.jboss.security.authz.portal.component.action.ViewMode; -import org.jboss.security.authz.portal.component.action.EditMode; -import org.jboss.security.authz.portal.component.action.HelpMode; -import org.jboss.security.authz.portal.component.action.AdminMode; -import org.jboss.security.authz.portal.configuration.PortalObjectPolicyConfig; - -/** - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - * - */ -public class TestPortalObjectPolicyConfig extends TestCase -{ - private static Logger log = Logger - .getLogger(TestPortalObjectPolicyConfig.class); - - private PolicyComposer policyComposer; - private PolicyEnforcementPoint enforcer; - private PolicyProvisioner provisioner; - - public void setUp() throws Exception - { - ServiceContainer.bootstrap(); - - this.policyComposer = (PolicyComposer) ServiceContainer - .lookup("/agent/PolicyComposer"); - this.enforcer = (PolicyEnforcementPoint) ServiceContainer - .lookup("/agent/LocalEnforcementPoint"); - this.provisioner = (PolicyProvisioner) ServiceContainer - .lookup("/agent/LocalPolicyProvisioner"); - - PolicyConfig config = new PortalObjectPolicyConfig(); - ((PortalObjectPolicyConfig) config).setPolicyComposer(this.policyComposer); - - InputStream is = Thread.currentThread().getContextClassLoader() - .getResourceAsStream("portal-policy.xml"); - - Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is)); - - assertNotNull(metadata); - - for (PolicyMetaData policyMetaData : metadata) - { - this.provisioner.deploy(policyMetaData); - } - - is.close(); - - // Assert Policy State of the Server - Set<Policy> policies = this.provisioner.readAllPolicies(); - - assertTrue("Policy Store must not be empty!!", policies != null - && !policies.isEmpty()); - for (Policy policy : policies) - { - log - .info("------------------------------------------------------------------------------"); - log.info(policy.generateSystemPolicy()); - } - } - - // ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- - public void testContentSecurity() throws Exception - { - PortletResource r1 = new PortletResource(); - r1.setUri(new URI("/content/forums")); - r1.addParameter("topicId", "1234"); - r1.addParameter("blah", "blahblah"); - - PortletResource r2 = new PortletResource(); - r2.setUri(new URI("/content/forums")); - r2.addParameter("topicId", "5678"); - r2.addParameter("blah", "blahblah"); - - PortletResource r3 = new PortletResource(); - r3.setUri(new URI("/content/forums")); - r3.addParameter("topicId", "9999"); - r3.addParameter("blah", "blahblah"); - - //Testing Employees access - this.enforce(this.createEnforcementContext(r1, new String[]{"employees", "authenticated", "marketing"}, null), true); - this.enforce(this.createEnforcementContext(r2, new String[]{"employees", "authenticated", "marketing"}, null), true); - this.enforce(this.createEnforcementContext(r3, new String[]{"employees", "authenticated", "marketing"}, null), false); - - //Testing Partners access - this.enforce(this.createEnforcementContext(r1, new String[]{"partners", "authenticated", "insurance-company"}, null), true); - this.enforce(this.createEnforcementContext(r2, new String[]{"partners", "authenticated", "insurance-company"}, null), true); - this.enforce(this.createEnforcementContext(r3, new String[]{"partners", "authenticated", "insurance-company"}, null), false); - - //Testing Anonymous access - this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"}, null), false); - this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"}, null), false); - this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"}, null), false); - - //Testing Authenticated but not an Employee or a Partner - this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated", "community"}, null), false); - this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated", "community"}, null), false); - this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated", "community"}, null), false); - } - - public void testWindowSecurity() throws Exception - { - PortletResource window = new PortletResource(); - window.setUri(new URI("/window/forums")); - - //Testing Anonymous user's access to the window - this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new ViewMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new EditMode()), false); - this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new HelpMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new AdminMode()), false); - - //Testing Authenticated user's access to the window - this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new ViewMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new EditMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new HelpMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new AdminMode()), false); - - //Testing Admin user's access to the window - this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new ViewMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new EditMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new HelpMode()), true); - this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new AdminMode()), true); - } - // ------------------------------------------------------------------------------------------------------------------------------------------------- - private void enforce(EnforcementContext enforcementContext, - boolean mustBePermitted) throws Exception - { - EnforcementResponse response = this.enforcer - .checkAccess(enforcementContext); - - assertNotNull(response); - log.info("-----------------------------------"); - log.info("Decision=" + response.getMessage()); - - if (mustBePermitted) - { - assertTrue("Access must be granted!!!", response.isAccessGranted()); - } - else - { - assertFalse("Access must be denied!!!", response.isAccessGranted()); - } - } - - private EnforcementContext createEnforcementContext( - PortletResource protectedResource, String[] userRoles, Object actionComponent) - throws Exception - { - // Create an EnforcementContext - EnforcementContext context = new EnforcementContext(); - - // Resource being accessed - context.setAttribute("portlet-resource", protectedResource); - - // Create Subjects - Roles roles = new Roles(); - for (int i = 0; i < userRoles.length; i++) - { - roles.addName(userRoles[i]); - } - context.setAttribute("roles", roles); - - // Action being performed - if(actionComponent != null) - { - context.setAttribute("portlet-mode", actionComponent); - } - else - { - context.setAttribute("portlet-mode", new ViewMode()); - } - - return context; - } -} Copied: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java (from rev 1106, authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java) =================================================================== --- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java (rev 0) +++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107) @@ -0,0 +1,221 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.portal.provisioning; + +import java.util.Set; +import java.io.InputStream; +import java.net.URI; + +import junit.framework.TestCase; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.bootstrap.ServiceContainer; +import org.jboss.security.authz.agent.enforcement.EnforcementContext; +import org.jboss.security.authz.agent.enforcement.EnforcementResponse; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; +import org.jboss.security.authz.agent.services.PolicyComposer; + +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; + +import org.jboss.security.authz.tools.GeneralTool; +import org.jboss.security.authz.policy.server.spi.PolicyConfig; + +import org.jboss.security.authz.portal.component.resource.PortletResource; +import org.jboss.security.authz.portal.component.action.ViewMode; +import org.jboss.security.authz.portal.component.action.EditMode; +import org.jboss.security.authz.portal.component.action.HelpMode; +import org.jboss.security.authz.portal.component.action.AdminMode; +import org.jboss.security.authz.portal.configuration.PortletPolicyConfig; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class TestPortletPolicyConfig extends TestCase +{ + private static Logger log = Logger + .getLogger(TestPortletPolicyConfig.class); + + private PolicyComposer policyComposer; + private PolicyEnforcementPoint enforcer; + private PolicyProvisioner provisioner; + + public void setUp() throws Exception + { + ServiceContainer.bootstrap(); + + this.policyComposer = (PolicyComposer) ServiceContainer + .lookup("/agent/PolicyComposer"); + this.enforcer = (PolicyEnforcementPoint) ServiceContainer + .lookup("/agent/LocalEnforcementPoint"); + this.provisioner = (PolicyProvisioner) ServiceContainer + .lookup("/agent/LocalPolicyProvisioner"); + + PolicyConfig config = new PortletPolicyConfig(); + ((PortletPolicyConfig) config).setPolicyComposer(this.policyComposer); + + InputStream is = Thread.currentThread().getContextClassLoader() + .getResourceAsStream("portal-policy.xml"); + + Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is)); + + assertNotNull(metadata); + + for (PolicyMetaData policyMetaData : metadata) + { + this.provisioner.deploy(policyMetaData); + } + + is.close(); + + // Assert Policy State of the Server + Set<Policy> policies = this.provisioner.readAllPolicies(); + + assertTrue("Policy Store must not be empty!!", policies != null + && !policies.isEmpty()); + for (Policy policy : policies) + { + log + .info("------------------------------------------------------------------------------"); + log.info(policy.generateSystemPolicy()); + } + } + + // ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- + public void testContentSecurity() throws Exception + { + PortletResource r1 = new PortletResource(); + r1.setUri(new URI("/content/forums")); + r1.addParameter("topicId", "1234"); + r1.addParameter("blah", "blahblah"); + + PortletResource r2 = new PortletResource(); + r2.setUri(new URI("/content/forums")); + r2.addParameter("topicId", "5678"); + r2.addParameter("blah", "blahblah"); + + PortletResource r3 = new PortletResource(); + r3.setUri(new URI("/content/forums")); + r3.addParameter("topicId", "9999"); + r3.addParameter("blah", "blahblah"); + + //Testing Employees access + this.enforce(this.createEnforcementContext(r1, new String[]{"employees", "authenticated", "marketing"}, null), true); + this.enforce(this.createEnforcementContext(r2, new String[]{"employees", "authenticated", "marketing"}, null), true); + this.enforce(this.createEnforcementContext(r3, new String[]{"employees", "authenticated", "marketing"}, null), false); + + //Testing Partners access + this.enforce(this.createEnforcementContext(r1, new String[]{"partners", "authenticated", "insurance-company"}, null), true); + this.enforce(this.createEnforcementContext(r2, new String[]{"partners", "authenticated", "insurance-company"}, null), true); + this.enforce(this.createEnforcementContext(r3, new String[]{"partners", "authenticated", "insurance-company"}, null), false); + + //Testing Anonymous access + this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"}, null), false); + this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"}, null), false); + this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"}, null), false); + + //Testing Authenticated but not an Employee or a Partner + this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated", "community"}, null), false); + this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated", "community"}, null), false); + this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated", "community"}, null), false); + } + + public void testWindowSecurity() throws Exception + { + PortletResource window = new PortletResource(); + window.setUri(new URI("/window/forums")); + + //Testing Anonymous user's access to the window + this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new ViewMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new EditMode()), false); + this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new HelpMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new AdminMode()), false); + + //Testing Authenticated user's access to the window + this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new ViewMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new EditMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new HelpMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new AdminMode()), false); + + //Testing Admin user's access to the window + this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new ViewMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new EditMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new HelpMode()), true); + this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new AdminMode()), true); + } + // ------------------------------------------------------------------------------------------------------------------------------------------------- + private void enforce(EnforcementContext enforcementContext, + boolean mustBePermitted) throws Exception + { + EnforcementResponse response = this.enforcer + .checkAccess(enforcementContext); + + assertNotNull(response); + log.info("-----------------------------------"); + log.info("Decision=" + response.getMessage()); + + if (mustBePermitted) + { + assertTrue("Access must be granted!!!", response.isAccessGranted()); + } + else + { + assertFalse("Access must be denied!!!", response.isAccessGranted()); + } + } + + private EnforcementContext createEnforcementContext( + PortletResource protectedResource, String[] userRoles, Object actionComponent) + throws Exception + { + // Create an EnforcementContext + EnforcementContext context = new EnforcementContext(); + + // Resource being accessed + context.setAttribute("portlet-resource", protectedResource); + + // Create Subjects + Roles roles = new Roles(); + for (int i = 0; i < userRoles.length; i++) + { + roles.addName(userRoles[i]); + } + context.setAttribute("roles", roles); + + // Action being performed + if(actionComponent != null) + { + context.setAttribute("portlet-mode", actionComponent); + } + else + { + context.setAttribute("portlet-mode", new ViewMode()); + } + + return context; + } +} Property changes on: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java ___________________________________________________________________ Name: svn:mergeinfo +