JBoss Portal SVN: r12824 - branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/admin.
by portal-commits@lists.jboss.org
Author: prabhat.jha(a)jboss.com
Date: 2009-02-15 21:29:38 -0500 (Sun, 15 Feb 2009)
New Revision: 12824
Modified:
branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/admin/UserAdministrationBean.java
Log:
Apply JBoss Coding Convention and Formatting
Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/admin/UserAdministrationBean.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/admin/UserAdministrationBean.java 2009-02-16 02:09:50 UTC (rev 12823)
+++ branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/admin/UserAdministrationBean.java 2009-02-16 02:29:38 UTC (rev 12824)
@@ -69,22 +69,22 @@
/** The roles */
private List<String> roles = new ArrayList<String>();
-
+
/** The node which should be displayed. */
private String displayNode = IdentityConstants.JBPM_NODE_APPROVAL;
-
+
/** The subscription mode. */
private String subscriptionMode;
-
+
/** The admin subscription mode. */
private String adminSubscriptionMode;
-
+
/** The pending users. */
private List<UserContainer> pendingUsers = null;
-
+
/** The pending list selected for approval or reject. */
private List<UserContainer> pendingActionList = null;
-
+
/** The pending user action. */
private String pendingUserAction = null;
@@ -99,16 +99,16 @@
/** The idenetity role bean. */
private IdentityRoleBean identityRoleBean;
-
+
/** The registration service. */
private RegistrationService registrationService;
/** The logger. */
private static final Logger log = Logger.getLogger(UserAdministrationBean.class);
-
+
/** The decoder. */
private static final FastURLDecoder decoder = FastURLDecoder.getUTF8Instance();
-
+
private boolean isNewSearch=true;
public UserAdministrationBean()
@@ -174,27 +174,27 @@
{
this.uiUser = uiUser;
}
-
+
public String getSubscriptionMode()
{
return subscriptionMode;
}
-
+
public void setSubscriptionMode(String subscriptionMode)
{
this.subscriptionMode = subscriptionMode;
}
-
+
public String getAdminSubscriptionMode()
{
return adminSubscriptionMode;
}
-
+
public void setAdminSubscriptionMode(String adminSubscriptionMode)
{
this.adminSubscriptionMode = adminSubscriptionMode;
}
-
+
public IdentityUserBean getIdentityUserBean()
{
return identityUserBean;
@@ -204,7 +204,7 @@
{
return pendingUserAction;
}
-
+
public List<UserContainer> getPendingActionList()
{
return pendingActionList;
@@ -241,19 +241,21 @@
{
try
{
-
- int initLimit = Integer.valueOf(limit).intValue();
- int offset = 0;
- if(!isNewSearch)
- {
+
+ int initLimit = Integer.valueOf(limit).intValue();
+ int offset = 0;
+ if(!isNewSearch)
+ {
offset = page > 0 ? ((page - 1) * initLimit) : 0;
isNewSearch = true;
- }
-
- else
- page = 1;
-
-
+ }
+
+ else
+ {
+ page = 1;
+ }
+
+
int limit1 = initLimit + 1;
this.userList = new ListDataModel(identityUserBean.findUsersFilteredByUserName(searchString, offset, limit1));
}
@@ -275,7 +277,7 @@
String action = (String) params.get("enableAction");
ResourceBundle bundle = ResourceBundle.getBundle("conf.bundles.Identity", ctx.getViewRoot().getLocale());
this.currentUser = params.get("currentUser") != null ? decoder.encode((String) params.get("currentUser")) : null;
-
+
if (this.currentUser != null && action != null)
{
Map<String, Object> profileMap = new HashMap<String, Object>();
@@ -303,7 +305,7 @@
return "userAdmin";
}
// Updating search
- if (action.equals("enable"))
+ if (action.equals("enable"))
{
ctx.addMessage("status", new FacesMessage(bundle.getString("IDENTITY_MANAGEMENT_ENABLE_USER_ENABLED")));
}
@@ -316,7 +318,7 @@
}
return "searchUsers";
}
-
+
public int getPendingCount()
{
try
@@ -329,7 +331,7 @@
return -1;
}
}
-
+
public int getUserCount()
{
if (userCount == 0)
@@ -347,13 +349,13 @@
}
return userCount;
}
-
+
public List<UserContainer> getPendingUsers()
{
try
{
if ( this.registrationService != null && this.pendingUsers == null)
- this.pendingUsers = this.registrationService.getPendingUsers(displayNode);
+ this.pendingUsers = this.registrationService.getPendingUsers(displayNode);
}
catch (CoreIdentityConfigurationException e)
{
@@ -368,7 +370,7 @@
ExternalContext ectx = ctx.getExternalContext();
Map params = ectx.getRequestParameterMap();
this.currentUser = params.get("currentUser") != null ? decoder.encode((String) params.get("currentUser")) : null;
-
+
if (this.currentUser != null)
{
this.uiUser = new IdentityUIUser(this.currentUser);
@@ -396,23 +398,23 @@
}
return "userAdmin";
}
-
+
public String nextPage()
{
- isNewSearch = false;
+ isNewSearch = false;
this.page++;
this.searchUsers();
return "searchUsers";
}
-
+
public String prevPage()
{
- isNewSearch = false;
+ isNewSearch = false;
this.page--;
this.searchUsers();
return "searchUsers";
}
-
+
public String approveRegistration()
{
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
@@ -445,7 +447,7 @@
else
return "userAdmin";
}
-
+
public String approveList()
{
this.pendingUserAction = "approve";
@@ -463,7 +465,7 @@
}
return "pendingUsers";
}
-
+
public String rejectList()
{
this.pendingUserAction = "reject";
@@ -481,7 +483,7 @@
}
return "pendingUsers";
}
-
+
public String confirmPendingAction()
{
try
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12823 - in modules/authorization/trunk: core-components-api and 6 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-15 21:09:50 -0500 (Sun, 15 Feb 2009)
New Revision: 12823
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/tools/GeneralTool.java
modules/authorization/trunk/core-components-api/pom.xml
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
modules/authorization/trunk/http-profile/pom.xml
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
Log:
first attempt at xml configuration for the http profile
Modified: modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/tools/GeneralTool.java
===================================================================
--- modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/tools/GeneralTool.java 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/tools/GeneralTool.java 2009-02-16 02:09:50 UTC (rev 12823)
@@ -23,6 +23,8 @@
package org.jboss.security.authz.tools;
import java.util.UUID;
+import java.io.InputStream;
+import java.io.IOException;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -34,4 +36,18 @@
{
return UUID.randomUUID().toString();
}
+
+ public static String readStream(InputStream is) throws IOException
+ {
+ StringBuilder str = new StringBuilder();
+
+ byte[] buffer = new byte[1000];
+ int len = -1;
+ while((len=is.read(buffer)) != -1)
+ {
+ str.append(new String(buffer, 0, len));
+ }
+
+ return str.toString();
+ }
}
Modified: modules/authorization/trunk/core-components-api/pom.xml
===================================================================
--- modules/authorization/trunk/core-components-api/pom.xml 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/core-components-api/pom.xml 2009-02-16 02:09:50 UTC (rev 12823)
@@ -44,7 +44,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
+ <includes>
</includes>
</configuration>
</plugin>
Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-16 02:09:50 UTC (rev 12823)
@@ -50,24 +50,24 @@
//make it package-level access so that unit tests can test these rules
static final String allowRule =
"import java.util.HashSet\n"+
- "rule \"allowRule\"\n"+
+ "rule \"{0}\"\n"+
"when\n"+
"$ruleName: String()\n"+
"$roles: HashSet()\n"+
"eval($ruleName.contains(\"roles://allowRule\"))\n"+
- "eval({0})\n"+
+ "eval({1})\n"+
"then\n"+
"insert(Boolean.TRUE);\n"+
"end\n";
static final String denyRule =
"import java.util.HashSet\n"+
- "rule \"denyRule\"\n"+
+ "rule \"{0}\"\n"+
"when\n"+
"$ruleName: String()\n"+
"$roles: HashSet()\n"+
"eval($ruleName.contains(\"roles://denyRule\"))\n"+
- "eval({0})\n"+
+ "eval({1})\n"+
"then\n"+
"insert(Boolean.TRUE);\n"+
"end\n";
@@ -132,7 +132,7 @@
}
String condition = buffer.toString().trim();
String ruleLogic = MessageFormat.format(Roles.allowRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
+ ruleReference, condition.substring(0, condition.length()-2).trim());
DroolsRuleExpression expression = new DroolsRuleExpression();
expression.setRuleReference(ruleReference);
@@ -169,7 +169,7 @@
}
String condition = buffer.toString().trim();
String ruleLogic = MessageFormat.format(Roles.denyRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
+ ruleReference, condition.substring(0, condition.length()-2).trim());
DroolsRuleExpression expression = new DroolsRuleExpression();
expression.setRuleReference(ruleReference);
Modified: modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java 2009-02-16 02:09:50 UTC (rev 12823)
@@ -162,7 +162,7 @@
}
String condition = buffer.toString().trim();
String rule = MessageFormat.format(Roles.allowRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
+ new Object[]{GeneralTool.generateUniqueId(), condition.substring(0, condition.length()-2).trim()});
return rule;
}
@@ -178,7 +178,7 @@
}
String condition = buffer.toString().trim();
String rule = MessageFormat.format(Roles.denyRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
+ new Object[]{GeneralTool.generateUniqueId(), condition.substring(0, condition.length()-2).trim()});
return rule;
}
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-02-16 02:09:50 UTC (rev 12823)
@@ -63,8 +63,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestRoles.java</include>
+ <includes>
</includes>
</configuration>
</plugin>
Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-02-16 02:09:50 UTC (rev 12823)
@@ -40,6 +40,7 @@
import org.jboss.security.authz.components.resource.HttpResource;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
@@ -71,21 +72,23 @@
DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document document = builder.parse(xmlStream);
- NodeList aclRules = document.getElementsByTagName("acl-rule");
- for(int i=0, length=aclRules.getLength(); i< length; i++)
+ NodeList securityConstraints = document.getElementsByTagName("security-constraint");
+ for(int i=0, length=securityConstraints.getLength(); i< length; i++)
{
- Element aclRuleElem = (Element)aclRules.item(i);
- String policyUri = aclRuleElem.getAttribute("id");
-
- //Construct the HttpResource component to be used for Policy Generation
- HttpResource httpResource = new HttpResource();
- this.parseTarget(httpResource, aclRuleElem);
- this.parseRules(httpResource, aclRuleElem);
-
- //Generate the policy from the HttpResource component
- Policy policy = new HierarchialPolicy(policyUri, httpResource.getPolicyMetaData());
+ Element securityConstraint = (Element)securityConstraints.item(i);
+ Element webResourceCollection = (Element)securityConstraint.getElementsByTagName("web-resource-collection").item(0);
+ List<HttpResource> webResources = this.parseWebResources(webResourceCollection);
- cour.add(policy);
+ if(webResources != null)
+ {
+ for(HttpResource policyResource: webResources)
+ {
+ //Parse role constraints
+ this.parseRoles(policyResource, securityConstraint.getElementsByTagName("roles"));
+
+ cour.add(new HierarchialPolicy(GeneralTool.generateUniqueId(), policyResource.getPolicyMetaData()));
+ }
+ }
}
policies = cour.toArray(new Policy[0]);
@@ -107,78 +110,79 @@
}
}catch(IOException ioe){log.warn(this, ioe);}
}
- }
-
+ }
//XMLParsing----------------------------------------------------------------------------------------------------------------------------------------------------
- private void parseTarget(HttpResource httpResource, Element aclRuleElem) throws Exception
- {
- Element resourceElem = (Element)aclRuleElem.getElementsByTagName("resource").item(0);
- Element requestUriElem = (Element)aclRuleElem.getElementsByTagName("request-uri").item(0);
-
- //Add RequestUri as a Resource To Match
- String requestUri = requestUriElem.getTextContent();
- httpResource.setUri(new URI(requestUri));
-
- //Process Parameters
- NodeList parameters = resourceElem.getElementsByTagName("param");
- if(parameters != null)
- {
- for(int i=0, length=parameters.getLength(); i<length; i++)
- {
- Element parameter = (Element)parameters.item(i);
-
- String name = ((Element)parameter.getElementsByTagName("name").item(0)).getTextContent();
- String value = ((Element)parameter.getElementsByTagName("value").item(0)).getTextContent();
-
- httpResource.addParameter(name, value);
- }
- }
+ private List<HttpResource> parseWebResources(Element webResourceCollection) throws Exception
+ {
+ List<HttpResource> webResources = new ArrayList<HttpResource>();
+
+ NodeList resources = webResourceCollection.getElementsByTagName("web-resource");
+ if(resources != null)
+ {
+ for(int i=0; i<resources.getLength(); i++)
+ {
+ HttpResource policyResource = new HttpResource();
+ Element webResource = (Element)resources.item(i);
+ Element urlPattern = (Element)webResource.getElementsByTagName("url-pattern").item(0);
+
+ policyResource.setUri(new URI(urlPattern.getTextContent().trim()));
+ this.parseParameters(policyResource, webResource);
+
+ webResources.add(policyResource);
+ }
+ }
+
+ return webResources;
}
- private void parseRules(HttpResource httpResource, Element aclRuleElem) throws Exception
- {
- NodeList conditionNodes = aclRuleElem.getElementsByTagName("condition");
- if(conditionNodes != null)
+ private void parseParameters(HttpResource policyResource, Element webResource) throws Exception
+ {
+ //Process Parameters
+ Element parameters = (Element)webResource.getElementsByTagName("parameters").item(0);
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if(params != null)
{
- for(int i=0, length=conditionNodes.getLength(); i<length; i++)
+ for(int i=0, length=params.getLength(); i<length; i++)
{
- Element conditionElement = (Element)conditionNodes.item(i);
+ Element parameter = (Element)params.item(i);
- //Process Roles related conditions
- NodeList roleNodes = conditionElement.getElementsByTagName("role-name");
- if(roleNodes != null && roleNodes.getLength()>0)
- {
- this.parseRoleRules(httpResource, roleNodes);
- }
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
- //Process IP Ranges
- /*NodeList ipNodes = conditionElement.getElementsByTagName("ip-range");
- if(ipNodes != null && ipNodes.getLength() >0)
- {
- this.parseIpRules(httpResource, ipNodes);
- }*/
+ policyResource.addParameter(name, value);
}
}
}
- private void parseRoleRules(HttpResource httpResource, NodeList roleNodes)
- {
- for(int j=0, length=roleNodes.getLength(); j<length; j++)
- {
- Element roleNameElem = (Element)roleNodes.item(j);
- String roleName = roleNameElem.getTextContent();
- httpResource.addAllowed(roleName);
- }
- }
-
- /*private void parseIpRules(HttpResource httpResource, NodeList ipNodes)
- {
- for(int j=0; j<ipNodes.getLength(); j++)
- {
- Element ipElem = (Element)ipNodes.item(j);
- String ipRange = ipElem.getTextContent();
-
- httpResource.addAllowedIp(ipRange);
- }
- }*/
+ private void parseRoles(HttpResource policyResource, NodeList roleNodes) throws Exception
+ {
+ if(roleNodes != null)
+ {
+ for(int i=0; i<roleNodes.getLength(); i++)
+ {
+ boolean allow = true;
+ Element roles = (Element)roleNodes.item(i);
+
+ allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
+
+ NodeList roleNames = roles.getElementsByTagName("role-name");
+ if(roleNames != null)
+ {
+ for(int j=0; j<roleNames.getLength(); j++)
+ {
+ Element roleName = (Element)roleNames.item(j);
+
+ if(allow)
+ {
+ policyResource.addAllowed(roleName.getTextContent().trim());
+ }
+ else
+ {
+ policyResource.addDenied(roleName.getTextContent().trim());
+ }
+ }
+ }
+ }
+ }
+ }
}
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-02-16 02:09:50 UTC (rev 12823)
@@ -22,12 +22,23 @@
******************************************************************************/
package org.jboss.security.authz.http.provisioning;
+import java.io.InputStream;
+import java.net.URI;
+
import junit.framework.TestCase;
import org.apache.log4j.Logger;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.policy.server.PolicyServer;
+import org.jboss.security.authz.policy.server.Server;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
/**
@@ -41,123 +52,127 @@
*/
private static Logger log = Logger.getLogger(TestHttpPolicyConfig.class);
+ private PolicyServer policyServer;
+
/**
- * A simple developer-friendly web tier policy that specifies:
*
- * "Only Root Portal User and Users in the Marketing Department of the organization must be allowed to Modify the Layout of the "Main Marketing Portal Page"
- *
- * Notice: This configuration is not muddled by the vast low-level details of XACML Policy representation. That part is automated by the
- * PAP (Policy Administration Point) Component of the Authorization System
*/
- private static String simpleWebTierPolicy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"+
- "<web-acl>"+
- "<acl-rule>"+
- "<resource>"+
- "<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+
- "<params>"+
- "<param>"+
- "<name>page</name>"+
- "<value>marketing_index.html</value>"+
- "</param>"+
- "<param>"+
- "<name>action</name>"+
- "<value>update</value>"+
- "</param>"+
- "</params>"+
- "</resource>"+
- "<conditions>"+
- "<condition>"+
- "<roles>"+
- "<role-name>Root-Admin</role-name>"+
- "<role-name>Marketing Team</role-name>"+
- "</roles>"+
- "</condition>"+
- "</conditions>"+
- "</acl-rule>"+
- "</web-acl>";
-
- /**
- * A complex developer-friendly web tier policy that specifies:
- *
- * "Only Root Portal User and Users in the Marketing Department of the organization must be allowed to Modify the Layout of the "Main Marketing Portal Page
- * as long as they are Logged in from a range of allowed IP addresses
- * "
- *
- * Notice: This configuration is not muddled by the vast low-level details of XACML Policy representation. That part is automated by the
- * PAP (Policy Administration Point) Component of the Authorization System
- */
- private static String complexWebTierPolicy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"+
- "<web-acl>"+
- "<acl-rule>"+
- "<resource>"+
- "<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+
- "<params>"+
- "<param>"+
- "<name>page</name>"+
- "<value>marketing_index.html</value>"+
- "</param>"+
- "<param>"+
- "<name>action</name>"+
- "<value>update</value>"+
- "</param>"+
- "</params>"+
- "</resource>"+
- "<conditions>"+
- "<condition>"+
- "<roles>"+
- "<role-name>Root-Admin</role-name>"+
- "<role-name>Marketing Team</role-name>"+
- "</roles>"+
- "</condition>"+
- "<condition>"+
- "<ip-address>"+
- "<ip-range>192.168.xxx.xxx</ip-range>"+
- "</ip-address>"+
- "</condition>"+
- "</conditions>"+
- "</acl-rule>"+
- "</web-acl>";
-
- /**
- *
- */
protected void setUp() throws Exception
{
+ Server.bootstrap();
+ this.policyServer = (PolicyServer)Server.lookup("/policy-server/PolicyServer");
}
-
-
- protected void tearDown() throws Exception
- {
- }
-
-
- public void testSimpleWebTierPolicy() throws Exception
+ //------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testExecutiveFiles() throws Exception
{
- PolicyConfig config = new HttpPolicyConfig();
- Policy[] policies = config.configure(simpleWebTierPolicy);
+ PolicyConfig config = new HttpPolicyConfig();
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
- assertNotNull(policies);
+ Policy[] policies = config.configure(GeneralTool.readStream(is));
- for(int i=0; i<policies.length; i++)
- {
+ assertNotNull(policies);
+
+ for(int i=0; i<policies.length; i++)
+ {
log.info("------------------------------------------------------");
- log.info(policies[i].generateXACMLPolicy());
+ this.policyServer.newPolicy(policies[i].getMetaData());
log.info("------------------------------------------------------");
- }
+ }
+
+ is.close();
+
+ //Perform an Enforcement
+ HttpResource incoming = new HttpResource();
+ incoming.setUri(new URI("/private/executives/index.html"));
+ incoming.addParameter("id", "1234");
+
+ //Executive is allowed
+ this.enforce(this.createRequest(incoming, new String[]{"executive"}), true);
+
+ //Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
+ this.enforce(this.createRequest(incoming, new String[]{"executive", "manager"}), true);
+
+ //Manager is Not Allowed
+ this.enforce(this.createRequest(incoming, new String[]{"manager"}), false);
+
+ //Anonymous is Not Allowed
+ this.enforce(this.createRequest(incoming, new String[]{"anonymous"}), false);
}
- public void testComplexWebTierPolicy() throws Exception
+ public void testBoardFiles() throws Exception
{
- PolicyConfig config = new HttpPolicyConfig();
- Policy[] policies = config.configure(complexWebTierPolicy);
+ PolicyConfig config = new HttpPolicyConfig();
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
- assertNotNull(policies);
+ Policy[] policies = config.configure(GeneralTool.readStream(is));
- for(int i=0; i<policies.length; i++)
- {
+ assertNotNull(policies);
+
+ for(int i=0; i<policies.length; i++)
+ {
log.info("------------------------------------------------------");
- log.info(policies[i].generateXACMLPolicy());
+ this.policyServer.newPolicy(policies[i].getMetaData());
log.info("------------------------------------------------------");
+ }
+
+ is.close();
+
+ //Perform an Enforcement
+ HttpResource incoming = new HttpResource();
+ incoming.setUri(new URI("/private/board/index.html"));
+ incoming.addParameter("id", "5678");
+
+ //Executive is allowed
+ this.enforce(this.createRequest(incoming, new String[]{"executive"}), true);
+
+ //Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
+ this.enforce(this.createRequest(incoming, new String[]{"executive", "manager"}), true);
+
+ //Manager is Not Allowed
+ this.enforce(this.createRequest(incoming, new String[]{"manager"}), false);
+
+ //Anonymous is Not Allowed
+ this.enforce(this.createRequest(incoming, new String[]{"anonymous"}), false);
+ }
+ //-------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(Request request, boolean mustBePermitted) throws Exception
+ {
+
+ Response response = this.policyServer.evaluate(request);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision="+response.getMessage());
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private Request createRequest(HttpResource contextResource, String[] userRoles) throws Exception
+ {
+ //Create a RequestType
+ Request request = new Request();
+
+ //Create Subjects
+ Roles roles = new Roles();
+ for(int i=0; i<userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
}
- }
+ request.addSubject(roles.getSubject());
+
+ //Create Resource
+ request.addResource(contextResource.getResource());
+
+ //Create Action
+ request.setAction(new Read().getAction());
+
+ return request;
+ }
}
Modified: modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml 2009-02-14 18:35:41 UTC (rev 12822)
+++ modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml 2009-02-16 02:09:50 UTC (rev 12823)
@@ -1,53 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
-<web-acl>
- <acl-rule id="simplePolicy">
- <resource>
- <request-uri>/portal/admin-tool/modifyLayout</request-uri>
- <params>
- <param>
- <name>page</name>
- <value>marketing_index.html</value>
- </param>
- <param>
- <name>action</name>
- <value>update</value>
- </param>
- </params>
- </resource>
- <conditions>
- <condition>
- <roles>
- <role-name>Root-Admin</role-name>
- <role-name>Marketing Team</role-name>
- </roles>
- </condition>
- </conditions>
- </acl-rule>
- <acl-rule id="complexPolicy">
- <resource>
- <request-uri>/portal/admin-tool/modifyLayout</request-uri>
- <params>
- <param>
- <name>page</name>
- <value>marketing_index.html</value>
- </param>
- <param>
- <name>action</name>
- <value>update</value>
- </param>
- </params>
- </resource>
- <conditions>
- <condition>
- <roles>
- <role-name>Root-Admin</role-name>
- </roles>
- </condition>
- <condition>
- <ip-address>
- <ip-range>192.168.xxx.xxx</ip-range>
- </ip-address>
- </condition>
- </conditions>
- </acl-rule>
-</web-acl>
\ No newline at end of file
+<web-security>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource>
+ <web-resource-name>Executive Files</web-resource-name>
+ <url-pattern>/private/executives/*</url-pattern>
+ <parameters>
+ <parameter name="id">1234</parameter>
+ </parameters>
+ </web-resource>
+ <web-resource>
+ <web-resource-name>Board/Investor Files</web-resource-name>
+ <url-pattern>/private/board/*</url-pattern>
+ <parameters>
+ <parameter name="id">5678</parameter>
+ </parameters>
+ </web-resource>
+ </web-resource-collection>
+ <auth-constraint>
+ <!-- constaints based on user roles -->
+ <roles allow="true">
+ <role-name>Admin</role-name>
+ <role-name>Executive</role-name>
+ </roles>
+ <roles allow="false">
+ <role-name>Manager</role-name>
+ <role-name>Developer</role-name>
+ </roles>
+
+ <!-- constants based on ip address of the connecting machine -->
+ <!--
+ Still need to implement this functionality
+ <ip-address allow="true">
+ <ip-range>
+ <address-from></address-from>
+ <address-to></address-to>
+ </ip-range>
+ </ip-address>
+ <ip-address allow="false">
+ <ip-range>
+ <address-from></address-from>
+ <address-to></address-to>
+ </ip-range>
+ </ip-address>
+ -->
+ <!-- constraints based on data and/or time -->
+ </auth-constraint>
+ </security-constraint>
+</web-security>
\ No newline at end of file
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12822 - in modules/authorization/trunk/http-profile: src/test/java/org/jboss/security/authz/http/components and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-14 13:35:41 -0500 (Sat, 14 Feb 2009)
New Revision: 12822
Added:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
Modified:
modules/authorization/trunk/http-profile/pom.xml
Log:
testing the User Roles related Rule for the Http Profile
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-02-14 18:00:24 UTC (rev 12821)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-02-14 18:35:41 UTC (rev 12822)
@@ -64,7 +64,7 @@
<version>2.3.1</version>
<configuration>
<includes>
- <include>**/TestParameterMatching.java</include>
+ <include>**/TestRoles.java</include>
</includes>
</configuration>
</plugin>
Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-02-14 18:35:41 UTC (rev 12822)
@@ -0,0 +1,150 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.http.components;
+
+import java.net.URI;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.policy.server.PolicyServer;
+import org.jboss.security.authz.policy.server.Server;
+
+import junit.framework.TestCase;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestRoles extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestRoles.class);
+
+ private PolicyServer policyServer;
+
+ public void setUp() throws Exception
+ {
+ Server.bootstrap();
+ this.policyServer = (PolicyServer)Server.lookup("/policy-server/PolicyServer");
+ }
+
+ public void test() throws Exception
+ {
+ HttpResource policyResource = new HttpResource();
+ policyResource.setUri(new URI("/private/devspace/*"));
+ policyResource.addAllowed("admin");
+ policyResource.addAllowed("pm");
+ policyResource.addAllowed("lead");
+
+ this.policyServer.newPolicy(policyResource.getPolicyMetaData());
+
+ //Assert Policy State of the Server
+ Policy[] policies = this.policyServer.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
+ log.info("------------------------------------------------------------------------------");
+ log.info(policies[0].generateXACMLPolicy());
+
+ HttpResource incoming = new HttpResource();
+ incoming.setUri(new URI("/private/devspace/wiki.html"));
+
+ //Access Grant
+ this.enforce(this.createRequest(incoming, new String[]{"hacker", "coder", "bigshot", "lead"}), true);
+
+
+ //Access Deny
+ this.enforce(this.createRequest(incoming, new String[]{"hacker", "coder", "bigshot"}), false);
+ }
+
+ public void testCaseAgnosticity() throws Exception
+ {
+ HttpResource policyResource = new HttpResource();
+ policyResource.setUri(new URI("/private/devspace/*"));
+ policyResource.addAllowed("AdMin");
+ policyResource.addAllowed("Pm");
+ policyResource.addAllowed("LeaD");
+
+ this.policyServer.newPolicy(policyResource.getPolicyMetaData());
+
+ //Assert Policy State of the Server
+ Policy[] policies = this.policyServer.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
+ log.info("------------------------------------------------------------------------------");
+ log.info(policies[0].generateXACMLPolicy());
+
+ HttpResource incoming = new HttpResource();
+ incoming.setUri(new URI("/private/devspace/wiki.html"));
+
+ //Access Grant
+ this.enforce(this.createRequest(incoming, new String[]{"hAcKer", "cOder", "BiGSHot", "lEAd"}), true);
+
+
+ //Access Deny
+ this.enforce(this.createRequest(incoming, new String[]{"hAcKer", "cOder", "BiGSHot"}), false);
+ }
+ //-----------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(Request request, boolean mustBePermitted) throws Exception
+ {
+
+ Response response = this.policyServer.evaluate(request);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision="+response.getMessage());
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private Request createRequest(HttpResource contextResource, String[] userRoles) throws Exception
+ {
+ //Create a RequestType
+ Request request = new Request();
+
+ //Create Subjects
+ Roles roles = new Roles();
+ for(int i=0; i<userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
+ }
+ request.addSubject(roles.getSubject());
+
+ //Create Resource
+ request.addResource(contextResource.getResource());
+
+ //Create Action
+ request.setAction(new Read().getAction());
+
+ return request;
+ }
+}
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12821 - in modules/authorization/trunk/http-profile: src/test/java/org/jboss/security/authz/http/components and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-14 13:00:24 -0500 (Sat, 14 Feb 2009)
New Revision: 12821
Added:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
Modified:
modules/authorization/trunk/http-profile/pom.xml
Log:
testing the Request Parameter Matching Rule for the Http Profile
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-02-14 17:04:26 UTC (rev 12820)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-02-14 18:00:24 UTC (rev 12821)
@@ -64,7 +64,7 @@
<version>2.3.1</version>
<configuration>
<includes>
- <include>**/TestURLPattern.java</include>
+ <include>**/TestParameterMatching.java</include>
</includes>
</configuration>
</plugin>
Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-02-14 18:00:24 UTC (rev 12821)
@@ -0,0 +1,178 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.http.components;
+
+import java.net.URI;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.policy.server.PolicyServer;
+import org.jboss.security.authz.policy.server.Server;
+
+import junit.framework.TestCase;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestParameterMatching extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestParameterMatching.class);
+
+ private PolicyServer policyServer;
+
+ public void setUp() throws Exception
+ {
+ Server.bootstrap();
+ this.policyServer = (PolicyServer)Server.lookup("/policy-server/PolicyServer");
+ }
+
+ public void testMatchContextSuperset() throws Exception
+ {
+ //SetUp HttpResource component to generate/store a policy
+ HttpResource policyResource = new HttpResource();
+ policyResource.setUri(new URI("/prefix/url/*"));
+ policyResource.addAllowed("Admin");
+ policyResource.addParameter("p1", "p1Val");
+ policyResource.addParameter("p2", "p2Val");
+
+ //Store the policy into the Policy Server
+ this.policyServer.newPolicy(policyResource.getPolicyMetaData());
+
+ //Assert Policy State of the Server
+ Policy[] policies = this.policyServer.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
+ log.info("------------------------------------------------------------------------------");
+ log.info(policies[0].generateXACMLPolicy());
+
+ //SetUp a Contextual HttpResource component representing an incoming request that needs authorization
+ //where access should be granted
+ HttpResource permit = new HttpResource();
+ permit.setUri(new URI("/prefix/url/index.html"));
+ for(int i=0; i<5; i++)
+ {
+ String name = "p"+i;
+ String value = name + "Val";
+ permit.addParameter(name, value);
+ }
+
+ //SetUp a Contextual HttpResource component representing an incoming request that needs authorization
+ //where access should not be granted
+ HttpResource deny = new HttpResource();
+ deny.setUri(new URI("/prefix/url/index.html"));
+ for(int i=0; i<5; i++)
+ {
+ String name = "p"+i;
+ String value = name + "Blah";
+ deny.addParameter(name, value);
+ }
+
+ //Access Granted Enforcement
+ this.enforce(this.createRequest(permit), true);
+
+ //Access Denied Enforcement
+ this.enforce(this.createRequest(deny), false);
+ }
+
+ public void testMatchContextSubset() throws Exception
+ {
+ //SetUp HttpResource component to generate/store a policy
+ HttpResource policyResource = new HttpResource();
+ policyResource.setUri(new URI("/prefix/url/*"));
+ policyResource.addAllowed("Admin");
+ for(int i=0; i<5; i++)
+ {
+ String name = "p"+i;
+ String value = name + "Val";
+ policyResource.addParameter(name, value);
+ }
+
+ //Store the policy into the Policy Server
+ this.policyServer.newPolicy(policyResource.getPolicyMetaData());
+
+ //Assert Policy State of the Server
+ Policy[] policies = this.policyServer.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
+ log.info("------------------------------------------------------------------------------");
+ log.info(policies[0].generateXACMLPolicy());
+
+ //SetUp a Contextual HttpResource component representing an incoming request that needs authorization
+ //where access should not be granted
+ HttpResource deny = new HttpResource();
+ deny.setUri(new URI("/prefix/url/index.html"));
+ for(int i=0; i<3; i++)
+ {
+ String name = "p"+i;
+ String value = name + "Val";
+ deny.addParameter(name, value);
+ }
+
+ //Access Denied Enforcement......In fact in the case where the Context carries a Subset of the parameters expected by the policy
+ //It will always result in a Deny since it will never fulfill the match expected by the policy
+ this.enforce(this.createRequest(deny), false);
+ }
+ //-----------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(Request request, boolean mustBePermitted) throws Exception
+ {
+
+ Response response = this.policyServer.evaluate(request);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision="+response.getMessage());
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private Request createRequest(HttpResource contextResource) throws Exception
+ {
+ //Create a RequestType
+ Request request = new Request();
+
+ //Create Subjects
+ Roles roles = new Roles();
+ roles.addName("Admin");
+ request.addSubject(roles.getSubject());
+
+ //Create Resource
+ request.addResource(contextResource.getResource());
+
+ //Create Action
+ request.setAction(new Read().getAction());
+
+ return request;
+ }
+}
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12820 - in modules/authorization/trunk: core-components-api/src/main/java/org/jboss/security/authz/components/resource and 5 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-14 12:04:26 -0500 (Sat, 14 Feb 2009)
New Revision: 12820
Added:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
Modified:
modules/authorization/trunk/.classpath
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
modules/authorization/trunk/http-profile/pom.xml
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
Log:
url-pattern matching for the http profile
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2009-02-13 16:19:19 UTC (rev 12819)
+++ modules/authorization/trunk/.classpath 2009-02-14 17:04:26 UTC (rev 12820)
@@ -7,11 +7,11 @@
<classpathentry kind="src" path="core-components-api/src/main/java"/>
<classpathentry kind="src" path="core-components-api/src/main/resources"/>
<classpathentry kind="src" path="core-components-api/src/test/java"/>
- <classpathentry kind="src" path="core-components-api/src/test/resources"/>
+ <classpathentry kind="src" path="core-components-api/src/test/resources"/>
<classpathentry kind="src" path="enforcement/src/main/java"/>
<classpathentry kind="src" path="enforcement/src/main/resources"/>
<classpathentry kind="src" path="enforcement/src/test/java"/>
- <classpathentry kind="src" path="enforcement/src/test/resources"/>
+ <classpathentry kind="src" path="enforcement/src/test/resources"/>
<classpathentry kind="src" path="policy-server/src/main/java"/>
<classpathentry kind="src" path="policy-server/src/main/resources"/>
<classpathentry kind="src" path="policy-server/src/test/java"/>
@@ -20,17 +20,17 @@
<classpathentry kind="src" path="http-profile/src/main/resources"/>
<classpathentry kind="src" path="http-profile/src/test/java"/>
<classpathentry kind="src" path="http-profile/src/test/resources"/>
- <classpathentry kind="src" path="documentation/reference-guide/en/modules"/>
+ <classpathentry kind="src" path="documentation/reference-guide/en/modules"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.6/commons-beanutils-1.6.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.6/commons-beanutils-1.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.4/jaxb-api-2.1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.4/jaxb-impl-2.1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-xjc/2.1.4/jaxb-xjc-2.1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT.jar" sourcepath="/M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
<classpathentry kind="var" path="M2_REPO/org/drools/drools-core/4.0.7/drools-core-4.0.7.jar"/>
Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java 2009-02-13 16:19:19 UTC (rev 12819)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java 2009-02-14 17:04:26 UTC (rev 12820)
@@ -143,10 +143,39 @@
Target target = new Target();
- AttributeExpression urlExpression = ExpressionBuilder.getInstance().createResourceIdExpression(this.uri.toString());
+
+ AttributeExpression urlExpression = new AttributeExpression();
+
+ String uriStr = this.uri.toString();
+
+ if(uriStr.charAt(0) == '/' && uriStr.endsWith("/*"))
+ {
+ //If URL starts with '/' and ends with "/*", use a regular expression to match it (In consistency with the servlet spec)
+ urlExpression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_STRING_MATCH);
+
+ String uriexp = uriStr.substring(1, uriStr.length()-2);
+ StringBuilder buffer = new StringBuilder();
+ buffer.append("^/"+uriexp+"$|");
+ buffer.append("^"+uriexp+"$|");
+ buffer.append("^/"+uriexp+"/.*|");
+ buffer.append("^"+uriexp+"/.*");
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING, buffer.toString());
+ urlExpression.setAttribute(attribute);
+ }
+ else
+ {
+ //use an exact match
+ urlExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING, uriStr);
+ urlExpression.setAttribute(attribute);
+ }
+
target.addResourceMatch(urlExpression);
-
-
+
return target;
}
Modified: modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-02-13 16:19:19 UTC (rev 12819)
+++ modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-02-14 17:04:26 UTC (rev 12820)
@@ -21,8 +21,6 @@
*/
package org.jboss.security.authz.components.http;
-import java.util.HashSet;
-import java.util.Set;
import java.net.URI;
import junit.framework.TestCase;
@@ -30,9 +28,7 @@
import org.apache.log4j.Logger;
import org.jboss.security.authz.components.resource.HttpResource;
-import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.test.MockPolicy;
@@ -96,5 +92,20 @@
log.info("------------------------------------------------------------------");
log.info(policy.generateXACMLPolicy());
- }
+ }
+
+ public void testURLPattern() throws Exception
+ {
+ HttpResource httpResource = new HttpResource();
+ httpResource.setUri(new URI("/portal/*"));
+ httpResource.addParameter("test1", "test1://value");
+ httpResource.addParameter("test2", "test2://value");
+ httpResource.addAllowed("admin");
+ httpResource.addDenied("anonymous");
+
+ Policy policy = new MockPolicy("testURLPattern", httpResource.getPolicyMetaData());
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateXACMLPolicy());
+ }
}
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-02-13 16:19:19 UTC (rev 12819)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-02-14 17:04:26 UTC (rev 12820)
@@ -36,7 +36,24 @@
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
<scope>test</scope>
- </dependency>
+ </dependency>
+ <!-- jboss microcontainer -->
+ <dependency>
+ <groupId>org.jboss.microcontainer</groupId>
+ <artifactId>jboss-kernel</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <!-- Drools -->
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-core</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-compiler</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
@@ -46,10 +63,11 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
+ <includes>
+ <include>**/TestURLPattern.java</include>
</includes>
</configuration>
</plugin>
</plugins>
</build>
-</project>
+</project>
\ No newline at end of file
Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-02-14 17:04:26 UTC (rev 12820)
@@ -0,0 +1,151 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.http.components;
+
+import java.net.URI;
+import java.util.regex.Pattern;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.model.Resource;
+import org.jboss.security.authz.policy.server.PolicyServer;
+import org.jboss.security.authz.policy.server.Server;
+
+import junit.framework.TestCase;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestURLPattern extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestURLPattern.class);
+
+ private PolicyServer policyServer;
+
+ public void setUp() throws Exception
+ {
+ Server.bootstrap();
+ this.policyServer = (PolicyServer)Server.lookup("/policy-server/PolicyServer");
+ }
+
+ public void testRegex() throws Exception
+ {
+ /**
+ * Rule = "/prefix/url/*" matches any URL starting with /prefix/url,
+ * including prefix/url itself. It does not match /prefix/urlfoo because any slash must immediately follow url
+ */
+ String regex = "^/prefix/url$|^prefix/url$|^/prefix/url/.*|^prefix/url/.*";
+
+ //Should Match
+ assertTrue("Match(/prefix/url/)", Pattern.matches(regex, "/prefix/url/"));
+ assertTrue("Match(/prefix/url)", Pattern.matches(regex, "/prefix/url"));
+ assertTrue("Match(prefix/url/)",Pattern.matches(regex, "prefix/url/"));
+ assertTrue("Match(prefix/url)",Pattern.matches(regex, "prefix/url"));
+ assertTrue("Match(/prefix/url/index.html)",Pattern.matches(regex, "/prefix/url/index.html"));
+ assertTrue("Match(prefix/url/index.html)",Pattern.matches(regex, "prefix/url/index.html"));
+
+ //Should Not Match
+ assertFalse("Match(/prefix/urlfoo)",Pattern.matches(regex, "/prefix/urlfoo"));
+ assertFalse("Match(/prefix/urlfoo/)",Pattern.matches(regex, "/prefix/urlfoo/"));
+ assertFalse("Match(prefix/urlfoo)",Pattern.matches(regex, "prefix/urlfoo"));
+ assertFalse("Match(prefix/urlfoo/)",Pattern.matches(regex, "prefix/urlfoo/"));
+ assertFalse("Match(/blah/prefix/url/index.html)",Pattern.matches(regex, "/blah/prefix/url/index.html"));
+
+ HttpResource httpResource = new HttpResource();
+ httpResource.setUri(new URI("/prefix/url/*"));
+ httpResource.addAllowed("Admin");
+
+ PolicyMetaData policyMetaData = httpResource.getPolicyMetaData();
+ this.policyServer.newPolicy(policyMetaData);
+
+ //Assert Policy State of the Server
+ Policy[] policies = this.policyServer.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
+ log.info("------------------------------------------------------------------------------");
+ log.info(policies[0].generateXACMLPolicy());
+
+ //Access Granted
+ this.enforce(this.createRequest("/prefix/url"), true);
+ this.enforce(this.createRequest("/prefix/url/"), true);
+ this.enforce(this.createRequest("prefix/url"), true);
+ this.enforce(this.createRequest("prefix/url/"), true);
+ this.enforce(this.createRequest("/prefix/url/index.html"), true);
+ this.enforce(this.createRequest("prefix/url/index.html"), true);
+
+ //Access Denied
+ this.enforce(this.createRequest("/prefix/urlfoo"), false);
+ this.enforce(this.createRequest("/prefix/urlfoo/"), false);
+ this.enforce(this.createRequest("prefix/urlfoo"), false);
+ this.enforce(this.createRequest("prefix/urlfoo/"), false);
+ this.enforce(this.createRequest("/blah"), false);
+ this.enforce(this.createRequest("/blah/prefix/url/index.html"), false);
+ }
+ //-----------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(Request request, boolean mustBePermitted) throws Exception
+ {
+
+ Response response = this.policyServer.evaluate(request);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision="+response.getMessage());
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private Request createRequest(String uri) throws Exception
+ {
+ //Create a RequestType
+ Request request = new Request();
+
+ //Create Subjects
+ Roles roles = new Roles();
+ roles.addName("Admin");
+ request.addSubject(roles.getSubject());
+
+ //Create Resource
+ HttpResource httpResource = new HttpResource();
+ httpResource.setUri(new URI(uri));
+ Resource urlResource = httpResource.getResource();
+ request.addResource(urlResource);
+
+ //Create Action
+ request.setAction(new Read().getAction());
+
+ return request;
+ }
+}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-13 16:19:19 UTC (rev 12819)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-14 17:04:26 UTC (rev 12820)
@@ -22,10 +22,14 @@
package org.jboss.security.authz.policy.server.decision;
import java.io.File;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
import org.apache.log4j.Logger;
-import org.jboss.security.authz.xacml.PolicyUtil;
+import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.enforcement.Request;
import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServerException;
@@ -63,10 +67,26 @@
public void start()
{
+ InputStream is = null;
+ OutputStream os = null;
+ File tmpFile = null;
try
{
- this.store = new ConfigurationStore(new File(Thread.currentThread().getContextClassLoader().
- getResource("META-INF/pdp-config.xml").getFile()));
+ //Create a temp file
+ is = Thread.currentThread().getContextClassLoader().
+ getResourceAsStream("META-INF/pdp-config.xml");
+ tmpFile = File.createTempFile(GeneralTool.generateUniqueId()+"-pdp-config", ".xml");
+ byte[] buffer = new byte[1000];
+ int length = -1;
+ os = new FileOutputStream(tmpFile);
+ while((length = is.read(buffer)) != -1)
+ {
+ os.write(buffer, 0, length);
+ os.flush();
+ }
+
+
+ this.store = new ConfigurationStore(tmpFile);
this.store.useDefaultFactories();
this.policyDecisionPoint = new PDP(this.store.getDefaultPDPConfig());
@@ -80,6 +100,23 @@
log.error(this, e);
throw new RuntimeException(e);
}
+ finally
+ {
+ if(is != null)
+ {
+ try{is.close();}catch(IOException ioe){}
+ }
+
+ if(os != null)
+ {
+ try{os.close();}catch(IOException ioe){}
+ }
+
+ if(tmpFile != null)
+ {
+ tmpFile.delete();
+ }
+ }
}
public void stop()
@@ -105,7 +142,7 @@
RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
requestContext.setRequest(request.encode());
- //requestContext.marshall(System.out);
+ requestContext.marshall(System.out);
RequestCtx xacmlRequestCtx = (RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX);
ResponseCtx xacmlResponseCtx = this.policyDecisionPoint.evaluate(xacmlRequestCtx);
@@ -113,7 +150,7 @@
ResponseContext responseContext = RequestResponseContextFactory.createResponseContext();
responseContext.set(XACMLConstants.RESPONSE_CTX, xacmlResponseCtx);
- //responseContext.marshall(System.out);
+ responseContext.marshall(System.out);
if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
{
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12819 - in modules/authorization/trunk/policy-server/src: test/java/org/jboss/security/authz/policy/server and 1 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-13 11:19:19 -0500 (Fri, 13 Feb 2009)
New Revision: 12819
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
Log:
cleaning up tests to use the component-api instead of the low-level xacml api
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-02-13 14:09:04 UTC (rev 12818)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-02-13 16:19:19 UTC (rev 12819)
@@ -62,6 +62,13 @@
import org.jboss.security.xacml.factories.PolicyAttributeFactory;
/**
+ * TODO: Implement Hierarchial propagation feature.....such as Policy Inheritance, Policy Overriding
+ *
+ * Usecases: A resource /blah/blah2/index, should inherit Overriden Policy from /blah/blah2 (if found), or from /blah (if found)
+ * /blah/blah2/index can also explicitly specify its own Policy which will override any inherited policies from its parent
+ */
+
+/**
* Used for specifying policies for Resources represented by unique URIs, sometimes forming a tree like relationship with other Resources in the system
*
* An example of such resources would be tree of resources/nodes in a Content Management System
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java 2009-02-13 14:09:04 UTC (rev 12818)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java 2009-02-13 16:19:19 UTC (rev 12819)
@@ -26,23 +26,21 @@
import junit.framework.TestCase;
import org.apache.log4j.Logger;
-import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.model.Resource;
-import org.jboss.security.authz.model.Subject;
-import org.jboss.security.authz.enforcement.Request;
-import org.jboss.security.authz.enforcement.Response;
+
import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Operation;
import org.jboss.security.authz.components.action.Read;
import org.jboss.security.authz.components.action.Write;
import org.jboss.security.authz.components.action.Manage;
+
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServer;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -126,11 +124,9 @@
request.addResource(urlResource);
//Create Subjects
- Subject subject = new Subject();
- Attribute subjectAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
- XMLSchemaConstants.DATATYPE_STRING, "user");
- subject.addAttribute(subjectAttr);
- request.addSubject(subject);
+ Roles roles = new Roles();
+ roles.addName("user");
+ request.addSubject(roles.getSubject());
//Create Action
request.setAction(operation.getAction());
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-13 14:09:04 UTC (rev 12818)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-13 16:19:19 UTC (rev 12819)
@@ -29,17 +29,16 @@
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.model.Resource;
-import org.jboss.security.authz.model.Subject;
-import org.jboss.security.authz.model.Action;
-import org.jboss.security.authz.model.Attribute;
+
import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.action.Read;
+
import org.jboss.security.authz.enforcement.Request;
import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServer;
import org.jboss.security.authz.policy.server.Server;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -111,22 +110,16 @@
Request request = new Request();
//Create Subjects
- Subject subject = new Subject();
- Attribute subjectAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
- XMLSchemaConstants.DATATYPE_STRING, mustBePermitted?"Admin":"Anonymous");
- subject.addAttribute(subjectAttr);
- request.addSubject(subject);
+ Roles roles = new Roles();
+ roles.addName(mustBePermitted?"Admin":"Anonymous");
+ request.addSubject(roles.getSubject());
//Create Resource
Resource urlResource = httpResource.getResource();
request.addResource(urlResource);
- //Create Action
- Action action = new Action();
- Attribute actionAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
- XMLSchemaConstants.DATATYPE_STRING, "GET");
- action.addAttribute(actionAttr);
- request.setAction(action);
+ //Create Action
+ request.setAction(new Read().getAction());
return request;
}
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12818 - in branches/Enterprise_Portal_Platform_4_3: theme/src/bin/portal-ajax-war/dyna and 1 other directory.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-02-13 09:09:04 -0500 (Fri, 13 Feb 2009)
New Revision: 12818
Modified:
branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/theme/WindowContextFactory.java
branches/Enterprise_Portal_Platform_4_3/theme/src/bin/portal-ajax-war/dyna/dyna.js
Log:
JBEPP-34: Partial refresh is not updating the content
Modified: branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/theme/WindowContextFactory.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/theme/WindowContextFactory.java 2009-02-13 09:46:49 UTC (rev 12817)
+++ branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/theme/WindowContextFactory.java 2009-02-13 14:09:04 UTC (rev 12818)
@@ -1,6 +1,6 @@
/******************************************************************************
* JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * Copyright 2009, Red Hat Middleware, LLC, and individual *
* contributors as indicated by the @authors tag. See the *
* copyright.txt in the distribution for a full listing of *
* individual contributors. *
@@ -25,11 +25,11 @@
import org.jboss.portal.Mode;
import org.jboss.portal.WindowState;
import org.jboss.portal.core.controller.ControllerContext;
-import org.jboss.portal.core.model.portal.PortalObjectPath;
import org.jboss.portal.core.model.portal.Window;
import org.jboss.portal.core.model.portal.command.action.InvokePortletWindowRenderCommand;
import org.jboss.portal.core.model.portal.command.response.MarkupResponse;
import org.jboss.portal.core.model.portal.content.WindowRendition;
+import org.jboss.portal.portlet.impl.jsr168.PortletUtils;
import org.jboss.portal.server.ServerInvocationContext;
import org.jboss.portal.server.request.URLContext;
import org.jboss.portal.server.request.URLFormat;
@@ -84,7 +84,7 @@
//
return new WindowContext(
- window.getId().toString(PortalObjectPath.LEGACY_BASE64_FORMAT),
+ PortletUtils.generateNamespaceFrom(window.getId().toString()),
region,
order,
windowResult);
Modified: branches/Enterprise_Portal_Platform_4_3/theme/src/bin/portal-ajax-war/dyna/dyna.js
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/theme/src/bin/portal-ajax-war/dyna/dyna.js 2009-02-13 09:46:49 UTC (rev 12817)
+++ branches/Enterprise_Portal_Platform_4_3/theme/src/bin/portal-ajax-war/dyna/dyna.js 2009-02-13 14:09:04 UTC (rev 12818)
@@ -225,13 +225,13 @@
*/
function copyInnerHTML(srcContainer, dstContainer, className)
{
- var srcs = Element.getElementsByClassName(srcContainer, className);
+ var srcs = srcContainer.select("." + className);
if (srcs.length == 1)
{
var src = srcs[0];
//
- var dsts = Element.getElementsByClassName(dstContainer, className)
+ var dsts = dstContainer.select("." + className);
if (dsts.length == 1)
{
var dst = dsts[0];
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12817 - branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium.
by portal-commits@lists.jboss.org
Author: vrockai
Date: 2009-02-13 04:46:49 -0500 (Fri, 13 Feb 2009)
New Revision: 12817
Added:
branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/locator.properties
Modified:
branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/IdentityAdminTestCase.java
branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/JBossPortalSeleniumTestCase.java
branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/UserLoginTestCase.java
Log:
properties
Modified: branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/IdentityAdminTestCase.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/IdentityAdminTestCase.java 2009-02-13 02:26:01 UTC (rev 12816)
+++ branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/IdentityAdminTestCase.java 2009-02-13 09:46:49 UTC (rev 12817)
@@ -423,6 +423,13 @@
deleteRole(roleName);
}
+ @Test(enabled = true)
+ public void testManyUsers(){
+ for (int i = 0; i < 25; i++) {
+ createUser("user0" + i + "", "useruser", "user0" + i + "" + "@portal.com");
+ }
+ }
+
@Test(enabled = true, description = "Altering the number of rows in user search")
public void testSearchUserCount() {
Modified: branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/JBossPortalSeleniumTestCase.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/JBossPortalSeleniumTestCase.java 2009-02-13 02:26:01 UTC (rev 12816)
+++ branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/JBossPortalSeleniumTestCase.java 2009-02-13 09:46:49 UTC (rev 12817)
@@ -3,7 +3,9 @@
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
+import java.io.InputStream;
import java.io.PrintWriter;
+import java.util.Properties;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
@@ -23,6 +25,7 @@
public static final String LINK_LOGIN = "link=Login";
public static final String INPUT_PASSWORD = "j_password";
public static final String INPUT_USERNAME = "j_username";
+ protected Properties props;
protected Selenium selenium;
// Generic timeout in miliseconds
@@ -31,13 +34,22 @@
// Element timeout in seconds
protected static final int ELEM_TIMEOUT = 220;
+ public JBossPortalSeleniumTestCase() {
+ try {
+ this.props = getProperties();
+ } catch (Exception e) {
+ // TODO: handle exception
+ }
+ }
+
@BeforeClass
public void setupChromeForLogin() throws Exception {
+
String browser = System.getProperty("browser");
selenium = new DefaultSelenium("127.0.0.1", 44444, browser, "http://localhost:8080/portal/");
- JBossSeleniumTestListener.selenium = selenium;
+ JBossSeleniumTestListener.selenium = selenium;
selenium.start();
selenium.setTimeout(PAGE_LOAD);
}
@@ -47,6 +59,25 @@
selenium.stop();
}
+ private Properties getProperties() throws IOException {
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ InputStream is = cl.getResourceAsStream("org/jboss/portal/test/selenium/locator.properties");
+ Properties props = new Properties();
+ props.load(is);
+ return props;
+ }
+
+ protected String getProp(String prop, String subst) {
+ if (subst == null || "".equals(subst)){
+ subst = "Locator not set";
+ }
+
+ if (props == null)
+ return subst;
+ else
+ return props.getProperty(prop) != null ? props.getProperty(prop) : subst;
+ }
+
protected void clickIfVisible(String id) {
if (selenium.isElementPresent(id)) {
@@ -162,7 +193,7 @@
waitFor(1000);
}
}
-
+
protected void waitForElement(String locatorElem, String locatorLink, long timeToWait, long n) {
for (int i = 0;; i++) {
if (i >= n) {
@@ -187,10 +218,10 @@
break;
} catch (Exception e) {
}
- waitFor(1000);
+ waitFor(100);
}
}
-
+
protected void login(String username, String password) {
selenium.open(ADDR_PORTAL);
selenium.waitForPageToLoad(PAGE_LOAD);
@@ -230,7 +261,7 @@
Assert.assertTrue(selenium.isElementPresent("Link=Login"), "Login link not present.");
}
}
-
+
protected void savePage(String filename) {
try {
PrintWriter out = new PrintWriter(new BufferedWriter(new FileWriter(filename)));
Modified: branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/UserLoginTestCase.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/UserLoginTestCase.java 2009-02-13 02:26:01 UTC (rev 12816)
+++ branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/UserLoginTestCase.java 2009-02-13 09:46:49 UTC (rev 12817)
@@ -4,23 +4,27 @@
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;
+import com.thoughtworks.selenium.Selenium;
+
/**
* @author <a href="mailto:vrockai@redhat.com">Viliam Rockai</a>
*/
@Test(groups = { "login" }, enabled = true)
public class UserLoginTestCase extends JBossPortalSeleniumTestCase {
-
- private static final String ADR_PORTAL = "/portal";
- private static final String FRM_MAIN = "relative=up";
- private static final String SUB_CANCEL = "cancel";
- private static final String LNK_LOGOUT = "link=Logout";
- private static final String SUB_LOGIN = "login";
- private static final String INP_PASSWORD = "xpath=id('j_password')";
- private static final String INP_USERNAME = "xpath=id('j_username')";
- private static final String FRM_LOGINFORM = "login-content";
- private static final String LNK_LOGIN = "link=Login";
-
+
+ public static final String casePfx = "";
+
+ private final String ADR_PORTAL = getProp(casePfx+"adr.portal","/portal");
+ private final String FRM_MAIN = "relative=up";
+ private final String SUB_CANCEL = "cancel";
+ private final String LNK_LOGOUT = "link=Logout";
+ private final String SUB_LOGIN = "login";
+ private final String INP_PASSWORD = "xpath=id('j_password')";
+ private final String INP_USERNAME = "xpath=id('j_username')";
+ private final String FRM_LOGINFORM = "login-content";
+ private final String LNK_LOGIN = "link=Login";
+
@AfterClass(enabled = true)
public void logoutIfNeeded()
{
Added: branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/locator.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/locator.properties (rev 0)
+++ branches/JBoss_Portal_Branch_2_7/testsuite/ui-tests/src/org/jboss/portal/test/selenium/locator.properties 2009-02-13 09:46:49 UTC (rev 12817)
@@ -0,0 +1 @@
+vilko.pilko=mimilko
\ No newline at end of file
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12816 - modules/authorization/trunk.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-12 21:26:01 -0500 (Thu, 12 Feb 2009)
New Revision: 12816
Modified:
modules/authorization/trunk/.classpath
Log:
renaming
* common to common-api
* core-components to core-components-api
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2009-02-13 02:24:47 UTC (rev 12815)
+++ modules/authorization/trunk/.classpath 2009-02-13 02:26:01 UTC (rev 12816)
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="common/src/main/java"/>
- <classpathentry kind="src" path="common/src/main/resources"/>
- <classpathentry kind="src" path="common/src/test/java"/>
- <classpathentry kind="src" path="common/src/test/resources"/>
- <classpathentry kind="src" path="core-components/src/main/java"/>
- <classpathentry kind="src" path="core-components/src/main/resources"/>
- <classpathentry kind="src" path="core-components/src/test/java"/>
- <classpathentry kind="src" path="core-components/src/test/resources"/>
+ <classpathentry kind="src" path="common-api/src/main/java"/>
+ <classpathentry kind="src" path="common-api/src/main/resources"/>
+ <classpathentry kind="src" path="common-api/src/test/java"/>
+ <classpathentry kind="src" path="common-api/src/test/resources"/>
+ <classpathentry kind="src" path="core-components-api/src/main/java"/>
+ <classpathentry kind="src" path="core-components-api/src/main/resources"/>
+ <classpathentry kind="src" path="core-components-api/src/test/java"/>
+ <classpathentry kind="src" path="core-components-api/src/test/resources"/>
<classpathentry kind="src" path="enforcement/src/main/java"/>
<classpathentry kind="src" path="enforcement/src/main/resources"/>
<classpathentry kind="src" path="enforcement/src/test/java"/>
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12815 - in modules/authorization/trunk: common-api and 1 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-12 21:24:47 -0500 (Thu, 12 Feb 2009)
New Revision: 12815
Added:
modules/authorization/trunk/common-api/
modules/authorization/trunk/core-components-api/
Removed:
modules/authorization/trunk/common/
modules/authorization/trunk/core-components/
Modified:
modules/authorization/trunk/pom.xml
Log:
renaming
* common to common-api
* core-components to core-components-api
Copied: modules/authorization/trunk/common-api (from rev 12814, modules/authorization/trunk/common)
Property changes on: modules/authorization/trunk/common-api
___________________________________________________________________
Name: svn:ignore
+ target
Name: svn:mergeinfo
+
Copied: modules/authorization/trunk/core-components-api (from rev 12814, modules/authorization/trunk/core-components)
Property changes on: modules/authorization/trunk/core-components-api
___________________________________________________________________
Name: svn:ignore
+ target
Name: svn:mergeinfo
+
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2009-02-13 02:18:37 UTC (rev 12814)
+++ modules/authorization/trunk/pom.xml 2009-02-13 02:24:47 UTC (rev 12815)
@@ -10,8 +10,8 @@
<description>JBoss Authorization</description>
<modules>
- <module>common</module>
- <module>core-components</module>
+ <module>common-api</module>
+ <module>core-components-api</module>
<module>enforcement</module>
<module>policy-server</module>
<module>http-profile</module>
17 years, 2 months
- 1
- 0