Author: sohil.shah(a)jboss.com
Date: 2010-01-19 19:57:26 -0500 (Tue, 19 Jan 2010)
New Revision: 1107
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
Removed:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
Log:
refactoring
Deleted:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20
00:47:19 UTC (rev 1106)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20
00:57:26 UTC (rev 1107)
@@ -1,302 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
-*/
-package org.jboss.security.authz.portal.configuration;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Collection;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.log4j.Logger;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-import org.jboss.security.authz.components.action.Operation;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-
-import org.jboss.security.authz.portal.component.resource.PortletResource;
-import org.jboss.security.authz.portal.component.action.ViewMode;
-import org.jboss.security.authz.portal.component.action.AdminMode;
-import org.jboss.security.authz.portal.component.action.EditMode;
-import org.jboss.security.authz.portal.component.action.HelpMode;
-
-/**
- * Used to configure Security Policies for a Portal Object Tree using Easy Domain
specific XML
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class PortalObjectPolicyConfig implements PolicyConfig
-{
- private static Logger log = Logger.getLogger(PortalObjectPolicyConfig.class);
-
- private PolicyComposer policyComposer;
-
- public PolicyComposer getPolicyComposer()
- {
- return policyComposer;
- }
-
- public void setPolicyComposer(PolicyComposer policyComposer)
- {
- this.policyComposer = policyComposer;
- }
-
- public PortalObjectPolicyConfig()
- {
-
- }
- //-----PolicyConfig
Implementation--------------------------------------------------------------------------------------------------------------------------
- public Set<PolicyMetaData> configure(String easyDomainXml)
- {
- InputStream xmlStream = null;
- try
- {
- Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
-
- xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
- DocumentBuilder builder = DocumentBuilderFactory.newInstance()
- .newDocumentBuilder();
- Document document = builder.parse(xmlStream);
-
- NodeList securityConstraints = document
- .getElementsByTagName("security-constraint");
- Map<String, CompositionContext> windowPolicyContexts = new HashMap<String,
CompositionContext>();
- for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
- {
- Element securityConstraint = (Element) securityConstraints.item(i);
-
- // Parse out information related to access control based on user roles
- NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
- Roles allowRoles = new Roles();
- Roles denyRoles = new Roles();
- if (roleNodes != null)
- {
- for (int j = 0; j < roleNodes.getLength(); j++)
- {
- boolean allow = true;
- Element roles = (Element) roleNodes.item(j);
-
- allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
-
- NodeList roleNames = roles.getElementsByTagName("role-name");
- if (roleNames != null)
- {
- for (int k = 0; k < roleNames.getLength(); k++)
- {
- Element roleName = (Element) roleNames.item(k);
- String role = roleName.getTextContent().trim();
-
- if (allow)
- {
- allowRoles.addName(role);
- }
- else
- {
- denyRoles.addName(role);
- }
- }
- }
- }
- }
-
-
- // Parse out the resources and actions upon which the Policies must be
- // created
- Element portletResourceCollection = (Element) securityConstraint
- .getElementsByTagName("portlet-resource-collection").item(0);
- NodeList resources = portletResourceCollection
- .getElementsByTagName("portlet-resource");
- if (resources != null)
- {
- for (int j = 0; j < resources.getLength(); j++)
- {
- // SetUp the Portlet Resource
- PortletResource policyResource = new PortletResource();
- Element portletResource = (Element) resources.item(j);
- Element portletName = (Element) portletResource.getElementsByTagName(
- "portlet-name").item(0);
-
- policyResource.setUri(new URI(portletName.getTextContent().trim()));
-
- this.parseParameters(policyResource, portletResource);
-
- // Setup the Action Targets to be secured on this resource
- List<Operation> secureModes = this
- .parseSecureModes(portletResource);
-
- if (secureModes != null && !secureModes.isEmpty())
- {
- // SetUp Policy Composition Context
- CompositionContext context =
windowPolicyContexts.get(policyResource.getUri().toString());
-
- if(context == null)
- {
- context = new CompositionContext();
- context.setPolicyTarget(policyResource);
- }
-
- for (Operation secureMode : secureModes)
- {
- if (!allowRoles.isEmpty())
- {
- context.addPolicyRule(Effect.PERMIT, secureMode,
- allowRoles, "allowExpression");
- }
-
- if (!denyRoles.isEmpty())
- {
- context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
- "denyExpression");
- }
- }
-
- if(!policyResource.getUri().toString().startsWith("/window"))
- {
- // Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer
- .compose(context);
- policies.add(policyMetaData);
- }
- else
- {
- windowPolicyContexts.put(policyResource.getUri().toString(), context);
- }
- }
- }
- }
- }
-
- if(!windowPolicyContexts.isEmpty())
- {
- Collection<CompositionContext> contexts = windowPolicyContexts.values();
- for(CompositionContext context: contexts)
- {
- PolicyMetaData policyMetaData = this.policyComposer
- .compose(context);
- policies.add(policyMetaData);
- }
- }
-
- return policies;
- }
- catch (Exception e)
- {
- log.error(this, e);
- throw new RuntimeException(e);
- }
- finally
- {
- try
- {
- if (xmlStream != null)
- {
- xmlStream.close();
- }
- }
- catch (IOException ioe)
- {
- log.warn(this, ioe);
- }
- }
- }
- //---------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void parseParameters(PortletResource policyResource, Element
portletResourceElem)
- throws Exception
- {
- // Process Parameters
- Element parameters = (Element) portletResourceElem.getElementsByTagName(
- "request-parameters").item(0);
- if (parameters != null)
- {
- NodeList params = parameters.getElementsByTagName("parameter");
- if (params != null)
- {
- for (int i = 0, length = params.getLength(); i < length; i++)
- {
- Element parameter = (Element) params.item(i);
-
- String name = parameter.getAttribute("name").trim();
- String value = parameter.getTextContent().trim();
-
- policyResource.addParameter(name, value);
- }
- }
- }
- }
-
- private List<Operation> parseSecureModes(Element portletResource)
- throws Exception
- {
- List<Operation> secureModes = new ArrayList<Operation>();
-
- NodeList modes = portletResource.getElementsByTagName("mode");
- if (modes != null && modes.getLength()>0)
- {
- for (int i = 0; i < modes.getLength(); i++)
- {
- Element modeElem = (Element) modes.item(i);
-
- String mode = modeElem.getTextContent();
-
- if (mode.equalsIgnoreCase("view"))
- {
- secureModes.add(new ViewMode());
- }
- else if (mode.equalsIgnoreCase("edit"))
- {
- secureModes.add(new EditMode());
- }
- else if (mode.equalsIgnoreCase("admin"))
- {
- secureModes.add(new AdminMode());
- }
- else if (mode.equalsIgnoreCase("help"))
- {
- secureModes.add(new HelpMode());
- }
- }
- }
- else
- {
- secureModes.add(new ViewMode());
- }
-
- return secureModes;
- }
-}
Copied:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
(from rev 1106,
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java)
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
(rev 0)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-20
00:57:26 UTC (rev 1107)
@@ -0,0 +1,302 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.configuration;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Collection;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.log4j.Logger;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+import org.jboss.security.authz.components.action.Operation;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.policy.server.spi.PolicyConfig;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+
+/**
+ * Used to configure Security Policies for a Portal Object Tree using Easy Domain
specific XML
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class PortletPolicyConfig implements PolicyConfig
+{
+ private static Logger log = Logger.getLogger(PortletPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+
+ public PolicyComposer getPolicyComposer()
+ {
+ return policyComposer;
+ }
+
+ public void setPolicyComposer(PolicyComposer policyComposer)
+ {
+ this.policyComposer = policyComposer;
+ }
+
+ public PortletPolicyConfig()
+ {
+
+ }
+ //-----PolicyConfig
Implementation--------------------------------------------------------------------------------------------------------------------------
+ public Set<PolicyMetaData> configure(String easyDomainXml)
+ {
+ InputStream xmlStream = null;
+ try
+ {
+ Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
+
+ xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder();
+ Document document = builder.parse(xmlStream);
+
+ NodeList securityConstraints = document
+ .getElementsByTagName("security-constraint");
+ Map<String, CompositionContext> windowPolicyContexts = new HashMap<String,
CompositionContext>();
+ for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
+ {
+ Element securityConstraint = (Element) securityConstraints.item(i);
+
+ // Parse out information related to access control based on user roles
+ NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
+ Roles allowRoles = new Roles();
+ Roles denyRoles = new Roles();
+ if (roleNodes != null)
+ {
+ for (int j = 0; j < roleNodes.getLength(); j++)
+ {
+ boolean allow = true;
+ Element roles = (Element) roleNodes.item(j);
+
+ allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
+
+ NodeList roleNames = roles.getElementsByTagName("role-name");
+ if (roleNames != null)
+ {
+ for (int k = 0; k < roleNames.getLength(); k++)
+ {
+ Element roleName = (Element) roleNames.item(k);
+ String role = roleName.getTextContent().trim();
+
+ if (allow)
+ {
+ allowRoles.addName(role);
+ }
+ else
+ {
+ denyRoles.addName(role);
+ }
+ }
+ }
+ }
+ }
+
+
+ // Parse out the resources and actions upon which the Policies must be
+ // created
+ Element portletResourceCollection = (Element) securityConstraint
+ .getElementsByTagName("portlet-resource-collection").item(0);
+ NodeList resources = portletResourceCollection
+ .getElementsByTagName("portlet-resource");
+ if (resources != null)
+ {
+ for (int j = 0; j < resources.getLength(); j++)
+ {
+ // SetUp the Portlet Resource
+ PortletResource policyResource = new PortletResource();
+ Element portletResource = (Element) resources.item(j);
+ Element portletName = (Element) portletResource.getElementsByTagName(
+ "portlet-name").item(0);
+
+ policyResource.setUri(new URI(portletName.getTextContent().trim()));
+
+ this.parseParameters(policyResource, portletResource);
+
+ // Setup the Action Targets to be secured on this resource
+ List<Operation> secureModes = this
+ .parseSecureModes(portletResource);
+
+ if (secureModes != null && !secureModes.isEmpty())
+ {
+ // SetUp Policy Composition Context
+ CompositionContext context =
windowPolicyContexts.get(policyResource.getUri().toString());
+
+ if(context == null)
+ {
+ context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ }
+
+ for (Operation secureMode : secureModes)
+ {
+ if (!allowRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, secureMode,
+ allowRoles, "allowExpression");
+ }
+
+ if (!denyRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
+ "denyExpression");
+ }
+ }
+
+ if(!policyResource.getUri().toString().startsWith("/window"))
+ {
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ else
+ {
+ windowPolicyContexts.put(policyResource.getUri().toString(), context);
+ }
+ }
+ }
+ }
+ }
+
+ if(!windowPolicyContexts.isEmpty())
+ {
+ Collection<CompositionContext> contexts = windowPolicyContexts.values();
+ for(CompositionContext context: contexts)
+ {
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ }
+
+ return policies;
+ }
+ catch (Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ try
+ {
+ if (xmlStream != null)
+ {
+ xmlStream.close();
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.warn(this, ioe);
+ }
+ }
+ }
+ //---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void parseParameters(PortletResource policyResource, Element
portletResourceElem)
+ throws Exception
+ {
+ // Process Parameters
+ Element parameters = (Element) portletResourceElem.getElementsByTagName(
+ "request-parameters").item(0);
+ if (parameters != null)
+ {
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if (params != null)
+ {
+ for (int i = 0, length = params.getLength(); i < length; i++)
+ {
+ Element parameter = (Element) params.item(i);
+
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
+
+ policyResource.addParameter(name, value);
+ }
+ }
+ }
+ }
+
+ private List<Operation> parseSecureModes(Element portletResource)
+ throws Exception
+ {
+ List<Operation> secureModes = new ArrayList<Operation>();
+
+ NodeList modes = portletResource.getElementsByTagName("mode");
+ if (modes != null && modes.getLength()>0)
+ {
+ for (int i = 0; i < modes.getLength(); i++)
+ {
+ Element modeElem = (Element) modes.item(i);
+
+ String mode = modeElem.getTextContent();
+
+ if (mode.equalsIgnoreCase("view"))
+ {
+ secureModes.add(new ViewMode());
+ }
+ else if (mode.equalsIgnoreCase("edit"))
+ {
+ secureModes.add(new EditMode());
+ }
+ else if (mode.equalsIgnoreCase("admin"))
+ {
+ secureModes.add(new AdminMode());
+ }
+ else if (mode.equalsIgnoreCase("help"))
+ {
+ secureModes.add(new HelpMode());
+ }
+ }
+ }
+ else
+ {
+ secureModes.add(new ViewMode());
+ }
+
+ return secureModes;
+ }
+}
Property changes on:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
___________________________________________________________________
Name: svn:mergeinfo
+
Deleted:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20
00:47:19 UTC (rev 1106)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20
00:57:26 UTC (rev 1107)
@@ -1,221 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.portal.provisioning;
-
-import java.util.Set;
-import java.io.InputStream;
-import java.net.URI;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-
-import org.jboss.security.authz.portal.component.resource.PortletResource;
-import org.jboss.security.authz.portal.component.action.ViewMode;
-import org.jboss.security.authz.portal.component.action.EditMode;
-import org.jboss.security.authz.portal.component.action.HelpMode;
-import org.jboss.security.authz.portal.component.action.AdminMode;
-import org.jboss.security.authz.portal.configuration.PortalObjectPolicyConfig;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class TestPortalObjectPolicyConfig extends TestCase
-{
- private static Logger log = Logger
- .getLogger(TestPortalObjectPolicyConfig.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- public void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.policyComposer = (PolicyComposer) ServiceContainer
- .lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint) ServiceContainer
- .lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner) ServiceContainer
- .lookup("/agent/LocalPolicyProvisioner");
-
- PolicyConfig config = new PortalObjectPolicyConfig();
- ((PortalObjectPolicyConfig) config).setPolicyComposer(this.policyComposer);
-
- InputStream is = Thread.currentThread().getContextClassLoader()
- .getResourceAsStream("portal-policy.xml");
-
- Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is));
-
- assertNotNull(metadata);
-
- for (PolicyMetaData policyMetaData : metadata)
- {
- this.provisioner.deploy(policyMetaData);
- }
-
- is.close();
-
- // Assert Policy State of the Server
- Set<Policy> policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", policies != null
- && !policies.isEmpty());
- for (Policy policy : policies)
- {
- log
- .info("------------------------------------------------------------------------------");
- log.info(policy.generateSystemPolicy());
- }
- }
-
- //
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testContentSecurity() throws Exception
- {
- PortletResource r1 = new PortletResource();
- r1.setUri(new URI("/content/forums"));
- r1.addParameter("topicId", "1234");
- r1.addParameter("blah", "blahblah");
-
- PortletResource r2 = new PortletResource();
- r2.setUri(new URI("/content/forums"));
- r2.addParameter("topicId", "5678");
- r2.addParameter("blah", "blahblah");
-
- PortletResource r3 = new PortletResource();
- r3.setUri(new URI("/content/forums"));
- r3.addParameter("topicId", "9999");
- r3.addParameter("blah", "blahblah");
-
- //Testing Employees access
- this.enforce(this.createEnforcementContext(r1, new String[]{"employees",
"authenticated", "marketing"}, null), true);
- this.enforce(this.createEnforcementContext(r2, new String[]{"employees",
"authenticated", "marketing"}, null), true);
- this.enforce(this.createEnforcementContext(r3, new String[]{"employees",
"authenticated", "marketing"}, null), false);
-
- //Testing Partners access
- this.enforce(this.createEnforcementContext(r1, new String[]{"partners",
"authenticated", "insurance-company"}, null), true);
- this.enforce(this.createEnforcementContext(r2, new String[]{"partners",
"authenticated", "insurance-company"}, null), true);
- this.enforce(this.createEnforcementContext(r3, new String[]{"partners",
"authenticated", "insurance-company"}, null), false);
-
- //Testing Anonymous access
- this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"},
null), false);
- this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"},
null), false);
- this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"},
null), false);
-
- //Testing Authenticated but not an Employee or a Partner
- this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated",
"community"}, null), false);
- this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated",
"community"}, null), false);
- this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated",
"community"}, null), false);
- }
-
- public void testWindowSecurity() throws Exception
- {
- PortletResource window = new PortletResource();
- window.setUri(new URI("/window/forums"));
-
- //Testing Anonymous user's access to the window
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new ViewMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new EditMode()), false);
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new HelpMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new AdminMode()), false);
-
- //Testing Authenticated user's access to the window
- this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new ViewMode()), true);
- this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new EditMode()), true);
- this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new HelpMode()), true);
- this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new AdminMode()), false);
-
- //Testing Admin user's access to the window
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
ViewMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
EditMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
HelpMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
AdminMode()), true);
- }
- //
-------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(EnforcementContext enforcementContext,
- boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer
- .checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision=" + response.getMessage());
-
- if (mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(
- PortletResource protectedResource, String[] userRoles, Object actionComponent)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Resource being accessed
- context.setAttribute("portlet-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- for (int i = 0; i < userRoles.length; i++)
- {
- roles.addName(userRoles[i]);
- }
- context.setAttribute("roles", roles);
-
- // Action being performed
- if(actionComponent != null)
- {
- context.setAttribute("portlet-mode", actionComponent);
- }
- else
- {
- context.setAttribute("portlet-mode", new ViewMode());
- }
-
- return context;
- }
-}
Copied:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
(from rev 1106,
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java)
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
(rev 0)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-20
00:57:26 UTC (rev 1107)
@@ -0,0 +1,221 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.provisioning;
+
+import java.util.Set;
+import java.io.InputStream;
+import java.net.URI;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.policy.server.spi.PolicyConfig;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.configuration.PortletPolicyConfig;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestPortletPolicyConfig extends TestCase
+{
+ private static Logger log = Logger
+ .getLogger(TestPortletPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+ private PolicyEnforcementPoint enforcer;
+ private PolicyProvisioner provisioner;
+
+ public void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+
+ this.policyComposer = (PolicyComposer) ServiceContainer
+ .lookup("/agent/PolicyComposer");
+ this.enforcer = (PolicyEnforcementPoint) ServiceContainer
+ .lookup("/agent/LocalEnforcementPoint");
+ this.provisioner = (PolicyProvisioner) ServiceContainer
+ .lookup("/agent/LocalPolicyProvisioner");
+
+ PolicyConfig config = new PortletPolicyConfig();
+ ((PortletPolicyConfig) config).setPolicyComposer(this.policyComposer);
+
+ InputStream is = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream("portal-policy.xml");
+
+ Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is));
+
+ assertNotNull(metadata);
+
+ for (PolicyMetaData policyMetaData : metadata)
+ {
+ this.provisioner.deploy(policyMetaData);
+ }
+
+ is.close();
+
+ // Assert Policy State of the Server
+ Set<Policy> policies = this.provisioner.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", policies != null
+ && !policies.isEmpty());
+ for (Policy policy : policies)
+ {
+ log
+ .info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+ }
+
+ //
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testContentSecurity() throws Exception
+ {
+ PortletResource r1 = new PortletResource();
+ r1.setUri(new URI("/content/forums"));
+ r1.addParameter("topicId", "1234");
+ r1.addParameter("blah", "blahblah");
+
+ PortletResource r2 = new PortletResource();
+ r2.setUri(new URI("/content/forums"));
+ r2.addParameter("topicId", "5678");
+ r2.addParameter("blah", "blahblah");
+
+ PortletResource r3 = new PortletResource();
+ r3.setUri(new URI("/content/forums"));
+ r3.addParameter("topicId", "9999");
+ r3.addParameter("blah", "blahblah");
+
+ //Testing Employees access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"employees",
"authenticated", "marketing"}, null), true);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"employees",
"authenticated", "marketing"}, null), true);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"employees",
"authenticated", "marketing"}, null), false);
+
+ //Testing Partners access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"partners",
"authenticated", "insurance-company"}, null), true);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"partners",
"authenticated", "insurance-company"}, null), true);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"partners",
"authenticated", "insurance-company"}, null), false);
+
+ //Testing Anonymous access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"},
null), false);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"},
null), false);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"},
null), false);
+
+ //Testing Authenticated but not an Employee or a Partner
+ this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated",
"community"}, null), false);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated",
"community"}, null), false);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated",
"community"}, null), false);
+ }
+
+ public void testWindowSecurity() throws Exception
+ {
+ PortletResource window = new PortletResource();
+ window.setUri(new URI("/window/forums"));
+
+ //Testing Anonymous user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new EditMode()), false);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new AdminMode()), false);
+
+ //Testing Authenticated user's access to the window
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new AdminMode()), false);
+
+ //Testing Admin user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
AdminMode()), true);
+ }
+ //
-------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(EnforcementContext enforcementContext,
+ boolean mustBePermitted) throws Exception
+ {
+ EnforcementResponse response = this.enforcer
+ .checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision=" + response.getMessage());
+
+ if (mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private EnforcementContext createEnforcementContext(
+ PortletResource protectedResource, String[] userRoles, Object actionComponent)
+ throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Resource being accessed
+ context.setAttribute("portlet-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ for (int i = 0; i < userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
+ }
+ context.setAttribute("roles", roles);
+
+ // Action being performed
+ if(actionComponent != null)
+ {
+ context.setAttribute("portlet-mode", actionComponent);
+ }
+ else
+ {
+ context.setAttribute("portlet-mode", new ViewMode());
+ }
+
+ return context;
+ }
+}
Property changes on:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
___________________________________________________________________
Name: svn:mergeinfo
+