[jboss-cvs] JBossAS SVN: r64456 - in projects/security/security-jboss-sx/trunk/src: main/org/jboss/security/authorization/config and 11 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Aug 3 12:49:43 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-08-03 12:49:42 -0400 (Fri, 03 Aug 2007)
New Revision: 64456
Added:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/ControlFlag.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysDenyTrustModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysNotApplicableTrustModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysPermitTrustModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/JavaEETrustModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/identitytrust/
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/identitytrust/JBossIdentityTrustManager.java
projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/identitytrust/
projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java
projects/security/security-jboss-sx/trunk/src/tests/resources/config/identitytrust-config.xml
Modified:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/RunAsIdentity.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityConstants.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
Log:
SECURITY-59:IdentityTrustManager framework to make initial trust based decisions
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/RunAsIdentity.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/RunAsIdentity.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/RunAsIdentity.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -162,6 +162,6 @@
public <T> T getProof()
{
- return (T) getRunAsRoles();
+ return (T) SecurityConstants.JAVAEE;
}
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityConstants.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityConstants.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityConstants.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -116,4 +116,9 @@
String CREDENTIAL = "Credential";
String SUBJECT = "Subject";
+
+ /**
+ * Identity Trust Constants
+ */
+ String JAVAEE = "JavaEE";
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -26,8 +26,8 @@
import javax.xml.namespace.QName;
-import org.jboss.security.auth.login.ModuleOption;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry.ControlFlag;
+import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.config.ControlFlag;
import org.jboss.xb.binding.GenericValueContainer;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -25,6 +25,7 @@
import java.util.Map;
import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.config.ControlFlag;
//$Id$
@@ -101,31 +102,5 @@
public void setControlFlag(ControlFlag controlFlag)
{
this.controlFlag = controlFlag;
- }
-
- /**
- * Represents a Control Flag for the module
- */
- public static class ControlFlag
- {
- private String flag = "";
- public static final ControlFlag REQUIRED = new ControlFlag("REQUIRED");
- public static final ControlFlag REQUISITE = new ControlFlag("REQUISITE");
- public static final ControlFlag SUFFICIENT = new ControlFlag("SUFFICIENT");
- public static final ControlFlag OPTIONAL = new ControlFlag("OPTIONAL");
-
- public ControlFlag(String flag)
- {
- this.flag = flag;
- }
-
- /**
- * Returns the string represented
- * "required", "requisite" etc
- */
- public String toString()
- {
- return flag;
- }
}
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -24,11 +24,11 @@
import org.jboss.logging.Logger;
import org.jboss.security.audit.config.AuditProviderEntry;
import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
-import org.jboss.security.auth.login.ModuleOption;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry.ControlFlag;
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuditInfo;
import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.IdentityTrustInfo;
import org.jboss.security.config.MappingInfo;
import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
@@ -94,7 +94,8 @@
String code = attrs.getValue("code");
code = StringPropertyReplacer.replaceProperties(code.trim());
String flag = attrs.getValue("flag");
- flag = StringPropertyReplacer.replaceProperties(flag.trim());
+ if(flag != null)
+ flag = StringPropertyReplacer.replaceProperties(flag.trim());
if(flag == null)
flag = "REQUIRED";
else
@@ -300,15 +301,34 @@
{
Object child = null;
if( trace )
- log.trace("newChild.AuditInfo, localName: "+localName);
+ log.trace("newChild.IdentityTrustInfo, localName: "+localName);
if("trust-module".equals(localName))
{
String code = attrs.getValue("code");
code = StringPropertyReplacer.replaceProperties(code.trim());
+
+ String flag = attrs.getValue("flag");
+ if(flag != null)
+ flag = StringPropertyReplacer.replaceProperties(flag.trim());
+ if(flag == null)
+ flag = "REQUIRED";
+ else
+ flag = flag.toUpperCase();
IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(code);
+ if("REQUIRED".equals(flag))
+ entry.setControlFlag(ControlFlag.REQUIRED);
+ else
+ if("REQUISITE".equals(flag))
+ entry.setControlFlag(ControlFlag.REQUISITE);
+ else
+ if("SUFFICIENT".equals(flag))
+ entry.setControlFlag(ControlFlag.SUFFICIENT);
+ else
+ entry.setControlFlag(ControlFlag.OPTIONAL);
+
child = entry;
if( trace )
- log.trace("newChild.AuditInfo, provider-module code: "+code);
+ log.trace("newChild.IdentityTrustInfo, trust-module code: "+code);
}
return child;
@@ -320,13 +340,13 @@
{
Object child = null;
if( trace )
- log.trace("newChild.AuditProviderEntry, localName: "+localName);
+ log.trace("newChild.trustProviderEntry, localName: "+localName);
if("module-option".equals(localName))
{
String name = attrs.getValue("name");
child = new ModuleOption(name);
if( trace )
- log.trace("newChild.AuditProviderEntry, module-option name: "+name);
+ log.trace("newChild.trustProviderEntry, module-option name: "+name);
}
return child;
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/ControlFlag.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/ControlFlag.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/ControlFlag.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.config;
+
+//$Id$
+
+/**
+ * Control Flag for module entries
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class ControlFlag
+{
+ private String flag;
+ public static final ControlFlag REQUIRED = new ControlFlag("REQUIRED");
+ public static final ControlFlag REQUISITE = new ControlFlag("REQUISITE");
+ public static final ControlFlag SUFFICIENT = new ControlFlag("SUFFICIENT");
+ public static final ControlFlag OPTIONAL = new ControlFlag("OPTIONAL");
+
+ public ControlFlag(String flag)
+ {
+ this.flag = flag;
+ }
+
+ /**
+ * Returns the string represented
+ * "required", "requisite" etc
+ */
+ public String toString()
+ {
+ return flag;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,241 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.IdentityTrustInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+import org.jboss.security.plugins.authorization.SecurityActions;
+
+//$Id$
+
+/**
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class JBossIdentityTrustContext extends IdentityTrustContext
+{
+ protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);
+
+ //Control Flag behavior
+ private boolean encounteredRequiredDeny = false;
+ private boolean encounteredRequiredNotApplicable = false;
+ private boolean encounteredOptionalError = false;
+ private IdentityTrustException moduleException = null;
+ private TrustDecision overallDecision = TrustDecision.NotApplicable;
+
+ private boolean encounteredRequiredPermit;
+
+ public JBossIdentityTrustContext(SecurityContext sc)
+ {
+ this.securityContext = sc;
+ }
+
+ @Override
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ TrustDecision decision = NOTAPPLICABLE;
+
+ try
+ {
+ initializeModules();
+ }
+ catch (Exception e)
+ {
+ throw new IdentityTrustException(e);
+ }
+ //Do a PrivilegedAction
+ try
+ {
+ decision = (TrustDecision) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws IdentityTrustException
+ {
+ TrustDecision result = invokeTrusted();
+ if(result == PERMIT)
+ invokeCommit();
+ if(result == DENY || result == NOTAPPLICABLE)
+ {
+ invokeAbort();
+ }
+ return result;
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ Exception exc = e.getException();
+ log.trace("Error in isAuthorize:", exc);
+ invokeAbort();
+ throw ((IdentityTrustException)exc);
+ }
+ return decision;
+ }
+
+ private void initializeModules() throws Exception
+ {
+ String securityDomain = this.securityContext.getSecurityDomain();
+ //Get the Configuration
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy( securityDomain);
+ if(aPolicy == null)
+ throw new IllegalStateException("ApplicationPolicy not found for "+ securityDomain);
+
+ IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
+ IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
+ for(IdentityTrustModuleEntry itme: itmearr)
+ {
+ ControlFlag cf = itme.getControlFlag();
+ if(cf == null)
+ cf = ControlFlag.REQUIRED;
+
+ this.controlFlags.add(cf);
+ modules.add(instantiateModule(itme.getName(), itme.getOptions()));
+ }
+ }
+
+ private IdentityTrustModule instantiateModule(String name, Map map) throws Exception
+ {
+ IdentityTrustModule im = null;
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ try
+ {
+ Class clazz = tcl.loadClass(name);
+ im = (IdentityTrustModule)clazz.newInstance();
+ }
+ catch ( Exception e)
+ {
+ log.debug("Error instantiating IdentityTrustModule:",e);
+ }
+ if(im == null)
+ throw new IllegalStateException("IdentityTrustModule has not " +
+ "been instantiated");
+ im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map);
+ return im;
+ }
+
+ private TrustDecision invokeTrusted()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
+ TrustDecision decision = NOTAPPLICABLE;
+ try
+ {
+ decision = module.isTrusted();
+ }
+ catch(Exception ae)
+ {
+ decision = NOTAPPLICABLE;
+ if(this.moduleException == null)
+ this.moduleException = new IdentityTrustException(ae);
+ }
+
+ if(decision == PERMIT)
+ {
+ this.overallDecision = PERMIT;
+ if(flag == ControlFlag.REQUIRED)
+ this.encounteredRequiredPermit = true;
+ //SUFFICIENT case
+ if(flag == ControlFlag.SUFFICIENT && this.encounteredRequiredDeny == false)
+ return PERMIT;
+ continue; //Continue with the other modules
+ }
+
+ if(decision == NOTAPPLICABLE && flag == ControlFlag.REQUIRED)
+ {
+ this.encounteredRequiredNotApplicable = true;
+ continue; //Continue with the other modules
+ }
+ //Go through the failure cases
+ //REQUISITE case
+ if(flag == ControlFlag.REQUISITE)
+ {
+ log.trace("REQUISITE failed for " + module);
+ if(this.moduleException == null)
+ this.moduleException = new IdentityTrustException("Authorization failed");
+ else
+ throw this.moduleException;
+ }
+ //REQUIRED Case
+ if(flag == ControlFlag.REQUIRED)
+ {
+ log.trace("REQUIRED failed for " + module);
+ this.encounteredRequiredDeny = true;
+ }
+ if(flag == ControlFlag.OPTIONAL)
+ this.encounteredOptionalError = true;
+ }
+
+ //All the authorization modules have been visited.
+ if(this.encounteredRequiredDeny)
+ return DENY;
+ if(this.overallDecision == DENY && this.encounteredOptionalError)
+ return DENY;
+ if(this.overallDecision == DENY)
+ return DENY;
+
+ if(this.encounteredRequiredNotApplicable && !encounteredRequiredPermit)
+ return NOTAPPLICABLE;
+ return PERMIT;
+ }
+
+ private void invokeCommit()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ boolean bool = module.commit();
+ if(!bool)
+ throw new IdentityTrustException("commit on modules failed");
+ }
+ }
+
+ private void invokeAbort()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ boolean bool = module.abort();
+ if(!bool)
+ throw new IdentityTrustException("abort on modules failed");
+ }
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -24,7 +24,8 @@
import java.util.HashMap;
import java.util.Map;
-import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.config.ControlFlag;
//$Id$
@@ -37,6 +38,7 @@
public class IdentityTrustModuleEntry
{
private String name;
+ private ControlFlag controlFlag;
private Map options = new HashMap();
@@ -60,4 +62,14 @@
{
return this.options;
}
+
+ public ControlFlag getControlFlag()
+ {
+ return controlFlag;
+ }
+
+ public void setControlFlag(ControlFlag controlFlag)
+ {
+ this.controlFlag = controlFlag;
+ }
}
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.modules;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustModule;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+//$Id$
+
+/**
+ * Abstract IdentityTrustModule that pulls in common stuff
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public abstract class AbstractIdentityTrustModule implements IdentityTrustModule
+{
+ protected SecurityContext securityContext;
+ protected CallbackHandler callbackHandler;
+ protected Map sharedState;
+ protected Map options;
+
+ /**
+ * @see IdentityTrustModule#abort()
+ */
+ public boolean abort() throws IdentityTrustException
+ {
+ return true;
+ }
+
+ /**
+ * @see IdentityTrustModule#commit()
+ */
+ public boolean commit() throws IdentityTrustException
+ {
+ return true;
+ }
+
+ /**
+ * @see IdentityTrustModule#initialize(SecurityContext, CallbackHandler, Map, Map)
+ */
+ public void initialize(SecurityContext sc,
+ CallbackHandler handler, Map sharedState, Map options)
+ throws IdentityTrustException
+ {
+ this.securityContext = sc;
+ this.callbackHandler = handler;
+ this.sharedState = sharedState;
+ this.options = options;
+ }
+
+ /**
+ * @see IdentityTrustModule#isTrusted()
+ */
+ public abstract TrustDecision isTrusted() throws IdentityTrustException;
+}
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysDenyTrustModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysDenyTrustModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysDenyTrustModule.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.modules;
+
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+//$Id$
+
+/**
+ * Trust Module that always returns DENY
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class AlwaysDenyTrustModule extends AbstractIdentityTrustModule
+{
+ @Override
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ return TrustDecision.Deny;
+ }
+
+}
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysNotApplicableTrustModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysNotApplicableTrustModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysNotApplicableTrustModule.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.modules;
+
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+//$Id$
+
+/**
+ * Trust Module that always returns NotApplicable
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class AlwaysNotApplicableTrustModule extends AbstractIdentityTrustModule
+{
+ @Override
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ return TrustDecision.NotApplicable;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysPermitTrustModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysPermitTrustModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/AlwaysPermitTrustModule.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.modules;
+
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+//$Id$
+
+/**
+ * Trust Module that always does a PERMIT
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class AlwaysPermitTrustModule extends AbstractIdentityTrustModule
+{
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ return TrustDecision.Permit;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/JavaEETrustModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/JavaEETrustModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/identitytrust/modules/JavaEETrustModule.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.modules;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+//$Id$
+
+/**
+ * Trust Module that deals with JavaEE RunAsIdentity
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class JavaEETrustModule extends AbstractIdentityTrustModule
+{
+ @Override
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ RunAs runAs = this.securityContext.getIncomingRunAs();
+ if(runAs instanceof RunAsIdentity )
+ {
+ RunAsIdentity runAsIdentity = (RunAsIdentity)runAs;
+ if(SecurityConstants.JAVAEE.equals(runAsIdentity.getProof()))
+ return TrustDecision.Permit;
+ }
+ return TrustDecision.NotApplicable;
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -22,8 +22,10 @@
import org.jboss.security.SecurityUtil;
import org.jboss.security.SubjectInfo;
import org.jboss.security.audit.AuditManager;
+import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.plugins.audit.JBossAuditManager;
+import org.jboss.security.plugins.identitytrust.JBossIdentityTrustManager;
import org.jboss.security.plugins.mapping.JBossMappingManager;
import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
@@ -106,7 +108,15 @@
public MappingManager getMappingManager()
{
return new JBossMappingManager(this.securityDomain);
- }
+ }
+
+ /**
+ * @see SecurityContext#getIdentityTrustManager()
+ */
+ public IdentityTrustManager getIdentityTrustManager()
+ {
+ return new JBossIdentityTrustManager(this);
+ }
/**
* @see SecurityContext#getOutgoingRunAs()
@@ -187,5 +197,6 @@
if(jsc != null)
jsc.contextData = (Map<String, Object>) ((HashMap)contextData).clone();
return super.clone();
- }
+ }
+
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -35,11 +35,11 @@
import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry.ControlFlag;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.SecurityConfiguration;
//$Id: JBossAuthorizationContext.java 62954 2007-05-10 04:12:18Z anil.saldhana at jboss.com $
@@ -160,12 +160,12 @@
for(int i = 0 ; i < len; i++)
{
AuthorizationModuleEntry entry = entries[i];
- AuthorizationModuleEntry.ControlFlag flag = entry.getControlFlag();
+ ControlFlag flag = entry.getControlFlag();
if(flag == null)
{
if(trace)
log.trace("Null Control flag for entry:"+entry+". Defaults to REQUIRED!");
- flag = AuthorizationModuleEntry.ControlFlag.REQUIRED;
+ flag = ControlFlag.REQUIRED;
}
else
if(trace)
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/identitytrust/JBossIdentityTrustManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/identitytrust/JBossIdentityTrustManager.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/identitytrust/JBossIdentityTrustManager.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.identitytrust;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.identitytrust.IdentityTrustContext;
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.identitytrust.JBossIdentityTrustContext;
+
+//$Id$
+
+/**
+ * Identity Trust Manager default implementation
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class JBossIdentityTrustManager implements IdentityTrustManager
+{
+ protected static Logger log = Logger.getLogger(JBossIdentityTrustManager.class);
+ private SecurityContext securityContext;
+
+ public JBossIdentityTrustManager(SecurityContext sc)
+ {
+ this.securityContext = sc;
+ }
+ /**
+ * @see IdentityTrustManager#isTrusted()
+ */
+ public TrustDecision isTrusted()
+ {
+ TrustDecision td = TrustDecision.Deny;
+ IdentityTrustContext itc = new JBossIdentityTrustContext(securityContext);
+ try
+ {
+ td = itc.isTrusted();
+ }
+ catch (IdentityTrustException e)
+ {
+ log.trace("Trust Exception:",e);
+ }
+ return td;
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2007-08-03 16:49:14 UTC (rev 64455)
+++ projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -41,6 +41,7 @@
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuditInfo;
import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.IdentityTrustInfo;
import org.jboss.security.config.MappingInfo;
import org.jboss.security.config.PolicyConfig;
@@ -206,7 +207,7 @@
AuthorizationModuleEntry authzEntry = authzEntries[0];
assertEquals("TestPolicyModule","org.jboss.test.TestPolicyModule",
authzEntry.getPolicyModuleName());
- assertEquals("Required", AuthorizationModuleEntry.ControlFlag.REQUIRED,
+ assertEquals("Required", ControlFlag.REQUIRED,
authzEntry.getControlFlag());
Map authzoptions = authzEntry.getOptions();
assertEquals("Number of options = 2", 2, authzoptions.size());
Added: projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,189 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.identitytrust;
+
+import java.net.URL;
+
+import javax.security.auth.login.Configuration;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+import org.jboss.security.plugins.JBossSecurityContext;
+
+//$Id$
+
+/**
+ * Test the IdentityTrust framework
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class IdentityTrustUnitTestCase extends TestCase
+{
+ String configFile="config/identitytrust-config.xml";
+
+ protected void setUp() throws Exception
+ {
+ XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
+ Configuration.setConfiguration(xli);
+ URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
+ assertNotNull("Config URL",configURL);
+
+ xli.setConfigURL(configURL);
+ xli.loadConfig();
+ }
+
+ public void testPermit_Permit_Permit() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Permit-Permit-Permit");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted());
+ }
+
+ public void testPermit_Permit_Deny() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Permit-Permit-Deny");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted Deny",TrustDecision.Deny,itm.isTrusted());
+ }
+
+ public void testPermit_Deny_Permit() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Permit-Deny-Permit");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted Deny",TrustDecision.Deny,itm.isTrusted());
+ }
+
+ public void testDeny_Permit_Permit() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Deny-Permit-Permit");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted Deny",TrustDecision.Deny,itm.isTrusted());
+ }
+
+ public void testPermit_Permit_NotApplicable() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Permit-Permit-NotApplicable");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted());
+ }
+
+ public void testNotApplicable_Permit_Permit() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("NotApplicable-Permit-Permit");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted());
+ }
+
+ public void testNotApplicable_Required__Permit_Optional() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("NotApplicable_Required-Permit_Optional");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted not applicable",TrustDecision.NotApplicable,itm.isTrusted());
+ }
+
+ public void testPermit_Required__Deny_Optional() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Permit_Required-Deny_Optional");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted());
+ }
+
+ public void testNotApplicable_Required__Deny_Optional() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("NotApplicable_Required-Deny_Optional");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted false",TrustDecision.NotApplicable,itm.isTrusted());
+ }
+
+ public void testPermit_Sufficient__Deny_Optional() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("Permit_Sufficient-Deny_Optional");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted());
+ }
+
+ public void testJavaEERunAsIdentity() throws Exception
+ {
+ JBossSecurityContext sc = new JBossSecurityContext("conf-javaee");
+ sc.setIncomingRunAs(new RunAsIdentity("theduke", "jduke"));
+ assertNotNull("SecurityContext is not null", sc);
+ IdentityTrustManager itm = sc.getIdentityTrustManager();
+ assertNotNull("IdentityTrustManager is not null", itm);
+ assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted());
+
+ sc.setIncomingRunAs(new RunAs()
+ {
+ public <T> T getIdentity()
+ {
+ return (T) "BAD";
+ }
+
+ public <T> T getProof()
+ {
+ return (T) "BAD";
+ }
+
+ public String getName()
+ {
+ return "BAD";
+ }
+ });
+
+ assertEquals("Is Trusted is false",TrustDecision.NotApplicable,itm.isTrusted());
+ }
+}
Added: projects/security/security-jboss-sx/trunk/src/tests/resources/config/identitytrust-config.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/src/tests/resources/config/identitytrust-config.xml (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/tests/resources/config/identitytrust-config.xml 2007-08-03 16:49:42 UTC (rev 64456)
@@ -0,0 +1,82 @@
+<?xml version='1.0'?>
+
+<policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:security-config:5.0"
+ xmlns="urn:jboss:security-config:5.0">
+
+ <application-policy name="conf-javaee">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.JavaEETrustModule"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="Permit-Permit-Permit">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="Permit-Permit-Deny">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysDenyTrustModule"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="Permit-Deny-Permit">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysDenyTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="Permit-Permit-NotApplicable">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysNotApplicableTrustModule"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="NotApplicable-Permit-Permit">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysNotApplicableTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="NotApplicable_Required-Permit_Optional">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysNotApplicableTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule" flag="optional"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="Permit_Required-Deny_Optional">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysPermitTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysDenyTrustModule" flag="optional"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="NotApplicable_Required-Deny_Optional">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysNotApplicableTrustModule"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysDenyTrustModule" flag="optional"/>
+ </identity-trust>
+ </application-policy>
+
+ <application-policy name="Permit_Sufficient-Deny_Optional">
+ <identity-trust>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysNotApplicableTrustModule"
+ flag="sufficient"/>
+ <trust-module code="org.jboss.security.identitytrust.modules.AlwaysDenyTrustModule" flag="optional"/>
+ </identity-trust>
+ </application-policy>
+
+</policy>
More information about the jboss-cvs-commits
mailing list