[jboss-cvs] JBossAS SVN: r68567 - in projects/security/security-jboss-sx/trunk/acl: src/main and 10 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Dec 26 12:32:21 EST 2007
Author: sguilhen at redhat.com
Date: 2007-12-26 12:32:21 -0500 (Wed, 26 Dec 2007)
New Revision: 68567
Added:
projects/security/security-jboss-sx/trunk/acl/.classpath
projects/security/security-jboss-sx/trunk/acl/.project
projects/security/security-jboss-sx/trunk/acl/src/main/org/
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLEntryImpl.java
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLImpl.java
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BasicACLPermission.java
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BitMaskPermission.java
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/CompositeACLPermission.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUnitTestCase.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestResource.java
Modified:
projects/security/security-jboss-sx/trunk/acl/pom.xml
Log:
SECURITY-89: Initial implementation of the ACL SPI, along with some test cases.
Added: projects/security/security-jboss-sx/trunk/acl/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/.classpath (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/.classpath 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main"/>
+ <classpathentry kind="src" path="src/resources"/>
+ <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/3"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="output" path="target/eclipse-classes"/>
+</classpath>
Added: projects/security/security-jboss-sx/trunk/acl/.project
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/.project (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/.project 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>acl</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
Modified: projects/security/security-jboss-sx/trunk/acl/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/pom.xml 2007-12-26 17:31:15 UTC (rev 68566)
+++ projects/security/security-jboss-sx/trunk/acl/pom.xml 2007-12-26 17:32:21 UTC (rev 68567)
@@ -91,6 +91,10 @@
</build>
<dependencies>
<dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>acl-spi</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.jboss</groupId>
<artifactId>jboss-common-core</artifactId>
<scope>compile</scope>
@@ -128,5 +132,11 @@
<artifactId>jboss-test</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-impl</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLEntryImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLEntryImpl.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLEntryImpl.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+import org.jboss.security.identity.Identity;
+
+/**
+ * <p>
+ * This class represents an entry in the Access Control List (ACL), and associates a permission
+ * to an identity. This implementation only stores permissions of type <code>BitMaskPermission</code>,
+ * and can also only check permissions of that type.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLEntryImpl implements ACLEntry
+{
+ private final BitMaskPermission permission;
+
+ private final Identity identity;
+
+ /**
+ * <p>
+ * Builds an instance of <code>ACLEntry</code> with the specified permission and identity.
+ * </p>
+ *
+ * @param permission the <code>ACLPermission</code> granted to the associated identity.
+ * @param identity the <code>Identity</code> for which the permission is being granted.
+ */
+ public ACLEntryImpl(BitMaskPermission permission, Identity identity)
+ {
+ this.permission = permission;
+ this.identity = identity;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLEntry#getIdentity()
+ */
+ public Identity getIdentity()
+ {
+ return this.identity;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLEntry#getPermission()
+ */
+ public ACLPermission getPermission()
+ {
+ return this.permission;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLEntry#checkPermission(org.jboss.security.acl.ACLPermission)
+ */
+ public boolean checkPermission(ACLPermission permission)
+ {
+ if (!(permission instanceof BitMaskPermission))
+ return false;
+ BitMaskPermission bitmaskPermission = (BitMaskPermission) permission;
+ // an empty permission is always part of another permission.
+ if (bitmaskPermission.getMaskValue() == 0)
+ return true;
+ // simple implementation: if any bit matches, return true.
+ return (this.permission.getMaskValue() & bitmaskPermission.getMaskValue()) != 0;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLImpl.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLImpl.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,135 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.identity.Identity;
+
+/**
+ * <p>
+ * Simple ACL implementation that keeps the entries in a Map whose keys are the
+ * identities of the entries, to provide fast access.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLImpl implements ACL
+{
+
+ private final Resource resource;
+
+ private final Map<Identity, ACLEntry> entries;
+
+ /**
+ * <p>
+ * Builds an instance of <code>ACLImpl</code> for the specified resource.
+ * </p>
+ *
+ * @param resource a reference to the <code>Resource</code> associated with
+ * the ACL being constructed.
+ */
+ public ACLImpl(Resource resource)
+ {
+ this(resource, new ArrayList<ACLEntry>());
+ }
+
+ /**
+ * <p>
+ * Builds an instance of <code>ACLImpl</code> for the specified resource, and initialize
+ * it with the specified entries.
+ * </p>
+ *
+ * @param resource a reference to the <code>Resource</code> associated with
+ * the ACL being constructed.
+ * @param entries a <code>Collection</code> containing the ACL's initial entries.
+ */
+ public ACLImpl(Resource resource, Collection<ACLEntry> entries)
+ {
+ this.resource = resource;
+ this.entries = new HashMap<Identity, ACLEntry>();
+ for (ACLEntry entry : entries)
+ this.entries.put(entry.getIdentity(), entry);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#addEntry(org.jboss.security.acl.ACLEntry)
+ */
+ public boolean addEntry(ACLEntry entry)
+ {
+ // don't add a null entry or an entry that already exists.
+ if (entry == null || this.entries.get(entry.getIdentity()) != null)
+ return false;
+ this.entries.put(entry.getIdentity(), entry);
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#removeEntry(org.jboss.security.acl.ACLEntry)
+ */
+ public boolean removeEntry(ACLEntry entry)
+ {
+ return (this.entries.remove(entry.getIdentity()) != null);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#getEntries()
+ */
+ public Collection<ACLEntry> getEntries()
+ {
+ return Collections.unmodifiableCollection(this.entries.values());
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#getResource()
+ */
+ public Resource getResource()
+ {
+ return this.resource;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#isGranted(org.jboss.security.acl.ACLPermission, org.jboss.security.identity.Identity)
+ */
+ public boolean isGranted(ACLPermission permission, Identity identity)
+ {
+ // lookup the entry corresponding to the specified identity.
+ ACLEntry entry = this.entries.get(identity);
+ if (entry != null)
+ {
+ // check the permission associated with the identity.
+ return entry.checkPermission(permission);
+ }
+ return false;
+ }
+
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.authorization.Resource;
+
+/**
+ * <p>
+ * This class is a simple <code>ACLProvider</code> implementation that maintains the ACLs in memory. It is
+ * used mainly for testing purposes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLProviderImpl implements ACLProvider
+{
+
+ // in memory cache of the created ACLs.
+ private final Map<Resource, ACL> aclMap;
+
+ /**
+ * <p>
+ * Creates an instance of <code>ACLProviderImpl</code>.
+ * </p>
+ */
+ public ACLProviderImpl()
+ {
+ this.aclMap = new HashMap<Resource, ACL>();
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#createACL(org.jboss.security.authorization.Resource)
+ */
+ public ACL createACL(Resource resource)
+ {
+ if (resource == null)
+ throw new IllegalArgumentException("ACLs cannot be created for null resources");
+ ACL acl = this.aclMap.get(resource);
+ if (acl == null)
+ {
+ acl = new ACLImpl(resource);
+ this.aclMap.put(resource, acl);
+ }
+ return acl;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#removeACL(org.jboss.security.acl.ACL)
+ */
+ public boolean removeACL(ACL acl)
+ {
+ return this.removeACL(acl.getResource());
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#removeACL(org.jboss.security.authorization.Resource)
+ */
+ public boolean removeACL(Resource resource)
+ {
+ return this.aclMap.remove(resource) != null;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#retrieveACL(org.jboss.security.authorization.Resource)
+ */
+ public ACL retrieveACL(Resource resource)
+ {
+ return this.aclMap.get(resource);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#updateACL(org.jboss.security.acl.ACL)
+ */
+ public boolean updateACL(ACL acl)
+ {
+ if (!this.aclMap.containsKey(acl.getResource()))
+ return false;
+ return this.aclMap.put(acl.getResource(), acl) != null;
+ }
+
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BasicACLPermission.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BasicACLPermission.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BasicACLPermission.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+/**
+ * <p>
+ * This enum defines the basic ACL permissions. Each permission defined here is represented by a unique
+ * integer mask value that is a power of 2 (that is, each permission's bitmask has only one bit on).
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public enum BasicACLPermission implements BitMaskPermission {
+
+ // basic create permission - value = 1
+ CREATE(1 << 0),
+ // basic read permission - value = 2
+ READ(1 << 1),
+ // basic updated permission - value = 4
+ UPDATE(1 << 2),
+ // basic delete permission - value = 8
+ DELETE(1 << 3);
+
+ private int mask;
+
+ /**
+ * <p>
+ * Buils an instance of <code>BasicACLPermission</code>.
+ * </p>
+ *
+ * @param mask an integer representing the permission's mask value.
+ */
+ private BasicACLPermission(int mask)
+ {
+ this.mask = mask;
+ }
+
+ /**
+ * <p>
+ * Obtains this permission's mask value.
+ * </p>
+ */
+ public int getMaskValue()
+ {
+ return this.mask;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BitMaskPermission.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BitMaskPermission.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/BitMaskPermission.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+/**
+ * <p>
+ * This interface defines the methods that must be implemented by bitmask-based permissions.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public interface BitMaskPermission extends ACLPermission
+{
+ /**
+ * <p>
+ * Obtains the bitmask value of the permission.
+ * </p>
+ *
+ * @return an <code>int</code> representing the value of the bitmask.
+ */
+ public int getMaskValue();
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/CompositeACLPermission.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/CompositeACLPermission.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/CompositeACLPermission.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+/**
+ * <p>
+ * This class represents a composite permission - a permission that contains one or more basic permissions.
+ * The bitmask value of this permission is calculated by combining (logical or) the bitmask values of the
+ * basic permissions it contains. Thus, a composite permission's bitmask can have more than one bit on, and
+ * each bit corresponds to one of the basic permissions that are part of the composite permission.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class CompositeACLPermission implements BitMaskPermission
+{
+ private int mask = 0;
+
+ /**
+ * <p>
+ * Builds an instance of <code>CompositeACLPermission</code> with the specified bitmask value.
+ * </p>
+ *
+ * @param mask an <code>int</code> representing the bitmask value of the permission being created.
+ */
+ public CompositeACLPermission(int mask)
+ {
+ this.mask = mask;
+ }
+
+ /**
+ * <p>
+ * Builds an instance of <code>CompositeACLPermission</code> with the given basic permissions.
+ * </p>
+ *
+ * @param permissions a comma-separated list of <code>BasicACLPermission</code>s.
+ */
+ public CompositeACLPermission(BasicACLPermission... permissions)
+ {
+ for (BasicACLPermission basicPermission : permissions)
+ {
+ this.mask |= basicPermission.getMaskValue();
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.MaskPermission#getMask()
+ */
+ public int getMaskValue()
+ {
+ return this.mask;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (obj instanceof BitMaskPermission)
+ return this.mask == ((BitMaskPermission) obj).getMaskValue();
+ return false;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode()
+ {
+ return this.mask;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ @Override
+ public String toString()
+ {
+ return Integer.toBinaryString(this.mask);
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,176 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.acl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLImpl;
+import org.jboss.security.acl.ACLProvider;
+import org.jboss.security.acl.ACLProviderImpl;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+/**
+ * <p>
+ * This <code>TestCase</code> tests the funcionality exposed by the <code>ACLProvider</code>
+ * interface
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLProviderUnitTestCase extends TestCase
+{
+ TestResource[] resources;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ // create some test resources to be used by the tests.
+ this.resources = new TestResource[10];
+ for (int index = 0; index < this.resources.length; index++)
+ this.resources[index] = new TestResource(index + 1);
+ }
+
+ /**
+ * <p>
+ * Tests the creation of ACLs for resources.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLCreation() throws Exception
+ {
+ ACLProvider provider = new ACLProviderImpl();
+ // assert no ACL exists for any of the resources.
+ for (int index = 0; index < this.resources.length; index++)
+ assertNull(provider.retrieveACL(this.resources[index]));
+
+ // create ACLs for half of the resources.
+ for (int index = 0; index < this.resources.length / 2; index++)
+ {
+ ACL acl = provider.createACL(this.resources[index]);
+ assertNotNull(acl);
+ assertEquals("Unexpected entries found", 0, acl.getEntries().size());
+ assertEquals("Unexpected resource", this.resources[index], acl.getResource());
+ // assert that both createACL and retrieveACL return a reference to the same ACL just created.
+ assertEquals("Retrieved unexpected ACL for resource", acl, provider.createACL(this.resources[index]));
+ assertEquals("Retrieved unexpected ACL for resource", acl, provider.retrieveACL(this.resources[index]));
+ }
+
+ // assert no ACL still exists for the remaining resources.
+ int index = (this.resources.length / 2) + 1;
+ for (; index < this.resources.length; index++)
+ assertNull(provider.retrieveACL(this.resources[index]));
+
+ // assert that an ACL cannot be created for a null resource.
+ boolean caughtException = false;
+ try
+ {
+ provider.createACL(null);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ caughtException = true;
+ }
+ assertTrue("Expected exception not thrown", caughtException);
+ }
+
+ /**
+ * <p>
+ * Tests the update of existing ACLs.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLUpdate() throws Exception
+ {
+ ACLProvider provider = new ACLProviderImpl();
+ // create an empty ACL.
+ ACL acl = provider.createACL(this.resources[0]);
+ assertEquals("Unexpected entries found", 0, acl.getEntries().size());
+
+ // add some entries to the ACL.
+ int entriesNumber = 20;
+ for (int i = 0; i < entriesNumber; i++)
+ {
+ ACLEntry entry = new ACLEntryImpl(BasicACLPermission.CREATE, IdentityFactory.createIdentity("Identity" + i));
+ acl.addEntry(entry);
+ }
+ assertTrue("Failed to update the ACL", provider.updateACL(acl));
+
+ // retrieve the ACL again and check it has the added entries.
+ acl = provider.retrieveACL(this.resources[0]);
+ assertEquals("Invalid number of entries", entriesNumber, acl.getEntries().size());
+
+ // now remove one of the entries.
+ ACLEntry entry = acl.getEntries().iterator().next();
+ acl.removeEntry(entry);
+ assertTrue("Failed to update the ACL", provider.updateACL(acl));
+
+ // retrieve the ACL again and check it has one less entry.
+ acl = provider.retrieveACL(this.resources[0]);
+ assertEquals("Invalid number of entries", entriesNumber - 1, acl.getEntries().size());
+
+ // assert that update fails for an ACL not managed by the provider.
+ Collection<ACLEntry> entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(BasicACLPermission.UPDATE, IdentityFactory.createIdentity("Another Identity")));
+ ACL otherACL = new ACLImpl(this.resources[1], entries);
+ assertFalse(provider.updateACL(otherACL));
+ }
+
+ /**
+ * <p>
+ * Tests the removal of existing ACLs.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLRemoval() throws Exception
+ {
+ ACLProvider provider = new ACLProviderImpl();
+ ACL[] acls = new ACL[this.resources.length];
+ for (int index = 0; index < this.resources.length; index++)
+ acls[index] = provider.createACL(this.resources[index]);
+
+ // remove some ACLs.
+ for (int index = 0; index < this.resources.length / 2; index++)
+ {
+ assertTrue(provider.removeACL(acls[index]));
+ // assert no ACL is associated to the resources anymore.
+ assertNull(provider.retrieveACL(this.resources[index]));
+ // removing an ACL that is not managed anymore by the provider must return false.
+ assertFalse(provider.removeACL(acls[index]));
+ }
+
+ // assert the remaining resources are still associated with an ACL.
+ int index = (this.resources.length / 2) + 1;
+ for (; index < this.resources.length; index++)
+ assertNotNull(provider.retrieveACL(this.resources[index]));
+
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUnitTestCase.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,126 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.acl;
+
+import java.util.Arrays;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLImpl;
+import org.jboss.security.acl.ACLPermission;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+/**
+ * <p>
+ * This <code>TestCase</code> tests the funcionality exposed by the <code>ACL</code> interface.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLUnitTestCase extends TestCase
+{
+ private static final int ACL_SIZE = 5;
+
+ private Identity[] identities;
+
+ private ACLEntry[] entries;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ this.identities = new Identity[ACL_SIZE];
+ for (int i = 0; i < ACL_SIZE; i++)
+ this.identities[i] = IdentityFactory.createIdentity("Identity" + i);
+ // create an entry with a basic permission.
+ this.entries = new ACLEntry[ACL_SIZE];
+ this.entries[0] = new ACLEntryImpl(BasicACLPermission.READ, this.identities[0]);
+ // build the remaining entries with composite permissions.
+ this.entries[1] = new ACLEntryImpl(new CompositeACLPermission(), this.identities[1]);
+ this.entries[2] = new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.READ), this.identities[2]);
+ this.entries[3] = new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.CREATE,
+ BasicACLPermission.UPDATE, BasicACLPermission.DELETE), this.identities[3]);
+ this.entries[4] = new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.values()), this.identities[4]);
+ }
+
+ /**
+ * <p>
+ * Tests the execution of the <code>isGranted</code> method with different permissions and
+ * identities.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testIsGranted() throws Exception
+ {
+ // build the tested ACL.
+ ACL acl = new ACLImpl(new TestResource(10), Arrays.asList(this.entries));
+ assertEquals("Invalid number of entries", ACL_SIZE, acl.getEntries().size());
+
+ // test the identity associated with a basic permission.
+ assertTrue(acl.isGranted(BasicACLPermission.READ, this.identities[0]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.UPDATE),
+ this.identities[0]));
+ assertFalse(acl.isGranted(BasicACLPermission.DELETE, this.identities[0]));
+ assertFalse(acl.isGranted(new CompositeACLPermission(BasicACLPermission.CREATE, BasicACLPermission.UPDATE),
+ this.identities[0]));
+
+ // assert the empty permission is always granted.
+ ACLPermission emptyPermission = new CompositeACLPermission();
+ for (int i = 0; i < ACL_SIZE; i++)
+ assertTrue(acl.isGranted(emptyPermission, this.identities[i]));
+
+ // assert that identities[1] is only granted the empty permission.
+ for (BasicACLPermission permission : BasicACLPermission.values())
+ assertFalse(acl.isGranted(permission, this.identities[1]));
+ assertFalse(acl.isGranted(new CompositeACLPermission(BasicACLPermission.values()), this.identities[1]));
+
+ // test the identities associated to composite permissions.
+ assertTrue(acl.isGranted(BasicACLPermission.READ, this.identities[2]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.UPDATE),
+ this.identities[2]));
+ assertFalse(acl.isGranted(BasicACLPermission.CREATE, this.identities[2]));
+ assertFalse(acl.isGranted(new CompositeACLPermission(BasicACLPermission.UPDATE, BasicACLPermission.DELETE),
+ this.identities[2]));
+
+ assertTrue(acl.isGranted(BasicACLPermission.CREATE, this.identities[3]));
+ assertTrue(acl.isGranted(BasicACLPermission.UPDATE, this.identities[3]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.DELETE),
+ this.identities[3]));
+ assertFalse(acl.isGranted(BasicACLPermission.READ, this.identities[3]));
+ assertFalse(acl.isGranted(new CompositeACLPermission(BasicACLPermission.READ), this.identities[3]));
+
+ for (BasicACLPermission permission : BasicACLPermission.values())
+ assertTrue(acl.isGranted(permission, this.identities[4]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.READ), this.identities[4]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.CREATE, BasicACLPermission.DELETE),
+ this.identities[4]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.CREATE, BasicACLPermission.UPDATE,
+ BasicACLPermission.DELETE), this.identities[4]));
+ assertTrue(acl.isGranted(new CompositeACLPermission(BasicACLPermission.values()), this.identities[4]));
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,235 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.acl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLProvider;
+import org.jboss.security.acl.ACLProviderImpl;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.BitMaskPermission;
+import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+/**
+ * <p>
+ * This <code>TestCase</code> tests some ACL use cases.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLUseTestCase extends TestCase
+{
+ private static final int TOTAL_RESOURCES = 25000;
+
+ private static final int TOTAL_IDENTITIES = 100;
+
+ private TestResource[] resources;
+
+ private Identity[] identities;
+
+ private ACLProvider provider;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ this.provider = new ACLProviderImpl();
+
+ // create the resources used in the tests.
+ this.resources = new TestResource[TOTAL_RESOURCES];
+ for (int i = 0; i < TOTAL_RESOURCES; i++)
+ {
+ this.resources[i] = new TestResource(i);
+ this.resources[i].setResourceName("Resource" + i);
+ }
+
+ // create the identities used in the tests.
+ this.identities = new Identity[TOTAL_IDENTITIES];
+ for (int i = 0; i < TOTAL_IDENTITIES; i++)
+ this.identities[i] = IdentityFactory.createIdentity("Identity" + i);
+
+ BitMaskPermission readPermission = BasicACLPermission.READ;
+ BitMaskPermission noPermission = new CompositeACLPermission();
+ BitMaskPermission allPermission = new CompositeACLPermission(BasicACLPermission.values());
+
+ // create the ACLs for the resources.
+ for (int i = 0; i < TOTAL_RESOURCES; i++)
+ {
+ ACL acl = this.provider.createACL(this.resources[i]);
+ // add the entries ("even" identities can read "even" resources)
+ for (int j = 0; j < TOTAL_IDENTITIES; j++)
+ {
+ if ((i + j) % 2 == 0)
+ {
+ // let some identities have all permissions.
+ if (j % 5 == 0)
+ acl.addEntry(new ACLEntryImpl(allPermission, this.identities[j]));
+ else
+ acl.addEntry(new ACLEntryImpl(readPermission, this.identities[j]));
+ }
+ else
+ {
+ acl.addEntry(new ACLEntryImpl(noPermission, this.identities[j]));
+ }
+ }
+ this.provider.updateACL(acl);
+ }
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ for (TestResource resource : this.resources)
+ this.provider.removeACL(resource);
+ this.resources = null;
+ this.identities = null;
+ }
+
+ /**
+ * <p>
+ * Tests the use of ACLs in different use cases, such as filtering, updating and removing
+ * resources protected by an ACL.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLUseCases() throws Exception
+ {
+ // we start by filtering the resources by the identity.
+ Identity identity = this.identities[0];
+ TestResource[] filteredResources = this.filterResources(identity);
+ assertEquals("Unexpected number of resources", TOTAL_RESOURCES / 2, filteredResources.length);
+ for (TestResource resource : filteredResources)
+ {
+ // the "even" identity must be able to see only the "even" resources.
+ assertTrue(resource.getResourceId() % 2 == 0);
+ }
+
+ // same test, now with an "odd" identity number.
+ identity = this.identities[1];
+ filteredResources = this.filterResources(identity);
+ assertEquals("Unexpected number of resources", TOTAL_RESOURCES / 2, filteredResources.length);
+ for (TestResource resource : filteredResources)
+ {
+ // the identity must be able to see only the "odd" resources.
+ assertTrue(resource.getResourceId() % 2 == 1);
+ }
+
+ // now try to update some resources using an identity without the appropriate permission (identities[1]).
+ for (TestResource resource : filteredResources)
+ {
+ this.updateResource(resource, identity);
+ assertEquals("Resource name has changed", "Resource" + resource.getResourceId(), resource.getResourceName());
+ }
+
+ // repeat the test, this time using an identity with the appropriate permission (identities[5] has all perms).
+ identity = this.identities[5];
+ for (TestResource resource : filteredResources)
+ {
+ this.updateResource(resource, identity);
+ assertEquals("Resource name hasn't changed as expected", "Changed Name", resource.getResourceName());
+ }
+
+ // try to remove all "even" resources using an identity without removal permission. Note that identities[5] has all
+ // permissions, but only for the "odd" resources, so it should not be able to remove an "even" resource.
+ for (int index = 0; index < TOTAL_RESOURCES; index += 2)
+ {
+ this.removeResource(index, identity);
+ assertNotNull(this.resources[index]);
+ }
+
+ // repeat the test, this time using an identity with the removal permission.
+ identity = this.identities[0];
+ for (int index = 0; index < TOTAL_RESOURCES; index += 2)
+ {
+ this.removeResource(index, identity);
+ assertNull(this.resources[index]);
+ }
+
+ }
+
+ /**
+ * <p>
+ * Utility method that uses ACLs to decide which resources the specified identity should be able to read.
+ * </p>
+ *
+ * @param identity the <code>Identity</code> for which the resources are being filtered.
+ * @return an array of <code>TestResource</code> containig the resources the identity is allowed to read.
+ */
+ private TestResource[] filterResources(Identity identity)
+ {
+ List<TestResource> filteredResources = new ArrayList<TestResource>();
+ for (TestResource resource : this.resources)
+ {
+ // first retrieve the ACL associated with the resource.
+ ACL acl = this.provider.retrieveACL(resource);
+ // then check the identity has the READ permission on the resource.
+ if (acl.isGranted(BasicACLPermission.READ, identity))
+ {
+ filteredResources.add(resource);
+ }
+ }
+ return filteredResources.toArray(new TestResource[filteredResources.size()]);
+ }
+
+ /**
+ * <p>
+ * Utility method that uses ACLs to decide if the specified identity is allowed to update the resource. If
+ * it is, the resource's name is changed to <code>Changed Name</code>.
+ * </p>
+ *
+ * @param resource the <code>TestResource</code> to be updated.
+ * @param identity the <code>Identity</code> that wants to update the resource.
+ */
+ private void updateResource(TestResource resource, Identity identity)
+ {
+ // update the resource's name, checking the identity's permission first.
+ ACL acl = this.provider.retrieveACL(resource);
+ assertNotNull(acl);
+ if (acl.isGranted(BasicACLPermission.UPDATE, identity))
+ resource.setResourceName("Changed Name");
+ }
+
+ /**
+ * <p>
+ * Utility method that uses ACLs to decide if the specified identity is allowed to remove the resource from
+ * the resources array.
+ * </p>
+ *
+ * @param resourceIndex the index of the <code>TestResource</code> to be removed in the resources array.
+ * @param identity the <code>Identity</code> that wants to remove the resource.
+ */
+ private void removeResource(int resourceIndex, Identity identity)
+ {
+ // check the identity's permission.
+ ACL acl = this.provider.retrieveACL(this.resources[resourceIndex]);
+ assertNotNull(acl);
+ if (acl.isGranted(BasicACLPermission.DELETE, identity))
+ this.resources[resourceIndex] = null;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestResource.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestResource.java 2007-12-26 17:32:21 UTC (rev 68567)
@@ -0,0 +1,123 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.acl;
+
+import java.util.Map;
+
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+
+/**
+ * <p>
+ * A simple <code>Resource</code> implementation for test purposes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class TestResource implements Resource
+{
+
+ private final int resourceId;
+
+ private String name;
+
+ /**
+ * <p>
+ * Creates an instance of <code>TestResource</code> with the specified id.
+ * </p>
+ *
+ * @param resourceId an <code>int</code> representing the id of the resource.
+ */
+ public TestResource(int resourceId)
+ {
+ this.resourceId = resourceId;
+ }
+
+ /**
+ * <p>
+ * Gets the id of this resource.
+ * </p>
+ *
+ * @return an <code>int</code> representing the id of this resource.
+ */
+ public int getResourceId()
+ {
+ return this.resourceId;
+ }
+
+ /**
+ * <p>
+ * Gets the name of this resource.
+ * </p>
+ *
+ * @return a <code>String</code> representing the name of this resource.
+ */
+ public String getResourceName()
+ {
+ return this.name;
+ }
+
+ /**
+ * <p>
+ * Defines the name of this resource.
+ * </p>
+ *
+ * @param name a <code>String</code> containing the name to be set.
+ */
+ public void setResourceName(String name)
+ {
+ this.name = name;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.authorization.Resource#getLayer()
+ */
+ public ResourceType getLayer()
+ {
+ return ResourceType.ACL;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.authorization.Resource#getMap()
+ */
+ public Map<String, Object> getMap()
+ {
+ return null;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (obj instanceof TestResource)
+ return this.resourceId == ((TestResource) obj).resourceId;
+ return false;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return this.resourceId;
+ }
+
+}
More information about the jboss-cvs-commits
mailing list