JBoss Portal SVN: r13716 - in tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium: portal and 1 other directory.
by portal-commits@lists.jboss.org
Author: vrockai
Date: 2009-08-10 12:37:34 -0400 (Mon, 10 Aug 2009)
New Revision: 13716
Modified:
tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties
tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java
Log:
[selenium] - longer timeouts
Modified: tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties 2009-08-10 13:22:46 UTC (rev 13715)
+++ tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties 2009-08-10 16:37:34 UTC (rev 13716)
@@ -1,6 +1,6 @@
-selenium.timeout.page=240000
-selenium.timeout.ajax=6000
-selenium.timeout.elem=220
+selenium.timeout.page=320000
+selenium.timeout.ajax=10000
+selenium.timeout.elem=320
portal.xxs.1=/Dave</option><script>alert(document.cookie);</script>
#portal.xxs.2=
Modified: tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java 2009-08-10 13:22:46 UTC (rev 13715)
+++ tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java 2009-08-10 16:37:34 UTC (rev 13716)
@@ -679,7 +679,7 @@
selenium.select(SEL_PORTLET_TYPE, "label=" + type);
waitFor(AJAX_LOAD);
- selenium.setSpeed("5000");
+ selenium.setSpeed("15000");
if ("portlet".equals(type)) {
} else if ("widget/google".equals(type)) {
16 years, 8 months
- 1
- 0
JBoss Portal SVN: r13714 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal: src/test/java/org/exoplatform/portal/config/security/jboss and 1 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-09 10:30:32 -0400 (Sun, 09 Aug 2009)
New Revision: 13714
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCustomRolesDRL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/custom-roles-component.drl
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath
Log:
Testing the Drools expression for Exo specific Roles Security Component
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath 2009-08-09 05:18:20 UTC (rev 13713)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath 2009-08-09 14:30:32 UTC (rev 13714)
@@ -158,6 +158,8 @@
<classpathentry kind="var" path="M2_REPO_EXO/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar"/>
<classpathentry kind="var" path="M2_REPO_EXO/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"/>
<classpathentry kind="var" path="M2_REPO_EXO/xstream/xstream/1.0.2/xstream-1.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO_EXO/org/drools/drools-core/4.0.7/drools-core-4.0.7.jar"/>
+ <classpathentry kind="var" path="M2_REPO_EXO/org/drools/drools-compiler/4.0.7/drools-compiler-4.0.7.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="output" path="eclipse-bin"/>
</classpath>
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCustomRolesDRL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCustomRolesDRL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCustomRolesDRL.java 2009-08-09 14:30:32 UTC (rev 13714)
@@ -0,0 +1,134 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import java.util.Set;
+import java.util.Iterator;
+import java.util.HashSet;
+
+import java.io.InputStreamReader;
+import java.io.Reader;
+
+import org.apache.log4j.Logger;
+import org.exoplatform.test.BasicTestCase;
+
+import org.drools.RuleBase;
+import org.drools.RuleBaseFactory;
+import org.drools.compiler.PackageBuilder;
+import org.drools.WorkingMemory;
+import org.drools.StatefulSession;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestJBossCustomRolesDRL extends BasicTestCase
+{
+ private static Logger log = Logger.getLogger(TestJBossCustomRolesDRL.class);
+
+ private RuleBase activeRuleBase = null;
+
+ public void setUp() throws Exception
+ {
+ Reader source = new InputStreamReader(Thread.currentThread()
+ .getContextClassLoader().getSystemResourceAsStream(
+ "custom-roles-component.drl"));
+
+ PackageBuilder packageBuilder = new PackageBuilder();
+ packageBuilder.addPackageFromDrl(source);
+
+ this.activeRuleBase = RuleBaseFactory.newRuleBase();
+ this.activeRuleBase.addPackage(packageBuilder.getPackage());
+ }
+
+ public void testDRLProcessing() throws Exception
+ {
+ //Must Be Allowed
+ Set<String> roles = new HashSet<String>();
+ roles.add("blahblah");
+ roles.add("whatever:/platform/administrators");
+ assertTrue("Must Be Allowed!!", this.fireRules(roles));
+
+ //Must Be Allowed
+ roles.clear();
+ roles.add("blahblah");
+ roles.add("*:/platform/administrators");
+ assertTrue("Must Be Allowed!!", this.fireRules(roles));
+
+ //Must Be Allowed
+ roles.clear();
+ roles.add("blahblah");
+ roles.add("blah:/platform/administrators");
+ assertTrue("Must Be Allowed!!", this.fireRules(roles));
+
+ //Must Be Allowed
+ roles.clear();
+ roles.add("blahblah");
+ roles.add("whatever:/guest/group");
+ assertTrue("Must Be Allowed!!", this.fireRules(roles));
+
+ //Must Be Allowed
+ roles.clear();
+ roles.add("blahblah");
+ roles.add("*:/guest/group");
+ assertTrue("Must Be Allowed!!", this.fireRules(roles));
+
+ //Must Be Denied
+ roles.clear();
+ roles.add("blahblah");
+ roles.add("blah:/guest/group");
+ assertFalse("Must Be Denied!!", this.fireRules(roles));
+
+ //Must Be Denied
+ roles.clear();
+ roles.add("blahblah");
+ assertFalse("Must Be Denied!!", this.fireRules(roles));
+ }
+
+ private boolean fireRules(Set<String> roles)
+ {
+ WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
+
+ workingMemory.insert(roles);
+
+ workingMemory.fireAllRules();
+
+ boolean success = false;
+ Iterator itr = workingMemory.iterateObjects();
+ while (itr.hasNext())
+ {
+ Object curr = itr.next();
+ if (curr instanceof Boolean)
+ {
+ success = ((Boolean) curr).booleanValue();
+ }
+ }
+
+ log.info("---------------------------------------------------------");
+ log.info("Result From Rule Execution="+success);
+ log.info("---------------------------------------------------------");
+
+ // Cleanup the WorkingMemory
+ ((StatefulSession)workingMemory).dispose();
+
+ return success;
+ }
+}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/custom-roles-component.drl
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/custom-roles-component.drl (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/custom-roles-component.drl 2009-08-09 14:30:32 UTC (rev 13714)
@@ -0,0 +1,68 @@
+package security
+import java.util.Set
+import java.util.HashSet
+
+
+function boolean evaluateMembership(Set userRoles)
+{
+ //This value is dynamically injected during the Composition Phase
+ //For TestSuite purposes its hard coded
+ String[] allowedRoles = new String[]
+ {"*:/platform/administrators",
+ "whatever:/guest/group"
+ };
+
+ for(Object local: userRoles)
+ {
+ String userRole = (String)local;
+ String[] userSplit = userRole.split(":");
+ if(userSplit.length < 2)
+ {
+ continue;
+ }
+
+ String userMembershipType = userSplit[0].trim();
+ String userGroup = userSplit[1].trim();
+
+ for(String allowedRole: allowedRoles)
+ {
+ String[] allowedSplit = allowedRole.split(":");
+ if(allowedSplit.length < 2)
+ {
+ continue;
+ }
+
+ String allowedMembershipType = allowedSplit[0].trim();
+ String allowedGroup = allowedSplit[1].trim();
+
+ //Perform the matching
+ if(userMembershipType.equals("*") || allowedMembershipType.equals("*"))
+ {
+ if(userGroup.equals(allowedGroup))
+ {
+ return true;
+ }
+ }
+ else
+ {
+ if(userMembershipType.equals(allowedMembershipType) && userGroup.equals(allowedGroup))
+ {
+ return true;
+ }
+ }
+ }
+ }
+
+ return false;
+}
+
+
+rule "roleMatchingRule"
+
+when
+$roles: HashSet()
+eval(evaluateMembership($roles))
+
+then
+insert(Boolean.TRUE);
+end
\ No newline at end of file
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13713 - modules/authorization/trunk/policy-server/src/main/resources/META-INF.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-09 01:18:20 -0400 (Sun, 09 Aug 2009)
New Revision: 13713
Modified:
modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml
Log:
loose ends
Modified: modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml 2009-08-09 04:56:16 UTC (rev 13712)
+++ modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml 2009-08-09 05:18:20 UTC (rev 13713)
@@ -6,8 +6,7 @@
<pdp name="pdp">
<attributeFinderModule class="org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule"/>
<attributeFinderModule class="org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule"/>
- <policyFinderModule class="org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule">
- </policyFinderModule>
+ <policyFinderModule class="org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule"/>
</pdp>
<attributeFactory name="attr" useStandardDatatypes="true"/>
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13712 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/org/exoplatform/portal/jboss/security/components and 2 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-09 00:56:16 -0400 (Sun, 09 Aug 2009)
New Revision: 13712
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java
Removed:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/OwnerType.java
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
Log:
fixed policy structure for Page protection
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java 2009-08-09 03:00:18 UTC (rev 13711)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -467,18 +467,7 @@
else
{
try
- {
- //TODO: this logic needs to be incorporated into the security framework via custom policy combining algrorithm
- /*if (PortalConfig.USER_TYPE.equals(page.getOwnerType()))
- {
- if (page.getOwnerId().equals(identity.getUserId()))
- {
- page.setModifiable(true);
- return true;
- }
- return false;
- }*/
-
+ {
boolean hasWriteAccess = this.enforcementPoint.checkWriteAccess(identity, page);
if(hasWriteAccess)
{
@@ -517,18 +506,7 @@
else
{
try
- {
- //TODO: this logic needs to be incorporated into the security framework via custom policy combining algrorithm
- /*if (PortalConfig.USER_TYPE.equals(page.getOwnerType()))
- {
- if (page.getOwnerId().equals(identity.getUserId()))
- {
- page.setModifiable(true);
- return true;
- }
- return false;
- }*/
-
+ {
boolean hasWriteAccess = this.enforcementPoint.checkWriteAccess(identity, page);
if(hasWriteAccess)
{
Deleted: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/OwnerType.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/OwnerType.java 2009-08-09 03:00:18 UTC (rev 13711)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/OwnerType.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -1,42 +0,0 @@
-/**
- *
- */
-package org.exoplatform.portal.jboss.security.components;
-
-import org.jboss.security.authz.component.Component;
-import org.jboss.security.authz.component.ComponentCategory;
-import org.jboss.security.authz.component.ComponentType;
-import org.jboss.security.authz.component.SecurityContextData;
-
-/**
- * This is a custom "Security Component"
- *
- * @author soshah
- *
- */
-@Component(
- name="ownerType",
- type=ComponentType.TARGET,
- category=ComponentCategory.CUSTOM_SUBJECT_ATTRIBUTE
-)
-public class OwnerType
-{
- //Indicates the Type of Owner that owns this Portal Object. Examples of usch types are User Types, Group Types etc
- @SecurityContextData
- private String type;
-
- public OwnerType()
- {
-
- }
-
- public String getType()
- {
- return type;
- }
-
- public void setType(String type)
- {
- this.type = type;
- }
-}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-09 03:00:18 UTC (rev 13711)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -15,7 +15,6 @@
import org.exoplatform.portal.config.model.PageNavigation;
import org.exoplatform.portal.config.model.Page;
import org.exoplatform.portal.jboss.security.components.CreatePortal;
-import org.exoplatform.portal.jboss.security.components.OwnerType;
import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
import org.jboss.security.authz.agent.provisioning.ProvisioningException;
@@ -211,75 +210,71 @@
target.setUri(new URI("page://"+page.getName()));
context.setPolicyTarget(target);
- //SuperUser Access
- org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
- superuser.setName(this.superuser);
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
-
- // Read Access
- if (page.getAccessPermissions() != null
- && page.getAccessPermissions().length > 0)
+ if(!page.getOwnerType().equals(PortalConfig.USER_TYPE))
{
- Roles readRoles = new Roles();
- String[] accessPermissions = page.getAccessPermissions();
- for (String accessPermission : accessPermissions)
+ //SuperUser Access
+ org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.superuser);
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+
+ // Read Access
+ if (page.getAccessPermissions() != null
+ && page.getAccessPermissions().length > 0)
{
- if(!this.isGuestGroup(accessPermission))
+ Roles readRoles = new Roles();
+ String[] accessPermissions = page.getAccessPermissions();
+ for (String accessPermission : accessPermissions)
{
- readRoles.addName(accessPermission);
+ if(!this.isGuestGroup(accessPermission))
+ {
+ readRoles.addName(accessPermission);
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName("*:"+this.guestGroup);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Read(), guest, "allowExpression");
+ }
}
+ if(!readRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ "allowExpression");
+ }
+ }
+
+ // Write Access
+ String editPermission = page.getEditPermission();
+ if (editPermission != null && editPermission.trim().length() > 0)
+ {
+ Roles writeRoles = new Roles();
+
+ if(!this.isGuestGroup(editPermission))
+ {
+ writeRoles.addName(editPermission);
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+ "allowExpression");
+ }
else
- {
+ {
// Guest Group
Roles guest = new Roles();
- guest.addName("*:"+this.guestGroup);
+ guest.addName("*:"+this.guestGroup);
guest.addName(Roles.ANONYMOUS);
guest.setMustMatchAll(true);
- context.addPolicyRule(Effect.PERMIT, new Read(), guest, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new Write(), guest, "allowExpression");
}
- }
- if(!readRoles.isEmpty())
- {
- context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
- "allowExpression");
- }
+
+ }
}
-
- // Write Access
- String editPermission = page.getEditPermission();
- if (editPermission != null && editPermission.trim().length() > 0)
- {
- Roles writeRoles = new Roles();
-
- if(!this.isGuestGroup(editPermission))
- {
- writeRoles.addName(editPermission);
- context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
- "allowExpression");
- }
- else
- {
- // Guest Group
- Roles guest = new Roles();
- guest.addName("*:"+this.guestGroup);
- guest.addName(Roles.ANONYMOUS);
- guest.setMustMatchAll(true);
- context.addPolicyRule(Effect.PERMIT, new Write(), guest, "allowExpression");
- }
-
- }
-
-
- // SetUp OwnerType based Rules
- if (page.getOwnerType().equals(PortalConfig.USER_TYPE))
- {
- OwnerType ownerType = new OwnerType();
- ownerType.setType(PortalConfig.USER_TYPE);
-
+ else
+ {
Identity identity = new Identity();
identity.setName(page.getOwnerId());
-
- context.addPolicyRule(Effect.PERMIT, ownerType, identity);
+ context.addPolicyRule(Effect.PERMIT, identity, identity);
}
this.policyProvisioner.deploy(context);
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-08-09 03:00:18 UTC (rev 13711)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -8,7 +8,6 @@
import org.exoplatform.portal.config.model.PortalConfig;
import org.exoplatform.portal.config.model.Page;
-import org.exoplatform.portal.jboss.security.components.OwnerType;
import org.exoplatform.services.security.MembershipEntry;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
@@ -35,26 +34,43 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
}
public void testPageAccessibleByEveryone() throws Exception
@@ -62,206 +78,359 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[] { "Everyone" });
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ true);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ }
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page),
- true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
- }
-
public void testPageEditableByEveryone() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
- page.setEditPermission("Everyone");
+ page.setEditPermission("Everyone");
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), true);
- this.enforce(this.writePageEnforcementContext(this.manager, page), true);
- this.enforce(this.writePageEnforcementContext(this.user, page), true);
- this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ true);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), true);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ true);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ }
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
- }
-
public void testPageAccessibleByGuests() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
- page.setAccessPermissions(new String[]{"*:"+this.guestGroup_});
+ page.setOwnerId("user");
+ page.setAccessPermissions(new String[] { "*:" + this.guestGroup_ });
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ }
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
- }
-
public void testPageEditableByGuests() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
- page.setEditPermission("*:"+this.guestGroup_);
+ page.setEditPermission("*:" + this.guestGroup_);
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ }
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
- }
-
- public void testPageAccessibleByEveryOneAndGuests() throws Exception
+ public void testPageAccessibleByEveryOneAndGuests() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
- page.setAccessPermissions(new String[]{"Everyone", "*:"+this.guestGroup_});
+ page.setOwnerId("user");
+ page.setAccessPermissions(new String[] { "Everyone",
+ "*:" + this.guestGroup_ });
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ true);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ }
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
- }
-
- public void testPageAccessibleByGuestsOnly() throws Exception
+ public void testPageAccessibleByGuestsOnly() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
- page.setAccessPermissions(new String[]{"*:"+this.guestGroup_});
+ page.setOwnerId("user");
+ page.setAccessPermissions(new String[] { "*:" + this.guestGroup_ });
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ }
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
- }
-
public void testPageWithAccessPermission() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
- page.setAccessPermissions(new String[]{"manager:/manageable"});
+ page.setOwnerId("user");
+ page.setAccessPermissions(new String[] { "manager:/manageable" });
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
-
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-
- //TODO: test with *:/manageable once wild card based custom Roles component is implemented
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+
+ // TODO: test with *:/manageable once wild card based custom Roles component
+ // is implemented
}
-
+
public void testPageWithEditPermission() throws Exception
{
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
- page.setAccessPermissions(new String[0]);
- page.setEditPermission("manager:/manageable");
+ page.setOwnerId("user");
+ page.setAccessPermissions(new String[0]);
+ page.setEditPermission("manager:/manageable");
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
-
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), true);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-
- //TODO: test with *:/manageable once wild card based custom Roles component is implemented
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), true);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+ else
+ {
+ this.enforce(this.writePageEnforcementContext(this.root, page), false);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), false);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+
+ // TODO: test with *:/manageable once wild card based custom Roles component
+ // is implemented
}
// ------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
@@ -270,87 +439,84 @@
* populated from state of the Page Object
*
*
- * TODO: If OwnerType is User, it needs the Policy Combining Algorithm customization feature from
- * the core framework
+ * customization feature from the core framework
*/
private void provisionPagePolicy(Page page) throws Exception
{
CompositionContext context = new CompositionContext();
-
+
// SetUp Resource
URIResource target = new URIResource();
target.setUri(new URI(page.getName()));
context.setPolicyTarget(target);
- //SuperUser Access
- org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
- superuser.setName(this.root.getId()); // Provided via system configuration
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+ if (!page.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ // SuperUser Access
+ org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); // Provided via system configuration
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
- // Read Access
- if (page.getAccessPermissions() != null
- && page.getAccessPermissions().length > 0)
- {
- Roles readRoles = new Roles();
- String[] accessPermissions = page.getAccessPermissions();
- for (String accessPermission : accessPermissions)
+ // Read Access
+ if (page.getAccessPermissions() != null
+ && page.getAccessPermissions().length > 0)
{
- if(!this.isGuestGroup(accessPermission))
+ Roles readRoles = new Roles();
+ String[] accessPermissions = page.getAccessPermissions();
+ for (String accessPermission : accessPermissions)
{
- readRoles.addName(accessPermission);
+ if (!this.isGuestGroup(accessPermission))
+ {
+ readRoles.addName(accessPermission);
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName(accessPermission);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Read(), guest,
+ "allowExpression");
+ }
}
+ if (!readRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ "allowExpression");
+ }
+ }
+
+ // Write Access
+ String editPermission = page.getEditPermission();
+ if (editPermission != null && editPermission.trim().length() > 0)
+ {
+ Roles writeRoles = new Roles();
+
+ if (!this.isGuestGroup(editPermission))
+ {
+ writeRoles.addName(editPermission);
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+ "allowExpression");
+ }
else
- {
- // Guest Group
- Roles guest = new Roles();
- guest.addName(accessPermission);
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName(editPermission);
guest.addName(Roles.ANONYMOUS);
guest.setMustMatchAll(true);
- context.addPolicyRule(Effect.PERMIT, new Read(), guest, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new Write(), guest,
+ "allowExpression");
}
- }
- if(!readRoles.isEmpty())
- {
- context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
- "allowExpression");
- }
- }
- // Write Access
- String editPermission = page.getEditPermission();
- if (editPermission != null && editPermission.trim().length() > 0)
- {
- Roles writeRoles = new Roles();
-
- if(!this.isGuestGroup(editPermission))
- {
- writeRoles.addName(editPermission);
- context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
- "allowExpression");
}
- else
- {
- // Guest Group
- Roles guest = new Roles();
- guest.addName(editPermission);
- guest.addName(Roles.ANONYMOUS);
- guest.setMustMatchAll(true);
- context.addPolicyRule(Effect.PERMIT, new Write(), guest, "allowExpression");
- }
-
}
-
-
- // SetUp OwnerType based Rules
- if (page.getOwnerType().equals(PortalConfig.USER_TYPE))
+ else
{
- OwnerType ownerType = new OwnerType();
- ownerType.setType(PortalConfig.USER_TYPE);
-
Identity identity = new Identity();
identity.setName(page.getOwnerId());
-
- context.addPolicyRule(Effect.PERMIT, ownerType, identity);
+ context.addPolicyRule(Effect.PERMIT, identity, identity);
}
// Store the policy into the Policy Server
@@ -415,14 +581,14 @@
}
// Create Roles
- Roles roles = new Roles();
+ Roles roles = new Roles();
Collection<MembershipEntry> memberships = user.getMemberships();
if (memberships != null && !memberships.isEmpty())
{
for (MembershipEntry membership : memberships)
{
roles.addName(membership.toString());
- }
+ }
}
else
{
@@ -430,8 +596,9 @@
if (user.getId() == null)
{
// This is a guest user
- roles.addName("*:"+this.guestGroup_); // Provided via system configuration
- roles.addName(Roles.ANONYMOUS);
+ roles.addName("*:" + this.guestGroup_); // Provided via system
+ // configuration
+ roles.addName(Roles.ANONYMOUS);
}
}
roles.addName("Everyone");
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java 2009-08-09 03:00:18 UTC (rev 13711)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -3,19 +3,9 @@
*/
package org.exoplatform.portal.config.security.jboss;
-import java.net.URI;
-import java.util.Collection;
-
import org.exoplatform.portal.config.model.Page;
-import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.portal.config.model.PortalConfig;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
-
/**
* @author soshah
*
@@ -30,7 +20,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
//Provision the Policy for this Resource
@@ -40,18 +30,36 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
- this.checkReadAccess(this.user, page, false);
- this.checkReadAccess(this.guest, page, false);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageAccessibleByEveryone() throws Exception
@@ -59,7 +67,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[] { "Everyone" });
//Provision the Policy for this Resource
@@ -69,17 +77,35 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page,false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page,true);
- this.checkReadAccess(this.manager, page, true);
- this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page,false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page,true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageEditableByEveryone() throws Exception
@@ -87,7 +113,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
page.setEditPermission("Everyone");
@@ -98,17 +124,35 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, true);
- this.checkWriteAccess(this.manager, page, true);
- this.checkWriteAccess(this.user, page, true);
- this.checkWriteAccess(this.guest, page, true);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, true);
- this.checkReadAccess(this.manager, page, true);
- this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, true);
+ this.checkWriteAccess(this.manager, page, true);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, true);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageAccessibleByGuests() throws Exception
@@ -116,7 +160,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[]{this.exoPolicyProvisioner.getGuestGroup()});
//Provision the Policy for this Resource
@@ -126,17 +170,35 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
- this.checkReadAccess(this.user, page, false);
- this.checkReadAccess(this.guest, page, true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageEditableByGuests() throws Exception
@@ -144,7 +206,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
page.setEditPermission(this.exoPolicyProvisioner.getGuestGroup());
@@ -155,17 +217,35 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, true);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
- this.checkReadAccess(this.user, page, false);
- this.checkReadAccess(this.guest, page, true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, true);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageAccessibleByEveryOneAndGuests() throws Exception
@@ -173,7 +253,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[]{"Everyone", this.exoPolicyProvisioner.getGuestGroup()});
//Provision the Policy for this Resource
@@ -183,17 +263,35 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, true);
- this.checkReadAccess(this.manager, page, true);
- this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageAccessibleByGuestsOnly() throws Exception
@@ -201,7 +299,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[]{this.exoPolicyProvisioner.getGuestGroup()});
//Provision the Policy for this Resource
@@ -211,17 +309,35 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
- this.checkReadAccess(this.user, page, false);
- this.checkReadAccess(this.guest, page, true);
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
}
public void testPageWithAccessPermission() throws Exception
@@ -229,7 +345,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[]{"manager:/manageable"});
//Provision the Policy for this Resource
@@ -238,18 +354,35 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, false);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, true);
- this.checkReadAccess(this.user, page, false);
- this.checkReadAccess(this.guest, page, false);
-
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
//TODO: test with *:/manageable once wild card based custom Roles component is implemented
}
@@ -258,7 +391,7 @@
Page page = new Page();
page.setName("index");
page.setOwnerType(this.getOwnerType());
- page.setOwnerId("foo");
+ page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
page.setEditPermission("manager:/manageable");
@@ -267,19 +400,36 @@
//Debug
this.exoPolicyProvisioner.debug();
-
- this.checkWriteAccess(this.root, page, true);
- this.checkWriteAccess(this.administrator, page, false);
- this.checkWriteAccess(this.manager, page, true);
- this.checkWriteAccess(this.user, page, false);
- this.checkWriteAccess(this.guest, page, false);
-
- this.checkReadAccess(this.root, page, true);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, true);
- this.checkReadAccess(this.user, page, false);
- this.checkReadAccess(this.guest, page, false);
-
+
+ if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, true);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
+ }
+ else
+ {
+ this.checkWriteAccess(this.root, page, false);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, false);
+
+
+ this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, false);
+ }
//TODO: test with *:/manageable once wild card based custom Roles component is implemented
}
}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalPageACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalPageACL.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -0,0 +1,18 @@
+/**
+ *
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossIntegrationPortalPageACL extends JBossIntegrationSharedPageACL
+{
+ public String getOwnerType()
+ {
+ return PortalConfig.PORTAL_TYPE;
+ }
+}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java 2009-08-09 04:56:16 UTC (rev 13712)
@@ -0,0 +1,18 @@
+/**
+ *
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossPortalPageACL extends JBossAbstractSharedPageACL
+{
+ public String getOwnerType()
+ {
+ return PortalConfig.PORTAL_TYPE;
+ }
+}
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13711 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal: src/main/java/org/exoplatform/portal/jboss/security/provisioning and 2 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 23:00:18 -0400 (Sat, 08 Aug 2009)
New Revision: 13711
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/hibernate.cfg.xml
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/pom.xml
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
Log:
adapting to latest security framework codebase
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/pom.xml
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/pom.xml 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/pom.xml 2009-08-09 03:00:18 UTC (rev 13711)
@@ -90,15 +90,16 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
- <version>2.0.3-SNAPSHOT</version>
+ <version>2.0.3.SP2-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-sunxacml</artifactId>
- <version>2.0.3-SNAPSHOT</version>
+ <version>2.0.3.SP2-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
+
<!-- Drools -->
<dependency>
<groupId>org.drools</groupId>
@@ -194,7 +195,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
- <skip>true</skip>
+ <skip>false</skip>
</configuration>
</plugin>
</plugins>
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-09 03:00:18 UTC (rev 13711)
@@ -6,6 +6,7 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
+import java.util.Set;
import org.apache.log4j.Logger;
@@ -191,7 +192,7 @@
}
//Provision the Policy for this Portal
- this.policyProvisioner.composeAndDeploy(context);
+ this.policyProvisioner.deploy(context);
}
catch(URISyntaxException uriexception)
{
@@ -281,7 +282,7 @@
context.addPolicyRule(Effect.PERMIT, ownerType, identity);
}
- this.policyProvisioner.composeAndDeploy(context);
+ this.policyProvisioner.deploy(context);
}
catch(URISyntaxException uriexception)
{
@@ -343,7 +344,7 @@
context.addPolicyRule(Effect.PERMIT, new Write(), identity);
}
- this.policyProvisioner.composeAndDeploy(context);
+ this.policyProvisioner.deploy(context);
}
catch(URISyntaxException uriexception)
{
@@ -390,7 +391,7 @@
}
}
- this.policyProvisioner.composeAndDeploy(context);
+ this.policyProvisioner.deploy(context);
}
catch(Throwable t)
{
@@ -404,7 +405,7 @@
try
{
//Assert Policy State of the Server
- Policy[] policies = this.policyProvisioner.readAllPolicies();
+ Set<Policy> policies = this.policyProvisioner.readAllPolicies();
if(policies != null)
{
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-08-09 03:00:18 UTC (rev 13711)
@@ -355,7 +355,7 @@
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(policyMetaData);
}
// -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-08-09 03:00:18 UTC (rev 13711)
@@ -3,6 +3,7 @@
*/
package org.exoplatform.portal.config.security.jboss;
+import java.util.Set;
import java.util.List;
import java.util.ArrayList;
@@ -100,7 +101,7 @@
protected void dumpPolicyRepository() throws Exception
{
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
if(policies != null)
{
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-08-09 03:00:18 UTC (rev 13711)
@@ -81,7 +81,7 @@
"allowExpression");
}
- this.provisioner.composeAndDeploy(context);
+ this.provisioner.deploy(context);
}
/**
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java 2009-08-09 03:00:18 UTC (rev 13711)
@@ -170,7 +170,7 @@
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(policyMetaData);
}
// -----------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-08-09 01:04:24 UTC (rev 13710)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-08-09 03:00:18 UTC (rev 13711)
@@ -242,7 +242,7 @@
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(policyMetaData);
}
// ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/hibernate.cfg.xml
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/hibernate.cfg.xml (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/resources/hibernate.cfg.xml 2009-08-09 03:00:18 UTC (rev 13711)
@@ -0,0 +1,59 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+
+<hibernate-configuration>
+ <session-factory>
+ <!-- Database connection settings -->
+ <property name="connection.driver_class">org.hsqldb.jdbcDriver</property>
+ <property name="connection.url">jdbc:hsqldb:file:target/testdb</property>
+ <property name="connection.username">sa</property>
+ <property name="connection.password"></property>
+
+ <!-- JDBC connection pool (use the built-in) -->
+ <property name="connection.pool_size">1</property>
+
+ <!-- SQL dialect -->
+ <property name="dialect">org.hibernate.dialect.HSQLDialect</property>
+
+ <!-- Enable Hibernate's automatic session context management -->
+ <property name="current_session_context_class">thread</property>
+
+ <!-- Disable the second-level cache -->
+ <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
+
+ <!-- Echo all executed SQL to stdout -->
+ <property name="show_sql">false</property>
+
+ <!--
+ Drop and re-create the database schema on startup
+ -->
+ <property name="hbm2ddl.auto">create</property>
+
+ <mapping resource="policy.hbm.xml"/>
+ </session-factory>
+</hibernate-configuration>
\ No newline at end of file
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13710 - modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 21:04:24 -0400 (Sat, 08 Aug 2009)
New Revision: 13710
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
Log:
loose ends
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-08-09 00:51:11 UTC (rev 13709)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-08-09 01:04:24 UTC (rev 13710)
@@ -134,8 +134,6 @@
catch(Exception e)
{
log.error(this, e);
-
- //FIXME: implement proper exception handling
throw new RuntimeException(e);
}
}
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-08-09 00:51:11 UTC (rev 13709)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-08-09 01:04:24 UTC (rev 13710)
@@ -23,7 +23,6 @@
import java.lang.reflect.Method;
import java.util.Set;
-import java.util.List;
import java.util.HashSet;
import org.apache.log4j.Logger;
@@ -171,7 +170,6 @@
}
catch (Exception e)
{
- //FIXME: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-08-09 00:51:11 UTC (rev 13709)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-08-09 01:04:24 UTC (rev 13710)
@@ -71,7 +71,6 @@
}
catch(Exception e)
{
- //FIXME: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
@@ -102,7 +101,6 @@
}
catch(Exception e)
{
- //FIXME: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13709 - in modules/authorization/trunk: common-api/src/main/java/org/jboss/security/authz/component and 2 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 20:51:11 -0400 (Sat, 08 Aug 2009)
New Revision: 13709
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
Log:
loose ends
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-08-08 23:44:03 UTC (rev 13708)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-08-09 00:51:11 UTC (rev 13709)
@@ -83,22 +83,14 @@
{
Set<Target> impliedTargets = new HashSet<Target>();
- String[] impliedActions = this.findImpliedActions(this.targetComponent.getClass());
+ Class[] impliedActions = this.findImpliedActions(this.targetComponent.getClass());
if(impliedActions != null)
{
- for(String impliedAction: impliedActions)
+ for(Class impliedAction: impliedActions)
{
- //FIXME: Find the Action Component from the repository
- Object impliedActionComponent = null;
- if(impliedAction.equals("read"))
- {
- impliedActionComponent = Thread.currentThread().getContextClassLoader().loadClass("org.jboss.security.authz.components.action.Read").newInstance();
- }
- else if(impliedAction.equals("write"))
- {
- impliedActionComponent = Thread.currentThread().getContextClassLoader().loadClass("org.jboss.security.authz.components.action.Write").newInstance();
- }
-
+ //Instantiate the Implied Component
+ Object impliedActionComponent = impliedAction.newInstance();
+
//Compose this action target
TargetComposition comp = new TargetComposition();
comp.setTargetComponent(impliedActionComponent);
@@ -139,7 +131,7 @@
return target;
}
- private String[] findImpliedActions(Class targetClass)
+ private Class[] findImpliedActions(Class targetClass)
{
Annotation impliedActions = targetClass.getAnnotation(ImpliedActions.class);
if(impliedActions != null)
Modified: modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java
===================================================================
--- modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java 2009-08-08 23:44:03 UTC (rev 13708)
+++ modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java 2009-08-09 00:51:11 UTC (rev 13709)
@@ -33,5 +33,5 @@
@Retention(RetentionPolicy.RUNTIME)
public @interface ImpliedActions
{
- String[] value();
+ Class[] value();
}
Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java 2009-08-08 23:44:03 UTC (rev 13708)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java 2009-08-09 00:51:11 UTC (rev 13709)
@@ -38,7 +38,7 @@
type=ComponentType.TARGET,
category=ComponentCategory.ACTION
)
-@ImpliedActions({"read", "write"})
+(a)ImpliedActions({Read.class, Write.class})
public class Manage extends Operation
{
public Manage()
Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java 2009-08-08 23:44:03 UTC (rev 13708)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java 2009-08-09 00:51:11 UTC (rev 13709)
@@ -38,7 +38,7 @@
type=ComponentType.TARGET,
category=ComponentCategory.ACTION
)
-@ImpliedActions({"read"})
+(a)ImpliedActions({Read.class})
public class Write extends Operation
{
public Write()
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-08-08 23:44:03 UTC (rev 13708)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-08-09 00:51:11 UTC (rev 13709)
@@ -167,7 +167,7 @@
}
/**
- * FIXME: make this preparation more robust injecting arbitrary Facts and then let the RuleEngine do its thing
+ * TODO: make this preparation more robust injecting arbitrary Facts and then let the RuleEngine do its thing
*
* @param context
*/
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13708 - modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 19:44:03 -0400 (Sat, 08 Aug 2009)
New Revision: 13708
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
Log:
Policy Hot Deployment implementation
* Both Transactional Integrity and Concurrency properly addressed
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java 2009-08-08 23:27:44 UTC (rev 13707)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java 2009-08-08 23:44:03 UTC (rev 13708)
@@ -21,11 +21,7 @@
*/
package org.jboss.security.authz.policy.server.plugin;
-import java.util.Iterator;
-import java.util.TreeSet;
-
import org.jboss.security.xacml.sunxacml.support.finder.PolicyCollection;
-import org.jboss.security.xacml.sunxacml.AbstractPolicy;
/**
* For now, just non-versioned version
@@ -42,28 +38,5 @@
public void deactivate(String policyUri)
{
this.policies.remove(policyUri);
- }
-
- /**
- *
- * @param policyUri
- * @return
- */
- public AbstractPolicy getPolicy(String policyUri)
- {
- TreeSet set = (TreeSet) (policies.get(policyUri));
- if (set == null)
- {
- return null;
- }
-
- Iterator it = set.iterator();
- while (it.hasNext())
- {
- AbstractPolicy policy = (AbstractPolicy) (it.next());
- return policy;
- }
-
- return null;
- }
+ }
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 23:27:44 UTC (rev 13707)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 23:44:03 UTC (rev 13708)
@@ -69,9 +69,6 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*
- * FIXME: Transactional Integrity and proper Concurrency when Updating
- * the State of the Rule Engine
- *
*/
public class EnterprisePolicyFinderModule extends PolicyFinderModule
{
@@ -234,7 +231,7 @@
{
this.deletePolicy(oldPolicy, false);
- //new policy should then be deployed into the rule engine
+ // new policy should then be deployed into the rule engine
this.newPolicy(newPolicy);
HotDeployEvent hotDeployEvent = new HotDeployEvent(oldPolicy.getPolicyUri());
@@ -246,38 +243,32 @@
{
try
{
- AbstractPolicy activePolicy = this.policies.getPolicy(policy
- .getPolicyUri());
+ // Delete this Policy from the Policy Store
+ this.policyStore.deletePolicy(policy.getPolicyUri());
- if(activePolicy != null)
+ this.policies.deactivate(policy.getPolicyUri());
+
+ // Delete any DroolsExpressions associated with this Policy from the
+ // Drools Manager
+ if (policy.getMetaData().getRules() != null)
{
- // Delete this Policy from the Policy Store
- this.policyStore.deletePolicy(policy.getPolicyUri());
-
- this.policies.deactivate(policy.getPolicyUri());
-
- // Delete any DroolsExpressions associated with this Policy from the
- // Drools Manager
- if (policy.getMetaData().getRules() != null)
+ for (Rule policyRule : policy.getMetaData().getRules())
{
- for (Rule policyRule : policy.getMetaData().getRules())
+ Expression ruleExpression = policyRule.getExpression();
+ if (ruleExpression instanceof DroolsRuleExpression)
{
- Expression ruleExpression = policyRule.getExpression();
- if (ruleExpression instanceof DroolsRuleExpression)
- {
- this.ruleManager.removeRule(((DroolsRuleExpression) ruleExpression)
- .getRuleReference());
- }
+ this.ruleManager.removeRule(((DroolsRuleExpression) ruleExpression)
+ .getRuleReference());
}
}
-
- if (mustHotDeploy)
- {
- HotDeployEvent hotDeployEvent = new HotDeployEvent(policy
- .getPolicyUri());
- this.eventBus.deliver(hotDeployEvent);
- }
}
+
+ if (mustHotDeploy)
+ {
+ HotDeployEvent hotDeployEvent = new HotDeployEvent(policy
+ .getPolicyUri());
+ this.eventBus.deliver(hotDeployEvent);
+ }
}
catch (PolicyException pe)
{
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13707 - in modules/authorization/trunk: common-api/src/main/java/org/jboss/security/authz/xacml and 7 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 19:27:44 -0400 (Sat, 08 Aug 2009)
New Revision: 13707
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
Log:
Policy Hot Deployment implementation
* Transactional Integrity implemented
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -135,7 +135,7 @@
{
log.error(this, e);
- //TODO: implement proper exception handling
+ //FIXME: implement proper exception handling
throw new RuntimeException(e);
}
}
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -171,7 +171,7 @@
}
catch (Exception e)
{
- // TODO: handle this properly
+ //FIXME: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -71,7 +71,7 @@
}
catch(Exception e)
{
- //TODO: handle this properly
+ //FIXME: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
@@ -88,7 +88,7 @@
{
for(String impliedAction: impliedActions)
{
- //TODO: Find the Action Component from the repository
+ //FIXME: Find the Action Component from the repository
Object impliedActionComponent = null;
if(impliedAction.equals("read"))
{
@@ -110,7 +110,7 @@
}
catch(Exception e)
{
- //TODO: handle this properly
+ //FIXME: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
Modified: modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
===================================================================
--- modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -108,7 +108,7 @@
{
String uri = attributeDesignator.getAttributeId();
- //TODO: Include all Attribute Types like Resource, Action, and Environment
+ //FIXME: Include all Attribute Types like Resource, Action, and Environment
if(uri.equals(XACMLConstants.ATTRIBUTEID_ACTION_ID) ||
uri.equals(ATTRIBUTEID_CUSTOM_SUBJECT_ATTRIBUTE)
)
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -90,7 +90,7 @@
assertFalse("Match(prefix/urlfoo/)",Pattern.matches(regex, "prefix/urlfoo/"));
assertFalse("Match(/blah/prefix/url/index.html)",Pattern.matches(regex, "/blah/prefix/url/index.html"));
- //TODO: fix issue with duplicate matches when using concrete uris and regex uris
+ //FIXME: fix issue with duplicate matches when using concrete uris and regex uris
this.provision("/prefix/url/*");
//this.provision("/prefix/url/index.html");
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -25,9 +25,11 @@
import org.apache.log4j.Logger;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Attribute;
@@ -38,6 +40,7 @@
import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
import org.jboss.security.authz.policy.server.event.EventBus;
+import org.jboss.security.authz.policy.server.tools.HibernateService;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
@@ -55,6 +58,7 @@
private EnterprisePolicyFinderModule policyFinderModule;
private DroolsRuleManager ruleManager;
private EventBus eventBus;
+ private HibernateService hibernateService;
public PolicyServer()
{
@@ -75,6 +79,8 @@
this.policyFinderModule.setPolicyStore(this.policyStore);
this.policyFinderModule.setRuleManager(this.ruleManager);
this.policyFinderModule.setEventBus(this.eventBus);
+ this.policyFinderModule.setHibernateService(this.hibernateService);
+
this.policyFinderModule.bootup();
}
}
@@ -129,6 +135,16 @@
{
this.eventBus = eventBus;
}
+
+ public HibernateService getHibernateService()
+ {
+ return hibernateService;
+ }
+
+ public void setHibernateService(HibernateService hibernateService)
+ {
+ this.hibernateService = hibernateService;
+ }
// --------Enforcement Phase
// services--------------------------------------------------------------------------------------------------------------------------
/**
@@ -144,7 +160,15 @@
*/
public Response evaluate(Request request) throws PolicyServerException
{
- return this.policyDecisionPoint.evaluate(request);
+ try
+ {
+ return this.policyDecisionPoint.evaluate(request);
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ throw new PolicyServerException(t);
+ }
}
/**
@@ -159,7 +183,15 @@
*/
public String evaluate(String xml) throws PolicyServerException
{
- return this.policyDecisionPoint.evaluate(xml);
+ try
+ {
+ return this.policyDecisionPoint.evaluate(xml);
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ throw new PolicyServerException(t);
+ }
}
// ------- Provisioning Phase
@@ -174,19 +206,35 @@
public void deploy(PolicyMetaData policyMetaData)
throws PolicyServerException
{
- Policy policy = this.findPolicy(policyMetaData);
-
- if (policy == null)
+ Session session = null;
+ Transaction tx = null;
+ try
{
- // Create a New Policy
- this.policyFinderModule.newPolicy(policyMetaData);
+ session = this.hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ Policy policy = this.findPolicy(policyMetaData);
+
+ if (policy == null)
+ {
+ // Create a New Policy
+ this.policyFinderModule.newPolicy(policyMetaData);
+ }
+ else
+ {
+ // Update an existing Policy
+ this.policyFinderModule.updatePolicy(policy, policyMetaData);
+
+ }
+
+ tx.commit();
}
- else
+ catch(Throwable t)
{
- // Update an existing Policy
- this.policyFinderModule.updatePolicy(policy, policyMetaData);
-
- }
+ log.error(this, t);
+ tx.rollback();
+ throw new PolicyServerException(t);
+ }
}
/**
@@ -197,14 +245,23 @@
*/
public void deletePolicy(String policyUri) throws PolicyServerException
{
+ Session session = null;
+ Transaction tx = null;
try
{
+ session = this.hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
this.policyFinderModule.deletePolicy(this.policyStore.readPolicy(policyUri), true);
+
+ tx.commit();
}
- catch (PolicyException pe)
+ catch (Throwable t)
{
- throw new PolicyServerException(pe);
- }
+ log.error(this, t);
+ tx.rollback();
+ throw new PolicyServerException(t);
+ }
}
/**
@@ -214,14 +271,25 @@
*/
public Set<Policy> readAllPolicies() throws PolicyServerException
{
+ Session session = null;
+ Transaction tx = null;
try
{
- return this.policyStore.readAllPolicies();
+ session = this.hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ Set<Policy> all = this.policyStore.readAllPolicies();
+
+ tx.commit();
+
+ return all;
}
- catch (PolicyException pe)
+ catch (Throwable t)
{
- throw new PolicyServerException(pe);
- }
+ log.error(this, t);
+ tx.rollback();
+ throw new PolicyServerException(t);
+ }
}
/**
@@ -233,14 +301,39 @@
*/
public Policy findByResource(Attribute resourceAttribute) throws PolicyServerException
{
+ Session session = null;
+ Transaction tx = null;
+ boolean isStartedHere = false;
try
{
- return this.policyStore.findByResource(resourceAttribute);
+ session = this.hibernateService.getCurrentSession();
+ tx = session.getTransaction();
+ if(!tx.isActive())
+ {
+ tx.begin();
+ isStartedHere = true;
+ }
+
+ Policy policy = this.policyStore.findByResource(resourceAttribute);
+
+ if(isStartedHere)
+ {
+ tx.commit();
+ }
+
+ return policy;
}
- catch (PolicyException pe)
+ catch (Throwable t)
{
- throw new PolicyServerException(pe);
- }
+ log.error(this, t);
+
+ if(isStartedHere)
+ {
+ tx.rollback();
+ }
+
+ throw new PolicyServerException(t);
+ }
}
// --------------------------------------------------------------------------------------------------------------------------------------------
private Policy findPolicy(PolicyMetaData policyMetaData)
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -165,8 +165,7 @@
return response;
}
catch(Exception e)
- {
- log.error(this, e);
+ {
throw new PolicyServerException(e);
}
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -167,7 +167,7 @@
}
/**
- * TODO: make this preparation more robust injecting arbitrary Facts and then let the RuleEngine do its thing
+ * FIXME: make this preparation more robust injecting arbitrary Facts and then let the RuleEngine do its thing
*
* @param context
*/
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -45,8 +45,6 @@
* This service provides management for Drools based authorization Rules/Logic
* used by the Drools Function extension of the XACML Engine
*
- * TODO: Add Database Persistence to the State of this Manager
- *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
@@ -254,13 +252,6 @@
log.error(this, t);
tx.rollback();
throw new RuntimeException(t);
- }
- finally
- {
- if(session.isOpen())
- {
- session.close();
- }
- }
+ }
}
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -28,6 +28,9 @@
import org.apache.log4j.Logger;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
@@ -36,6 +39,7 @@
import org.jboss.security.authz.model.Expression;
import org.jboss.security.authz.policy.server.event.EventBus;
import org.jboss.security.authz.policy.server.spi.PolicyStore;
+import org.jboss.security.authz.policy.server.tools.HibernateService;
import org.jboss.security.authz.policy.server.PolicyServerException;
import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.policy.server.event.HotDeployEvent;
@@ -65,7 +69,8 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*
- * TODO: Transactional Integrity and proper Concurrency when Updating the State of the Rule Engine
+ * FIXME: Transactional Integrity and proper Concurrency when Updating
+ * the State of the Rule Engine
*
*/
public class EnterprisePolicyFinderModule extends PolicyFinderModule
@@ -73,11 +78,12 @@
private static Logger log = Logger
.getLogger(EnterprisePolicyFinderModule.class);
- private PolicyReader reader;
+ private PolicyReader reader;
private PolicyStore policyStore;
private DroolsRuleManager ruleManager;
private EventBus eventBus;
-
+ private HibernateService hibernateService;
+
private DynamicPolicyCollection policies;
public EnterprisePolicyFinderModule()
@@ -104,7 +110,7 @@
{
this.ruleManager = ruleManager;
}
-
+
public EventBus getEventBus()
{
return eventBus;
@@ -114,6 +120,17 @@
{
this.eventBus = eventBus;
}
+
+ public HibernateService getHibernateService()
+ {
+ return hibernateService;
+ }
+
+ public void setHibernateService(HibernateService hibernateService)
+ {
+ this.hibernateService = hibernateService;
+ }
+
// -----------PolicyFinderModule
// Implementation------------------------------------------------------------------------------------------------------------
/**
@@ -178,49 +195,19 @@
return new PolicyFinderResult(e.getStatus());
}
}
- // ------------------------------------------------------------------------------------------------------------------------------------------
- public void bootup() throws PolicyServerException
+
+ // ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void newPolicy(PolicyMetaData policyMetaData)
+ throws PolicyServerException
{
try
{
- // Load the persisted Policies into the Finder's memory
- log
- .info("------------------------------------------------------------------");
- log
- .info("Booting Up the Policy Rule Engine.................................");
- Set<Policy> allPolicies = this.policyStore.readAllPolicies();
- if (allPolicies != null)
- {
- for (Policy policy : allPolicies)
- {
- this.injectPolicy(policy);
- }
- log.info("Rule Engine successfully started with [" + allPolicies.size()
- + "] stored Policies");
- }
- log
- .info("------------------------------------------------------------------");
- }
- catch (Throwable t)
- {
- log.error(this, t);
- throw new PolicyServerException(t);
- }
- }
-
- public void newPolicy(PolicyMetaData policyMetaData) throws PolicyServerException
- {
- try
- {
Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(),
policyMetaData);
-
+
// Save the policy in the Policy Store
this.policyStore.savePolicy(policy);
-
- // Inject the new Policy into the Rule Engine
- this.injectPolicy(policy);
-
+
// Update the DroolsRuleManager's runtime state with any Drools based
// expressions if they are part of this new policy
Set<Rule> rules = policyMetaData.getRules();
@@ -232,58 +219,62 @@
this.ruleManager.addRule((DroolsRuleExpression) expression);
}
}
+
+ // Inject the new Policy into the Rule Engine
+ this.injectPolicy(policy);
}
- catch (Throwable t)
+ catch (PolicyException pe)
{
- log.error(this, t);
- throw new PolicyServerException(t);
+ throw new PolicyServerException(pe);
}
}
-
- public void updatePolicy(Policy oldPolicy, PolicyMetaData newPolicy) throws PolicyServerException
+
+ public void updatePolicy(Policy oldPolicy, PolicyMetaData newPolicy)
+ throws PolicyServerException
{
this.deletePolicy(oldPolicy, false);
-
- //TODO: This hot deployment should be done out-of-band
- //and new policy should then be deployed into the rule engine
+
+ //new policy should then be deployed into the rule engine
this.newPolicy(newPolicy);
-
+
HotDeployEvent hotDeployEvent = new HotDeployEvent(oldPolicy.getPolicyUri());
this.eventBus.deliver(hotDeployEvent);
}
-
- public void deletePolicy(Policy policy, boolean mustHotDeploy) throws PolicyServerException
+
+ public void deletePolicy(Policy policy, boolean mustHotDeploy)
+ throws PolicyServerException
{
try
{
- AbstractPolicy activePolicy = this.policies.getPolicy(policy.getPolicyUri());
-
- //Deactivate this Policy
+ AbstractPolicy activePolicy = this.policies.getPolicy(policy
+ .getPolicyUri());
+
if(activePolicy != null)
{
- //First deactivate this policy
+ // Delete this Policy from the Policy Store
+ this.policyStore.deletePolicy(policy.getPolicyUri());
+
this.policies.deactivate(policy.getPolicyUri());
-
-
- //Delete any DroolsExpressions associated with this Policy from the Drools Manager
- if(policy.getMetaData().getRules()!=null)
+
+ // Delete any DroolsExpressions associated with this Policy from the
+ // Drools Manager
+ if (policy.getMetaData().getRules() != null)
{
- for(Rule policyRule: policy.getMetaData().getRules())
+ for (Rule policyRule : policy.getMetaData().getRules())
{
Expression ruleExpression = policyRule.getExpression();
- if(ruleExpression instanceof DroolsRuleExpression)
+ if (ruleExpression instanceof DroolsRuleExpression)
{
- this.ruleManager.removeRule(((DroolsRuleExpression) ruleExpression).getRuleReference());
+ this.ruleManager.removeRule(((DroolsRuleExpression) ruleExpression)
+ .getRuleReference());
}
}
}
-
- //Delete this Policy from the Policy Store
- this.policyStore.deletePolicy(policy.getPolicyUri());
-
- if(mustHotDeploy)
+
+ if (mustHotDeploy)
{
- HotDeployEvent hotDeployEvent = new HotDeployEvent(policy.getPolicyUri());
+ HotDeployEvent hotDeployEvent = new HotDeployEvent(policy
+ .getPolicyUri());
this.eventBus.deliver(hotDeployEvent);
}
}
@@ -293,7 +284,45 @@
throw new PolicyServerException(pe);
}
}
- //-------------------------------------------------------------------------------------------------------------------------------------------
+
+ // -------------------------------------------------------------------------------------------------------------------------------------------
+ public void bootup() throws PolicyServerException
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ session = this.hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ // Load the persisted Policies into the Finder's memory
+ log
+ .info("------------------------------------------------------------------");
+ log
+ .info("Booting Up the Policy Rule Engine.................................");
+ Set<Policy> allPolicies = this.policyStore.readAllPolicies();
+ if (allPolicies != null)
+ {
+ for (Policy policy : allPolicies)
+ {
+ this.injectPolicy(policy);
+ }
+ log.info("Rule Engine successfully started with [" + allPolicies.size()
+ + "] stored Policies");
+ }
+ log
+ .info("------------------------------------------------------------------");
+
+ tx.commit();
+ }
+ catch (Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new PolicyServerException(t);
+ }
+ }
+
private void injectPolicy(Policy policy) throws PolicyServerException
{
ByteArrayInputStream bos = null;
@@ -307,7 +336,6 @@
}
catch (Exception e)
{
- log.error(this, e);
throw new PolicyServerException(e);
}
finally
@@ -323,5 +351,5 @@
}
}
}
- }
+ }
}
\ No newline at end of file
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -29,9 +29,7 @@
import org.apache.log4j.Logger;
import org.hibernate.Session;
-import org.hibernate.Transaction;
-
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.Attribute;
@@ -82,12 +80,10 @@
public Set<Policy> readAllPolicies() throws PolicyException
{
Session session = null;
- Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
session = hibernateService.getCurrentSession();
- tx = session.beginTransaction();
List allPolicies = session.createQuery("from XACMLPolicy").list();
@@ -96,24 +92,14 @@
{
policies.addAll(allPolicies);
}
-
- tx.commit();
-
+
return policies;
}
catch(Throwable t)
{
- log.error(this, t);
- tx.rollback();
+ log.error(this, t);
throw new RuntimeException(t);
- }
- finally
- {
- if(session.isOpen())
- {
- session.close();
- }
- }
+ }
}
/**
@@ -126,30 +112,17 @@
public void savePolicy(Policy policy) throws PolicyException
{
Session session = null;
- Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
- session = hibernateService.getCurrentSession();
- tx = session.beginTransaction();
-
+ session = hibernateService.getCurrentSession();
session.saveOrUpdate(policy);
-
- tx.commit();
}
catch(Throwable t)
{
log.error(this, t);
- tx.rollback();
throw new RuntimeException(t);
- }
- finally
- {
- if(session.isOpen())
- {
- session.close();
- }
- }
+ }
}
/**
@@ -161,33 +134,21 @@
public void deletePolicy(String policyUri) throws PolicyException
{
Session session = null;
- Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
session = hibernateService.getCurrentSession();
- tx = session.beginTransaction();
session.createQuery("delete from XACMLPolicy policy where policy.policyUri=?").setString(0, policyUri).
executeUpdate();
-
- tx.commit();
}
catch(Throwable t)
{
- log.error(this, t);
- tx.rollback();
+ log.error(this, t);
throw new RuntimeException(t);
- }
- finally
- {
- if(session.isOpen())
- {
- session.close();
- }
- }
+ }
}
- //------------------------------------------------------------------------------------------------------------------------------------------------------------
+
/**
* Finds the Policy associated with the specified URIResource
*
@@ -198,12 +159,10 @@
public Policy findByResource(Attribute resourceAttribute) throws PolicyException
{
Session session = null;
- Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
session = this.hibernateService.getCurrentSession();
- tx = session.beginTransaction();
Object[] result = (Object[])session.createQuery("from XACMLPolicy policy " +
"join policy.metaData.target.resourceMatches match " +
@@ -221,23 +180,13 @@
}
}
- tx.commit();
-
return null;
}
catch(Throwable t)
{
- log.error(this, t);
- tx.rollback();
+ log.error(this, t);
throw new RuntimeException(t);
- }
- finally
- {
- if(session.isOpen())
- {
- session.close();
- }
- }
+ }
}
/**
@@ -250,32 +199,20 @@
public Policy readPolicy(String policyUri) throws PolicyException
{
Session session = null;
- Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
session = this.hibernateService.getCurrentSession();
- tx = session.beginTransaction();
Policy policy = (Policy)session.createQuery("from XACMLPolicy where policyUri=?").
setString(0, policyUri).uniqueResult();
- tx.commit();
-
return policy;
}
catch(Throwable t)
{
- log.error(this, t);
- tx.rollback();
+ log.error(this, t);
throw new RuntimeException(t);
- }
- finally
- {
- if(session.isOpen())
- {
- session.close();
- }
- }
+ }
}
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java 2009-08-08 23:27:44 UTC (rev 13707)
@@ -63,5 +63,5 @@
public Session getCurrentSession()
{
return this.sessionFactory.getCurrentSession();
- }
+ }
}
Modified: modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-08 20:44:06 UTC (rev 13706)
+++ modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-08 23:27:44 UTC (rev 13707)
@@ -16,6 +16,9 @@
<property name="eventBus">
<inject bean="/policy-server/EventBus"/>
</property>
+ <property name="hibernateService">
+ <inject bean="/policy-server/HibernateService"/>
+ </property>
</bean>
<bean name="/policy-server/PolicyDecisionPoint" class="org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint">
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13706 - in modules/authorization/trunk: agent/src/main/java/org/jboss/security/authz/agent/enforcement and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 16:44:06 -0400 (Sat, 08 Aug 2009)
New Revision: 13706
Modified:
modules/authorization/trunk/.classpath
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java
modules/authorization/trunk/pom.xml
Log:
Upgrading to the latest 2.0.3.SP2-SNAPSHOT of jbossxacml library
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2009-08-08 19:40:48 UTC (rev 13705)
+++ modules/authorization/trunk/.classpath 2009-08-08 20:44:06 UTC (rev 13706)
@@ -34,8 +34,8 @@
<classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.4/jaxb-impl-2.1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-xjc/2.1.4/jaxb-xjc-2.1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT.jar" sourcepath="/M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3.SP2-SNAPSHOT/jboss-sunxacml-2.0.3.SP2-SNAPSHOT.jar" sourcepath="/M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3.SP2-SNAPSHOT/jboss-sunxacml-2.0.3.SP2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.3.SP2-SNAPSHOT/jboss-xacml-2.0.3.SP2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-xacml/2.0.3.SP2-SNAPSHOT/jboss-xacml-2.0.3.SP2-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
<classpathentry kind="var" path="M2_REPO/org/drools/drools-core/4.0.7/drools-core-4.0.7.jar"/>
<classpathentry kind="var" path="M2_REPO/org/drools/drools-compiler/4.0.7/drools-compiler-4.0.7.jar"/>
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java 2009-08-08 19:40:48 UTC (rev 13705)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java 2009-08-08 20:44:06 UTC (rev 13706)
@@ -75,7 +75,7 @@
enforcementResponse.setAttribute(EnforcementResponse.CACHED, new Date());
}
- //Add Cache Invalidation Operations
+ //TODO: Add More Finegrained Cache Invalidation Operations. A full blow away will have to do for now
public void clear()
{
this.responseCache.clear();
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2009-08-08 19:40:48 UTC (rev 13705)
+++ modules/authorization/trunk/pom.xml 2009-08-08 20:44:06 UTC (rev 13706)
@@ -26,7 +26,7 @@
<version.sun.jaxb>2.1.4</version.sun.jaxb>
<version.sun.jaf>1.1</version.sun.jaf>
- <version.jboss.xacml>2.0.3-SNAPSHOT</version.jboss.xacml>
+ <version.jboss.xacml>2.0.3.SP2-SNAPSHOT</version.jboss.xacml>
<version.org.drools>4.0.7</version.org.drools>
<version.org.mvel.mvel>1.3.1-java1.4</version.org.mvel.mvel>
16 years, 9 months
- 1
- 0