[jboss-cvs] JBossAS SVN: r78000 - in projects/security/security-jboss-sx/trunk: acl/src/main/java/org/jboss/security/acl and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Sep 4 14:53:24 EDT 2008
Author: sguilhen at redhat.com
Date: 2008-09-04 14:53:23 -0400 (Thu, 04 Sep 2008)
New Revision: 78000
Added:
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/EntitlementEntry.java
projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLProviderUnitTestCase.java
Modified:
projects/security/security-jboss-sx/trunk/acl/.classpath
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLProviderImpl.java
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/BasicACLPermission.java
projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/CompositeACLPermission.java
projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLUnitTestCase.java
projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/TestResource.java
projects/security/security-jboss-sx/trunk/parent/pom.xml
Log:
SECURITY-258: Added a default implementation to ACLProvider.getEntitlements that returns a set of EntitlementEntry objects. Each entry contains a resource and the permissions that have been assigned to the identity with respect to this resource. Added a testcase to cover the ACLProviderImpl.
Modified: projects/security/security-jboss-sx/trunk/acl/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/.classpath 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/.classpath 2008-09-04 18:53:23 UTC (rev 78000)
@@ -1,44 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="." including="JBossORG-EULA.txt" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/main/java"/>
- <classpathentry kind="src" path="src/main/resources" including="**/*.dtd|**/*.xsd" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/tests/java" output="target/test-classes"/>
- <classpathentry kind="src" path="src/tests/resources" output="target/test-classes" including="**/*.xml" excluding="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.2/hsqldb-1.8.0.2.jar"/>
- <classpathentry kind="src" path="/identity-impl"/>
- <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.3.GA/javassist-3.3.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR6/jboss-security-spi-2.0.2.CR6.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
-</classpath>
\ No newline at end of file
+ <classpathentry excluding="**/*.java" including="JBossORG-EULA.txt" kind="src" path=""/>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd" kind="src" path="src/main/resources"/>
+ <classpathentry kind="src" output="target/test-classes" path="src/tests/java"/>
+ <classpathentry excluding="**/*.java" including="**/*.xml" kind="src" output="target/test-classes" path="src/tests/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.2/hsqldb-1.8.0.2.jar"/>
+ <classpathentry kind="src" path="/identity-impl"/>
+ <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.3.GA/javassist-3.3.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2-SNAPSHOT/jboss-security-spi-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLImpl.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -44,8 +44,8 @@
/**
* <p>
- * Simple ACL implementation that keeps the entries in a Map whose keys are the
- * identities of the entries, to provide fast access.
+ * Simple ACL implementation that keeps the entries in a Map whose keys are the identities of the entries, to provide
+ * fast access.
* </p>
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
@@ -89,8 +89,7 @@
* Builds an instance of {@code ACLImpl} for the specified resource.
* </p>
*
- * @param resource a reference to the {@code Resource} associated with
- * the ACL being constructed.
+ * @param resource a reference to the {@code Resource} associated with the ACL being constructed.
*/
public ACLImpl(Resource resource)
{
@@ -99,13 +98,11 @@
/**
* <p>
- * Builds an instance of {@code ACLImpl} for the specified resource, and initialize
- * it with the specified entries.
+ * Builds an instance of {@code ACLImpl} for the specified resource, and initialize it with the specified entries.
* </p>
*
- * @param resource a reference to the {@code Resource} associated with
- * the ACL being constructed.
- * @param entries a {@code Collection} containing the ACL's initial entries.
+ * @param resource a reference to the {@code Resource} associated with the ACL being constructed.
+ * @param entries a {@code Collection} containing the ACL's initial entries.
*/
public ACLImpl(Resource resource, Collection<ACLEntry> entries)
{
@@ -138,6 +135,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACL#addEntry(org.jboss.security.acl.ACLEntry)
*/
public boolean addEntry(ACLEntry entry)
@@ -156,6 +154,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACL#removeEntry(org.jboss.security.acl.ACLEntry)
*/
public boolean removeEntry(ACLEntry entry)
@@ -168,6 +167,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACL#getEntries()
*/
public Collection<? extends ACLEntry> getEntries()
@@ -179,8 +179,20 @@
/*
* (non-Javadoc)
- * @see org.jboss.security.acl.ACL#isGranted(org.jboss.security.acl.ACLPermission, org.jboss.security.identity.Identity)
+ *
+ * @see org.jboss.security.acl.ACL#getEntry(org.jboss.security.identity.Identity)
*/
+ public ACLEntry getEntry(Identity identity)
+ {
+ return this.entriesMap.get(identity);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.acl.ACL#isGranted(org.jboss.security.acl.ACLPermission,
+ * org.jboss.security.identity.Identity)
+ */
public boolean isGranted(ACLPermission permission, Identity identity)
{
if (this.entriesMap == null)
@@ -201,7 +213,7 @@
* Obtains the stringfied representation of the resource associated with this {@code ACL}.
* </p>
*
- * @return a {@code String} representation of the resource.
+ * @return a {@code String} representation of the resource.
*/
public String getResourceAsString()
{
@@ -210,6 +222,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.ACL#getResource()
*/
public Resource getResource()
@@ -222,7 +235,7 @@
* Sets the resource associated with this {@code ACL}.
* </p>
*
- * @param resource a reference to the {@code Resource} associated with this {@code ACL}.
+ * @param resource a reference to the {@code Resource} associated with this {@code ACL}.
*/
public void setResource(Resource resource)
{
@@ -242,4 +255,5 @@
for (ACLEntry entry : this.entries)
this.entriesMap.put(entry.getIdentity(), entry);
}
+
}
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLProviderImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLProviderImpl.java 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/ACLProviderImpl.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -24,13 +24,15 @@
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.Collection;
+import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.identity.Identity;
-import org.jboss.util.NotImplementedException;
/**
* <p>
@@ -75,13 +77,124 @@
* @see org.jboss.security.acl.ACLProvider#getEntitlements(java.lang.Class,
* org.jboss.security.authorization.Resource, org.jboss.security.identity.Identity)
*/
+ @SuppressWarnings("unchecked")
public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
throws AuthorizationException
{
- // TODO: how to instantiate and populate T - how to traverse through resources?
- throw new NotImplementedException();
+ // currently we only provide sets of EntitlementEntry objects.
+ if (!EntitlementEntry.class.equals(clazz))
+ return null;
+
+ Set<EntitlementEntry> entitlements = new HashSet<EntitlementEntry>();
+ // get the initial permissions - those that apply to the specified resource.
+ ACLPermission permission = this.getInitialPermissions(resource, identity);
+ if (permission != null)
+ this.fillEntitlements(entitlements, resource, identity, permission);
+ return (Set<T>) entitlements;
}
+ /**
+ * <p>
+ * Helper method that populates the {@code entitlements} collection as it traverses through the resources. The
+ * resources are visited using a depth-first search algorithm, and when each node is visited one of the following
+ * happens:
+ * <li>
+ * <ul>
+ * an ACL for the resource is located and there is an entry for the identity - the permissions assigned to the
+ * identity are used to construct the {@code EntitlementEntry} object and this object is added to the collection. The
+ * method is then called recursively for each one of the resource's children passing the permissions that were
+ * extracted from the ACL.
+ * </ul>
+ * <ul>
+ * an ACL for the resource is found, but there is no entry for the identity - this means the identity doesn't have
+ * any permissions regarding the specified resource. Thus, no {@code EntitlementEntry} object is constructed and the
+ * method simply returns. No child resources are processed as it is assumed that the identity doesn't have the right
+ * to do anything in the resource's subtree.
+ * </ul>
+ * <ul>
+ * no ACL is found - this means that the resource itself is not protected by any ACL. We assume that if a parent
+ * resource has an ACL, then the permissions assigned to the parent's ACL should be used.
+ * </ul>
+ * </li>
+ * </p>
+ *
+ * @param entitlements a reference for the collection of {@code EntitlementEntry} objects that is being constructed.
+ * @param resource the {@code Resource} being visited.
+ * @param identity the {@code Identity} for which the entitlements are being built.
+ * @param permission the {@code ACLPermission} to be used in case no ACL is found for the resource being visited.
+ */
+ @SuppressWarnings("unchecked")
+ private void fillEntitlements(Set<EntitlementEntry> entitlements, Resource resource, Identity identity,
+ ACLPermission permission)
+ {
+ ACLPermission currentPermission = permission;
+
+ ACL acl = this.strategy.getACL(resource);
+ if (acl != null)
+ {
+ ACLEntry entry = acl.getEntry(identity);
+ // null entry means the identity has no permissions over the specified resource.
+ if (entry == null)
+ return;
+ currentPermission = entry.getPermission();
+ entitlements.add(new EntitlementEntry(resource, currentPermission));
+ }
+ else
+ {
+ // if resource's ACL is null, build an entry using the permission parameter.
+ entitlements.add(new EntitlementEntry(resource, currentPermission));
+ }
+
+ // iterate through the sub-resources (if any), adding their entries to the entitlements collection.
+ Collection<Resource> childResources = (Collection<Resource>) resource.getMap().get(ResourceKeys.CHILD_RESOURCES);
+ if (childResources != null)
+ {
+ for (Resource childResource : childResources)
+ fillEntitlements(entitlements, childResource, identity, currentPermission);
+ }
+ }
+
+ /**
+ * <p>
+ * This method retrieves the permissions the specified identity has over the specified resource. It starts by looking
+ * for the resource's ACL. If one is found and if the ACL has entry for the identity, the respective permissions are
+ * returned. If no entry is found, we assume the identity hasn't been assigned any permissions and {@code null} is
+ * returned.
+ * </p>
+ * <p>
+ * If the resource doesn't have an associated ACL, we start looking for an ACL in the parent resource recursively,
+ * until an ACL is located or until no parent resource is found. In the first case, the algorithm described above is
+ * used to return the identity's permissions. In the latter case, we return all permissions (lack of an ACL means
+ * that the resource is not protected and the user should be granted all permissions).
+ * </p>
+ *
+ * @param resource the {@code Resource} for which we want to discover the permissions that have been assigned to the
+ * specified identity.
+ * @param identity the {@code Identity} for which we want to discover the permissions regarding the specified
+ * resource.
+ * @return an {@code ACLPermission} containing the permissions that have been assigned to the identity with respect
+ * to the specified resource, or {@code null} if the identity has no permissions at all.
+ */
+ private ACLPermission getInitialPermissions(Resource resource, Identity identity)
+ {
+ ACL acl = this.strategy.getACL(resource);
+ // if no ACL was found, try to find a parent ACL.
+ if (acl == null)
+ {
+ Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE);
+ if (parent != null)
+ return getInitialPermissions(parent, identity);
+ // no ACL was found and no parent resource exists - identity has all permissions as resource is not protected.
+ return new CompositeACLPermission(BasicACLPermission.values());
+ }
+ // if an ACL was found, return the permissions associated with the specified identity.
+ ACLEntry entry = acl.getEntry(identity);
+ if (entry != null)
+ return entry.getPermission();
+ // the absence of an entry means that the identity has no permissions over the specified resource.
+ return null;
+ }
+
/*
* (non-Javadoc)
*
@@ -99,7 +212,7 @@
*/
public void setPersistenceStrategy(ACLPersistenceStrategy strategy)
{
- if(strategy == null)
+ if (strategy == null)
throw new IllegalArgumentException("PersistenceStrategy cannot be null");
this.strategy = strategy;
}
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/BasicACLPermission.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/BasicACLPermission.java 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/BasicACLPermission.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -21,6 +21,7 @@
*/
package org.jboss.security.acl;
+
/**
* <p>
* This enum defines the basic ACL permissions. Each permission defined here is represented by a unique
@@ -63,4 +64,16 @@
{
return this.mask;
}
+
+ /**
+ * <p>
+ * Returns the binary representation of this permission.
+ * </p>
+ *
+ * @return a {@code String} containing this permission's binary representation.
+ */
+ public String toBinaryString()
+ {
+ return Integer.toBinaryString(this.mask);
+ }
}
Modified: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/CompositeACLPermission.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/CompositeACLPermission.java 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/CompositeACLPermission.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -23,10 +23,10 @@
/**
* <p>
- * This class represents a composite permission - a permission that contains one or more basic permissions.
- * The bitmask value of this permission is calculated by combining (logical or) the bitmask values of the
- * basic permissions it contains. Thus, a composite permission's bitmask can have more than one bit on, and
- * each bit corresponds to one of the basic permissions that are part of the composite permission.
+ * This class represents a composite permission - a permission that contains one or more basic permissions. The bitmask
+ * value of this permission is calculated by combining (logical or) the bitmask values of the basic permissions it
+ * contains. Thus, a composite permission's bitmask can have more than one bit on, and each bit corresponds to one of
+ * the basic permissions that are part of the composite permission.
* </p>
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
@@ -64,6 +64,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.acl.MaskPermission#getMask()
*/
public int getMaskValue()
@@ -73,6 +74,7 @@
/*
* (non-Javadoc)
+ *
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
@@ -85,6 +87,7 @@
/*
* (non-Javadoc)
+ *
* @see java.lang.Object#hashCode()
*/
@Override
@@ -95,11 +98,32 @@
/*
* (non-Javadoc)
+ *
* @see java.lang.Object#toString()
*/
@Override
public String toString()
{
+ if (this.mask == 0)
+ return "NO PERMISSION";
+ StringBuffer buffer = new StringBuffer();
+ for (BasicACLPermission permission : BasicACLPermission.values())
+ {
+ if((permission.getMaskValue() & this.mask) != 0)
+ buffer.append(permission.toString() + ",");
+ }
+ return buffer.substring(0, buffer.lastIndexOf(","));
+ }
+
+ /**
+ * <p>
+ * Returns the binary representation of this permission.
+ * </p>
+ *
+ * @return a {@code String} containing this permission's binary representation.
+ */
+ public String toBinaryString()
+ {
return Integer.toBinaryString(this.mask);
}
}
Added: projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/EntitlementEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/EntitlementEntry.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/EntitlementEntry.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+import org.jboss.security.authorization.Resource;
+
+/**
+ * <p>
+ * This class represents a standard entry in the collection returned by the {@code ACLProvider.getEntitlements} method.
+ * It contains the permissions that a particular identity has over an specific resource.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class EntitlementEntry
+{
+ private final Resource resource;
+
+ private final ACLPermission permission;
+
+ /**
+ * <p>
+ * Creates an instance of {@code EntitlementEntry} with the specified resource and permissions.
+ * </p>
+ *
+ * @param resource a reference to the {@code Resource} object.
+ * @param permission the permissions a particular identity has over the specified resource.
+ */
+ public EntitlementEntry(Resource resource, ACLPermission permission)
+ {
+ if(resource == null || permission == null)
+ throw new IllegalArgumentException("Illegal null value for resource or permission");
+ this.resource = resource;
+ this.permission = permission;
+ }
+
+ public Resource getResource()
+ {
+ return this.resource;
+ }
+
+ public ACLPermission getPermission()
+ {
+ return this.permission;
+ }
+
+}
Added: projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLProviderUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLProviderUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLProviderUnitTestCase.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -0,0 +1,219 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.acl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLPersistenceStrategy;
+import org.jboss.security.acl.ACLProvider;
+import org.jboss.security.acl.ACLProviderImpl;
+import org.jboss.security.acl.ACLRegistration;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.acl.EntitlementEntry;
+import org.jboss.security.acl.JPAPersistenceStrategy;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the functionality implemented by the {@code ACLProviderImpl} class.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLProviderUnitTestCase extends TestCase
+{
+
+ private Resource[] resources;
+
+ private Identity identity;
+
+ private final ACLRegistration registration;
+
+ private final ACLProvider provider;
+
+ /**
+ * <p>
+ * Default constructor. Initializes the state of this {@code TestCase}.
+ * </p>
+ */
+ public ACLProviderUnitTestCase()
+ {
+ ACLPersistenceStrategy strategy = new JPAPersistenceStrategy();
+ this.registration = new TestACLRegistration(strategy);
+ this.provider = new ACLProviderImpl();
+ provider.setPersistenceStrategy(strategy);
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see junit.framework.TestCase#setUp()
+ */
+ @Override
+ public void setUp() throws Exception
+ {
+ // =================================== IDENTITY ============================= //
+ this.identity = IdentityFactory.createIdentity("Test Identity");
+
+ // =================================== RESOURCES ============================= //
+ this.resources = new Resource[10];
+ for (int i = 0; i < resources.length; i++)
+ resources[i] = new TestResource(i, "Resource " + i);
+
+ // create the relationships between the resources.
+ Collection<Resource> childResources = new ArrayList<Resource>();
+ // resource 0 has resource 1 as child.
+ childResources.add(resources[1]);
+ resources[0].getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resources[1].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[0]);
+ // resource 1 has resource 2 as child.
+ childResources = new ArrayList<Resource>();
+ childResources.add(resources[2]);
+ resources[1].getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resources[2].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[1]);
+ // resource 2 has resources 3, 4 and 5 as children.
+ childResources = new ArrayList<Resource>();
+ childResources.add(resources[3]);
+ childResources.add(resources[4]);
+ childResources.add(resources[5]);
+ resources[2].getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resources[3].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[2]);
+ resources[4].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[2]);
+ resources[5].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[2]);
+ // resource 4 has resources 6 and 7 as children.
+ childResources = new ArrayList<Resource>();
+ childResources.add(resources[6]);
+ childResources.add(resources[7]);
+ resources[4].getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resources[6].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[4]);
+ resources[7].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[4]);
+ // resource 5 has resources 8 and 9 as children.
+ childResources = new ArrayList<Resource>();
+ childResources.add(resources[8]);
+ childResources.add(resources[9]);
+ resources[5].getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resources[8].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[5]);
+ resources[9].getMap().put(ResourceKeys.PARENT_RESOURCE, resources[5]);
+
+ // =================================== ACLs ============================= //
+
+ // register an ACL with the resource 0 - identity has all permissions here.
+ Collection<ACLEntry> entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.values()), this.identity));
+ registration.registerACL(this.resources[0], entries);
+
+ // register an ACL with the resource 4 - identity has read and update permissions.
+ entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.UPDATE),
+ this.identity));
+ registration.registerACL(this.resources[4], entries);
+
+ // register an ACL with the resource 5 - identity has create, read and delete permissions.
+ entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.CREATE, BasicACLPermission.READ,
+ BasicACLPermission.DELETE), this.identity));
+ registration.registerACL(this.resources[5], entries);
+
+ // register an ACL with the resource 7 - identity has no corresponding entry (no permissions).
+ entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.values()), IdentityFactory
+ .createIdentity("Another Identity")));
+ registration.registerACL(this.resources[7], entries);
+
+ // register an ACL with the resource 9 - identity has only read permission.
+ entries = new ArrayList<ACLEntry>();
+ entries.add(new ACLEntryImpl(new CompositeACLPermission(BasicACLPermission.READ), this.identity));
+ registration.registerACL(this.resources[9], entries);
+ }
+
+ /**
+ * <p>
+ * Tests the behavior of the {@code getEntitlements} method.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testGetEntitlements() throws Exception
+ {
+ Set<EntitlementEntry> entries = this.provider.getEntitlements(EntitlementEntry.class, this.resources[2],
+ this.identity);
+ assertNotNull(entries);
+ // we expect 7 entries, corresponding to resources 2, 3, 4, 5, 6, 8 and 9.
+ assertEquals("Found unexpected number of entries", 7, entries.size());
+
+ // organize the entries according to their resource id so we can check the contents of each expected entry.
+ Map<Integer, EntitlementEntry> entriesMap = new HashMap<Integer, EntitlementEntry>();
+ for (EntitlementEntry entry : entries)
+ {
+ TestResource resource = (TestResource) entry.getResource();
+ entriesMap.put(resource.getResourceId(), entry);
+ }
+
+ // identity should have create, update, read and delete permissions over resources 2 and 3.
+ EntitlementEntry entry = entriesMap.get(2);
+ assertNotNull(entry);
+ CompositeACLPermission expectedPermission = new CompositeACLPermission(BasicACLPermission.values());
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+ entry = entriesMap.get(3);
+ assertNotNull(entry);
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+
+ // identity should have read and update permissions over resources 4 and 6.
+ entry = entriesMap.get(4);
+ assertNotNull(entry);
+ expectedPermission = new CompositeACLPermission(BasicACLPermission.READ, BasicACLPermission.UPDATE);
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+ entry = entriesMap.get(6);
+ assertNotNull(entry);
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+
+ // identity should have create, read and delete permissions over resources 5 and 8.
+ entry = entriesMap.get(5);
+ assertNotNull(entry);
+ expectedPermission = new CompositeACLPermission(BasicACLPermission.CREATE, BasicACLPermission.READ,
+ BasicACLPermission.DELETE);
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+ entry = entriesMap.get(8);
+ assertNotNull(entry);
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+
+ // identity should have read permission over resource 9.
+ entry = entriesMap.get(9);
+ assertNotNull(entry);
+ expectedPermission = new CompositeACLPermission(BasicACLPermission.READ);
+ assertEquals("Found unexpected permissions", expectedPermission, entry.getPermission());
+
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLUnitTestCase.java 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/ACLUnitTestCase.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -37,7 +37,7 @@
/**
* <p>
- * This {@code TestCase} tests the funcionality exposed by the {@code ACL} interface.
+ * This {@code TestCase} tests the functionality exposed by the {@code ACL} interface.
* </p>
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
Modified: projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/TestResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/TestResource.java 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/acl/src/tests/java/org/jboss/test/security/acl/TestResource.java 2008-09-04 18:53:23 UTC (rev 78000)
@@ -22,6 +22,7 @@
package org.jboss.test.security.acl;
import java.io.Serializable;
+import java.util.HashMap;
import java.util.Map;
import javax.persistence.Id;
@@ -46,6 +47,8 @@
private String name;
+ private final Map<String, Object> contextMap;
+
/**
* <p>
* Creates an instance of {@code TestResource} with the specified id.
@@ -64,12 +67,13 @@
* </p>
*
* @param resourceId an {@code int} representing the id of the resource.
- * @param resourceName a {@code String} representing the name of the resource.
+ * @param resourceName a {@code String} representing the name of the resource.
*/
public TestResource(int resourceId, String resourceName)
{
this.resourceId = resourceId;
this.name = resourceName;
+ this.contextMap = new HashMap<String, Object>();
}
/**
@@ -89,7 +93,7 @@
* Gets the name of this resource.
* </p>
*
- * @return a {@code String} representing the name of this resource.
+ * @return a {@code String} representing the name of this resource.
*/
public String getResourceName()
{
@@ -101,7 +105,7 @@
* Defines the name of this resource.
* </p>
*
- * @param name a {@code String} containing the name to be set.
+ * @param name a {@code String} containing the name to be set.
*/
public void setResourceName(String name)
{
@@ -110,6 +114,7 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.authorization.Resource#getLayer()
*/
public ResourceType getLayer()
@@ -119,11 +124,12 @@
/*
* (non-Javadoc)
+ *
* @see org.jboss.security.authorization.Resource#getMap()
*/
public Map<String, Object> getMap()
{
- return null;
+ return this.contextMap;
}
@Override
@@ -140,4 +146,9 @@
return this.resourceId;
}
+ @Override
+ public String toString()
+ {
+ return this.name;
+ }
}
Modified: projects/security/security-jboss-sx/trunk/parent/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/parent/pom.xml 2008-09-04 18:49:37 UTC (rev 77999)
+++ projects/security/security-jboss-sx/trunk/parent/pom.xml 2008-09-04 18:53:23 UTC (rev 78000)
@@ -156,6 +156,6 @@
<properties>
<org.jboss.javaee.version>CR1</org.jboss.javaee.version>
- <org.jboss.security.spi.version>2.0.2.CR6</org.jboss.security.spi.version>
+ <org.jboss.security.spi.version>2.0.2-SNAPSHOT</org.jboss.security.spi.version>
</properties>
</project>
More information about the jboss-cvs-commits
mailing list