[jboss-cvs] JBossAS SVN: r70015 - in projects/security/security-jboss-sx/trunk/acl: src/main/org/jboss/security/acl and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Feb 21 15:06:42 EST 2008
Author: sguilhen at redhat.com
Date: 2008-02-21 15:06:42 -0500 (Thu, 21 Feb 2008)
New Revision: 70015
Added:
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/JPAPersistenceStrategy.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/JPAStrategyUnitTestCase.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestACLRegistration.java
Removed:
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java
Modified:
projects/security/security-jboss-sx/trunk/acl/.classpath
projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java
projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java
Log:
Added a JPA implementation of ACLPersistenceStrategy, updated tests to reflect this change. Also created a test implementation of ACLRegistration to be used by the ACLUseTestCase.
Modified: projects/security/security-jboss-sx/trunk/acl/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/.classpath 2008-02-21 20:02:57 UTC (rev 70014)
+++ projects/security/security-jboss-sx/trunk/acl/.classpath 2008-02-21 20:06:42 UTC (rev 70015)
@@ -3,7 +3,7 @@
<classpathentry excluding="**/*.java" including="JBossORG-EULA.txt" kind="src" path=""/>
<classpathentry kind="src" path="src/main"/>
<classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd|**/*.xml" kind="src" path="src/resources"/>
- <classpathentry including="**/*.java;resources/*" kind="src" path="src/tests"/>
+ <classpathentry kind="src" path="src/tests"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java 2008-02-21 20:02:57 UTC (rev 70014)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/ACLProviderImpl.java 2008-02-21 20:06:42 UTC (rev 70015)
@@ -21,18 +21,9 @@
*/
package org.jboss.security.acl;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import javax.persistence.EntityManager;
-import javax.persistence.EntityManagerFactory;
-import javax.persistence.EntityTransaction;
-import javax.persistence.NoResultException;
-import javax.persistence.Persistence;
-
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.Resource;
import org.jboss.security.identity.Identity;
@@ -49,222 +40,66 @@
public class ACLProviderImpl implements ACLProvider
{
- // in memory cache of the created ACLs.
- private final Map<Resource, ACL> aclMap;
+ /** persistence strategy used to retrieve the ACLs */
+ private ACLPersistenceStrategy strategy;
- private final EntityManagerFactory factory;
-
/**
- * <p>
- * Creates an instance of {@code ACLProviderImpl}.
- * </p>
+ * @see org.jboss.security.acl.ACLProvider#initialize(java.util.Map, java.util.Map)
*/
- public ACLProviderImpl()
+ public void initialize(Map<String, Object> sharedState, Map<String, Object> options)
{
- this.aclMap = new HashMap<Resource, ACL>();
- this.factory = Persistence.createEntityManagerFactory("ACL");
}
- /*
- * (non-Javadoc)
- * @see org.jboss.security.acl.ACLProvider#createACL(org.jboss.security.authorization.Resource)
+ /**
+ * @see org.jboss.security.acl.ACLProvider#getEntitlements(java.lang.Class, org.jboss.security.authorization.Resource,
+ * org.jboss.security.identity.Identity)
*/
- public ACL createACL(Resource resource)
+ public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
+ throws AuthorizationException
{
- return this.createACL(resource, new ArrayList<ACLEntry>());
+ throw new NotImplementedException();
}
- /*
- * (non-Javadoc)
- * @see org.jboss.security.acl.ACLProvider#createACL(org.jboss.security.authorization.Resource, java.util.Collection)
+ /**
+ * @see org.jboss.security.acl.ACLProvider#getPersistenceStrategy()
*/
- public ACL createACL(Resource resource, Collection<ACLEntry> entries)
+ public ACLPersistenceStrategy getPersistenceStrategy()
{
- if (resource == null)
- throw new IllegalArgumentException("ACLs cannot be created for null resources");
-
- // check the cache first.
- ACL acl = this.aclMap.get(resource);
- if (acl == null)
- {
- EntityManager entityManager = this.factory.createEntityManager();
- EntityTransaction transaction = entityManager.getTransaction();
- transaction.begin();
- try
- {
- // create a new ACL and persist it to the database.
- acl = new ACLImpl(resource, entries);
- entityManager.persist(acl);
- // add the newly-created ACL to the cache.
- this.aclMap.put(resource, acl);
- transaction.commit();
- }
- catch (RuntimeException re)
- {
- re.printStackTrace();
- transaction.rollback();
- }
- finally
- {
- entityManager.close();
- }
- }
- return acl;
+ return this.strategy;
}
- /*
- * (non-Javadoc)
- * @see org.jboss.security.acl.ACLProvider#removeACL(org.jboss.security.acl.ACL)
+ /**
+ * @see org.jboss.security.acl.ACLProvider#setPersistenceStrategy(org.jboss.security.acl.ACLPersistenceStrategy)
*/
- public boolean removeACL(ACL acl)
+ public void setPersistenceStrategy(ACLPersistenceStrategy strategy)
{
- return this.removeACL(acl.getResource());
+ this.strategy = strategy;
}
- /*
- * (non-Javadoc)
- * @see org.jboss.security.acl.ACLProvider#removeACL(org.jboss.security.authorization.Resource)
+ /**
+ * @see org.jboss.security.acl.ACLProvider#isAccessGranted(org.jboss.security.authorization.Resource,
+ * org.jboss.security.identity.Identity, org.jboss.security.acl.ACLPermission)
*/
- public boolean removeACL(Resource resource)
+ public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission)
+ throws AuthorizationException
{
- boolean result = false;
-
- EntityManager entityManager = this.factory.createEntityManager();
- EntityTransaction transaction = entityManager.getTransaction();
- transaction.begin();
- try
+ if (this.strategy != null)
{
- // find the ACL associated with the specified resource and remove it from the database.
- ACL acl = this.findACLByResource(resource, entityManager);
+ ACL acl = strategy.getACL(resource);
if (acl != null)
- {
- entityManager.remove(acl);
- // remove the ACL from the cache.
- result = this.aclMap.remove(resource) != null;
- }
- transaction.commit();
+ return acl.isGranted(permission, identity);
+ else
+ throw new AuthorizationException("Unable to locate an ACL for the resource " + resource);
}
- catch (RuntimeException re)
- {
- re.printStackTrace();
- transaction.rollback();
- }
- finally
- {
- entityManager.close();
- }
- return result;
+ throw new AuthorizationException("Unable to retrieve ACL: persistece strategy not set");
}
- /*
- * (non-Javadoc)
- * @see org.jboss.security.acl.ACLProvider#getACL(org.jboss.security.authorization.Resource)
- */
- public ACL getACL(Resource resource)
- {
- // check the cache first.
- ACL acl = this.aclMap.get(resource);
- if (acl == null)
- {
- EntityManager entityManager = this.factory.createEntityManager();
- try
- {
- acl = this.findACLByResource(resource, entityManager);
- if (acl != null)
- this.aclMap.put(resource, acl);
- }
- finally
- {
- entityManager.close();
- }
- }
- return acl;
- }
-
- /*
- * (non-Javadoc)
- * @see org.jboss.security.acl.ACLProvider#updateACL(org.jboss.security.acl.ACL)
- */
- public boolean updateACL(ACL acl)
- {
- if (((ACLImpl) acl).getACLId() == 0)
- return false;
-
- EntityManager entityManager = this.factory.createEntityManager();
- EntityTransaction transaction = entityManager.getTransaction();
- transaction.begin();
- try
- {
- for (ACLEntry entry : acl.getEntries())
- {
- // persist the new entries that might have been added to the ACL.
- ACLEntryImpl entryImpl = (ACLEntryImpl) entry;
- if (entryImpl.getACLEntryId() == 0)
- entityManager.persist(entryImpl);
- }
- // merge will take care of the entries that might have been removed.
- entityManager.merge(acl);
- // update the cache.
- this.aclMap.put(acl.getResource(), acl);
- transaction.commit();
- return true;
- }
- catch (RuntimeException re)
- {
- re.printStackTrace();
- transaction.rollback();
- }
- finally
- {
- entityManager.close();
- }
- return false;
- }
-
/**
- * <p>
- * Searches the database for the {@code ACL} associated with the specified resource.
- * </p>
- *
- * @param resource the {@code Resource} that is associated with the {@code ACL} being searched.
- * @param entityManager the {@code EntityManager} used to search the database.
- * @return the {@code ACL} retrieved from the database, or {@code null} if no {@code ACL} could be found.
+ * @see org.jboss.security.acl.ACLProvider#tearDown()
*/
- private ACLImpl findACLByResource(Resource resource, EntityManager entityManager)
- {
- ACLImpl acl = null;
- try
- {
- acl = (ACLImpl) entityManager.createQuery(
- "SELECT a FROM ACLImpl a WHERE a.resourceAsString LIKE '" + Util.getResourceAsString(resource) + "'")
- .getSingleResult();
- acl.setResource(resource);
- }
- catch (NoResultException nre)
- {
- // ignore the exception when no ACL could be found for the given resource.
- }
- return acl;
- }
-
- /**
- * @see ACLProvider#getEntitlements(Class, Resource, Identity)
- */
- public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
- throws AuthorizationException
- {
- throw new NotImplementedException();
- }
-
- /**
- * @see ACLProvider#tearDown()
- */
public boolean tearDown()
{
return true;
}
- public void initialize(Map<String, Object> sharedState, Map<String, Object> options)
- {
- }
}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/JPAPersistenceStrategy.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/JPAPersistenceStrategy.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/org/jboss/security/acl/JPAPersistenceStrategy.java 2008-02-21 20:06:42 UTC (rev 70015)
@@ -0,0 +1,219 @@
+package org.jboss.security.acl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import javax.persistence.EntityTransaction;
+import javax.persistence.NoResultException;
+import javax.persistence.Persistence;
+
+import org.jboss.security.authorization.Resource;
+
+/**
+ * <p>
+ * Implementation of {@code ACLPersistenceStrategy} that uses the Java Persistence API (JPA) to
+ * persist the {@code ACL}s.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class JPAPersistenceStrategy implements ACLPersistenceStrategy
+{
+
+ // in memory cache of the created ACLs.
+ private final Map<Resource, ACL> aclMap;
+
+ private final EntityManagerFactory factory;
+
+ public JPAPersistenceStrategy()
+ {
+ this.aclMap = new HashMap<Resource, ACL>();
+ this.factory = Persistence.createEntityManagerFactory("ACL");
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#createACL(org.jboss.security.authorization.Resource)
+ */
+ public ACL createACL(Resource resource)
+ {
+ return this.createACL(resource, new ArrayList<ACLEntry>());
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#createACL(org.jboss.security.authorization.Resource, java.util.Collection)
+ */
+ public ACL createACL(Resource resource, Collection<ACLEntry> entries)
+ {
+ if (resource == null)
+ throw new IllegalArgumentException("ACLs cannot be created for null resources");
+
+ // check the cache first.
+ ACL acl = this.aclMap.get(resource);
+ if (acl == null)
+ {
+ EntityManager entityManager = this.factory.createEntityManager();
+ EntityTransaction transaction = entityManager.getTransaction();
+ transaction.begin();
+ try
+ {
+ // create a new ACL and persist it to the database.
+ acl = new ACLImpl(resource, entries);
+ entityManager.persist(acl);
+ // add the newly-created ACL to the cache.
+ this.aclMap.put(resource, acl);
+ transaction.commit();
+ }
+ catch (RuntimeException re)
+ {
+ re.printStackTrace();
+ transaction.rollback();
+ }
+ finally
+ {
+ entityManager.close();
+ }
+ }
+ return acl;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#removeACL(org.jboss.security.acl.ACL)
+ */
+ public boolean removeACL(ACL acl)
+ {
+ return this.removeACL(acl.getResource());
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#removeACL(org.jboss.security.authorization.Resource)
+ */
+ public boolean removeACL(Resource resource)
+ {
+ boolean result = false;
+
+ EntityManager entityManager = this.factory.createEntityManager();
+ EntityTransaction transaction = entityManager.getTransaction();
+ transaction.begin();
+ try
+ {
+ // find the ACL associated with the specified resource and remove it from the database.
+ ACL acl = this.findACLByResource(resource, entityManager);
+ if (acl != null)
+ {
+ entityManager.remove(acl);
+ // remove the ACL from the cache.
+ result = this.aclMap.remove(resource) != null;
+ }
+ transaction.commit();
+ }
+ catch (RuntimeException re)
+ {
+ re.printStackTrace();
+ transaction.rollback();
+ }
+ finally
+ {
+ entityManager.close();
+ }
+ return result;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#getACL(org.jboss.security.authorization.Resource)
+ */
+ public ACL getACL(Resource resource)
+ {
+ // check the cache first.
+ ACL acl = this.aclMap.get(resource);
+ if (acl == null)
+ {
+ EntityManager entityManager = this.factory.createEntityManager();
+ try
+ {
+ acl = this.findACLByResource(resource, entityManager);
+ if (acl != null)
+ this.aclMap.put(resource, acl);
+ }
+ finally
+ {
+ entityManager.close();
+ }
+ }
+ return acl;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLProvider#updateACL(org.jboss.security.acl.ACL)
+ */
+ public boolean updateACL(ACL acl)
+ {
+ if (((ACLImpl) acl).getACLId() == 0)
+ return false;
+
+ EntityManager entityManager = this.factory.createEntityManager();
+ EntityTransaction transaction = entityManager.getTransaction();
+ transaction.begin();
+ try
+ {
+ for (ACLEntry entry : acl.getEntries())
+ {
+ // persist the new entries that might have been added to the ACL.
+ ACLEntryImpl entryImpl = (ACLEntryImpl) entry;
+ if (entryImpl.getACLEntryId() == 0)
+ entityManager.persist(entryImpl);
+ }
+ // merge will take care of the entries that might have been removed.
+ entityManager.merge(acl);
+ // update the cache.
+ this.aclMap.put(acl.getResource(), acl);
+ transaction.commit();
+ return true;
+ }
+ catch (RuntimeException re)
+ {
+ re.printStackTrace();
+ transaction.rollback();
+ }
+ finally
+ {
+ entityManager.close();
+ }
+ return false;
+ }
+
+ /**
+ * <p>
+ * Searches the database for the {@code ACL} associated with the specified resource.
+ * </p>
+ *
+ * @param resource the {@code Resource} that is associated with the {@code ACL} being searched.
+ * @param entityManager the {@code EntityManager} used to search the database.
+ * @return the {@code ACL} retrieved from the database, or {@code null} if no {@code ACL} could be found.
+ */
+ private ACLImpl findACLByResource(Resource resource, EntityManager entityManager)
+ {
+ ACLImpl acl = null;
+ try
+ {
+ acl = (ACLImpl) entityManager.createQuery(
+ "SELECT a FROM ACLImpl a WHERE a.resourceAsString LIKE '" + Util.getResourceAsString(resource) + "'")
+ .getSingleResult();
+ acl.setResource(resource);
+ }
+ catch (NoResultException nre)
+ {
+ // ignore the exception when no ACL could be found for the given resource.
+ }
+ return acl;
+ }
+}
Deleted: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java 2008-02-21 20:02:57 UTC (rev 70014)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java 2008-02-21 20:06:42 UTC (rev 70015)
@@ -1,187 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.security.acl;
-
-import java.util.ArrayList;
-import java.util.Collection;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.acl.ACL;
-import org.jboss.security.acl.ACLEntry;
-import org.jboss.security.acl.ACLEntryImpl;
-import org.jboss.security.acl.ACLImpl;
-import org.jboss.security.acl.ACLProvider;
-import org.jboss.security.acl.ACLProviderImpl;
-import org.jboss.security.acl.BasicACLPermission;
-import org.jboss.security.identity.plugins.IdentityFactory;
-
-/**
- * <p>
- * This {@code TestCase} tests the funcionality exposed by the {@code ACLProvider}
- * interface
- * </p>
- *
- * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
- */
-public class ACLProviderUnitTestCase extends TestCase
-{
- private TestResource[] resources;
-
- private Collection<ACL> createdACLs;
-
- private ACLProvider provider;
-
- @Override
- protected void setUp() throws Exception
- {
- // create some test resources to be used by the tests.
- this.resources = new TestResource[10];
- for (int index = 0; index < this.resources.length; index++)
- this.resources[index] = new TestResource(index + 1);
- this.createdACLs = new ArrayList<ACL>();
- this.provider = new ACLProviderImpl();
- }
-
- @Override
- protected void tearDown() throws Exception
- {
- for (ACL acl : this.createdACLs)
- this.provider.removeACL(acl);
- }
-
- /**
- * <p>
- * Tests the creation of ACLs for resources.
- * </p>
- *
- * @throws Exception if an error occurs when running the test.
- */
- public void testACLCreation() throws Exception
- {
- // assert no ACL exists for any of the resources.
- for (int index = 0; index < this.resources.length; index++)
- assertNull(this.provider.getACL(this.resources[index]));
-
- // create ACLs for half of the resources.
- for (int index = 0; index < this.resources.length / 2; index++)
- {
- ACL acl = this.provider.createACL(this.resources[index]);
- this.createdACLs.add(acl);
- assertNotNull(acl);
- assertEquals("Unexpected entries found", 0, acl.getEntries().size());
- assertEquals("Unexpected resource", this.resources[index], acl.getResource());
- }
-
- // assert no ACL still exists for the remaining resources.
- int index = (this.resources.length / 2) + 1;
- for (; index < this.resources.length; index++)
- assertNull(this.provider.getACL(this.resources[index]));
-
- // assert that an ACL cannot be created for a null resource.
- boolean caughtException = false;
- try
- {
- this.provider.createACL(null);
- }
- catch (IllegalArgumentException iae)
- {
- caughtException = true;
- }
- assertTrue("Expected exception not thrown", caughtException);
- }
-
- /**
- * <p>
- * Tests the update of existing ACLs.
- * </p>
- *
- * @throws Exception if an error occurs when running the test.
- */
- public void testACLUpdate() throws Exception
- {
- // create an empty ACL.
- ACL acl = this.provider.createACL(this.resources[0]);
- this.createdACLs.add(acl);
- assertEquals("Unexpected entries found", 0, acl.getEntries().size());
-
- // add some entries to the ACL.
- int entriesNumber = 20;
- for (int i = 0; i < entriesNumber; i++)
- {
- ACLEntry entry = new ACLEntryImpl(BasicACLPermission.CREATE, IdentityFactory.createIdentity("Identity" + i));
- acl.addEntry(entry);
- }
- assertTrue("Failed to update the ACL", this.provider.updateACL(acl));
-
- // retrieve the ACL again and check it has the added entries.
- acl = this.provider.getACL(this.resources[0]);
- assertEquals("Invalid number of entries", entriesNumber, acl.getEntries().size());
-
- // now remove one of the entries.
- ACLEntry entry = acl.getEntries().iterator().next();
- acl.removeEntry(entry);
- assertTrue("Failed to update the ACL", this.provider.updateACL(acl));
-
- // retrieve the ACL again and check it has one less entry.
- acl = this.provider.getACL(this.resources[0]);
- assertEquals("Invalid number of entries", entriesNumber - 1, acl.getEntries().size());
-
- // assert that update fails for an ACL not managed by the provider.
- Collection<ACLEntry> entries = new ArrayList<ACLEntry>();
- entries.add(new ACLEntryImpl(BasicACLPermission.UPDATE, IdentityFactory.createIdentity("Another Identity")));
- ACL otherACL = new ACLImpl(this.resources[1], entries);
- assertFalse(this.provider.updateACL(otherACL));
- }
-
- /**
- * <p>
- * Tests the removal of existing ACLs.
- * </p>
- *
- * @throws Exception if an error occurs when running the test.
- */
- public void testACLRemoval() throws Exception
- {
- ACL[] acls = new ACL[this.resources.length];
- for (int index = 0; index < this.resources.length; index++)
- {
- acls[index] = this.provider.createACL(this.resources[index]);
- this.createdACLs.add(acls[index]);
- }
-
- // remove some ACLs.
- for (int index = 0; index < this.resources.length / 2; index++)
- {
- assertTrue(this.provider.removeACL(acls[index]));
- // assert no ACL is associated to the resources anymore.
- assertNull(this.provider.getACL(this.resources[index]));
- // removing an ACL that is not managed anymore by the provider must return false.
- assertFalse(this.provider.removeACL(acls[index]));
- }
-
- // assert the remaining resources are still associated with an ACL.
- int index = (this.resources.length / 2) + 1;
- for (; index < this.resources.length; index++)
- assertNotNull(this.provider.getACL(this.resources[index]));
- }
-}
Modified: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java 2008-02-21 20:02:57 UTC (rev 70014)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLUseTestCase.java 2008-02-21 20:06:42 UTC (rev 70015)
@@ -27,14 +27,18 @@
import junit.framework.TestCase;
-import org.jboss.security.acl.ACL;
import org.jboss.security.acl.ACLEntry;
import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLPersistenceStrategy;
import org.jboss.security.acl.ACLProvider;
import org.jboss.security.acl.ACLProviderImpl;
+import org.jboss.security.acl.ACLRegistration;
import org.jboss.security.acl.BasicACLPermission;
import org.jboss.security.acl.BitMaskPermission;
import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.acl.JPAPersistenceStrategy;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.Resource;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.plugins.IdentityFactory;
@@ -55,12 +59,19 @@
private Identity[] identities;
+ private ACLPersistenceStrategy strategy;
+
+ private ACLRegistration registration;
+
private ACLProvider provider;
@Override
protected void setUp() throws Exception
{
+ this.strategy = new JPAPersistenceStrategy();
+ this.registration = new TestACLRegistration(strategy);
this.provider = new ACLProviderImpl();
+ this.provider.setPersistenceStrategy(strategy);
// create the resources used in the tests.
this.resources = new TestResource[TOTAL_RESOURCES];
@@ -76,7 +87,7 @@
BitMaskPermission noPermission = new CompositeACLPermission();
BitMaskPermission allPermission = new CompositeACLPermission(BasicACLPermission.values());
- // create the ACLs for the resources.
+ // register the ACLs for the resources used by the tests.
for (int i = 0; i < TOTAL_RESOURCES; i++)
{
Collection<ACLEntry> entries = new ArrayList<ACLEntry>();
@@ -96,18 +107,17 @@
entries.add(new ACLEntryImpl(noPermission, this.identities[j]));
}
}
- this.provider.createACL(this.resources[i], entries);
+ this.registration.registerACL(this.resources[i], entries);
}
}
- // @Override
- // protected void tearDown() throws Exception
- // {
- // for (TestResource resource : this.resources)
- // this.provider.removeACL(resource);
- // this.resources = null;
- // this.identities = null;
- // }
+ @Override
+ protected void tearDown() throws Exception
+ {
+ // deregisters the ACLs.
+ for (Resource resource : this.resources)
+ this.registration.deRegisterACL(resource);
+ }
/**
* <p>
@@ -153,22 +163,6 @@
this.updateResource(resource, identity);
assertEquals("Resource name hasn't changed as expected", "Changed Name", resource.getResourceName());
}
-
- // try to remove all "even" resources using an identity without removal permission. Note that identities[5] has all
- // permissions, but only for the "odd" resources, so it should not be able to remove an "even" resource.
- for (int index = 0; index < TOTAL_RESOURCES; index += 2)
- {
- this.removeResource(index, identity);
- assertNotNull(this.resources[index]);
- }
-
- // repeat the test, this time using an identity with the removal permission.
- identity = this.identities[0];
- for (int index = 0; index < TOTAL_RESOURCES; index += 2)
- {
- this.removeResource(index, identity);
- assertNull(this.resources[index]);
- }
}
/**
@@ -182,13 +176,21 @@
private TestResource[] filterResources(Identity identity)
{
List<TestResource> filteredResources = new ArrayList<TestResource>();
+ // iterate through the resources and add those that can be accessed by the identity.
for (TestResource resource : this.resources)
{
- // first retrieve the ACL associated with the resource.
- ACL acl = this.provider.getACL(resource);
- // then check the identity has the READ permission on the resource.
- if (acl.isGranted(BasicACLPermission.READ, identity))
+ boolean isGranted = false;
+ try
{
+ // check the identity has the READ permission on the resource.
+ isGranted = this.provider.isAccessGranted(resource, identity, BasicACLPermission.READ);
+ }
+ catch (AuthorizationException ae)
+ {
+ fail("Unexpected exception: " + ae.getMessage());
+ }
+ if (isGranted)
+ {
filteredResources.add(resource);
}
}
@@ -206,28 +208,17 @@
*/
private void updateResource(TestResource resource, Identity identity)
{
- // update the resource's name, checking the identity's permission first.
- ACL acl = this.provider.getACL(resource);
- assertNotNull(acl);
- if (acl.isGranted(BasicACLPermission.UPDATE, identity))
+ boolean isGranted = false;
+ try
+ {
+ isGranted = this.provider.isAccessGranted(resource, identity, BasicACLPermission.UPDATE);
+ }
+ catch (AuthorizationException ae)
+ {
+ fail("Unexpected exception: " + ae.getMessage());
+ }
+ if (isGranted)
resource.setResourceName("Changed Name");
}
- /**
- * <p>
- * Utility method that uses ACLs to decide if the specified identity is allowed to remove the resource from
- * the resources array.
- * </p>
- *
- * @param resourceIndex the index of the {@code TestResource} to be removed in the resources array.
- * @param identity the {@code Identity} that wants to remove the resource.
- */
- private void removeResource(int resourceIndex, Identity identity)
- {
- // check the identity's permission.
- ACL acl = this.provider.getACL(this.resources[resourceIndex]);
- assertNotNull(acl);
- if (acl.isGranted(BasicACLPermission.DELETE, identity))
- this.resources[resourceIndex] = null;
- }
}
Copied: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/JPAStrategyUnitTestCase.java (from rev 69795, projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/ACLProviderUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/JPAStrategyUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/JPAStrategyUnitTestCase.java 2008-02-21 20:06:42 UTC (rev 70015)
@@ -0,0 +1,187 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.acl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLImpl;
+import org.jboss.security.acl.ACLPersistenceStrategy;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.JPAPersistenceStrategy;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the funcionality exposed by the {@code ACLProvider}
+ * interface
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class JPAStrategyUnitTestCase extends TestCase
+{
+ private TestResource[] resources;
+
+ private Collection<ACL> createdACLs;
+
+ private ACLPersistenceStrategy strategy;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ // create some test resources to be used by the tests.
+ this.resources = new TestResource[10];
+ for (int index = 0; index < this.resources.length; index++)
+ this.resources[index] = new TestResource(index + 1);
+ this.createdACLs = new ArrayList<ACL>();
+ this.strategy = new JPAPersistenceStrategy();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ for (ACL acl : this.createdACLs)
+ this.strategy.removeACL(acl);
+ }
+
+ /**
+ * <p>
+ * Tests the creation of ACLs for resources.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLCreation() throws Exception
+ {
+ // assert no ACL exists for any of the resources.
+ for (int index = 0; index < this.resources.length; index++)
+ assertNull(this.strategy.getACL(this.resources[index]));
+
+ // create ACLs for half of the resources.
+ for (int index = 0; index < this.resources.length / 2; index++)
+ {
+ ACL acl = this.strategy.createACL(this.resources[index]);
+ this.createdACLs.add(acl);
+ assertNotNull(acl);
+ assertEquals("Unexpected entries found", 0, acl.getEntries().size());
+ assertEquals("Unexpected resource", this.resources[index], acl.getResource());
+ }
+
+ // assert no ACL still exists for the remaining resources.
+ int index = (this.resources.length / 2) + 1;
+ for (; index < this.resources.length; index++)
+ assertNull(this.strategy.getACL(this.resources[index]));
+
+ // assert that an ACL cannot be created for a null resource.
+ boolean caughtException = false;
+ try
+ {
+ this.strategy.createACL(null);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ caughtException = true;
+ }
+ assertTrue("Expected exception not thrown", caughtException);
+ }
+
+ /**
+ * <p>
+ * Tests the update of existing ACLs.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLUpdate() throws Exception
+ {
+ // create an empty ACL.
+ ACL acl = this.strategy.createACL(this.resources[0]);
+ this.createdACLs.add(acl);
+ assertEquals("Unexpected entries found", 0, acl.getEntries().size());
+
+ // add some entries to the ACL.
+ int entriesNumber = 20;
+ for (int i = 0; i < entriesNumber; i++)
+ {
+ ACLEntry entry = new ACLEntryImpl(BasicACLPermission.CREATE, IdentityFactory.createIdentity("Identity" + i));
+ acl.addEntry(entry);
+ }
+ assertTrue("Failed to update the ACL", this.strategy.updateACL(acl));
+
+ // retrieve the ACL again and check it has the added entries.
+ acl = this.strategy.getACL(this.resources[0]);
+ assertEquals("Invalid number of entries", entriesNumber, acl.getEntries().size());
+
+ // now remove one of the entries.
+ ACLEntry entry = acl.getEntries().iterator().next();
+ acl.removeEntry(entry);
+ assertTrue("Failed to update the ACL", this.strategy.updateACL(acl));
+
+ // retrieve the ACL again and check it has one less entry.
+ acl = this.strategy.getACL(this.resources[0]);
+ assertEquals("Invalid number of entries", entriesNumber - 1, acl.getEntries().size());
+
+ // assert that update fails for an ACL not managed by the strategy.
+ Collection<ACLEntry> entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(BasicACLPermission.UPDATE, IdentityFactory.createIdentity("Another Identity")));
+ ACL otherACL = new ACLImpl(this.resources[1], entries);
+ assertFalse(this.strategy.updateACL(otherACL));
+ }
+
+ /**
+ * <p>
+ * Tests the removal of existing ACLs.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testACLRemoval() throws Exception
+ {
+ ACL[] acls = new ACL[this.resources.length];
+ for (int index = 0; index < this.resources.length; index++)
+ {
+ acls[index] = this.strategy.createACL(this.resources[index]);
+ this.createdACLs.add(acls[index]);
+ }
+
+ // remove some ACLs.
+ for (int index = 0; index < this.resources.length / 2; index++)
+ {
+ assertTrue(this.strategy.removeACL(acls[index]));
+ // assert no ACL is associated to the resources anymore.
+ assertNull(this.strategy.getACL(this.resources[index]));
+ // removing an ACL that is not managed anymore by the strategy must return false.
+ assertFalse(this.strategy.removeACL(acls[index]));
+ }
+
+ // assert the remaining resources are still associated with an ACL.
+ int index = (this.resources.length / 2) + 1;
+ for (; index < this.resources.length; index++)
+ assertNotNull(this.strategy.getACL(this.resources[index]));
+ }
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestACLRegistration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestACLRegistration.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/org/jboss/test/security/acl/TestACLRegistration.java 2008-02-21 20:06:42 UTC (rev 70015)
@@ -0,0 +1,59 @@
+package org.jboss.test.security.acl;
+
+import java.util.Collection;
+
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLPersistenceStrategy;
+import org.jboss.security.acl.ACLRegistration;
+import org.jboss.security.authorization.Resource;
+
+/**
+ * <p>
+ * A simple implementation of {@code ACLRegistration} for tests purposes. It uses a {@code ACLPersistenceStrategy}
+ * to persist/remove the {@code ACL}s upon registration/deregistration.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class TestACLRegistration implements ACLRegistration
+{
+
+ private final ACLPersistenceStrategy strategy;
+
+ /**
+ * <p>
+ * Builds an instance of {@code TestACLRegistration}.
+ * </p>
+ *
+ * @param strategy the {@code ACLPersistenceStrategy} to be used by this implementation.
+ */
+ public TestACLRegistration(ACLPersistenceStrategy strategy)
+ {
+ this.strategy = strategy;
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLRegistration#deRegisterACL(org.jboss.security.authorization.Resource)
+ */
+ public void deRegisterACL(Resource resource)
+ {
+ this.strategy.removeACL(resource);
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLRegistration#registerACL(org.jboss.security.authorization.Resource)
+ */
+ public void registerACL(Resource resource)
+ {
+ this.strategy.createACL(resource);
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLRegistration#registerACL(org.jboss.security.authorization.Resource, java.util.Collection)
+ */
+ public void registerACL(Resource resource, Collection<ACLEntry> entries)
+ {
+ this.strategy.createACL(resource, entries);
+ }
+
+}
More information about the jboss-cvs-commits
mailing list