[jboss-cvs] JBossAS SVN: r111091 - in projects/security/security-xacml/trunk/jboss-xacml/src/test: resources/test/policies/rbac and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Apr 1 11:18:44 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-04-01 11:18:44 -0400 (Fri, 01 Apr 2011)
New Revision: 111091
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-create.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-sign.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-create.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-sign.xml
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/test/xacml/rbac/RbacUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/employee-PPS-policyset.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/manager-PPS-policyset.xml
Log:
SECURITY-575: xacml core rbac profile
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/test/xacml/rbac/RbacUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/test/xacml/rbac/RbacUnitTestCase.java 2011-04-01 14:07:08 UTC (rev 111090)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/test/xacml/rbac/RbacUnitTestCase.java 2011-04-01 15:18:44 UTC (rev 111091)
@@ -53,7 +53,35 @@
XACMLConstants.DECISION_NOT_APPLICABLE);
}
+ @Test
+ public void testEmployeeCreatePurchaseOrderPermit() throws Exception
+ {
+ validateCase(getResponse("rbac-employee-create.xml"),
+ XACMLConstants.DECISION_PERMIT);
+ }
+ @Test
+ public void testEmployeeSignPurchaseOrderDeny() throws Exception
+ {
+ validateCase(getResponse("rbac-employee-sign.xml"),
+ XACMLConstants.DECISION_NOT_APPLICABLE);
+ }
+
+ @Test
+ public void testManagerCreatePurchaseOrderPermit() throws Exception
+ {
+ validateCase(getResponse("rbac-manager-create.xml"),
+ XACMLConstants.DECISION_PERMIT);
+ }
+
+ @Test
+ public void testManagerSignPurchaseOrderPermit() throws Exception
+ {
+ validateCase(getResponse("rbac-manager-sign.xml"),
+ XACMLConstants.DECISION_PERMIT);
+ }
+
+
private PolicyDecisionPoint getPDP()
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/employee-PPS-policyset.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/employee-PPS-policyset.xml 2011-04-01 14:07:08 UTC (rev 111090)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/employee-PPS-policyset.xml 2011-04-01 15:18:44 UTC (rev 111091)
@@ -13,10 +13,10 @@
<Resource>
<ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">purchase order
- </AttributeValue>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">purchase order</AttributeValue>
<ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" />
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" />
</ResourceMatch>
</Resource>
</Resources>
@@ -24,7 +24,7 @@
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">create</AttributeValue>
- <ActionAttributeDesignator AttributeId="urn:action-id"
+ <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
</ActionMatch>
</Action>
@@ -33,7 +33,7 @@
</Rule>
</Policy>
<!-- HasPrivilegesOfRole Policy for employee role -->
-<Policy PolicyId="Permission:to:have:employee:role:permissions"
+ <Policy PolicyId="Permission:to:have:employee:role:permissions"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target />
<!-- Permission to have employee role permissions -->
@@ -54,5 +54,5 @@
</Apply>
</Condition>
</Rule>
-</Policy>
+ </Policy>
</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/manager-PPS-policyset.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/manager-PPS-policyset.xml 2011-04-01 14:07:08 UTC (rev 111090)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/rbac/manager-PPS-policyset.xml 2011-04-01 15:18:44 UTC (rev 111091)
@@ -13,10 +13,10 @@
<Resource>
<ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">purchase order
- </AttributeValue>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">purchase order</AttributeValue>
<ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" />
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" />
</ResourceMatch>
</Resource>
</Resources>
@@ -24,7 +24,7 @@
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">sign</AttributeValue>
- <ActionAttributeDesignator AttributeId="urn:action-id"
+ <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
</ActionMatch>
</Action>
@@ -33,7 +33,7 @@
</Rule>
</Policy>
<!-- HasPrivilegesOfRole Policy for manager role -->
-<Policy PolicyId="Permission:to:have:manager:role:permissions"
+ <Policy PolicyId="Permission:to:have:manager:role:permissions"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target />
<!-- Permission to have manager role permissions -->
@@ -54,7 +54,8 @@
</Apply>
</Condition>
</Rule>
-</Policy>
+ </Policy>
+
<!-- Include permissions associated with employee role -->
<PolicySetIdReference>PPS:employee:role</PolicySetIdReference>
</PolicySet>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-create.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-create.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-create.xml 2011-04-01 15:18:44 UTC (rev 111091)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>500</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:user-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Tweetie</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI">
+ <AttributeValue>employee</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>purchase order</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>create</AttributeValue>
+ </Attribute>
+ </Action>
+ <Environment />
+</xacml-context:Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-sign.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-sign.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-employee-sign.xml 2011-04-01 15:18:44 UTC (rev 111091)
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>500</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:user-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Tweetie</AttributeValue>
+ </Attribute>
+
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI">
+ <AttributeValue>employee</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>purchase order</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>sign</AttributeValue>
+ </Attribute>
+ </Action>
+ <Environment />
+</xacml-context:Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-create.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-create.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-create.xml 2011-04-01 15:18:44 UTC (rev 111091)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>500</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:user-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Mickey</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI">
+ <AttributeValue>manager</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>purchase order</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>create</AttributeValue>
+ </Attribute>
+ </Action>
+ <Environment />
+</xacml-context:Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-sign.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-sign.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/rbac/rbac-manager-sign.xml 2011-04-01 15:18:44 UTC (rev 111091)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>500</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:user-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Tweetie</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI">
+ <AttributeValue>manager</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>purchase order</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>sign</AttributeValue>
+ </Attribute>
+ </Action>
+ <Environment />
+</xacml-context:Request>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list