Author: sohil.shah(a)jboss.com Date: 2009-07-14 16:33:01 -0400 (Tue, 14 Jul 2009) New Revision: 13554 Removed: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyServer.java Modified: modules/authorization/trunk/agent/pom.xml modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java Log: adapting the testsuite to the new framework Modified: modules/authorization/trunk/agent/pom.xml =================================================================== --- modules/authorization/trunk/agent/pom.xml 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/pom.xml 2009-07-14 20:33:01 UTC (rev 13554) @@ -33,6 +33,25 @@ <dependency> <groupId>org.jboss.security</groupId> <artifactId>jboss-xacml</artifactId> - </dependency> + </dependency> + + <!-- test dependencies --> + <!-- jboss microcontainer --> + <dependency> + <groupId>org.jboss.microcontainer</groupId> + <artifactId>jboss-kernel</artifactId> + <scope>test</scope> + </dependency> + <!-- Drools --> + <dependency> + <groupId>org.drools</groupId> + <artifactId>drools-core</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.drools</groupId> + <artifactId>drools-compiler</artifactId> + <scope>test</scope> + </dependency> </dependencies> </project> Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -32,6 +32,7 @@ public class EnforcementContext implements Serializable { private Map<String, Object> attributes; + private boolean activateHierarchialEnforcement; public EnforcementContext() { @@ -67,4 +68,14 @@ { this.attributes.clear(); } + + public boolean isActivateHierarchialEnforcement() + { + return activateHierarchialEnforcement; + } + + public void activateHierarchialEnforcement() + { + this.activateHierarchialEnforcement = true; + } } Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -153,6 +153,11 @@ } } + if(enforcementContext.isActivateHierarchialEnforcement()) + { + request.setActivateHierarchialEnforcement(true); + } + return request; } } Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java =================================================================== --- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -26,20 +26,24 @@ import junit.framework.TestCase; import org.apache.log4j.Logger; -import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.model.PolicyMetaData; -import org.jboss.security.authz.model.Resource; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; import org.jboss.security.authz.bootstrap.ServiceContainer; -import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.resource.URIResource; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.components.action.Read; +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.enforcement.EnforcementContext; +import org.jboss.security.authz.agent.enforcement.EnforcementResponse; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; + +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; + /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> */ @@ -47,104 +51,142 @@ { private static Logger log = Logger.getLogger(TestHierarchialPropagation.class); + private PolicyComposer policyComposer; private PolicyEnforcementPoint enforcer; - private PolicyProvisioner provisioner; + private PolicyProvisioner provisioner; + public void setUp() throws Exception { - ServiceContainer.bootstrap(); - this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/enforcement/localEnforcementPoint"); - this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/provisioning/localProvisioner"); + ServiceContainer.bootstrap(); + + this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer"); + this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint"); + this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner"); } public void tearDown() throws Exception { } - //TODO: Rewrite these tests with the new Developer Framework - /*public void testExplicitPermit() throws Exception + public void testExplicitPermit() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1/level2/index.html")); - resource.setOperation(new Read()); - resource.addAllowed("user"); + resource.setUri(new URI("/root/level1/level2/index.html")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); //Perform enforcement - this.enforce(this.createRequest(contextResource), true); + this.enforce(this.createEnforcementContext(contextResource, action), true); } public void testExplicitDeny() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1/level2/index.html")); - resource.setOperation(new Read()); - resource.addDenied("user"); + resource.setUri(new URI("/root/level1/level2/index.html")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + + Roles deniedRoles = new Roles(); + deniedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + this.assertServerState(); //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); + this.enforce(this.createEnforcementContext(contextResource, action), false); } public void testPermitInheritance() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1")); - resource.setOperation(new Read()); - resource.addAllowed("user"); + resource.setUri(new URI("/root/level1")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); //Perform enforcement - this.enforce(this.createRequest(contextResource), true); + this.enforce(this.createEnforcementContext(contextResource, action), true); } public void testDenyInheritance() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1")); - resource.setOperation(new Read()); - resource.addDenied("user"); + resource.setUri(new URI("/root/level1")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + Roles deniedRoles = new Roles(); + deniedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); - contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); + contextResource.setUri(new URI("/root/level1/level2/index.html")); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); + this.enforce(this.createEnforcementContext(contextResource, action), false); } public void testDenyOverridesPermitInheritance() throws Exception @@ -152,81 +194,77 @@ //SetUp Permit policy URIResource resource = new URIResource(); resource.setUri(new URI("/root/level1")); - resource.setOperation(new Read()); - resource.addAllowed("user"); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + //Setup denied policy resource = new URIResource(); - resource.setUri(new URI("/root/level1/level2")); - resource.setOperation(new Read()); - resource.addDenied("user"); + resource.setUri(new URI("/root/level1/level2")); - //Provision the new policy - metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Roles deniedRoles = new Roles(); + deniedRoles.addName("user"); + //Setup the Context for the Composition with these components + context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression"); + + //Store the policy into the Policy Server + policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); - contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); + contextResource.setUri(new URI("/root/level1/level2/index.html")); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); + this.enforce(this.createEnforcementContext(contextResource, action), false); } public void testNotApplicable() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root2")); - resource.setOperation(new Read()); - resource.addAllowed("user"); + resource.setUri(new URI("/root2")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); - contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); + contextResource.setUri(new URI("/root/level1/level2/index.html")); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); + this.enforce(this.createEnforcementContext(contextResource, action), false); } //------------------------------------------------------------------------------------------------------------------------------------------------------ - private Request createRequest(URIResource uriResource) throws Exception - { - //Create a RequestType - Request request = new Request(); - - //Enable Hierarchial Enforcement - request.setActivateHierarchialEnforcement(true); - - //Create Resource - Resource urlResource = uriResource.getResource(); - request.addResource(urlResource); - - //Create Subjects - Roles roles = new Roles(); - roles.addName("user"); - request.addSubject(roles.getSubject()); - - //Create Action - request.setAction(uriResource.getOperation().getAction()); - - return request; - } - - private void enforce(Request request, boolean mustBePermitted) throws Exception - { + private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception + { + EnforcementResponse response = this.enforcer.checkAccess(enforcementContext); - Response response = this.enforcer.checkAccess(request); - assertNotNull(response); log.info("-----------------------------------"); log.info("Decision="+response.getMessage()); @@ -241,6 +279,29 @@ } } + private EnforcementContext createEnforcementContext(URIResource protectedResource, Read action) throws Exception + { + // Create an EnforcementContext + EnforcementContext context = new EnforcementContext(); + + // Enable Hierarchial Enforcement + context.activateHierarchialEnforcement(); + + // Create Resource + context.setAttribute("uri-resource", protectedResource); + + // Create Subjects + Roles roles = new Roles(); + roles.addName("user"); + context.setAttribute("roles", roles); + + // Create Action + context.setAttribute("action", action); + + return context; + } + + private void assertServerState() throws Exception { //Assert Policy State of the Server @@ -249,5 +310,5 @@ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1)); log.info("------------------------------------------------------------------------------"); log.info(policies[0].generateSystemPolicy()); - }*/ + } } Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java =================================================================== --- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -26,15 +26,12 @@ import junit.framework.TestCase; import org.apache.log4j.Logger; +import org.jboss.security.authz.bootstrap.ServiceContainer; + +import org.jboss.security.authz.model.Effect; import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyMetaData; -import org.jboss.security.authz.model.Resource; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.bootstrap.ServiceContainer; -import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.resource.URIResource; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.components.action.Operation; @@ -42,7 +39,14 @@ import org.jboss.security.authz.components.action.Write; import org.jboss.security.authz.components.action.Manage; +import org.jboss.security.authz.agent.enforcement.EnforcementContext; +import org.jboss.security.authz.agent.enforcement.EnforcementResponse; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; + /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> */ @@ -50,100 +54,106 @@ { private static Logger log = Logger.getLogger(TestImpliedActions.class); + private PolicyComposer policyComposer; private PolicyEnforcementPoint enforcer; - private PolicyProvisioner provisioner; + private PolicyProvisioner provisioner; + public void setUp() throws Exception { - ServiceContainer.bootstrap(); - this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/enforcement/localEnforcementPoint"); - this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/provisioning/localProvisioner"); + ServiceContainer.bootstrap(); + + this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer"); + this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint"); + this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner"); } public void tearDown() throws Exception { } - //TODO: Rewrite these tests with the new Developer Framework - /*public void testReadImpliedWithWrite() throws Exception + public void testReadImpliedWithWrite() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/blah/index.html")); - resource.setOperation(new Write()); - resource.addAllowed("user"); + resource.setUri(new URI("/blah/index.html")); - - PolicyMetaData metadata = resource.getPolicyMetaData(); - - this.provisioner.newPolicy(metadata); + Write action = new Write(); + + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + this.assertServerState(); //Go ahead and produce a RequestContext for a "Permit" Enforcement - this.enforce(this.createRequest(resource, new Read()), true); + this.enforce(this.createEnforcementContext(resource, new Read()), true); } public void testWriteImpliedWithManage() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/blah/index.html")); - resource.setOperation(new Manage()); - resource.addAllowed("user"); + resource.setUri(new URI("/blah/index.html")); - - PolicyMetaData metadata = resource.getPolicyMetaData(); - - this.provisioner.newPolicy(metadata); + Manage action = new Manage(); + + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + this.assertServerState(); //Go ahead and produce a RequestContext for a "Permit" Enforcement - this.enforce(this.createRequest(resource, new Write()), true); + this.enforce(this.createEnforcementContext(resource, new Write()), true); } public void testWriteNotImpliedWithRead() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/blah/index.html")); - resource.setOperation(new Read()); - resource.addAllowed("user"); + resource.setUri(new URI("/blah/index.html")); - - PolicyMetaData metadata = resource.getPolicyMetaData(); - - this.provisioner.newPolicy(metadata); + Read action = new Read(); + + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + this.assertServerState(); //Go ahead and produce a RequestContext for a "Deny" Enforcement - this.enforce(this.createRequest(resource, new Write()), false); + this.enforce(this.createEnforcementContext(resource, new Write()), false); } //------------------------------------------------------------------------------------------------------------------------------------------------------ - private Request createRequest(URIResource uriResource, Operation operation) throws Exception - { - //Create a RequestType - Request request = new Request(); - - //Create Resource - Resource urlResource = uriResource.getResource(); - request.addResource(urlResource); - - //Create Subjects - Roles roles = new Roles(); - roles.addName("user"); - request.addSubject(roles.getSubject()); - - //Create Action - request.setAction(operation.getAction()); - - return request; - } - - private void enforce(Request request, boolean mustBePermitted) throws Exception - { + private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception + { + EnforcementResponse response = this.enforcer.checkAccess(enforcementContext); - Response response = this.enforcer.checkAccess(request); - assertNotNull(response); log.info("-----------------------------------"); log.info("Decision="+response.getMessage()); @@ -158,6 +168,25 @@ } } + private EnforcementContext createEnforcementContext(URIResource uriResource, Operation operation) throws Exception + { + //Create an EnforcementContext + EnforcementContext context = new EnforcementContext(); + + //Create Resource + context.setAttribute("uri-resource", uriResource); + + //Create Subjects + Roles roles = new Roles(); + roles.addName("user"); + context.setAttribute("roles", roles); + + //Create Action + context.setAttribute("action", operation); + + return context; + } + private void assertServerState() throws Exception { //Assert Policy State of the Server @@ -166,5 +195,5 @@ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1)); log.info("------------------------------------------------------------------------------"); log.info(policies[0].generateSystemPolicy()); - }*/ + } } Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java =================================================================== --- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -26,17 +26,20 @@ import junit.framework.TestCase; import org.apache.log4j.Logger; +import org.jboss.security.authz.model.Effect; import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyMetaData; -import org.jboss.security.authz.model.Resource; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; import org.jboss.security.authz.bootstrap.ServiceContainer; import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.enforcement.EnforcementContext; +import org.jboss.security.authz.agent.enforcement.EnforcementResponse; import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; import org.jboss.security.authz.components.resource.URIResource; import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.components.action.Operation; import org.jboss.security.authz.components.action.Read; import org.jboss.security.authz.components.action.Write; import org.jboss.security.authz.components.action.Manage; @@ -49,61 +52,82 @@ { private static Logger log = Logger.getLogger(TestImpliesHierarchialPropagation.class); + private PolicyComposer policyComposer; private PolicyEnforcementPoint enforcer; - private PolicyProvisioner provisioner; + private PolicyProvisioner provisioner; + public void setUp() throws Exception { - ServiceContainer.bootstrap(); - this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/enforcement/localEnforcementPoint"); - this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/provisioning/localProvisioner"); + ServiceContainer.bootstrap(); + + this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer"); + this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint"); + this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner"); } public void tearDown() throws Exception { } - //TODO: Rewrite these tests with the new Developer Framework - /*public void testExplicitPermitReadImpliedWithWrite() throws Exception + public void testExplicitPermitReadImpliedWithWrite() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1/level2/index.html")); - resource.setOperation(new Write()); - resource.addAllowed("user"); + resource.setUri(new URI("/root/level1/level2/index.html")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Write action = new Write(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Read()); //Perform enforcement - this.enforce(this.createRequest(contextResource), true); + this.enforce(this.createEnforcementContext(contextResource, new Read()), true); } public void testExplicitDenyWriteNotImpliedWithRead() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1/level2/index.html")); - resource.setOperation(new Read()); - resource.addAllowed("user"); + resource.setUri(new URI("/root/level1/level2/index.html")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read action = new Read(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Write()); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); + this.enforce(this.createEnforcementContext(contextResource, new Write()), false); } public void testPermitInheritanceWriteImpliedWithManage() throws Exception @@ -111,41 +135,59 @@ //SetUp Resource URIResource resource = new URIResource(); resource.setUri(new URI("/root/level1")); - resource.setOperation(new Manage()); - resource.addAllowed("user"); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Manage action = new Manage(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Write()); //Perform enforcement - this.enforce(this.createRequest(contextResource), true); + this.enforce(this.createEnforcementContext(contextResource, new Write()), true); } public void testDenyInheritanceManageNotImpliedWithWrite() throws Exception { //SetUp Resource URIResource resource = new URIResource(); - resource.setUri(new URI("/root/level1")); - resource.setOperation(new Write()); - resource.addAllowed("user"); + resource.setUri(new URI("/root/level1")); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Write action = new Write(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + + this.assertServerState(); + //Go ahead and produce a RequestContext for a "Permit" Enforcement URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Manage()); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); + this.enforce(this.createEnforcementContext(contextResource, new Manage()), false); } public void testDenyOverridesPermitInheritance() throws Exception @@ -153,61 +195,50 @@ //SetUp Permit policy...User can write to level1 URIResource resource = new URIResource(); resource.setUri(new URI("/root/level1")); - resource.setOperation(new Write()); - resource.addAllowed("user"); - //Provision the new policy - PolicyMetaData metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Write action = new Write(); + Roles allowedRoles = new Roles(); + allowedRoles.addName("user"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + //Setup denied policy....User can only read level2 resource = new URIResource(); - resource.setUri(new URI("/root/level1/level2")); - resource.setOperation(new Read()); - resource.addAllowed("user"); + resource.setUri(new URI("/root/level1/level2")); - //Provision the new policy - metadata = resource.getPolicyMetaData(); - this.provisioner.newPolicy(metadata); + Read read = new Read(); + + //Setup the Context for the Composition with these components + context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, read, allowedRoles, "allowExpression"); + + //Store the policy into the Policy Server + policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); + //Go ahead and produce a RequestContext for a "Permit" Enforcement //Trying to "Write" to level2 should be Denied URIResource contextResource = new URIResource(); contextResource.setUri(new URI("/root/level1/level2/index.html")); - contextResource.setOperation(new Write()); //Perform enforcement - this.enforce(this.createRequest(contextResource), false); - } + this.enforce(this.createEnforcementContext(contextResource, new Write()), false); + } //------------------------------------------------------------------------------------------------------------------------------------------------------ - private Request createRequest(URIResource uriResource) throws Exception - { - //Create a RequestType - Request request = new Request(); - - //Enable Hierarchial Enforcement - request.setActivateHierarchialEnforcement(true); - - //Create Resource - Resource urlResource = uriResource.getResource(); - request.addResource(urlResource); - - //Create Subjects - Roles roles = new Roles(); - roles.addName("user"); - request.addSubject(roles.getSubject()); - - //Create Action - request.setAction(uriResource.getOperation().getAction()); - - return request; - } - - private void enforce(Request request, boolean mustBePermitted) throws Exception - { + private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception + { + EnforcementResponse response = this.enforcer.checkAccess(enforcementContext); - Response response = this.enforcer.checkAccess(request); - assertNotNull(response); log.info("-----------------------------------"); log.info("Decision="+response.getMessage()); @@ -222,6 +253,28 @@ } } + private EnforcementContext createEnforcementContext(URIResource uriResource, Operation action) throws Exception + { + //Create a EnforcementContext + EnforcementContext context = new EnforcementContext(); + + //Enable Hierarchial Enforcement + context.activateHierarchialEnforcement(); + + //Create Resource + context.setAttribute("uri-resource", uriResource); + + //Create Subjects + Roles roles = new Roles(); + roles.addName("user"); + context.setAttribute("roles", roles); + + //Create Action + context.setAttribute("action", action); + + return context; + } + private void assertServerState() throws Exception { //Assert Policy State of the Server @@ -230,5 +283,5 @@ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1)); log.info("------------------------------------------------------------------------------"); log.info(policies[0].generateSystemPolicy()); - }*/ + } } Deleted: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyServer.java =================================================================== --- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyServer.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyServer.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -1,68 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ -package org.jboss.security.authz.agent.features; - -import java.net.URI; -import junit.framework.TestCase; -import org.apache.log4j.Logger; - -import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; -import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.bootstrap.ServiceContainer; - -/** - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - */ -public class TestPolicyServer extends TestCase -{ - private static Logger log = Logger.getLogger(TestPolicyServer.class); - - private PolicyProvisioner provisioner; - - - public void setUp() throws Exception - { - ServiceContainer.bootstrap(); - this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/provisioning/localProvisioner"); - } - - public void tearDown() throws Exception - { - } - - //TODO: Rewrite these tests with the new Developer Framework - /*public void testNewPolicy() throws Exception - { - HttpResource httpResource = new HttpResource(); - httpResource.setUri(new URI("/blah/index.html")); - httpResource.addParameter("param1", "param1Value"); - - this.provisioner.newPolicy(httpResource.getPolicyMetaData()); - - //Assert Policy State of the Server - Policy[] policies = this.provisioner.readAllPolicies(); - - assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1)); - log.info("------------------------------------------------------------------------------"); - log.info(policies[0].generateSystemPolicy()); - }*/ -} Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java =================================================================== --- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java 2009-07-14 14:00:19 UTC (rev 13553) +++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java 2009-07-14 20:33:01 UTC (rev 13554) @@ -110,7 +110,7 @@ ResourceMatchType rmt = new ResourceMatchType(); rmt.setMatchId(resourceMatch.getFunctionId()); - rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(), true)); + rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(), resourceMatch.designatorMustBePresent())); rmt.setAttributeValue(PolicyAttributeFactory .createStringAttributeType(resourceMatch.getAttribute().getValue())); @@ -194,7 +194,7 @@ ActionMatchType amct = new ActionMatchType(); amct.setMatchId(action.getFunctionId()); amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue())); - amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(), true)); + amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(), action.designatorMustBePresent())); actionType.getActionMatch().add(amct); actions.getAction().add(actionType); } @@ -212,7 +212,7 @@ SubjectMatchType match = new SubjectMatchType(); match.setMatchId(subject.getFunctionId()); match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue())); - match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(), true)); + match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(), subject.designatorMustBePresent())); subjectType.getSubjectMatch().add(match); subjects.getSubject().add(subjectType); } @@ -243,7 +243,8 @@ apply.getExpression().add(jaxbAttrValue); //Place within the Context where this Value should exist during an Authorization Request - apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(), true)); + apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(), + attributeExpression.designatorMustBePresent())); condition.setExpression(objectFactory.createApply(apply));