JBoss Portal SVN: r13550 - in modules/authorization/trunk: http-profile/src/test/resources and 1 other directories.
11:45 a.m.
Author: sohil.shah(a)jboss.com
Date: 2009-07-13 12:45:05 -0400 (Mon, 13 Jul 2009)
New Revision: 13550
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
Log:
adapting the http-profile tests with the new framework
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-07-12
20:31:28 UTC (rev 13549)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-07-13
16:45:05 UTC (rev 13550)
@@ -30,18 +30,20 @@
import org.apache.log4j.Logger;
import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
import org.jboss.security.authz.agent.services.PolicyComposer;
+
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.http.component.action.Get;
import org.jboss.security.authz.http.component.action.Post;
import org.jboss.security.authz.http.component.resource.HttpResource;
-import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.model.Policy;
+
+import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.client.enforcement.Request;
-import org.jboss.security.authz.policy.client.enforcement.Response;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
/**
@@ -63,13 +65,9 @@
this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
this.enforcer =
(PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner =
(PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
//------------------------------------------------------------------------------------------------------------------------------------------------------
- //TODO: migrate to the new developer framework
- public void testExecutiveFiles() throws Exception
- {
- PolicyConfig config = new HttpPolicyConfig();
+ this.provisioner =
(PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
+
+ PolicyConfig config = new HttpPolicyConfig();
((HttpPolicyConfig)config).setPolicyComposer(this.policyComposer);
InputStream is =
Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
@@ -78,178 +76,128 @@
assertNotNull(policies);
- for(int i=0; i<policies.length; i++)
- {
- String xacmlPolicy = policies[i].generateSystemPolicy();
- this.provisioner.newPolicy(policies[i].getMetaData());
-
- log.info("------------------------------------------------------");
- log.info(xacmlPolicy);
- log.info("------------------------------------------------------");
+ for(Policy policy: policies)
+ {
+ this.provisioner.newPolicy(policy.getMetaData());
}
is.close();
+ //Assert Policy State of the Server
+ policies = this.provisioner.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", policies != null &&
policies.length > 0);
+ for(Policy policy: policies)
+ {
+
log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testExecutiveFiles() throws Exception
+ {
//Perform an Enforcement
- /*HttpResource incoming = new HttpResource();
+ HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/executives/index.html"));
- incoming.addParameter("id", "1234");
+ incoming.addParameter("id", "1234");
//Executive is allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"executive"}),
true);
- this.enforce(this.createPostRequest(incoming, new String[]{"executive"}),
true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive"}, new Get()), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive"}, new Post()), true);
//Executive is allowed but Manager is not.....Permit overrides Deny according to the
Rule Combining Algorithm used for this Policy
- this.enforce(this.createGetRequest(incoming, new String[]{"executive",
"manager"}), true);
- this.enforce(this.createPostRequest(incoming, new String[]{"executive",
"manager"}), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive", "manager"}, new Get()), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive", "manager"}, new Post()), true);
//Manager is Not Allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"manager"}),
false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"manager"}, new Get()), false);
//Anonymous is Not Allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}),
false);*/
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"anonymous"}, new Get()), false);
}
- /*public void testBoardFiles() throws Exception
- {
- PolicyConfig config = new HttpPolicyConfig();
- InputStream is =
Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
-
- Policy[] policies = config.configure(GeneralTool.readStream(is));
-
- assertNotNull(policies);
-
- for(int i=0; i<policies.length; i++)
- {
- String xacmlPolicy = policies[i].generateXACMLPolicy();
- this.policyServer.newPolicy(policies[i].getMetaData());
- log.info("------------------------------------------------------");
- log.info(xacmlPolicy);
- log.info("------------------------------------------------------");
- }
-
- is.close();
-
+ public void testBoardFiles() throws Exception
+ {
//Perform an Enforcement
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/board/index.html"));
incoming.addParameter("id", "5678");
//Executive is allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"executive"}),
true);
- this.enforce(this.createPostRequest(incoming, new String[]{"executive"}),
false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive"}, new Get()), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive"}, new Post()), false);
//Executive is allowed but Manager is not.....Permit overrides Deny according to the
Rule Combining Algorithm used for this Policy
- this.enforce(this.createGetRequest(incoming, new String[]{"executive",
"manager"}), true);
- this.enforce(this.createPostRequest(incoming, new String[]{"executive",
"manager"}), false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive", "manager"}, new Get()), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive", "manager"}, new Post()), false);
//Manager is Not Allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"manager"}),
false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"manager"}, new Get()), false);
//Anonymous is Not Allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}),
false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"anonymous"}, new Get()), false);
}
public void testEditUser() throws Exception
- {
- PolicyConfig config = new HttpPolicyConfig();
- InputStream is =
Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
-
- Policy[] policies = config.configure(GeneralTool.readStream(is));
-
- assertNotNull(policies);
-
- for(int i=0; i<policies.length; i++)
- {
- String xacmlPolicy = policies[i].generateXACMLPolicy();
- this.policyServer.newPolicy(policies[i].getMetaData());
- log.info("------------------------------------------------------");
- log.info(xacmlPolicy);
- log.info("------------------------------------------------------");
- }
-
- is.close();
-
+ {
//Perform an Enforcement
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/editUser"));
incoming.addParameter("userId", "9101112");
//Executive is allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"executive"}),
true);
- this.enforce(this.createPostRequest(incoming, new String[]{"executive"}),
true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive"}, new Get()), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive"}, new Post()), true);
//Executive is allowed but Manager is not.....Permit overrides Deny according to the
Rule Combining Algorithm used for this Policy
- this.enforce(this.createGetRequest(incoming, new String[]{"executive",
"manager"}), true);
- this.enforce(this.createPostRequest(incoming, new String[]{"executive",
"manager"}), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive", "manager"}, new Get()), true);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"executive", "manager"}, new Post()), true);
//Manager is Not Allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"manager"}),
false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"manager"}, new Get()), false);
//Anonymous is Not Allowed
- this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}),
false);
+ this.enforce(this.createEnforcementContext(incoming, new
String[]{"anonymous"}, new Get()), false);
}
//-------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(Request request, boolean mustBePermitted) throws Exception
+ private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
{
-
- Response response = this.enforcer.checkAccess(request);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
+ EnforcementResponse response = this.enforcer
+ .checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision=" + response.getMessage());
+
+ if (mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
}
- private Request createGetRequest(HttpResource contextResource, String[] userRoles)
throws Exception
+ private EnforcementContext createEnforcementContext(HttpResource protectedResource,
String[] userRoles, Object actionComponent) throws Exception
{
- //Create a RequestType
- Request request = new Request();
-
- //Create Subjects
- Roles roles = new Roles();
- for(int i=0; i<userRoles.length; i++)
- {
- roles.addName(userRoles[i]);
- }
- request.addSubject(roles.getSubject());
-
- //Create Resource
- request.addResource(contextResource.getResource());
-
- //Create Action
- request.setAction(new Get().getAction());
-
- return request;
- }
-
- private Request createPostRequest(HttpResource contextResource, String[] userRoles)
throws Exception
- {
- //Create a RequestType
- Request request = new Request();
-
- //Create Subjects
- Roles roles = new Roles();
- for(int i=0; i<userRoles.length; i++)
- {
- roles.addName(userRoles[i]);
- }
- request.addSubject(roles.getSubject());
-
- //Create Resource
- request.addResource(contextResource.getResource());
-
- //Create Action
- request.setAction(new Post().getAction());
-
- return request;
- }*/
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ //Resource being accessed
+ context.setAttribute("http-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ for (int i = 0; i < userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
+ }
+ context.setAttribute("roles", roles);
+
+ //Action being performed
+ context.setAttribute("http-action", actionComponent);
+
+ return context;
+ }
}
Modified: modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml 2009-07-12
20:31:28 UTC (rev 13549)
+++ modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml 2009-07-13
16:45:05 UTC (rev 13550)
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<web-security>
+<web-security>
<security-constraint>
<web-resource-collection>
<web-resource>
@@ -10,7 +10,7 @@
</parameters>
<http-method>GET</http-method>
<http-method>POST</http-method>
- </web-resource>
+ </web-resource>
<web-resource>
<web-resource-name>Board/Investor Files</web-resource-name>
<url-pattern>/private/board/*</url-pattern>
@@ -18,7 +18,7 @@
<parameter name="id">5678</parameter>
</parameters>
<http-method>GET</http-method>
- </web-resource>
+ </web-resource>
</web-resource-collection>
<auth-constraint>
<!-- constaints based on user roles -->
@@ -68,8 +68,7 @@
<http-method>POST</http-method>
</web-resource>
</web-resource-collection>
- <auth-constraint>
- <!-- constaints based on user roles -->
+ <auth-constraint>
<roles allow="true">
<role-name>Admin</role-name>
<role-name>Executive</role-name>
@@ -79,5 +78,5 @@
<role-name>Developer</role-name>
</roles>
</auth-constraint>
- </security-constraint>
+ </security-constraint>
</web-security>
\ No newline at end of file
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-07-12
20:31:28 UTC (rev 13549)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-07-13
16:45:05 UTC (rev 13550)
@@ -22,6 +22,8 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.plugin;
+import java.util.List;
+import java.util.ArrayList;
import java.io.IOException;
import java.io.ByteArrayInputStream;
@@ -57,11 +59,11 @@
private static Logger log = Logger.getLogger(EnterprisePolicyFinderModule.class);
private PolicyReader reader;
- private PolicyCollection policies;
+ private List<PolicyCollection> policies;
public EnterprisePolicyFinderModule()
{
- this.policies = new PolicyCollection();
+ this.policies = new ArrayList<PolicyCollection>();
}
public void addPolicy(Policy policy) throws PolicyServerException
@@ -74,7 +76,9 @@
AbstractPolicy xacmlPolicy = this.reader.readPolicy(bos);
- this.policies.addPolicy(xacmlPolicy);
+ PolicyCollection newPolicyCollection = new PolicyCollection();
+ newPolicyCollection.addPolicy(xacmlPolicy);
+ this.policies.add(newPolicyCollection);
}
catch(Exception e)
{
@@ -135,21 +139,35 @@
*/
public PolicyFinderResult findPolicy(EvaluationCtx context)
{
- try
- {
- AbstractPolicy policy = this.policies.getPolicy(context);
- if (policy == null)
- {
- return new PolicyFinderResult();
- }
- else
- {
- return new PolicyFinderResult(policy);
- }
- }
- catch (TopLevelPolicyException e)
- {
- return new PolicyFinderResult(e.getStatus());
- }
+ TopLevelPolicyException exception = null;
+ PolicyFinderResult result = null;
+ for (PolicyCollection policyCollection : this.policies)
+ {
+ try
+ {
+ AbstractPolicy policy = policyCollection.getPolicy(context);
+ if (policy != null)
+ {
+ return new PolicyFinderResult(policy);
+ }
+ }
+ catch (TopLevelPolicyException e)
+ {
+ exception = e;
+ }
+ }
+
+ //If I am here......No Policy Found for the incoming request!!
+ if(exception != null)
+ {
+ result = new PolicyFinderResult(exception.getStatus());
+ }
+ else
+ {
+ result = new PolicyFinderResult();
+ }
+
+
+ return result;
}
}
\ No newline at end of file
6137
days inactive
6137
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org