JBoss Portal SVN: r13650 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/org/exoplatform/portal/jboss/security/enforcement and 1 other directories. - portal-commits

Saturday, 1 August 2009


Author: sohil.shah(a)jboss.com
Date: 2009-08-01 11:10:09 -0400 (Sat, 01 Aug 2009)
New Revision: 13650

Added:
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
Modified:
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java
Log:
Enforcement Phase integration

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml	2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml	2009-08-01
15:10:09 UTC (rev 13650)
@@ -22,4 +22,13 @@
      	<property name="guestGroup">/platform/guests</property>
      	<property
name="navigationCreatorMembershipType">manager</property>
      </bean>                                
+     
+     <bean name="/exo/jboss/PolicyEnforcementPoint"
class="org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint">
+     	<property name="enforcer">
+     		<inject bean="/agent/LocalEnforcementPoint"/>
+     	</property>
+     	<property name="policyProvisioner">
+     		<inject bean="/exo/jboss/PolicyProvisioner"/>
+     	</property>
+     </bean>
 </deployment>
\ No newline at end of file

Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java	
                       (rev 0)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -0,0 +1,268 @@
+/**
+ * 
+ */
+package org.exoplatform.portal.jboss.security.enforcement;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Collection;
+
+import org.apache.log4j.Logger;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.PageNavigation;
+import org.exoplatform.portal.config.model.Page;
+import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.portal.jboss.security.components.CreatePortal;
+import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.enforcement.EnforcementException;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+
+/**
+ * This EnforcementPoint is ok for the first phase of integration. This can be made much
more flexible and much more decoupled from
+ * any direct knowledge of the Resource and Action Security Components. This clean
decoupling is possible with an interceptor approach
+ * 
+ * This will do the job and then more later
+ * 
+ * @author soshah
+ *
+ */
+public class ExoEnforcementPoint
+{
+	private static Logger log = Logger.getLogger(ExoEnforcementPoint.class);
+	
+	private PolicyEnforcementPoint enforcer;
+	private ExoPolicyProvisioner policyProvisioner;
+	
+	public ExoEnforcementPoint()
+	{
+		
+	}
+	
+	public void start()
+	{
+		log.debug("----------------------------------------------------------------");
+		log.debug("Exo-JBoss Policy Enforcement Point successfully
started..............."+this.enforcer);
+		log.debug("----------------------------------------------------------------");
+	}
+	
+	public void stop()
+	{
+		
+	}
+		
+	public PolicyEnforcementPoint getEnforcer()
+	{
+		return enforcer;
+	}
+
+	public void setEnforcer(PolicyEnforcementPoint enforcer)
+	{
+		this.enforcer = enforcer;
+	}
+		
+	public ExoPolicyProvisioner getPolicyProvisioner()
+	{
+		return policyProvisioner;
+	}
+
+	public void setPolicyProvisioner(ExoPolicyProvisioner policyProvisioner)
+	{
+		this.policyProvisioner = policyProvisioner;
+	}
+	//-----------------------------------------------------------------------------------------------------------------------------------------
+	public boolean checkCreatePortalAccess(org.exoplatform.services.security.Identity user)
throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			CreatePortal action = new CreatePortal();
+			EnforcementContext context = this.generateEnforcementContext(user, action.getName());
+						
+			context.setAttribute("action", action);
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}		
+	}
+	
+	public boolean checkReadAccess(org.exoplatform.services.security.Identity user,
PortalConfig portal) throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			EnforcementContext context = this.generateEnforcementContext(user,
"portal://"+portal.getName());
+						
+			context.setAttribute("action", new Read());
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}
+	}
+	
+	public boolean checkWriteAccess(org.exoplatform.services.security.Identity user,
PortalConfig portal) throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			EnforcementContext context = this.generateEnforcementContext(user,
"portal://"+portal.getName());
+										
+			context.setAttribute("action", new Write());
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}
+	}
+	
+	public boolean checkReadAccess(org.exoplatform.services.security.Identity user,
PageNavigation nav) throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			EnforcementContext context = this.generateEnforcementContext(user,
"pagenav://"+nav.getDescription());
+						
+			context.setAttribute("action", new Read());
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}
+	}
+	
+	public boolean checkWriteAccess(org.exoplatform.services.security.Identity user,
PageNavigation nav) throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			EnforcementContext context = this.generateEnforcementContext(user,
"pagenav://"+nav.getDescription());
+										
+			context.setAttribute("action", new Write());
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}
+	}
+	
+	public boolean checkReadAccess(org.exoplatform.services.security.Identity user, Page
page) throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			EnforcementContext context = this.generateEnforcementContext(user,
"page://"+page.getName());
+						
+			context.setAttribute("action", new Read());
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}
+	}
+	
+	public boolean checkWriteAccess(org.exoplatform.services.security.Identity user, Page
page) throws EnforcementException
+	{
+		try
+		{
+			// Create an EnforcementContext
+			EnforcementContext context = this.generateEnforcementContext(user,
"page://"+page.getName());
+										
+			context.setAttribute("action", new Write());
+			
+			//Perform the access check and assert the response
+			EnforcementResponse response = this.enforcer.checkAccess(context);
+			
+			return response.isAccessGranted();
+		}
+		catch(URISyntaxException uriexception)
+		{
+			throw new EnforcementException(uriexception);
+		}
+	}
+	//----------------------------------------------------------------------------------------------------------------------------------------------
+	private EnforcementContext
generateEnforcementContext(org.exoplatform.services.security.Identity user, 
+	String resourceUri) throws URISyntaxException
+	{
+		EnforcementContext context = new EnforcementContext();
+		
+		// Create Resource
+		URIResource portalRes = new URIResource();
+		portalRes.setUri(new URI(resourceUri));
+		context.setAttribute("resource", portalRes);
+
+		if(user != null && user.getUserId() != null)
+		{
+			// Create Identity
+			Identity identity = new Identity();
+			identity.setName(user.getUserId());
+			context.setAttribute("identity", identity);
+	
+			// Create Roles
+			Roles roles = new Roles();		
+			Collection<MembershipEntry> memberships = user.getMemberships();
+			if (memberships != null && !memberships.isEmpty())
+			{
+				for (MembershipEntry membership : memberships)
+				{
+					roles.addName(membership.toString());
+				}
+			}
+			
+			roles.addName("Everyone");
+			context.setAttribute("roles", roles);
+		}
+		else
+		{
+				Roles roles = new Roles();
+				// This is a guest user
+				//TODO: change this to something like whatever:guestGroup once custom Roles component
is used
+				roles.addName("*:"+this.policyProvisioner.getGuestGroup());
+				roles.addName(Roles.ANONYMOUS);
+				
+				roles.addName("Everyone");
+				context.setAttribute("roles", roles);
+		}									
+		
+		return context;
+	}	
+}

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java	2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -8,14 +8,13 @@
 
 import org.exoplatform.test.BasicTestCase;
 import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+import org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint;
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.PageNavigation;
+import org.exoplatform.portal.config.model.Page;
 
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
 import org.jboss.security.authz.bootstrap.ServiceContainer;
 
-
-
 /**
  * @author soshah
  *
@@ -27,15 +26,15 @@
 	User root, administrator, manager, user, guest;
 	
 	ExoPolicyProvisioner exoPolicyProvisioner;
-	PolicyEnforcementPoint enforcer;
+	ExoEnforcementPoint exoEnforcementPoint;
+	
 			
 	protected void setUp() throws Exception 
 	{
 		ServiceContainer.bootstrap();						
-		
-		this.enforcer = (PolicyEnforcementPoint) ServiceContainer
-				.lookup("/agent/LocalEnforcementPoint");
+				
 		this.exoPolicyProvisioner =
(ExoPolicyProvisioner)ServiceContainer.lookup("/exo/jboss/PolicyProvisioner");
+		this.exoEnforcementPoint =
(ExoEnforcementPoint)ServiceContainer.lookup("/exo/jboss/PolicyEnforcementPoint");
 		
 		this.root = new User(this.exoPolicyProvisioner.getSuperuser());
 		
@@ -48,23 +47,124 @@
 		this.user = new User("user");
 		
 		this.guest = new User(null);
-	}	
+	}
 	
-	protected void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
+	protected void checkCreatePortalAccess(User user, boolean mustBePermitted) throws
Exception
 	{	    
-	    EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
+	    boolean access =
this.exoEnforcementPoint.checkCreatePortalAccess(user.getIdentity());
 	    
-    	assertNotNull(response);
     	log.info("-----------------------------------");
-        log.info("Decision="+response.getMessage());
+      log.info("Decision="+access);
         
 	    if(mustBePermitted)
 	    {	    	
-	    	assertTrue("Access must be granted!!!", response.isAccessGranted());
+	    	assertTrue("Access must be granted!!!", access);
 	    }
 	    else
 	    {
-	    	assertFalse("Access must be denied!!!", response.isAccessGranted());
+	    	assertFalse("Access must be denied!!!", access);
 	    }        
 	}
+		
+	protected void checkReadAccess(User user, PortalConfig portal, boolean mustBePermitted)
throws Exception
+	{	    
+	    boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(),
portal);
+	    
+    	log.info("-----------------------------------");
+      log.info("Decision="+access);
+        
+	    if(mustBePermitted)
+	    {	    	
+	    	assertTrue("Access must be granted!!!", access);
+	    }
+	    else
+	    {
+	    	assertFalse("Access must be denied!!!", access);
+	    }        
+	}
+	
+	protected void checkWriteAccess(User user, PortalConfig portal, boolean mustBePermitted)
throws Exception
+	{	    
+	    boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(),
portal);
+	    
+    	log.info("-----------------------------------");
+      log.info("Decision="+access);
+        
+	    if(mustBePermitted)
+	    {	    	
+	    	assertTrue("Access must be granted!!!", access);
+	    }
+	    else
+	    {
+	    	assertFalse("Access must be denied!!!", access);
+	    }        
+	}
+	
+	protected void checkReadAccess(User user, PageNavigation nav, boolean mustBePermitted)
throws Exception
+	{	    
+	    boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), nav);
+	    
+    	log.info("-----------------------------------");
+      log.info("Decision="+access);
+        
+	    if(mustBePermitted)
+	    {	    	
+	    	assertTrue("Access must be granted!!!", access);
+	    }
+	    else
+	    {
+	    	assertFalse("Access must be denied!!!", access);
+	    }        
+	}
+	
+	protected void checkWriteAccess(User user, PageNavigation nav, boolean mustBePermitted)
throws Exception
+	{	    
+	    boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(),
nav);
+	    
+    	log.info("-----------------------------------");
+      log.info("Decision="+access);
+        
+	    if(mustBePermitted)
+	    {	    	
+	    	assertTrue("Access must be granted!!!", access);
+	    }
+	    else
+	    {
+	    	assertFalse("Access must be denied!!!", access);
+	    }        
+	}
+	
+	protected void checkReadAccess(User user, Page page, boolean mustBePermitted) throws
Exception
+	{	    
+	    boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(),
page);
+	    
+    	log.info("-----------------------------------");
+      log.info("Decision="+access);
+        
+	    if(mustBePermitted)
+	    {	    	
+	    	assertTrue("Access must be granted!!!", access);
+	    }
+	    else
+	    {
+	    	assertFalse("Access must be denied!!!", access);
+	    }        
+	}
+	
+	protected void checkWriteAccess(User user, Page page, boolean mustBePermitted) throws
Exception
+	{	    
+	    boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(),
page);
+	    
+    	log.info("-----------------------------------");
+      log.info("Decision="+access);
+        
+	    if(mustBePermitted)
+	    {	    	
+	    	assertTrue("Access must be granted!!!", access);
+	    }
+	    else
+	    {
+	    	assertFalse("Access must be denied!!!", access);
+	    }        
+	}
 }

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java	2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -40,19 +40,18 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page),
-				false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page),
-				false);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-		this.enforce(this.readPageEnforcementContext(this.user, page), false);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+		
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, false);
+		this.checkReadAccess(this.manager, page, false);
+		this.checkReadAccess(this.user, page, false);
+		this.checkReadAccess(this.guest, page, false);
 	}
 
 	public void testPageAccessibleByEveryone() throws Exception
@@ -70,19 +69,17 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page),
-				false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page,false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page),
-				true);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-		this.enforce(this.readPageEnforcementContext(this.user, page), true);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page,true);
+		this.checkReadAccess(this.manager, page, true);
+		this.checkReadAccess(this.user, page, true);
+		this.checkReadAccess(this.guest, page, true);
 	}
 	
 	public void testPageEditableByEveryone() throws Exception
@@ -101,17 +98,17 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), true);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), true);
-		this.enforce(this.writePageEnforcementContext(this.user, page), true);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, true);
+		this.checkWriteAccess(this.manager, page, true);
+		this.checkWriteAccess(this.user, page, true);
+		this.checkWriteAccess(this.guest, page, true);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-		this.enforce(this.readPageEnforcementContext(this.user, page), true);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, true);
+		this.checkReadAccess(this.manager, page, true);
+		this.checkReadAccess(this.user, page, true);
+		this.checkReadAccess(this.guest, page, true);
 	}
 	
 	public void testPageAccessibleByGuests() throws Exception
@@ -129,17 +126,17 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-		this.enforce(this.readPageEnforcementContext(this.user, page), false);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, false);
+		this.checkReadAccess(this.manager, page, false);
+		this.checkReadAccess(this.user, page, false);
+		this.checkReadAccess(this.guest, page, true);
 	}
 	
 	public void testPageEditableByGuests() throws Exception
@@ -158,17 +155,17 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, true);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-		this.enforce(this.readPageEnforcementContext(this.user, page), false);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, false);
+		this.checkReadAccess(this.manager, page, false);
+		this.checkReadAccess(this.user, page, false);
+		this.checkReadAccess(this.guest, page, true);
 	}
 	
 	public void testPageAccessibleByEveryOneAndGuests() throws Exception 
@@ -186,17 +183,17 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-		this.enforce(this.readPageEnforcementContext(this.user, page), true);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, true);
+		this.checkReadAccess(this.manager, page, true);
+		this.checkReadAccess(this.user, page, true);
+		this.checkReadAccess(this.guest, page, true);
 	}
 	
 	public void testPageAccessibleByGuestsOnly() throws Exception 
@@ -214,17 +211,17 @@
 		this.exoPolicyProvisioner.debug();
 
 		// Assert
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-		this.enforce(this.readPageEnforcementContext(this.user, page), false);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, false);
+		this.checkReadAccess(this.manager, page, false);
+		this.checkReadAccess(this.user, page, false);
+		this.checkReadAccess(this.guest, page, true);
 	}
 	
 	public void testPageWithAccessPermission() throws Exception
@@ -241,17 +238,17 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 		
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, false);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-		this.enforce(this.readPageEnforcementContext(this.user, page), false);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, false);
+		this.checkReadAccess(this.manager, page, true);
+		this.checkReadAccess(this.user, page, false);
+		this.checkReadAccess(this.guest, page, false);
 		
 		//TODO: test with *:/manageable once wild card based custom Roles component is
implemented
 	}
@@ -271,101 +268,18 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 		
-		this.enforce(this.writePageEnforcementContext(this.root, page), true);
-		this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.writePageEnforcementContext(this.manager, page), true);
-		this.enforce(this.writePageEnforcementContext(this.user, page), false);
-		this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+		this.checkWriteAccess(this.root, page, true);
+		this.checkWriteAccess(this.administrator, page, false);
+		this.checkWriteAccess(this.manager, page, true);
+		this.checkWriteAccess(this.user, page, false);
+		this.checkWriteAccess(this.guest, page, false);
 
-		this.enforce(this.readPageEnforcementContext(this.root, page), true);
-		this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
-		this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-		this.enforce(this.readPageEnforcementContext(this.user, page), false);
-		this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+		this.checkReadAccess(this.root, page, true);
+		this.checkReadAccess(this.administrator, page, false);
+		this.checkReadAccess(this.manager, page, true);
+		this.checkReadAccess(this.user, page, false);
+		this.checkReadAccess(this.guest, page, false);
 		
 		//TODO: test with *:/manageable once wild card based custom Roles component is
implemented
-	}
-	//
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Read the Page Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext readPageEnforcementContext(User user, Page page)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
-		// Create Action
-		context.setAttribute("action", new Read());
-
-		return context;
-	}
-
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Edit the Portal Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext writePageEnforcementContext(User user, Page page)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
-		// Create Action
-		context.setAttribute("action", new Write());
-
-		return context;
-	}
-
-	private EnforcementContext accessPageEnforcementContext(User user, Page page)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = new EnforcementContext();
-
-		// Create Resource
-		URIResource portalRes = new URIResource();
-		portalRes.setUri(new URI("page://"+page.getName()));
-		context.setAttribute("resource", portalRes);
-
-		// Create Identity
-		Identity identity = new Identity();
-		if (user.getId() != null)
-		{
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}
-
-		// Create Roles
-		Roles roles = new Roles();		
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}			
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				//TODO: chage this to something like whatever:guestGroup once custom Roles component
is used
-				roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-				
-				roles.addName(Roles.ANONYMOUS);				
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-
-		return context;
-	}
+	}	
 }

Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java	
                       (rev 0)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2003-2007 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see<http://www.gnu.org/licenses/>;.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+/**
+ * @author soshah
+ * 
+ */
+public class TestJBossIntegrationCreatePortalACL extends JBossAbstractIntegrationTest
+{
+	public void testCreatePortal() throws Exception
+	{
+		// Generate an EnforcementContext to see if the superuser and administrator
+		// are allowed to create a Portal...Result: They should be
+		this.checkCreatePortalAccess(this.root, true);
+		this.checkCreatePortalAccess(this.administrator, true);		
+
+		// Generate an EnforcementContext to see if a standard manager and a regular
+		// user are allowed to create a Portal..Result: They shouldn't be
+		this.checkCreatePortalAccess(this.manager, false);
+		this.checkCreatePortalAccess(this.user, false);
+		this.checkCreatePortalAccess(this.guest, false);
+	}		
+}

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java	2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -17,17 +17,8 @@
 package org.exoplatform.portal.config.security.jboss;
 
 import org.exoplatform.portal.config.model.PageNavigation;
-import java.util.Collection;
-import java.net.URI;
-
 import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
 
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
 
 /**
  * 
@@ -50,11 +41,11 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);		
+		this.checkWriteAccess(this.root, nav, true);
+    this.checkWriteAccess(this.administrator, nav, false);
+    this.checkWriteAccess(this.manager, nav, true);
+    this.checkWriteAccess(this.user, nav, false);
+    this.checkWriteAccess(this.guest, nav, false);		
 	}
 
 	public void testNavEditByFooGroup() throws Exception
@@ -70,11 +61,11 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+		this.checkWriteAccess(this.root, nav, true);
+    this.checkWriteAccess(this.administrator, nav, false);
+    this.checkWriteAccess(this.manager, nav, false);
+    this.checkWriteAccess(this.user, nav, false);
+    this.checkWriteAccess(this.guest, nav, false);
 	}
 	
 	public void testNavEditByUser() throws Exception
@@ -90,11 +81,11 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+		this.checkWriteAccess(this.root, nav, true);
+    this.checkWriteAccess(this.administrator, nav, false);
+    this.checkWriteAccess(this.manager, nav, false);
+    this.checkWriteAccess(this.user, nav, true);
+    this.checkWriteAccess(this.guest, nav, false);
 	}
 	
 	public void testNavEditByGuest() throws Exception
@@ -110,62 +101,10 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), true);		
-	}		
-	//
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-   * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Edit the Page Navigation Object". The EnforcementContext is populated
with 
-   * "Security Components" whose state comes from the state of the application
for the incoming thread
-   */
-	private EnforcementContext writePageNavEnforcementContext(User user, PageNavigation
pageNavigation) throws Exception
-  {
-	  	//Create an EnforcementContext
-	  	EnforcementContext context = new EnforcementContext();
-
-		// Create Resource
-		URIResource portalRes = new URIResource();
-		portalRes.setUri(new URI("pagenav://"+pageNavigation.getDescription()));
-		context.setAttribute("resource", portalRes);
-
-		// Create Identity
-		Identity identity = new Identity();
-		if(user.getId() != null)
-		{
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}				
-		
-		//Create Roles		
-		Roles roles = new Roles();		
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}			
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				//TODO: chage this to something like whatever:guestGroup once custom Roles component
is used
-				roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-				
-				roles.addName(Roles.ANONYMOUS);				
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-		
-		context.setAttribute("action", new Write());
-		
-		return context;
-   }
+		this.checkWriteAccess(this.root, nav, true);
+    this.checkWriteAccess(this.administrator, nav, false);
+    this.checkWriteAccess(this.manager, nav, false);
+    this.checkWriteAccess(this.user, nav, false);
+    this.checkWriteAccess(this.guest, nav, true);		
+	}			
 }
\ No newline at end of file

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java	2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -3,17 +3,7 @@
  */
 package org.exoplatform.portal.config.security.jboss;
 
-import java.net.URI;
-import java.util.Collection;
-
 import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
 
 /**
  * @author soshah
@@ -32,21 +22,17 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.manager, portal),
-				false);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+		this.checkWriteAccess(this.root, portal, true);
+		this.checkWriteAccess(this.administrator, portal, false);
+		this.checkWriteAccess(this.manager, portal,false);
+		this.checkWriteAccess(this.user, portal, false);
+		this.checkWriteAccess(this.guest, portal, false);
 
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this
-				.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+		this.checkReadAccess(this.root, portal, true);
+		this.checkReadAccess(this.administrator, portal,false);
+		this.checkReadAccess(this.manager, portal, false);
+		this.checkReadAccess(this.user, portal, false);
+		this.checkReadAccess(this.guest, portal, false);
 	}
 	
 	public void testPortalOnlyReadAccess() throws Exception
@@ -61,20 +47,17 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.manager, portal),
-				false);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+		this.checkWriteAccess(this.root, portal, true);
+		this.checkWriteAccess(this.administrator, portal, false);
+		this.checkWriteAccess(this.manager, portal,false);
+		this.checkWriteAccess(this.user, portal, false);
+		this.checkWriteAccess(this.guest, portal, false);
 
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+		this.checkReadAccess(this.root, portal, true);
+		this.checkReadAccess(this.administrator, portal,false);
+		this.checkReadAccess(this.manager, portal, true);
+		this.checkReadAccess(this.user, portal, false);
+		this.checkReadAccess(this.guest, portal, false);
 	}
 
 	public void testPortalEditableAndReadImplied() throws Exception
@@ -89,20 +72,17 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this
-				.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+		this.checkWriteAccess(this.root, portal, true);
+		this.checkWriteAccess(this.administrator, portal, false);
+		this.checkWriteAccess(this.manager, portal, true);
+		this.checkWriteAccess(this.user, portal, false);
+		this.checkWriteAccess(this.guest, portal, false);
 
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+		this.checkReadAccess(this.root, portal, true);
+		this.checkReadAccess(this.administrator, portal,false);
+		this.checkReadAccess(this.manager, portal, true);
+		this.checkReadAccess(this.user, portal, false);
+		this.checkReadAccess(this.guest, portal, false);
 	}
 
 	public void testPortalReadAndEditableExplicit() throws Exception
@@ -118,20 +98,17 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this
-				.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+		this.checkWriteAccess(this.root, portal, true);
+		this.checkWriteAccess(this.administrator, portal, false);
+		this.checkWriteAccess(this.manager, portal, true);
+		this.checkWriteAccess(this.user, portal, false);
+		this.checkWriteAccess(this.guest, portal, false);
 
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+		this.checkReadAccess(this.root, portal, true);
+		this.checkReadAccess(this.administrator, portal,false);
+		this.checkReadAccess(this.manager, portal, true);
+		this.checkReadAccess(this.user, portal, false);
+		this.checkReadAccess(this.guest, portal, false);
 	}
 
 	public void testGuestAllowedEdit() throws Exception
@@ -146,103 +123,16 @@
 		//Debug
 		this.exoPolicyProvisioner.debug();
 
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this
-				.enforce(this.writePortalEnforcementContext(this.manager, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), true);
+		this.checkWriteAccess(this.root, portal, true);
+		this.checkWriteAccess(this.administrator, portal, false);
+		this.checkWriteAccess(this.manager, portal, false);
+		this.checkWriteAccess(this.user, portal, false);
+		this.checkWriteAccess(this.guest, portal, true);
 
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), true);
+		this.checkReadAccess(this.root, portal, true);
+		this.checkReadAccess(this.administrator, portal,false);
+		this.checkReadAccess(this.manager, portal, false);
+		this.checkReadAccess(this.user, portal, false);
+		this.checkReadAccess(this.guest, portal, true);
 	}
-	//----------------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Read the Portal Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext readPortalEnforcementContext(User user,
-			PortalConfig portal) throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPortalEnforcementContext(user,
-				portal);
-
-		// Create Action
-		context.setAttribute("action", new Read());
-
-		return context;
-	}
-
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Edit the Portal Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext writePortalEnforcementContext(User user,
-			PortalConfig portal) throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPortalEnforcementContext(user,
-				portal);
-
-		// Create Action
-		context.setAttribute("action", new Write());
-
-		return context;
-	}
-
-	private EnforcementContext accessPortalEnforcementContext(User user,
-			PortalConfig portal) throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = new EnforcementContext();
-
-		// Create Resource
-		URIResource portalRes = new URIResource();
-		portalRes.setUri(new URI("portal://"+portal.getName()));
-		context.setAttribute("resource", portalRes);
-
-		// Create Identity
-		Identity identity = new Identity();
-		if (user.getId() != null)
-		{
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}
-
-		// Create Roles
-		Roles roles = new Roles();		
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				//TODO: chage this to something like whatever:guestGroup once custom Roles component
is used
-				roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-				roles.addName(Roles.ANONYMOUS);
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-
-		return context;
-	}
 }

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java	2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java	2009-08-01
15:10:09 UTC (rev 13650)
@@ -34,6 +34,11 @@
 			identity = null;
 		}
 	}
+	
+	public Identity getIdentity()
+	{
+		return this.identity;
+	}
 
 	public String getId()
 	{


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBoss Portal SVN: r13650 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/org/exoplatform/portal/jboss/security/enforcement and 1 other directories.