JBoss Portal SVN: r12791 - in modules/authorization/trunk/core-components/src: main/java/org/jboss/security/authz/components/subject and 2 other directories.
10:39 p.m.
Author: sohil.shah(a)jboss.com
Date: 2009-02-06 23:39:13 -0500 (Fri, 06 Feb 2009)
New Revision: 12791
Added:
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
Removed:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
Log:
Core Component Implementation cleanup. The Component contract is still evolving on the
whiteboard
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
===================================================================
---
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-06
21:51:50 UTC (rev 12790)
+++
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-07
04:39:13 UTC (rev 12791)
@@ -26,18 +26,15 @@
import java.util.HashMap;
import java.util.Set;
import java.util.HashSet;
-import java.text.MessageFormat;
import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.Resource;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.model.DroolsRuleExpression;
-import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.xacml.ExpressionBuilder;
+import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
@@ -52,41 +49,7 @@
*
*/
public class HttpResource
-{
- //make it package-level access so that unit tests can test these rules
- static final String allowedRolesRule =
- "import java.util.HashSet\n"+
- "rule \"allowedRolesRule\"\n"+
- "when\n"+
- "$ruleName: String()\n"+
- "$roles: HashSet()\n"+
- "eval($ruleName.contains(\"httpResource://permittedRoles\"))\n"+
- "eval({0})\n"+
- "then\n"+
- "insert(Boolean.TRUE);\n"+
- "end\n";
-
- static final String deniedRolesRule =
- "import java.util.HashSet\n"+
- "rule \"deniedRolesRule\"\n"+
- "when\n"+
- "$ruleName: String()\n"+
- "$roles: HashSet()\n"+
- "eval($ruleName.contains(\"httpResource://deniedRoles\"))\n"+
- "eval({0})\n"+
- "then\n"+
- "insert(Boolean.TRUE);\n"+
- "end\n";
-
- static final String allowedIpsRule =
- "rule \"allowedIpsRule\"\n"+
- "when\n"+
- "$ruleName: String()\n"+
- "eval($ruleName.contains(\"httpResource://allowedIps\"))\n"+
- "then\n"+
- "insert(Boolean.TRUE);\n"+
- "end\n";
-
+{
/**
* The URL that identifies this resource
*/
@@ -100,17 +63,13 @@
/**
* Roles that are allowed access to this resource
*/
- private Set<String> allowedRoles;
+ private Roles allowedRoles;
/**
* Roles that are denied access to this resource
*/
- private Set<String> deniedRoles;
+ private Roles deniedRoles;
- /**
- * A Range/regular expression to specify client IP addresses that have access to this
resource
- */
- private Set<String> allowedIps;
/**
*
@@ -118,9 +77,6 @@
public HttpResource()
{
this.parameters = new HashMap<String, String>();
- this.allowedRoles = new HashSet<String>();
- this.deniedRoles = new HashSet<String>();
- this.allowedIps = new HashSet<String>();
}
public Map<String, String> getParameters()
@@ -146,22 +102,30 @@
this.url = url;
}
- public Set<String> getAllowedRoles()
+ public Roles getAllowedRoles()
{
+ if(this.allowedRoles == null)
+ {
+ this.allowedRoles = new Roles();
+ }
return allowedRoles;
}
- public void setAllowedRoles(Set<String> allowedRoles)
+ public void setAllowedRoles(Roles allowedRoles)
{
this.allowedRoles = allowedRoles;
}
- public Set<String> getDeniedRoles()
+ public Roles getDeniedRoles()
{
+ if(this.deniedRoles == null)
+ {
+ this.deniedRoles = new Roles();
+ }
return deniedRoles;
}
- public void setDeniedRoles(Set<String> deniedRoles)
+ public void setDeniedRoles(Roles deniedRoles)
{
this.deniedRoles = deniedRoles;
}
@@ -177,32 +141,14 @@
}
public void addAllowedRole(String allowedRole)
- {
- if(allowedRole == null || allowedRole.trim().length() == 0)
- {
- throw new IllegalArgumentException("Role Value Must Not Be Empty");
- }
-
- this.allowedRoles.add(allowedRole);
+ {
+ this.getAllowedRoles().addName(allowedRole);
}
public void addDeniedRole(String deniedRole)
- {
- if(deniedRole == null || deniedRole.trim().length() == 0)
- {
- throw new IllegalArgumentException("Role Value Must Not Be Empty");
- }
- this.deniedRoles.add(deniedRole);
- }
-
- public void addAllowedIp(String allowedIp)
- {
- if(allowedIp == null || allowedIp.trim().length() == 0)
- {
- throw new IllegalArgumentException("Allowed IP Must Not Be Empty");
- }
- this.allowedIps.add(allowedIp);
- }
+ {
+ this.getDeniedRoles().addName(deniedRole);
+ }
//-------Services for Policy
Creation---------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Creates a Policy Target suggesting that the Policy should apply to this
HttpResource
@@ -244,35 +190,9 @@
*
* @return the rule
*/
- private Rule getPermittedRolesRule()
+ private Rule allowIfUserHasRole()
{
- if(this.allowedRoles == null || this.allowedRoles.isEmpty())
- {
- return null;
- }
-
- Rule permitRule = new Rule();
-
- String ruleReference =
"httpResource://permittedRoles/"+GeneralTool.generateUniqueId();
- permitRule.setRuleId(ruleReference);
- permitRule.setEffect(Effect.PERMIT);
-
- //Generate a Drools Rule Expression
- StringBuffer buffer = new StringBuffer();
- for(String role: this.allowedRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\")
|| ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.allowedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference(ruleReference);
- expression.setRule(rule);
- permitRule.setExpression(expression);
-
- return permitRule;
+ return this.getAllowedRoles().allowIfUserHasRole();
}
/**
@@ -280,70 +200,11 @@
*
* @return the role
*/
- private Rule getDeniedRolesRule()
+ private Rule denyIfUserHasRole()
{
- if(this.deniedRoles == null || this.deniedRoles.isEmpty())
- {
- return null;
- }
-
- Rule denyRule = new Rule();
-
- String ruleReference =
"httpResource://deniedRoles/"+GeneralTool.generateUniqueId();
- denyRule.setRuleId(ruleReference);
- denyRule.setEffect(Effect.DENY);
-
- //Generate a Drools Rule Expression
- StringBuffer buffer = new StringBuffer();
- for(String role: this.deniedRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\")
|| ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.deniedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference(ruleReference);
- expression.setRule(rule);
- denyRule.setExpression(expression);
-
- return denyRule;
+ return this.getDeniedRoles().denyIfUserHasRole();
}
-
- private Rule getAllowedIpsRule()
- {
- if(this.allowedIps == null || this.allowedIps.isEmpty())
- {
- return null;
- }
-
- Rule rule = new Rule();
-
- String ruleReference =
"httpResource://allowedIps/"+GeneralTool.generateUniqueId();
- rule.setRuleId(ruleReference);
- rule.setEffect(Effect.PERMIT);
-
- //TODO: Generate a Drools Rule Expression
- for(String allowedIp: this.allowedIps)
- {
- /*AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, allowedIp);
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);*/
- }
-
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference(ruleReference);
- expression.setRule(HttpResource.allowedIpsRule);
- rule.setExpression(expression);
-
- return rule;
- }
-
+
public PolicyMetaData getPolicyMetaData(boolean matchAllParameters)
{
PolicyMetaData metadata = new PolicyMetaData();
@@ -353,26 +214,17 @@
Set<Rule> rules = new HashSet<Rule>();
//Permitted Roles
- Rule permittedRoles = this.getPermittedRolesRule();
- if(permittedRoles != null)
- {
- rules.add(permittedRoles);
- }
+ if(this.allowedRoles != null)
+ {
+ rules.add(this.allowIfUserHasRole());
+ }
- //Denied Roles
- Rule deniedRoles = this.getDeniedRolesRule();
- if(deniedRoles != null)
+ //Denied Roles
+ if(this.deniedRoles != null)
{
- rules.add(deniedRoles);
+ rules.add(this.denyIfUserHasRole());
}
-
- //AllowedIP Rules
- Rule allowedIps = this.getAllowedIpsRule();
- if(allowedIps != null)
- {
- rules.add(allowedIps);
- }
-
+
metadata.setTarget(target);
metadata.setRules(rules);
@@ -384,7 +236,7 @@
*
* @return the Resource
*/
- public Resource getURLResource()
+ public Resource getResource()
{
Resource urlResource = new Resource();
Deleted:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java
===================================================================
---
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2009-02-06
21:51:50 UTC (rev 12790)
+++
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2009-02-07
04:39:13 UTC (rev 12791)
@@ -1,285 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.components.subject;
-
-import java.net.InetAddress;
-
-import org.jboss.security.authz.model.Attribute;
-import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.Target;
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-
-/**
- * The Machine Policy Component represents the "Machine" that is accessing the
System
- *
- * This Component provides an easy to use Developer API for generating commonly used
Expressions/Logic related to Machine related information that must be
- * represented within an Authorization Policy
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class Machine
-{
- /**
- * IP Address of the machine
- */
- private InetAddress ipAddress;
-
- /**
- * DNS Name of the machine
- */
- private String dnsName;
-
- /**
- * Regular Expression for matching the fact whether the IP Address of the remote
Machine falls within the specified range of IP Addresses
- */
- private String ipRangeRegEx;
-
- public Machine()
- {
-
- }
-
- public InetAddress getIpAddress()
- {
- return ipAddress;
- }
-
- public void setIpAddress(InetAddress ipAddress)
- {
- this.ipAddress = ipAddress;
- }
-
- public String getDnsName()
- {
- return dnsName;
- }
-
- public void setDnsName(String dnsName)
- {
- this.dnsName = dnsName;
- }
-
-
- public String getIpRangeRegEx()
- {
- return ipRangeRegEx;
- }
-
- public void setIpRangeRegEx(String ipRangeRegEx)
- {
- this.ipRangeRegEx = ipRangeRegEx;
- }
-
//------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates a Rule specifying that the Remote Machine with this IP Address should be
Allowed Access
- *
- * @return the rule
- */
- public Rule getAllowedRemoteIP()
- {
- if(this.ipAddress == null)
- {
- throw new IllegalStateException("The IP Address is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_STRING, this.ipAddress.getHostAddress());
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule specifying that the Remote Machine with this IP Address should be
Denied Access
- *
- * @return the rule
- */
- public Rule getDeniedRemoteIP()
- {
- if(this.ipAddress == null)
- {
- throw new IllegalStateException("The IP Address is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_STRING, this.ipAddress.getHostAddress());
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule that specifies that the Remote Machine with its DNS address is
Allowed Access
- *
- * @return the rule
- */
- public Rule getAllowedRemoteDNS()
- {
- if(this.dnsName == null || this.dnsName.trim().length() == 0)
- {
- throw new IllegalStateException("The DNSName is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_DNS_NAME,
- XMLSchemaConstants.DATATYPE_STRING, this.dnsName);
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule that specifies that the Remote Machine with its DNS address is
Denied Access
- *
- * @return the rule
- */
- public Rule getDenyRemoteDNS()
- {
- if(this.dnsName == null || this.dnsName.trim().length() == 0)
- {
- throw new IllegalStateException("The DNSName is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_DNS_NAME,
- XMLSchemaConstants.DATATYPE_STRING, this.dnsName);
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule specifying that the Remote Machine should be Allowed Access if it
falls within the specified IP Range
- *
- * @return the rule
- */
- public Rule getAllowedRemoteIPRange()
- {
- if(this.ipRangeRegEx == null || this.ipRangeRegEx.trim().length() == 0)
- {
- throw new IllegalStateException("The IP Range is not specified");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, this.ipRangeRegEx);
- expression.setAttribute(attribute);
-
- return rule;
- }
-
- /**
- * Creates a Rule specifying that the Remote Machine should be Denied Access if it
falls within the specified IP Range
- *
- * @return the rule
- */
- public Rule getDeniedRemoteIPRange()
- {
- if(this.ipRangeRegEx == null || this.ipRangeRegEx.trim().length() == 0)
- {
- throw new IllegalStateException("The IP Range is not specified");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, this.ipRangeRegEx);
- expression.setAttribute(attribute);
-
- return rule;
- }
-}
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java
===================================================================
---
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-06
21:51:50 UTC (rev 12790)
+++
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-07
04:39:13 UTC (rev 12791)
@@ -102,7 +102,7 @@
{
throw new IllegalArgumentException("Role Name should not be empty!!");
}
- this.names.add(name);
+ this.getNames().add(name);
}
//-------Services for Policy
Generation-----------------------------------------------------------------------------------------------------------------------------------------------------
/**
@@ -111,7 +111,7 @@
*
* @return the rule
*/
- public Rule allow()
+ public Rule allowIfUserHasRole()
{
if(this.getNames().isEmpty())
{
@@ -148,7 +148,7 @@
*
* @return the rule
*/
- public Rule deny()
+ public Rule denyIfUserHasRole()
{
if(this.getNames().isEmpty())
{
Modified:
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
===================================================================
---
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-02-06
21:51:50 UTC (rev 12790)
+++
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-02-07
04:39:13 UTC (rev 12791)
@@ -90,7 +90,6 @@
httpResource.addParameter("test2", "test2://value");
httpResource.addAllowedRole("admin");
httpResource.addDeniedRole("anonymous");
- httpResource.addAllowedIp("192.168.x.x");
Policy policy = new MockPolicy("testIPRules",
httpResource.getPolicyMetaData(true));
Deleted:
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java
===================================================================
---
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java 2009-02-06
21:51:50 UTC (rev 12790)
+++
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java 2009-02-07
04:39:13 UTC (rev 12791)
@@ -1,210 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authz.components.http;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.text.MessageFormat;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Iterator;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-
-
-import org.drools.RuleBase;
-import org.drools.RuleBaseFactory;
-import org.drools.StatefulSession;
-import org.drools.WorkingMemory;
-import org.drools.compiler.PackageBuilder;
-import org.jboss.security.authz.tools.GeneralTool;
-
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class TestHttpResourceRules extends TestCase
-{
- private static Logger log = Logger.getLogger(TestHttpResourceRules.class);
- private static String rulePkg =
- "package security\n"+
- "import org.jboss.security.authz.model.*;\n"+
- "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
-
- private RuleBase activeRuleBase;
-
- public void setUp() throws Exception
- {
- StringBuilder buffer = new StringBuilder();
-
- buffer.append(rulePkg+"\n");
- buffer.append(this.getAllowedRolesRule()+"\n");
- buffer.append(this.getDeniedRolesRule()+"\n");
- buffer.append(HttpResource.allowedIpsRule+"\n");
-
- Reader source = new InputStreamReader(new
ByteArrayInputStream(buffer.toString().getBytes()));
- try
- {
- PackageBuilder packageBuilder = new PackageBuilder();
- packageBuilder.addPackageFromDrl(source);
-
- if(this.activeRuleBase == null)
- {
- this.activeRuleBase = RuleBaseFactory.newRuleBase();
- }
-
- //Perform the reloading of the RuleBase with the updated Rules
- this.activeRuleBase.lock();
- this.activeRuleBase.addPackage(packageBuilder.getPackage());
- this.activeRuleBase.unlock();
- }
- finally
- {
- source.close();
- }
- }
-
- public void tearDown() throws Exception
- {
- this.activeRuleBase = null;
- }
-
- public void testAllowedRolesRule() throws Exception
- {
- log.info("Executing----------testAllowedRolesRule");
- WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
-
- //SetUp the context data
-
workingMemory.insert("httpResource://permittedRoles/"+GeneralTool.generateUniqueId());
- Set roles = new HashSet();
- roles.add("admin");
- roles.add("superuser");
- workingMemory.insert(roles);
-
- workingMemory.fireAllRules();
-
- //Extract result
- boolean success = false;
- Iterator itr = workingMemory.iterateObjects();
- while(itr.hasNext())
- {
- Object curr = itr.next();
- if(curr instanceof Boolean)
- {
- success = ((Boolean)curr).booleanValue();
- }
- }
-
- ((StatefulSession)workingMemory).dispose();
-
- assertTrue("Rule did not execute!!", success);
- }
-
- public void testDeniedRolesRule() throws Exception
- {
- log.info("Executing----------testDeniedRolesRule");
- WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
-
- //SetUp the context data
-
workingMemory.insert("httpResource://deniedRoles/"+GeneralTool.generateUniqueId());
- Set roles = new HashSet();
- roles.add("anonymous");
- workingMemory.insert(roles);
-
- workingMemory.fireAllRules();
-
- //Extract result
- boolean success = false;
- Iterator itr = workingMemory.iterateObjects();
- while(itr.hasNext())
- {
- Object curr = itr.next();
- if(curr instanceof Boolean)
- {
- success = ((Boolean)curr).booleanValue();
- }
- }
-
- ((StatefulSession)workingMemory).dispose();
-
- assertTrue("Rule did not execute!!", success);
- }
-
- public void testAllowedIpsRule() throws Exception
- {
- log.info("Executing----------testAllowedIpsRule");
- WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
-
workingMemory.insert("httpResource://allowedIps/"+GeneralTool.generateUniqueId());
- workingMemory.fireAllRules();
-
- //Extract result
- boolean success = false;
- Iterator itr = workingMemory.iterateObjects();
- while(itr.hasNext())
- {
- Object curr = itr.next();
- if(curr instanceof Boolean)
- {
- success = ((Boolean)curr).booleanValue();
- }
- }
-
- ((StatefulSession)workingMemory).dispose();
-
- assertTrue("Rule did not execute!!", success);
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------
- private String getAllowedRolesRule()
- {
- String[] mockRoles = new String[]{"Admin", "SupErUser"};
-
- StringBuffer buffer = new StringBuffer();
- for(String role: mockRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\")
|| ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.allowedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- return rule;
- }
-
- private String getDeniedRolesRule()
- {
- String[] mockRoles = new String[]{"Anonymous", "Regular"};
-
- StringBuffer buffer = new StringBuffer();
- for(String role: mockRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\")
|| ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.deniedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- return rule;
- }
-}
Added:
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
===================================================================
---
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
(rev 0)
+++
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java 2009-02-07
04:39:13 UTC (rev 12791)
@@ -0,0 +1,185 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.subject;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.text.MessageFormat;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+
+import org.drools.RuleBase;
+import org.drools.RuleBaseFactory;
+import org.drools.StatefulSession;
+import org.drools.WorkingMemory;
+import org.drools.compiler.PackageBuilder;
+import org.jboss.security.authz.tools.GeneralTool;
+
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestRolesDroolsRules extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestRolesDroolsRules.class);
+ private static String rulePkg =
+ "package security\n"+
+ "import org.jboss.security.authz.model.*;\n"+
+ "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
+
+ private RuleBase activeRuleBase;
+
+ public void setUp() throws Exception
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(rulePkg+"\n");
+ buffer.append(this.getAllowedRolesRule()+"\n");
+ buffer.append(this.getDeniedRolesRule()+"\n");
+
+ Reader source = new InputStreamReader(new
ByteArrayInputStream(buffer.toString().getBytes()));
+ try
+ {
+ PackageBuilder packageBuilder = new PackageBuilder();
+ packageBuilder.addPackageFromDrl(source);
+
+ if(this.activeRuleBase == null)
+ {
+ this.activeRuleBase = RuleBaseFactory.newRuleBase();
+ }
+
+ //Perform the reloading of the RuleBase with the updated Rules
+ this.activeRuleBase.lock();
+ this.activeRuleBase.addPackage(packageBuilder.getPackage());
+ this.activeRuleBase.unlock();
+ }
+ finally
+ {
+ source.close();
+ }
+ }
+
+ public void tearDown() throws Exception
+ {
+ this.activeRuleBase = null;
+ }
+
+ public void testAllowedRolesRule() throws Exception
+ {
+ log.info("Executing----------testAllowedRolesRule");
+ WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
+
+ //SetUp the context data
+
workingMemory.insert("roles://allowRule/"+GeneralTool.generateUniqueId());
+ Set roles = new HashSet();
+ roles.add("admin");
+ roles.add("superuser");
+ workingMemory.insert(roles);
+
+ workingMemory.fireAllRules();
+
+ //Extract result
+ boolean success = false;
+ Iterator itr = workingMemory.iterateObjects();
+ while(itr.hasNext())
+ {
+ Object curr = itr.next();
+ if(curr instanceof Boolean)
+ {
+ success = ((Boolean)curr).booleanValue();
+ }
+ }
+
+ ((StatefulSession)workingMemory).dispose();
+
+ assertTrue("Rule did not execute!!", success);
+ }
+
+ public void testDeniedRolesRule() throws Exception
+ {
+ log.info("Executing----------testDeniedRolesRule");
+ WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
+
+ //SetUp the context data
+ workingMemory.insert("roles://denyRule/"+GeneralTool.generateUniqueId());
+ Set roles = new HashSet();
+ roles.add("anonymous");
+ workingMemory.insert(roles);
+
+ workingMemory.fireAllRules();
+
+ //Extract result
+ boolean success = false;
+ Iterator itr = workingMemory.iterateObjects();
+ while(itr.hasNext())
+ {
+ Object curr = itr.next();
+ if(curr instanceof Boolean)
+ {
+ success = ((Boolean)curr).booleanValue();
+ }
+ }
+
+ ((StatefulSession)workingMemory).dispose();
+
+ assertTrue("Rule did not execute!!", success);
+ }
+ //------------------------------------------------------------------------------------------------------------------------------------------------------
+ private String getAllowedRolesRule()
+ {
+ String[] mockRoles = new String[]{"Admin", "SupErUser"};
+
+ StringBuffer buffer = new StringBuffer();
+ for(String role: mockRoles)
+ {
+ buffer.append("$roles.contains(\""+role.toLowerCase()+"\")
|| ");
+ }
+ String condition = buffer.toString().trim();
+ String rule = MessageFormat.format(Roles.allowRule,
+ new Object[]{condition.substring(0, condition.length()-2).trim()});
+
+ return rule;
+ }
+
+ private String getDeniedRolesRule()
+ {
+ String[] mockRoles = new String[]{"Anonymous", "Regular"};
+
+ StringBuffer buffer = new StringBuffer();
+ for(String role: mockRoles)
+ {
+ buffer.append("$roles.contains(\""+role.toLowerCase()+"\")
|| ");
+ }
+ String condition = buffer.toString().trim();
+ String rule = MessageFormat.format(Roles.denyRule,
+ new Object[]{condition.substring(0, condition.length()-2).trim()});
+
+ return rule;
+ }
+}
6303
days inactive
6303
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org