[jboss-cvs] JBossAS SVN: r79668 - in projects/security/security-jboss-sx/trunk/jbosssx/src/test: resources/authorization and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Oct 17 14:39:55 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-10-17 14:39:55 -0400 (Fri, 17 Oct 2008)
New Revision: 79668
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authorization/AuthorizationContextUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/authorization/config/
projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/authorization/config/authorization-policy.xml
Log:
authorization config test case testing the options (required, requisite, sufficient, optional) behavior
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authorization/AuthorizationContextUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authorization/AuthorizationContextUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authorization/AuthorizationContextUnitTestCase.java 2008-10-17 18:39:55 UTC (rev 79668)
@@ -0,0 +1,235 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.security.auth.spi.UsersObjectModelFactory;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
+import org.jboss.security.config.PolicyConfig;
+import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+import org.jboss.xb.binding.Unmarshaller;
+import org.jboss.xb.binding.UnmarshallerFactory;
+
+
+public class AuthorizationContextUnitTestCase extends JBossTestCase
+{
+ private static PolicyConfig policyConfig = null;
+
+ public AuthorizationContextUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(AuthorizationContextUnitTestCase.class));
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossTestSetup(suite)
+ {
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ URL url = tcl.getResource("authorization/config/authorization-policy.xml");
+ if(url == null)
+ throw new IllegalStateException("config url is null");
+ loadXMLConfig(url);
+ }
+ protected void tearDown() throws Exception
+ {
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+
+
+ /**
+ * Test the AuthorizationModule required behavior
+ */
+ public void testRequiredOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ int result = getResult("required-permit-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("required-deny-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ }
+
+ /**
+ * Test the AuthorizationModule requisite behavior
+ */
+ public void testRequisiteOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ int result = getResult("requisite-permit-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("requisite-deny-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ }
+
+
+ /**
+ * Test the AuthorizationModule sufficient behavior
+ */
+ public void testSufficientOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ int result = getResult("sufficient-permit-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("sufficient-deny-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ }
+
+
+ /**
+ * Test the AuthorizationModule optional behavior
+ */
+ public void testOptionalOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ int result = getResult("optional-permit-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("optional-deny-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ }
+
+ /**
+ * Test the AuthorizationModules combination behavior
+ */
+ public void testCombinationBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ int result = getResult("required-deny-sufficient-permit-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ result = getResult("required-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("required-permit-required-deny-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ result = getResult("required-permit-required-permit-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("required-permit-required-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("required-permit-required-permit-requisite-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("required-permit-required-permit-optional-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("required-permit-required-deny-requisite-permit-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ result = getResult("requisite-permit-requisite-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+
+ result = getResult("sufficient-permit-required-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("sufficient-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+ result = getResult("optional-deny-sufficient-permit-required-deny-policy");
+ assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
+
+ result = getResult("sufficient-deny-optional-deny-policy");
+ assertTrue("DENY?", AuthorizationContext.DENY == result);
+ }
+
+ private int getResult(String policyName) throws Exception
+ {
+ int result = AuthorizationContext.DENY;
+
+ JBossAuthorizationContext aContext = new JBossAuthorizationContext(policyName,
+ new Subject(),
+ new TestCallbackHandler());
+ aContext.setApplicationPolicy(policyConfig.get(policyName));
+ try
+ {
+ result = aContext.authorize(new Resource()
+ {
+ public ResourceType getLayer()
+ {
+ return ResourceType.WEB;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Map getMap()
+ {
+ return new HashMap();
+ }
+ });
+ }
+ catch(AuthorizationException e)
+ {
+ result = AuthorizationContext.DENY;
+ }
+ return result;
+ }
+
+ /**
+ * Use JBossXB to parse the security config file
+ * @param loginConfigURL
+ * @throws Exception
+ */
+ private static void loadXMLConfig(URL loginConfigURL)
+ throws Exception
+ {
+ if(loginConfigURL == null)
+ throw new IllegalArgumentException("loginConfigURL is null");
+ SecurityConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
+ UsersObjectModelFactory uomf = new UsersObjectModelFactory();
+
+ InputStreamReader xmlReader = new InputStreamReader(loginConfigURL.openStream());
+ Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
+ unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
+ policyConfig = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, (Object)null);
+ }
+
+ /**
+ * Dummy CallbackHandler
+ */
+ private static class TestCallbackHandler implements CallbackHandler
+ {
+ public void handle(Callback[] arg0)
+ throws IOException, UnsupportedCallbackException
+ {
+ }
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/authorization/config/authorization-policy.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/authorization/config/authorization-policy.xml (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/authorization/config/authorization-policy.xml 2008-10-17 18:39:55 UTC (rev 79668)
@@ -0,0 +1,155 @@
+<jbsx:policy xsi:schemaLocation="urn:jboss:security-config:5.0 resource:security-config_5_0.xsd" xmlns:jbsx="urn:jboss:security-config:5.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ <jbsx:application-policy name="xacml-domain">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="requisite-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="requisite" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="requisite-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="requisite" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="optional-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="optional-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-deny-sufficient-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-sufficient-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-sufficient-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-requisite-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="requisite" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-optional-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="optional" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-deny-requisite-permit-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="requisite" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="requisite-permit-requisite-permit-sufficient-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="requisite" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="requisite" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-permit-required-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="sufficient" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-permit-sufficient-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="sufficient" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="optional-deny-sufficient-permit-required-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="optional" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="sufficient" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-deny-optional-deny-policy">
+ <jbsx:authorization>
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
+ <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="optional" />
+ </jbsx:authorization>
+ </jbsx:application-policy>
+
+</jbsx:policy>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list