Author: sohil.shah(a)jboss.com
Date: 2009-07-30 16:23:52 -0400 (Thu, 30 Jul 2009)
New Revision: 13645
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
Removed:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestOwnerTypeRules.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageNavSecurityRules.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageSecurityRules.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPortalConfigSecurityRules.java
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
Log:
testsuite ported with the new framework approach
* same exact functionality, just security swapped
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -115,7 +115,7 @@
page.setName("index");
page.setOwnerType(this.getOwnerType());
page.setOwnerId("foo");
- page.setAccessPermissions(new String[]{"whatever:/platform/guests"});
//TODO: make this "*:/platform/guests" once the custom Roles component is
implemented
+ page.setAccessPermissions(new String[]{"*:"+this.guestGroup_});
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
@@ -141,7 +141,7 @@
page.setOwnerType(this.getOwnerType());
page.setOwnerId("foo");
page.setAccessPermissions(new String[0]);
- page.setEditPermission("whatever:/platform/guests"); //TODO: make this
"*:/platform/guests" once the custom Roles component is implemented
+ page.setEditPermission("*:"+this.guestGroup_);
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
@@ -166,7 +166,7 @@
page.setName("index");
page.setOwnerType(this.getOwnerType());
page.setOwnerId("foo");
- page.setAccessPermissions(new String[]{"Everyone",
"whatever:/platform/guests"}); //TODO: make this "*:/platform/guests"
once the custom Roles component is implemented
+ page.setAccessPermissions(new String[]{"Everyone",
"*:"+this.guestGroup_});
this.provisionPagePolicy(page);
this.dumpPolicyRepository();
@@ -185,6 +185,31 @@
this.enforce(this.readPageEnforcementContext(this.guest, page), true);
}
+ public void testPageAccessibleByGuestsOnly() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[]{"*:"+this.guestGroup_});
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+
public void testPageWithAccessPermission() throws Exception
{
Page page = new Page();
@@ -236,7 +261,7 @@
this.enforce(this.readPageEnforcementContext(this.guest, page), false);
//TODO: test with *:/manageable once wild card based custom Roles component is
implemented
- }
+ }
//
------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Provisioning Phase: Provisions the Policy associated with the "Page". The
@@ -249,14 +274,18 @@
*/
private void provisionPagePolicy(Page page) throws Exception
{
+ CompositionContext context = new CompositionContext();
+
// SetUp Resource
URIResource target = new URIResource();
target.setUri(new URI(page.getName()));
-
- // Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
context.setPolicyTarget(target);
+ //SuperUser Access
+ org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); // Provided via system configuration
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+
// Read Access
if (page.getAccessPermissions() != null
&& page.getAccessPermissions().length > 0)
@@ -265,10 +294,25 @@
String[] accessPermissions = page.getAccessPermissions();
for (String accessPermission : accessPermissions)
{
- readRoles.addName(accessPermission);
+ if(!this.isGuestGroup(accessPermission))
+ {
+ readRoles.addName(accessPermission);
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName(accessPermission);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Read(), guest,
"allowExpression");
+ }
}
- context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ if(!readRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
"allowExpression");
+ }
}
// Write Access
@@ -276,18 +320,26 @@
if (editPermission != null && editPermission.trim().length() > 0)
{
Roles writeRoles = new Roles();
- writeRoles.addName(editPermission);
- context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+
+ if(!this.isGuestGroup(editPermission))
+ {
+ writeRoles.addName(editPermission);
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
"allowExpression");
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName(editPermission);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
+ }
+
}
- // Super User/Everyone (gives access without further evaluation)
- org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
- superuser.setName(this.root.getId()); // Provided via system configuration
-
- // Setup the super user and everyone based rules
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
-
+
// SetUp OwnerType based Rules
if (page.getOwnerType().equals(PortalConfig.USER_TYPE))
{
@@ -362,8 +414,7 @@
}
// Create Roles
- Roles roles = new Roles();
- roles.addName("Everyone");
+ Roles roles = new Roles();
Collection<MembershipEntry> memberships = user.getMemberships();
if (memberships != null && !memberships.isEmpty())
{
@@ -378,10 +429,11 @@
if (user.getId() == null)
{
// This is a guest user
- roles.addName("whatever:/platform/guests"); // Provided via system
configuration
+ roles.addName("*:"+this.guestGroup_); // Provided via system configuration
roles.addName(Roles.ANONYMOUS);
}
}
+ roles.addName("Everyone");
context.setAttribute("roles", roles);
return context;
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -3,7 +3,6 @@
*/
package org.exoplatform.portal.config.security.jboss;
-import java.net.URI;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
@@ -20,19 +19,13 @@
import org.jboss.security.authz.bootstrap.ServiceContainer;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Roles;
-
-import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.agent.services.PolicyComposer;
/**
@@ -45,6 +38,11 @@
User root, administrator, manager, user, guest;
+ String navigationCreatorMembershipType_;
+ String superuser_;
+ String guestGroup_;
+
+
PolicyComposer policyComposer;
PolicyEnforcementPoint enforcer;
PolicyProvisioner provisioner;
@@ -59,17 +57,23 @@
this.provisioner = (PolicyProvisioner) ServiceContainer
.lookup("/agent/LocalPolicyProvisioner");
- this.root = new User("root");
+ //via system configuration
+ this.navigationCreatorMembershipType_ = "manager";
+ this.superuser_ = "root";
+
+ this.guestGroup_ = "/platform/guests";
+
+ this.root = new User(this.superuser_);
+
this.administrator = new User("administrator");
this.administrator.addMembership("whatever",
"/platform/administrators");
+
this.manager = new User("manager");
this.manager.addMembership("manager", "/manageable");
+
this.user = new User("user");
- this.guest = new User(null);
- //Bootstrap the Policy Repository
- //Provision the Policy that protects "Portal Creation"
- this.provisionCreatePortalPolicy();
+ this.guest = new User(null);
}
protected void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
@@ -103,54 +107,19 @@
log.info(storedPolicy.generateSystemPolicy());
}
}
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Provisioning Phase: Provisions the Policy for Portal Creation. The Policy Structure
is created using "Security Components" whose state is populated from
- * appropriate System configuration values
- */
- private void provisionCreatePortalPolicy() throws Exception
- {
- //Using the custom "CreatePortal" "Security Component"
- CreatePortal action = new CreatePortal();
- URIResource resource = new URIResource();
- resource.setUri(new URI(action.getName()));
-
+ }
+
+ protected boolean isGuestGroup(String groupEntry)
+ {
+ UserACL.Permission permission = new UserACL.Permission();
+ permission.setPermissionExpression(groupEntry);
- //Super User/Everyone (gives access without further evaluation)
- org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
- superuser.setName(this.root.getId()); //Provided via system configuration
- Roles everyone = new Roles();
- everyone.addName(UserACL.EVERYONE);
+ if(permission.getGroupId().equals(this.guestGroup_))
+ {
+ return true;
+ }
- //Guest Group
- //TODO: replace whatever:/platform/guests with *:/platform/guests once custom Roles
component is implemented
- Roles guest = new Roles();
- //guest.addName("*:/platform/guests"); //Provided via system configuration
- guest.addName("whatever:/platform/guests");
- guest.addName(Roles.ANONYMOUS);
- guest.setMustMatchAll(true);
-
- //PortalCreators Group....
- //TODO: replace whatever:/platform/administrators, and
whatever:/organization/management/executive-board
- //with *:/platform/administrators, and *:/organization/management/executive-board once
custom Roles component is implemented
- Roles portalCreators = new Roles();
- //portalCreators.addName("*:/platform/administrators"); //Provided via system
configuration
- //portalCreators.addName("*:/organization/management/executive-board");
//Provided via system configuration
- portalCreators.addName("whatever:/platform/administrators");
- portalCreators.addName("whatever:/organization/management/executive-board");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, superuser);
- context.addPolicyRule(Effect.PERMIT, action, everyone, "allowExpression");
- context.addPolicyRule(Effect.PERMIT, action, guest, "allowExpression");
- context.addPolicyRule(Effect.PERMIT, action, portalCreators,
"allowExpression");
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ return false;
}
//----------------------------------------------------------------------------------------------------------------------------------------------------------------------
public class User
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -22,64 +22,159 @@
import org.exoplatform.services.security.MembershipEntry;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
-
/**
* @author soshah
- *
+ *
*/
-public class TestJBossCreatePortalACL extends JBossAbstractTestUserACL
+public class TestJBossCreatePortalACL extends JBossAbstractTestUserACL
{
- public void testPermission() throws Exception
- {
- //Generate an EnforcementContext to see if the superuser and administrator are allowed
to create a Portal...Result: They should be
- this.enforce(this.createPortalEnforcementContext(this.root), true);
- this.enforce(this.createPortalEnforcementContext(this.administrator), true);
-
- //Generate an EnforcementContext to see if a standard manager and a regular user are
allowed to create a Portal..Result: They shouldn't be
- this.enforce(this.createPortalEnforcementContext(this.manager), false);
- this.enforce(this.createPortalEnforcementContext(this.user), false);
- }
-
//----------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Create a New Portal". The EnforcementContext is populated with
- * "Security Components" whose state comes from the state of the application
for the incoming thread
- */
- private EnforcementContext createPortalEnforcementContext(User creator) throws
Exception
- {
- // Create an EnforcementContext
+ public void testCreatePortal() throws Exception
+ {
+ this.provisionCreatePortalPolicy(false);
+ this.dumpPolicyRepository();
+
+ // Generate an EnforcementContext to see if the superuser and administrator
+ // are allowed to create a Portal...Result: They should be
+ this.enforce(this.createPortalEnforcementContext(this.root), true);
+ this.enforce(this.createPortalEnforcementContext(this.administrator), true);
+ this.enforce(this.createPortalEnforcementContext(this.guest), false);
+
+ // Generate an EnforcementContext to see if a standard manager and a regular
+ // user are allowed to create a Portal..Result: They shouldn't be
+ this.enforce(this.createPortalEnforcementContext(this.manager), false);
+ this.enforce(this.createPortalEnforcementContext(this.user), false);
+ }
+
+ public void testCreatePortalGuestAllowed() throws Exception
+ {
+ this.provisionCreatePortalPolicy(true);
+ this.dumpPolicyRepository();
+
+ // Generate an EnforcementContext to see if the superuser and administrator
+ // are allowed to create a Portal...Result: They should be
+ this.enforce(this.createPortalEnforcementContext(this.root), true);
+ this.enforce(this.createPortalEnforcementContext(this.administrator), true);
+ this.enforce(this.createPortalEnforcementContext(this.guest), true);
+
+ // Generate an EnforcementContext to see if a standard manager and a regular
+ // user are allowed to create a Portal..Result: They shouldn't be
+ this.enforce(this.createPortalEnforcementContext(this.manager), false);
+ this.enforce(this.createPortalEnforcementContext(this.user), false);
+ }
+ //
---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Provisioning Phase: Provisions the Policy for Portal Creation. The Policy
+ * Structure is created using "Security Components" whose state is populated
+ * from appropriate System configuration values
+ */
+ private void provisionCreatePortalPolicy(boolean guestAllowed) throws Exception
+ {
+ CompositionContext context = new CompositionContext();
+
+ // Using the custom "CreatePortal" "Security Component"
+ CreatePortal action = new CreatePortal();
+ URIResource resource = new URIResource();
+ resource.setUri(new URI(action.getName()));
+ context.setPolicyTarget(resource);
+
+ // Super User... Supers Users have access to everything
+ org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); // Provided via system configuration
+ context.addPolicyRule(Effect.PERMIT, action, superuser);
+
+ if(guestAllowed)
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName("*:"+this.guestGroup_);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, action, guest, "allowExpression");
+ }
+
+ // PortalCreators Group....
+ // TODO: replace whatever:/platform/administrators, and
+ // whatever:/organization/management/executive-board
+ // with *:/platform/administrators, and
+ // *:/organization/management/executive-board once custom Roles component is
+ // implemented
+ Roles portalCreators = new Roles();
+ // portalCreators.addName("*:/platform/administrators"); //Provided via
+ // system configuration
+ // portalCreators.addName("*:/organization/management/executive-board");
+ // //Provided via system configuration
+ portalCreators.addName("whatever:/platform/administrators");
+ portalCreators.addName("whatever:/organization/management/executive-board");
+ context.addPolicyRule(Effect.PERMIT, action, portalCreators,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ this.provisioner.newPolicy(policyMetaData);
+ }
+
+ //
----------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request
+ * that is trying to "Create a New Portal". The EnforcementContext is
+ * populated with "Security Components" whose state comes from the state of
+ * the application for the incoming thread
+ */
+ private EnforcementContext createPortalEnforcementContext(User user)
+ throws Exception
+ {
+ // Create an EnforcementContext
EnforcementContext context = new EnforcementContext();
CreatePortal action = new CreatePortal();
-
+
// Create Resource
URIResource resource = new URIResource();
resource.setUri(new URI(action.getName()));
context.setAttribute("resource", resource);
// Create Identity
- Identity identity = new Identity();
- identity.setName(creator.getId());
- context.setAttribute("identity", identity);
-
- //Create Roles
- Collection<MembershipEntry> memberships = creator.getMemberships();
- if(memberships != null && !memberships.isEmpty())
+ if(user.getId() != null)
{
- Roles roles = new Roles();
- for(MembershipEntry membership: memberships)
+ Identity identity = new Identity();
+ identity.setName(user.getId());
+ context.setAttribute("identity", identity);
+ }
+
+ // Create Roles
+ Roles roles = new Roles();
+ Collection<MembershipEntry> memberships = user.getMemberships();
+ if (memberships != null && !memberships.isEmpty())
+ {
+ for (MembershipEntry membership : memberships)
{
roles.addName(membership.toString());
}
- context.setAttribute("roles", roles);
- }
+ }
+ else
+ {
+ // Check to see if this is guest access
+ if (user.getId() == null)
+ {
+ // This is a guest user
+ roles.addName("*:"+this.guestGroup_); // Provided via system
+ // configuration
+ roles.addName(Roles.ANONYMOUS);
+ }
+ }
+ roles.addName("Everyone");
+ context.setAttribute("roles", roles);
// Create Action
context.setAttribute("action", action);
return context;
- }
+ }
}
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
(rev 0)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2003-2007 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not,
see<http://www.gnu.org/licenses/>.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import org.exoplatform.portal.config.model.PageNavigation;
+import java.util.Collection;
+import java.net.URI;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.services.security.MembershipEntry;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+
+/**
+ *
+ * @author soshah
+ *
+ */
+public class TestJBossPageNavACL extends JBossAbstractTestUserACL
+{
+
+ public void testNavEditByManagerGroup() throws Exception
+ {
+ PageNavigation nav = new PageNavigation();
+ nav.setDescription("testPageNavigation");
+ nav.setOwnerType(PortalConfig.GROUP_TYPE);
+ nav.setOwnerId("manageable");
+
+ this.provisionPageNavigationPolicy(nav);
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
+ this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.manager, nav), true);
+ this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ }
+
+ public void testNavEditByFooGroup() throws Exception
+ {
+ PageNavigation nav = new PageNavigation();
+ nav.setDescription("testPageNavigation");
+ nav.setOwnerType(PortalConfig.GROUP_TYPE);
+ nav.setOwnerId("foo");
+
+ this.provisionPageNavigationPolicy(nav);
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
+ this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ }
+
+ public void testNavEditByUser() throws Exception
+ {
+ PageNavigation nav = new PageNavigation();
+ nav.setDescription("testPageNavigation");
+ nav.setOwnerType(PortalConfig.USER_TYPE);
+ nav.setOwnerId("user");
+
+ this.provisionPageNavigationPolicy(nav);
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
+ this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.user, nav), true);
+ this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ }
+
+ public void testNavEditByGuest() throws Exception
+ {
+ PageNavigation nav = new PageNavigation();
+ nav.setDescription("testPageNavigation");
+ nav.setOwnerType(PortalConfig.GROUP_TYPE);
+ nav.setOwnerId(this.guestGroup_);
+
+ this.provisionPageNavigationPolicy(nav);
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
+ this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
+ this.enforce(this.writePageNavEnforcementContext(this.guest, nav), true);
+ }
+ //
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Provisioning Phase: Provisions the Policy associated with the
+ * "Page Navigation". The Policy Structure is created using
+ * "Security Components" whose state is populated from state of the
+ * PageNavigation object
+ */
+ private void provisionPageNavigationPolicy(PageNavigation pageNavigation)
+ throws Exception
+ {
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+
+ // SetUp Resource
+ URIResource target = new URIResource();
+ target.setUri(new URI(pageNavigation.getDescription()));
+ context.setPolicyTarget(target);
+
+ // Super User/Everyone (gives access without further evaluation)
+ org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); // Provided via system configuration
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+
+ if(pageNavigation.getOwnerType().equals(PortalConfig.GROUP_TYPE))
+ {
+ Roles roles = new Roles();
+ StringBuilder buffer = new
StringBuilder(this.navigationCreatorMembershipType_+":");
+ if(pageNavigation.getOwnerId().startsWith("/"))
+ {
+ buffer.append(pageNavigation.getOwnerId());
+ }
+ else
+ {
+ buffer.append("/"+pageNavigation.getOwnerId());
+ }
+ String roleName = buffer.toString();
+
+ if(!this.isGuestGroup(roleName))
+ {
+ roles.addName(roleName);
+ context.addPolicyRule(Effect.PERMIT, new Write(), roles,
+ "allowExpression");
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ //guest.addName(roleName); //TODO: this is the correct value once the custom Roles
component is used
+ guest.addName("*:"+this.guestGroup_);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
+ }
+ }
+ else if(pageNavigation.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ Identity identity = new Identity();
+ identity.setName(pageNavigation.getOwnerId());
+ context.addPolicyRule(Effect.PERMIT, new Write(), identity);
+ }
+
+ // Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ this.provisioner.newPolicy(policyMetaData);
+ }
+ //
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Edit the Page Navigation Object". The EnforcementContext is populated
with
+ * "Security Components" whose state comes from the state of the application
for the incoming thread
+ */
+ private EnforcementContext writePageNavEnforcementContext(User user, PageNavigation
pageNavigation) throws Exception
+ {
+ //Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Create Resource
+ URIResource portalRes = new URIResource();
+ portalRes.setUri(new URI(pageNavigation.getDescription()));
+ context.setAttribute("resource", portalRes);
+
+ // Create Identity
+ Identity identity = new Identity();
+ if(user.getId() != null)
+ {
+ identity.setName(user.getId());
+ context.setAttribute("identity", identity);
+ }
+
+ //Create Roles
+ Roles roles = new Roles();
+ Collection<MembershipEntry> memberships = user.getMemberships();
+ if (memberships != null && !memberships.isEmpty())
+ {
+ for (MembershipEntry membership : memberships)
+ {
+ roles.addName(membership.toString());
+ }
+ }
+ else
+ {
+ // Check to see if this is guest access
+ if (user.getId() == null)
+ {
+ // This is a guest user
+ roles.addName("*:"+this.guestGroup_); // Provided via system configuration
+ roles.addName(Roles.ANONYMOUS);
+ }
+ }
+ roles.addName("Everyone");
+ context.setAttribute("roles", roles);
+
+ context.setAttribute("action", new Write());
+
+ return context;
+ }
+}
\ No newline at end of file
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -20,7 +20,6 @@
import java.net.URI;
import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.portal.config.UserACL;
import org.exoplatform.services.security.MembershipEntry;
import org.jboss.security.authz.agent.services.CompositionContext;
@@ -36,187 +35,261 @@
/**
*
* @author soshah
- *
+ *
*/
-public class TestJBossPortalConfigACL extends JBossAbstractTestUserACL
+public class TestJBossPortalConfigACL extends JBossAbstractTestUserACL
{
+ public void testPortalRootAccessOnly() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ this.provisionPortalConfigPolicy(portal);
- public void testPortalRootAccessOnly() throws Exception
- {
- PortalConfig portal = new PortalConfig();
- portal.setName("foo");
- this.provisionPortalConfigPolicy(portal);
-
- this.dumpPolicyRepository();
-
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
- }
+ this.dumpPolicyRepository();
- public void testPortalOnlyReadAccess() throws Exception
- {
- PortalConfig portal = new PortalConfig();
- portal.setName("foo");
- portal.setAccessPermissions(new String[]{"manager:/manageable"});
- this.provisionPortalConfigPolicy(portal);
-
- this.dumpPolicyRepository();
-
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
- }
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(
+ this.writePortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.manager, portal),
+ false);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
- public void testPortalEditableAndReadImplied() throws Exception
- {
- PortalConfig portal = new PortalConfig();
- portal.setName("foo");
- portal.setEditPermission("manager:/manageable");
- this.provisionPortalConfigPolicy(portal);
-
- this.dumpPolicyRepository();
-
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
- }
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
+ false);
+ this
+ .enforce(this.readPortalEnforcementContext(this.manager, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
- public void testPortalReadAndEditableExplicit() throws Exception
- {
- PortalConfig portal = new PortalConfig();
- portal.setName("foo");
- portal.setAccessPermissions(new String[]{"manager:/manageable"});
- portal.setEditPermission("manager:/manageable");
-
- this.provisionPortalConfigPolicy(portal);
-
- this.dumpPolicyRepository();
+ public void testPortalOnlyReadAccess() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setAccessPermissions(new String[] { "manager:/manageable" });
+ this.provisionPortalConfigPolicy(portal);
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
- }
-
//--------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Provisioning Phase: Provisions the Policy associated with the "Portal".
The Policy Structure is created using "Security Components" whose state is
populated from
- * state of the PortalConfig object
- */
- private void provisionPortalConfigPolicy(PortalConfig portal) throws Exception
- {
- // SetUp Resource
- URIResource target = new URIResource();
- target.setUri(new URI(portal.getName()));
+ this.dumpPolicyRepository();
- // Setup the Context for the Composition with these components
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(
+ this.writePortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.manager, portal),
+ false);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
+ false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+
+ public void testPortalEditableAndReadImplied() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setEditPermission("manager:/manageable");
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(
+ this.writePortalEnforcementContext(this.administrator, portal), false);
+ this
+ .enforce(this.writePortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
+ false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+
+ public void testPortalReadAndEditableExplicit() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setAccessPermissions(new String[] { "manager:/manageable" });
+ portal.setEditPermission("manager:/manageable");
+
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(
+ this.writePortalEnforcementContext(this.administrator, portal), false);
+ this
+ .enforce(this.writePortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
+ false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+
+ public void testGuestAllowedEdit() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setEditPermission("*:"+this.guestGroup_);
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(
+ this.writePortalEnforcementContext(this.administrator, portal), false);
+ this
+ .enforce(this.writePortalEnforcementContext(this.manager, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), true);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
+ false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), true);
+ }
+ //
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Provisioning Phase: Provisions the Policy associated with the "Portal".
The
+ * Policy Structure is created using "Security Components" whose state is
+ * populated from state of the PortalConfig object
+ */
+ private void provisionPortalConfigPolicy(PortalConfig portal)
+ throws Exception
+ {
CompositionContext context = new CompositionContext();
+
+ // SetUp Resource
+ URIResource target = new URIResource();
+ target.setUri(new URI(portal.getName()));
context.setPolicyTarget(target);
-
+
+ // Super User/Everyone (gives access without further evaluation)
+ org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); // Provided via system configuration
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+
// Read Access
if (portal.getAccessPermissions() != null
- && portal.getAccessPermissions().length > 0)
+ && portal.getAccessPermissions().length > 0)
{
Roles readRoles = new Roles();
String[] accessPermissions = portal.getAccessPermissions();
- for (String accessPermission : accessPermissions)
+ for (String accessPermission : accessPermissions)
{
- readRoles.addName(accessPermission);
+ if(!this.isGuestGroup(accessPermission))
+ {
+ readRoles.addName(accessPermission);
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName(accessPermission);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Read(), guest,
"allowExpression");
+ }
}
- context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ if(!readRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
"allowExpression");
+ }
}
// Write Access
String editPermission = portal.getEditPermission();
- if (editPermission != null && editPermission.trim().length() > 0)
+ if (editPermission != null && editPermission.trim().length() > 0)
{
Roles writeRoles = new Roles();
- writeRoles.addName(editPermission);
- context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+
+ if(!this.isGuestGroup(editPermission))
+ {
+ writeRoles.addName(editPermission);
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
"allowExpression");
+ }
+ else
+ {
+ // Guest Group
+ Roles guest = new Roles();
+ guest.addName(editPermission);
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+ context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
+ }
+
}
- //Super User/Everyone (gives access without further evaluation)
- org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
- superuser.setName(this.root.getId()); //Provided via system configuration
-
- //Setup the Context for the Composition with these components........
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
-
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
- }
-
//---------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Read the Portal Object". The EnforcementContext is populated with
- * "Security Components" whose state comes from the state of the application
for the incoming thread
- */
- private EnforcementContext readPortalEnforcementContext(User user, PortalConfig portal)
throws Exception
- {
- //Create an EnforcementContext
- EnforcementContext context = this.accessPortalEnforcementContext(user, portal);
+ }
+ //
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request
+ * that is trying to "Read the Portal Object". The EnforcementContext is
+ * populated with "Security Components" whose state comes from the state of
+ * the application for the incoming thread
+ */
+ private EnforcementContext readPortalEnforcementContext(User user,
+ PortalConfig portal) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.accessPortalEnforcementContext(user,
+ portal);
+
// Create Action
context.setAttribute("action", new Read());
return context;
- }
-
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Edit the Portal Object". The EnforcementContext is populated with
- * "Security Components" whose state comes from the state of the application
for the incoming thread
- */
- private EnforcementContext writePortalEnforcementContext(User user, PortalConfig
portal) throws Exception
- {
- //Create an EnforcementContext
- EnforcementContext context = this.accessPortalEnforcementContext(user, portal);
+ }
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request
+ * that is trying to "Edit the Portal Object". The EnforcementContext is
+ * populated with "Security Components" whose state comes from the state of
+ * the application for the incoming thread
+ */
+ private EnforcementContext writePortalEnforcementContext(User user,
+ PortalConfig portal) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.accessPortalEnforcementContext(user,
+ portal);
+
// Create Action
context.setAttribute("action", new Write());
return context;
- }
-
-
- private EnforcementContext accessPortalEnforcementContext(User user, PortalConfig
portal) throws Exception
- {
- //Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
+ }
+ private EnforcementContext accessPortalEnforcementContext(User user,
+ PortalConfig portal) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
// Create Resource
URIResource portalRes = new URIResource();
portalRes.setUri(new URI(portal.getName()));
@@ -224,22 +297,21 @@
// Create Identity
Identity identity = new Identity();
- if(user.getId() != null)
+ if (user.getId() != null)
{
identity.setName(user.getId());
context.setAttribute("identity", identity);
- }
-
- //Create Roles
- Roles roles = new Roles();
- roles.addName("Everyone");
+ }
+
+ // Create Roles
+ Roles roles = new Roles();
Collection<MembershipEntry> memberships = user.getMemberships();
if (memberships != null && !memberships.isEmpty())
{
for (MembershipEntry membership : memberships)
{
roles.addName(membership.toString());
- }
+ }
}
else
{
@@ -247,12 +319,14 @@
if (user.getId() == null)
{
// This is a guest user
- roles.addName("whatever:/platform/guests"); // Provided via system
configuration
- roles.addName(Roles.ANONYMOUS);
+ roles.addName("*:"+this.guestGroup_); // Provided via system
+ // configuration
+ roles.addName(Roles.ANONYMOUS);
}
}
+ roles.addName("Everyone");
context.setAttribute("roles", roles);
-
+
return context;
- }
+ }
}
Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestOwnerTypeRules.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestOwnerTypeRules.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestOwnerTypeRules.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -1,151 +0,0 @@
-package org.exoplatform.portal.config.security.jboss;
-
-
-import java.net.URI;
-
-import org.apache.log4j.Logger;
-
-import org.exoplatform.test.BasicTestCase;
-import org.exoplatform.portal.config.model.PortalConfig;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.action.Read;
-
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-
-
-/**
- *
- * @author soshah
- *
- */
-public class TestOwnerTypeRules extends BasicTestCase
-{
- private static Logger log = Logger.getLogger(TestOwnerTypeRules.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- @Override
- protected void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
- this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer =
(PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner =
(PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void testGroupType() throws Exception
- {
- //SetUp Resource
- URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
- OwnerType ownerType = new OwnerType();
- ownerType.setType(PortalConfig.GROUP_TYPE);
-
- Roles allowedRoles = new Roles();
- allowedRoles.addName("navigationCreatorMembershipType_:/marketing");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, ownerType, allowedRoles,
"allowExpression");
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
- }
-
- public void testUserType() throws Exception
- {
- //SetUp Resource
- URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
- OwnerType ownerType = new OwnerType();
- ownerType.setType(PortalConfig.USER_TYPE);
-
- Identity identity = new Identity();
- identity.setName("mockuser(a)exoportal.com");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, ownerType, identity, null);
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
- }
-
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void assertServerState() throws Exception
- {
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
- }
-
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource protectedResource, Read
action) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
- // Create Resource
- context.setAttribute("uri-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- // Create Action
- context.setAttribute("action", action);
-
- return context;
- }
-}
Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageNavSecurityRules.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageNavSecurityRules.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageNavSecurityRules.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -1,153 +0,0 @@
-package org.exoplatform.portal.config.security.jboss;
-
-
-import java.net.URI;
-
-import org.apache.log4j.Logger;
-
-import org.exoplatform.test.BasicTestCase;
-import org.exoplatform.portal.config.UserACL;
-import org.exoplatform.portal.config.model.PortalConfig;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.action.Operation;
-import org.jboss.security.authz.components.action.Write;
-
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-
-
-/**
- *
- * @author soshah
- *
- */
-public class TestPageNavSecurityRules extends BasicTestCase
-{
- private static Logger log = Logger.getLogger(TestPageNavSecurityRules.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- @Override
- protected void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
- this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer =
(PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner =
(PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void testReadRule() throws Exception
- {
- this.provisionPortalSecurityRules();
- this.assertServerState();
- }
-
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void assertServerState() throws Exception
- {
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
- }
-
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource protectedResource,
Operation action) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
- // Create Resource
- context.setAttribute("uri-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- // Create Action
- context.setAttribute("action", action);
-
- return context;
- }
-
- private void provisionPortalSecurityRules() throws Exception
- {
- //SetUp Resource
- URIResource resource = new URIResource();
- resource.setUri(new URI("adminPortal"));
-
- //Super User/Everyone (gives access without further evaluation)
- Identity superuser = new Identity();
- superuser.setName("administrator"); //Provided via system configuration
- Roles everyone = new Roles();
- everyone.addName(UserACL.EVERYONE);
-
- //Guest Group
- Roles guest = new Roles();
- guest.addName("guests"); //Provided via system configuration
- guest.addName(Roles.ANONYMOUS);
- guest.setMustMatchAll(true);
-
- //PortalCreators Group
- Roles portalCreators = new Roles();
- portalCreators.addName("portalCreator1"); //Provided via system
configuration
- portalCreators.addName("portalCreator2");
-
- //Other allowed Roles
- Roles others = new Roles();
- others.addName("employees");
- others.addName("partners");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
- context.addPolicyRule(Effect.PERMIT, new Write(), everyone,
"allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), guest, "allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), portalCreators,
"allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), others,
"allowExpression");
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
- }
-}
Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageSecurityRules.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageSecurityRules.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPageSecurityRules.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -1,153 +0,0 @@
-package org.exoplatform.portal.config.security.jboss;
-
-
-import java.net.URI;
-
-import org.apache.log4j.Logger;
-
-import org.exoplatform.test.BasicTestCase;
-import org.exoplatform.portal.config.UserACL;
-import org.exoplatform.portal.config.model.PortalConfig;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.action.Operation;
-import org.jboss.security.authz.components.action.Write;
-
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-
-
-/**
- *
- * @author soshah
- *
- */
-public class TestPageSecurityRules extends BasicTestCase
-{
- private static Logger log = Logger.getLogger(TestPageSecurityRules.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- @Override
- protected void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
- this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer =
(PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner =
(PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void testReadRule() throws Exception
- {
- this.provisionPortalSecurityRules();
- this.assertServerState();
- }
-
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void assertServerState() throws Exception
- {
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
- }
-
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource protectedResource,
Operation action) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
- // Create Resource
- context.setAttribute("uri-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- // Create Action
- context.setAttribute("action", action);
-
- return context;
- }
-
- private void provisionPortalSecurityRules() throws Exception
- {
- //SetUp Resource
- URIResource resource = new URIResource();
- resource.setUri(new URI("adminPortal"));
-
- //Super User/Everyone (gives access without further evaluation)
- Identity superuser = new Identity();
- superuser.setName("administrator"); //Provided via system configuration
- Roles everyone = new Roles();
- everyone.addName(UserACL.EVERYONE);
-
- //Guest Group
- Roles guest = new Roles();
- guest.addName("guests"); //Provided via system configuration
- guest.addName(Roles.ANONYMOUS);
- guest.setMustMatchAll(true);
-
- //PortalCreators Group
- Roles portalCreators = new Roles();
- portalCreators.addName("portalCreator1"); //Provided via system
configuration
- portalCreators.addName("portalCreator2");
-
- //Other allowed Roles
- Roles others = new Roles();
- others.addName("employees");
- others.addName("partners");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
- context.addPolicyRule(Effect.PERMIT, new Write(), everyone,
"allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), guest, "allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), portalCreators,
"allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), others,
"allowExpression");
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
- }
-}
Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPortalConfigSecurityRules.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPortalConfigSecurityRules.java 2009-07-30
14:37:24 UTC (rev 13644)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestPortalConfigSecurityRules.java 2009-07-30
20:23:52 UTC (rev 13645)
@@ -1,153 +0,0 @@
-package org.exoplatform.portal.config.security.jboss;
-
-
-import java.net.URI;
-
-import org.apache.log4j.Logger;
-
-import org.exoplatform.test.BasicTestCase;
-import org.exoplatform.portal.config.UserACL;
-import org.exoplatform.portal.config.model.PortalConfig;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.action.Operation;
-import org.jboss.security.authz.components.action.Write;
-
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-
-
-/**
- *
- * @author soshah
- *
- */
-public class TestPortalConfigSecurityRules extends BasicTestCase
-{
- private static Logger log = Logger.getLogger(TestPortalConfigSecurityRules.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- @Override
- protected void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
- this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer =
(PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner =
(PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void testReadRule() throws Exception
- {
- this.provisionPortalSecurityRules();
- this.assertServerState();
- }
-
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void assertServerState() throws Exception
- {
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
- }
-
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource protectedResource,
Operation action) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
- // Create Resource
- context.setAttribute("uri-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- // Create Action
- context.setAttribute("action", action);
-
- return context;
- }
-
- private void provisionPortalSecurityRules() throws Exception
- {
- //SetUp Resource
- URIResource resource = new URIResource();
- resource.setUri(new URI("adminPortal"));
-
- //Super User/Everyone (gives access without further evaluation)
- Identity superuser = new Identity();
- superuser.setName("administrator"); //Provided via system configuration
- Roles everyone = new Roles();
- everyone.addName(UserACL.EVERYONE);
-
- //Guest Group
- Roles guest = new Roles();
- guest.addName("guests"); //Provided via system configuration
- guest.addName(Roles.ANONYMOUS);
- guest.setMustMatchAll(true);
-
- //PortalCreators Group
- Roles portalCreators = new Roles();
- portalCreators.addName("portalCreator1"); //Provided via system
configuration
- portalCreators.addName("portalCreator2");
-
- //Other allowed Roles
- Roles others = new Roles();
- others.addName("employees");
- others.addName("partners");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
- context.addPolicyRule(Effect.PERMIT, new Write(), everyone,
"allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), guest, "allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), portalCreators,
"allowExpression");
- context.addPolicyRule(Effect.PERMIT, new Write(), others,
"allowExpression");
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
- }
-}