[jboss-svn-commits] JBL Code SVN: r18666 - in labs/jbossrules/trunk/drools-repository: src/main/java/org and 9 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon Mar 3 15:56:21 EST 2008
Author: fmeyer
Date: 2008-03-03 15:56:21 -0500 (Mon, 03 Mar 2008)
New Revision: 18666
Added:
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsACLRegistration.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryACLManager.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryAccessManager.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/NotAssignedPermissionException.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/UUIDResource.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/
labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/
labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/
labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLEntryImpl.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLImpl.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLProviderImpl.java
labs/jbossrules/trunk/drools-repository/src/main/resources/META-INF/
labs/jbossrules/trunk/drools-repository/src/main/resources/META-INF/persistence.xml
labs/jbossrules/trunk/drools-repository/src/test/java/org/drools/repository/security/
labs/jbossrules/trunk/drools-repository/src/test/java/org/drools/repository/security/AccessControlTest.java
Modified:
labs/jbossrules/trunk/drools-repository/.classpath
labs/jbossrules/trunk/drools-repository/pom.xml
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/RepositorySessionUtil.java
labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/VersionableItem.java
Log:
JBRULES-428 Access Control List - each node to be protected
Modified: labs/jbossrules/trunk/drools-repository/.classpath
===================================================================
--- labs/jbossrules/trunk/drools-repository/.classpath 2008-03-03 19:14:36 UTC (rev 18665)
+++ labs/jbossrules/trunk/drools-repository/.classpath 2008-03-03 20:56:21 UTC (rev 18666)
@@ -5,50 +5,53 @@
<classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-api/1.3/jackrabbit-api-1.3.jar" sourcepath="M2_REPO/org/apache/jackrabbit/jackrabbit-api/1.3/jackrabbit-api-1.3-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar" sourcepath="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar" sourcepath="M2_REPO/concurrent/concurrent/1.3.4/concurrent-1.3.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-core/1.4.1/jackrabbit-core-1.4.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-text-extractors/1.4/jackrabbit-text-extractors-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/jcr/jcr/1.0/jcr-1.0.jar" sourcepath="M2_REPO/javax/jcr/jcr/1.0/jcr-1.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/derby/derby/10.2.1.6/derby-10.2.1.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.13/log4j-1.2.13.jar" sourcepath="M2_REPO/log4j/log4j/1.2.13/log4j-1.2.13-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
<classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.4.0/xercesImpl-2.4.0.jar" sourcepath="M2_REPO/xerces/xercesImpl/2.4.0/xercesImpl-2.4.0-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/lucene/lucene-core/2.0.0/lucene-core-2.0.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-jcr-commons/1.3/jackrabbit-jcr-commons-1.3.jar" sourcepath="M2_REPO/org/apache/jackrabbit/jackrabbit-jcr-commons/1.3/jackrabbit-jcr-commons-1.3-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar" sourcepath="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ch/ethz/ganymed/ganymed-ssh2/build210/ganymed-ssh2-build210.jar" sourcepath="M2_REPO/ch/ethz/ganymed/ganymed-ssh2/build210/ganymed-ssh2-build210-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-jcr-commons/1.4/jackrabbit-jcr-commons-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.ga/javassist-3.3.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.13/log4j-1.2.13.jar" sourcepath="M2_REPO/log4j/log4j/1.2.13/log4j-1.2.13-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.3.0/slf4j-log4j12-1.3.0.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.3.0/slf4j-log4j12-1.3.0-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.3.0/slf4j-api-1.3.0.jar" sourcepath="M2_REPO/org/slf4j/slf4j-api/1.3.0/slf4j-api-1.3.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/org/tmatesoft/svnkit/1.1.2/svnkit-1.1.2.jar" sourcepath="M2_REPO/org/tmatesoft/svnkit/1.1.2/svnkit-1.1.2-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar" sourcepath="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.2/hsqldb-1.8.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar" sourcepath="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar" sourcepath="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/jcr/jcr/1.0/jcr-1.0.jar" sourcepath="M2_REPO/javax/jcr/jcr/1.0/jcr-1.0-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/derby/derby/10.2.1.6/derby-10.2.1.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl/2.0.2-SNAPSHOT/jboss-security-acl-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-api/1.4/jackrabbit-api-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar" sourcepath="M2_REPO/concurrent/concurrent/1.3.4/concurrent-1.3.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/lucene/lucene-core/2.2.0/lucene-core-2.2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar" sourcepath="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-spi-commons/1.4/jackrabbit-spi-commons-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-text-extractors/1.3/jackrabbit-text-extractors-1.3.jar" sourcepath="M2_REPO/org/apache/jackrabbit/jackrabbit-text-extractors/1.3/jackrabbit-text-extractors-1.3-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl/2.0.2-SNAPSHOT/jboss-security-acl-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar" sourcepath="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-spi/1.4/jackrabbit-spi-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
- <classpathentry kind="var" path="M2_REPO/ch/ethz/ganymed/ganymed-ssh2/build210/ganymed-ssh2-build210.jar" sourcepath="M2_REPO/ch/ethz/ganymed/ganymed-ssh2/build210/ganymed-ssh2-build210-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/jackrabbit/jackrabbit-core/1.3/jackrabbit-core-1.3.jar" sourcepath="M2_REPO/org/apache/jackrabbit/jackrabbit-core/1.3/jackrabbit-core-1.3-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar" sourcepath="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.3.0/slf4j-api-1.3.0.jar" sourcepath="M2_REPO/org/slf4j/slf4j-api/1.3.0/slf4j-api-1.3.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.3.0/slf4j-log4j12-1.3.0.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.3.0/slf4j-log4j12-1.3.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar"/>
</classpath>
\ No newline at end of file
Modified: labs/jbossrules/trunk/drools-repository/pom.xml
===================================================================
--- labs/jbossrules/trunk/drools-repository/pom.xml 2008-03-03 19:14:36 UTC (rev 18665)
+++ labs/jbossrules/trunk/drools-repository/pom.xml 2008-03-03 20:56:21 UTC (rev 18666)
@@ -54,6 +54,14 @@
<artifactId>jboss-security-acl</artifactId>
<version>2.0.2-SNAPSHOT</version>
</dependency>
+
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ </dependency>
+
+
+
<!-- Logging -->
<!-- TODO JBRULES-1254 remove the above, and replace by these:
<dependency>
Modified: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/RepositorySessionUtil.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/RepositorySessionUtil.java 2008-03-03 19:14:36 UTC (rev 18665)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/RepositorySessionUtil.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -7,6 +7,7 @@
import javax.jcr.SimpleCredentials;
import org.apache.log4j.Logger;
+import org.drools.repository.security.DroolsRepositoryAccessManager;
//import junit.framework.Assert;
@@ -57,22 +58,24 @@
try {
session = repository.login(new SimpleCredentials("alan_parsons", "password".toCharArray()));
RulesRepositoryAdministrator admin = new RulesRepositoryAdministrator(session);
+
//clear out and setup
if (admin.isRepositoryInitialized()) {
admin.clearRulesRepository();
}
config.setupRulesRepository( session );
+ repoInstance = new RulesRepository( session );
- repoInstance = new RulesRepository( session );
+ Session adminSession = repository.login(new SimpleCredentials("ADMINISTRATOR", "password".toCharArray()));
+ //loonie hack
+ DroolsRepositoryAccessManager.adminThreadlocal.set( adminSession );
repo.set( repoInstance );
} catch ( Exception e) {
throw new RulesRepositoryException();
//Assert.fail("Unable to initialise repository :" + e.getMessage());
}
-
-
-
}
+
return (RulesRepository) repoInstance;
}
Modified: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/VersionableItem.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/VersionableItem.java 2008-03-03 19:14:36 UTC (rev 18665)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/VersionableItem.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -30,7 +30,7 @@
public static final String FORMAT_PROPERTY_NAME = "drools:format";
public static final String CHECKIN_COMMENT = "drools:checkinComment";
public static final String VERSION_NUMBER_PROPERTY_NAME = "drools:versionNumber";
- public static final String CONTENT_PROPERTY_ARCHIVE_FLAG = "drools:archive";
+ public static final String CONTENT_PROPERTY_ARCHIVE_FLAG = "drools:archive";
/** Dublin core based fields. */
@@ -43,7 +43,9 @@
public static final String RIGHTS_PROPERTY_NAME = "drools:rights";
public static final String COVERAGE_PROPERTY_NAME = "drools:coverage";
public static final String PUBLISHER_PROPERTY_NAME = "drools:publisher";
-
+
+
+
/**
* The name of the state property on the rule node type
*/
@@ -95,6 +97,9 @@
public boolean isHistoricalVersion() throws RepositoryException {
return this.node.getPrimaryNodeType().getName().equals( "nt:version" ) || node.getPrimaryNodeType().getName().equals( "nt:frozenNode" );
}
+
+
+
/**
* @return the predessor node of this node in the version history, or null if no predecessor version exists
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsACLRegistration.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsACLRegistration.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsACLRegistration.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,34 @@
+package org.drools.repository.security;
+
+import java.util.Collection;
+
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLPersistenceStrategy;
+import org.jboss.security.acl.ACLRegistration;
+import org.jboss.security.authorization.Resource;
+
+public class DroolsACLRegistration
+ implements
+ ACLRegistration {
+
+ private final ACLPersistenceStrategy strategy;
+
+ public DroolsACLRegistration(ACLPersistenceStrategy strategy) {
+ this.strategy = strategy;
+ }
+
+ public void deRegisterACL(Resource resource) {
+ this.strategy.removeACL( resource );
+ }
+
+ public void registerACL(Resource resource) {
+ this.strategy.createACL( resource );
+ }
+
+ public void registerACL(Resource resource,
+ Collection<ACLEntry> entries) {
+ this.strategy.createACL( resource,
+ entries );
+ }
+
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryACLManager.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryACLManager.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryACLManager.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,131 @@
+package org.drools.repository.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.NodeId;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.uuid.UUID;
+import org.apache.log4j.Logger;
+import org.jboss.security.acl.ACL;
+import org.jboss.security.acl.ACLEntry;
+import org.jboss.security.acl.ACLEntryImpl;
+import org.jboss.security.acl.ACLPersistenceStrategy;
+import org.jboss.security.acl.ACLProvider;
+import org.jboss.security.acl.ACLProviderImpl;
+import org.jboss.security.acl.BasicACLPermission;
+import org.jboss.security.acl.BitMaskPermission;
+import org.jboss.security.acl.CompositeACLPermission;
+import org.jboss.security.acl.JPAPersistenceStrategy;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.identity.Identity;
+
+public class DroolsRepositoryACLManager {
+
+ private Identity identity;
+
+ private ACLPersistenceStrategy strategy;
+ private DroolsACLRegistration registration;
+ private ACLProvider provider;
+
+ private static Logger log = Logger.getLogger( DroolsRepositoryAccessManager.class );
+
+ public DroolsRepositoryACLManager(final Identity identity) {
+
+ this.strategy = new JPAPersistenceStrategy();
+ this.registration = new DroolsACLRegistration( strategy );
+ this.provider = new ACLProviderImpl();
+ this.provider.setPersistenceStrategy( strategy );
+ this.identity = identity;
+
+ log.debug( "ACL manager for user:" + identity.getName() );
+
+ }
+
+ public void setPermission(final String uuid,
+ final int permission) {
+
+ UUIDResource localresource = new UUIDResource( uuid );
+
+ Collection<ACLEntry> entries = new ArrayList<ACLEntry>();
+
+ ACLEntry entry = new ACLEntryImpl( toSecurityByteMaskPermission( permission ),
+ identity );
+
+ entries.add( entry );
+
+ registration.registerACL( localresource,
+ entries );
+ }
+
+ public void removePermission(final UUID uuid) {
+ ACL acl = this.strategy.getACL( new UUIDResource( uuid.toString() ) );
+ this.strategy.removeACL( acl );
+ }
+
+ public boolean checkPermission(final ItemId id,
+ int permissions) throws AuthorizationException,
+ ItemNotFoundException,
+ RepositoryException {
+
+ Session session = DroolsRepositoryAccessManager.adminThreadlocal.get();
+ UUID nodeUUID = getNodeUUIDFromItemId( id );
+
+ if ( session != null && nodeUUID != null ) {
+ UUIDResource localresource = new UUIDResource( nodeUUID.toString() );
+
+ // try {
+ return this.provider.isAccessGranted( localresource,
+ identity,
+ toSecurityByteMaskPermission( permissions ) );
+
+ // jcr bug see https://issues.apache.org/jira/browse/JCR-1359
+
+ // } catch ( AuthorizationException e ) {
+ //
+ // Node nodeByUUID = session.getNodeByUUID( nodeUUID.toString() );
+ // boolean accessGranted = true;
+ //
+ // while ( nodeByUUID != null || accessGranted ) {
+ // session.getNodeByUUID( nodeUUID.toString() );
+ // accessGranted = this.provider.isAccessGranted( localresource,
+ // identity,
+ // toSecurityByteMaskPermission( permissions ) );
+ // nodeByUUID = nodeByUUID.getParent();
+ // }
+ // }
+
+ }
+
+ //log.debug( "Unable to find an ACL entry for asset " + nodeUUID );
+
+ return true;
+ }
+
+ private UUID getNodeUUIDFromItemId(final ItemId id) {
+ if ( id.denotesNode() ) {
+ return ((NodeId) id).getUUID();
+ } else {
+ return null;
+ }
+ }
+
+ private BitMaskPermission toSecurityByteMaskPermission(final int permission) {
+ switch ( permission ) {
+ case AccessManager.READ :
+ return BasicACLPermission.READ;
+
+ case AccessManager.WRITE :
+ return new CompositeACLPermission( BasicACLPermission.UPDATE,
+ BasicACLPermission.CREATE );
+ case AccessManager.REMOVE :
+ return BasicACLPermission.DELETE;
+ }
+ return new CompositeACLPermission( permission );
+ }
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryAccessManager.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryAccessManager.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/DroolsRepositoryAccessManager.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,141 @@
+package org.drools.repository.security;
+
+import java.security.Principal;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.log4j.Logger;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+/**
+ * @author Fernando Meyer
+ */
+
+public class DroolsRepositoryAccessManager
+ implements
+ AccessManager {
+
+ private static Logger log = Logger.getLogger( DroolsRepositoryAccessManager.class );
+
+ public static ThreadLocal<Session> adminThreadlocal = new ThreadLocal<Session>();
+ private String defaultpermission;
+
+ /**
+ * Identity whose access rights this AccessManager should reflect
+ */
+ protected Identity identity;
+
+ /**
+ * hierarchy manager used for ACL-based access control model
+ */
+ protected DroolsRepositoryACLManager aclManager;
+
+ private boolean initialized;
+
+ public DroolsRepositoryAccessManager() {
+ initialized = false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+
+ public void init(final AMContext context) throws AccessDeniedException,
+ Exception {
+
+ if ( initialized ) {
+ throw new IllegalStateException( "already initialized" );
+ }
+
+ for ( Principal principal : context.getSubject().getPrincipals() ) {
+ identity = IdentityFactory.createIdentity( principal.getName() );
+ }
+
+ aclManager = new DroolsRepositoryACLManager( identity );
+
+ initialized = true;
+
+ log.debug( "Repository Access Manager initialized" );
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public synchronized void close() throws Exception {
+ if ( !initialized ) {
+ throw new IllegalStateException( "not initialized" );
+ }
+
+ Session session = adminThreadlocal.get();
+ session.logout();
+
+ initialized = false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void checkPermission(final ItemId id,
+ final int permissions) throws AccessDeniedException,
+ ItemNotFoundException,
+ RepositoryException {
+
+ if ( !initialized ) {
+ throw new IllegalStateException( "not initialized" );
+ }
+
+ try {
+ if ( aclManager.checkPermission( id,
+ permissions ) == false ) {
+ throw new AccessDeniedException( "User doesn't have enough permission" );
+ }
+ } catch ( AuthorizationException e ) {
+ }
+ }
+
+ public boolean isGranted(final ItemId id,
+ final int permissions) throws ItemNotFoundException,
+ RepositoryException {
+
+ if ( !initialized ) {
+ throw new IllegalStateException( "not initialized" );
+ }
+
+ if ( identity.getName() == "ADMINISTRATOR" ) {
+ return true;
+ }
+
+ try {
+ return aclManager.checkPermission( id,
+ permissions );
+ } catch ( Exception e ) {
+ // if there isn't any access config then should return the default value
+ // RESTRICT or GRANT
+ // log.debug( "Unable to find an ACL entry for asset " + nodeUUID );
+ return true;
+ }
+ }
+
+ public boolean canAccess(final String workspaceName) throws NoSuchWorkspaceException,
+ RepositoryException {
+ System.out.println( "canAccess: " + workspaceName );
+ return true;
+ }
+
+ public String getDefaultpermission() {
+ return defaultpermission;
+ }
+
+ public void setDefaultpermission(final String defaultpermission) {
+ this.defaultpermission = defaultpermission;
+ }
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/NotAssignedPermissionException.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/NotAssignedPermissionException.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/NotAssignedPermissionException.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,5 @@
+package org.drools.repository.security;
+
+public class NotAssignedPermissionException extends Exception {
+
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/UUIDResource.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/UUIDResource.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/drools/repository/security/UUIDResource.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,54 @@
+package org.drools.repository.security;
+
+import java.io.Serializable;
+import java.util.Map;
+
+import javax.persistence.Id;
+
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+
+public class UUIDResource implements Resource, Serializable {
+
+ private static final long serialVersionUID = 400l;
+
+
+ public final String UUID;
+
+ public String resourceName;
+
+ public UUIDResource(String uuid) {
+ this(uuid, null);
+ }
+
+ public UUIDResource(String uuid, String resourceName) {
+ this.UUID = uuid;
+ this.resourceName = resourceName;
+ }
+
+ @Id
+ public String getUUID() {
+ return UUID;
+ }
+
+ public String getId() {
+ return UUID;
+ }
+
+ public String getResourceName() {
+ return this.resourceName;
+ }
+
+ public void setResourceName(String name) {
+ this.resourceName = name;
+ }
+
+ public ResourceType getLayer() {
+ return ResourceType.ACL;
+ }
+
+ public Map<String, Object> getMap() {
+ return null;
+ }
+
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLEntryImpl.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLEntryImpl.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLEntryImpl.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,198 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+import java.io.Serializable;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.ManyToOne;
+import javax.persistence.PostLoad;
+import javax.persistence.PrePersist;
+import javax.persistence.Table;
+import javax.persistence.Transient;
+
+import org.jboss.security.identity.Identity;
+
+/**
+ * <p>
+ * This class represents an entry in the Access Control List (ACL), and associates a permission
+ * to an identity. This implementation only stores permissions of type {@code BitMaskPermission},
+ * and can also only check permissions of that type.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ at Entity
+ at Table(name = "ACL_ENTRY")
+public class ACLEntryImpl implements ACLEntry, Serializable
+{
+ private static final long serialVersionUID = -2985214023383451768L;
+
+ @Id
+ @GeneratedValue
+ private long entryID;
+
+ @Transient
+ private BitMaskPermission permission;
+
+ /* persist only the bitmask */
+ private int bitMask;
+
+ @Transient
+ private Identity identity;
+
+ /* persist the string representation of the identity */
+ private String identityString;
+
+ @ManyToOne
+ private ACLImpl acl;
+
+ /**
+ * <p>
+ * Builds an instance of {@code ACLEntryImpl}. This constructor is required by the JPA
+ * specification.
+ * </p>
+ */
+ ACLEntryImpl()
+ {
+ }
+
+ /**
+ * <p>
+ * Builds an instance of {@code ACLEntryImpl} with the specified permission and identity.
+ * </p>
+ *
+ * @param permission the {@code ACLPermission} granted to the associated identity.
+ * @param identity the {@code Identity} for which the permission is being granted.
+ */
+ public ACLEntryImpl(BitMaskPermission permission, Identity identity)
+ {
+ this.permission = permission;
+ this.identity = identity;
+ }
+
+ /**
+ * <p>
+ * Obtains the persistent id of this {@code ACLEntryImpl}.
+ * </p>
+ *
+ * @return a {@code long} representing the persistent id this entry.
+ */
+ public long getACLEntryId()
+ {
+ return this.entryID;
+ }
+
+ /**
+ * <p>
+ * Method called by the JPA layer before persisting the fields.
+ * </p>
+ */
+ @PrePersist
+ @SuppressWarnings("unused")
+ private void setPersistentFields()
+ {
+ if (this.permission != null)
+ this.bitMask = this.permission.getMaskValue();
+ this.identityString = Util.getIdentityAsString(this.identity);
+ }
+
+ /**
+ * <p>
+ * Method called by the JPA layer after loading the persisted object.
+ * </p>
+ */
+ @PostLoad
+ @SuppressWarnings("unused")
+ private void loadState()
+ {
+ if (this.permission != null)
+ throw new IllegalStateException("ACLEntry permission has already been set");
+ this.permission = new CompositeACLPermission(this.bitMask);
+
+ if (this.identity != null)
+ throw new IllegalStateException("ACLEntry identity has already been set");
+ this.identity = Util.getIdentityFromString(identityString);
+ }
+
+ public ACLImpl getAcl()
+ {
+ return this.acl;
+ }
+
+ public void setAcl(ACLImpl acl)
+ {
+ this.acl = acl;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLEntry#getIdentity()
+ */
+ public Identity getIdentity()
+ {
+ return this.identity;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLEntry#getPermission()
+ */
+ public ACLPermission getPermission()
+ {
+ return this.permission;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACLEntry#checkPermission(org.jboss.security.acl.ACLPermission)
+ */
+ public boolean checkPermission(ACLPermission permission)
+ {
+ if (!(permission instanceof BitMaskPermission))
+ return false;
+ BitMaskPermission bitmaskPermission = (BitMaskPermission) permission;
+ // an empty permission is always part of another permission.
+ if (bitmaskPermission.getMaskValue() == 0)
+ return true;
+ // simple implementation: if any bit matches, return true.
+ return (this.permission.getMaskValue() & bitmaskPermission.getMaskValue()) != 0;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (obj instanceof ACLEntryImpl)
+ {
+ ACLEntryImpl entry = (ACLEntryImpl) obj;
+ return entry.permission.getMaskValue() == this.permission.getMaskValue()
+ && entry.getIdentity().getName().equals(this.identity.getName());
+ }
+ return false;
+ }
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLImpl.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLImpl.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLImpl.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,196 @@
+package org.jboss.security.acl;
+
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+import javax.persistence.Table;
+import javax.persistence.Transient;
+
+import org.hibernate.annotations.Cascade;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.identity.Identity;
+
+/**
+ * <p>
+ * Simple ACL implementation that keeps the entries in a Map whose keys are the
+ * identities of the entries, to provide fast access.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ at Entity
+ at Table(name = "ACL")
+public class ACLImpl implements ACL, Serializable
+{
+ private static final long serialVersionUID = -6390609071167528812L;
+
+ @Id
+ @GeneratedValue
+ private long aclID;
+
+ @Transient
+ private Resource resource;
+
+ @Column(name = "resource")
+ private String resourceAsString;
+
+ @Transient
+ private Map<Identity, ACLEntry> entriesMap;
+
+ @OneToMany(mappedBy = "acl", fetch = FetchType.EAGER, cascade =
+ {CascadeType.REMOVE, CascadeType.PERSIST})
+ @Cascade(
+ {org.hibernate.annotations.CascadeType.DELETE_ORPHAN})
+ private Collection<ACLEntryImpl> entries;
+
+ /**
+ * <p>
+ * Builds an instance of {@code ACLImpl}. This constructor is required by the JPA specification.
+ * </p>
+ */
+ ACLImpl()
+ {
+ }
+
+ /**
+ * <p>
+ * Builds an instance of {@code ACLImpl} for the specified resource.
+ * </p>
+ *
+ * @param resource a reference to the {@code Resource} associated with
+ * the ACL being constructed.
+ */
+ public ACLImpl(Resource resource)
+ {
+ this(resource, new ArrayList<ACLEntry>());
+ }
+
+ /**
+ * <p>
+ * Builds an instance of {@code ACLImpl} for the specified resource, and initialize
+ * it with the specified entries.
+ * </p>
+ *
+ * @param resource a reference to the {@code Resource} associated with
+ * the ACL being constructed.
+ * @param entries a {@code Collection} containing the ACL's initial entries.
+ */
+ public ACLImpl(Resource resource, Collection<ACLEntry> entries)
+ {
+ this.resource = resource;
+ this.resourceAsString = Util.getResourceAsString(resource);
+ this.entries = new ArrayList<ACLEntryImpl>();
+ this.entriesMap = new HashMap<Identity, ACLEntry>();
+ if (entries != null)
+ {
+ for (ACLEntry entry : entries)
+ {
+ ACLEntryImpl entryImpl = (ACLEntryImpl) entry;
+ entryImpl.setAcl(this);
+ this.entries.add(entryImpl);
+ this.entriesMap.put(entryImpl.getIdentity(), entryImpl);
+ }
+ }
+ }
+
+ /**
+ * <p>
+ * Obtains the persistent id of this {@code ACLImpl}.
+ * </p>
+ *
+ * @return a {@code long} representing the persistent id this ACL.
+ */
+ public long getACLId()
+ {
+ return this.aclID;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#addEntry(org.jboss.security.acl.ACLEntry)
+ */
+ public boolean addEntry(ACLEntry entry)
+ {
+ // don't add a null entry or an entry that already existSELECT * FROM ACL_ENTRYs.
+ if (entry == null || this.entriesMap.get(entry.getIdentity()) != null)
+ return false;
+ this.entries.add((ACLEntryImpl) entry);
+ ((ACLEntryImpl) entry).setAcl(this);
+ this.entriesMap.put(entry.getIdentity(), entry);
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#removeEntry(org.jboss.security.acl.ACLEntry)
+ */
+ public boolean removeEntry(ACLEntry entry)
+ {
+ this.entriesMap.remove(entry.getIdentity());
+ return this.entries.remove(entry);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#getEntries()
+ */
+ public Collection<? extends ACLEntry> getEntries()
+ {
+ if (this.entriesMap == null)
+ {
+ this.entriesMap = new HashMap<Identity, ACLEntry>();
+ for (ACLEntry entry : this.getEntries())
+ {
+ this.entriesMap.put(entry.getIdentity(), entry);
+ }
+ }
+ return Collections.unmodifiableCollection(this.entries);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#getResource()
+ */
+ public Resource getResource()
+ {
+ return this.resource;
+ }
+
+ public void setResource(Resource resource)
+ {
+ if (this.resource != null)
+ throw new IllegalStateException("ACL resource has already been set");
+ this.resource = resource;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.security.acl.ACL#isGranted(org.jboss.security.acl.ACLPermission, org.jboss.security.identity.Identity)
+ */
+ public boolean isGranted(ACLPermission permission, Identity identity)
+ {
+ // lookup the entry corresponding to the specified identity.
+
+ getEntries();
+
+ ACLEntry entry = this.entriesMap.get(identity);
+ if (entry != null)
+ {
+ // check the permission associated with the identity.
+ return entry.checkPermission(permission);
+ }
+ return false;
+ }
+}
Added: labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLProviderImpl.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLProviderImpl.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/java/org/jboss/security/acl/ACLProviderImpl.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl;
+
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.identity.Identity;
+import org.jboss.util.NotImplementedException;
+
+/**
+ * <p>
+ * This class is a simple {@code ACLProvider} implementation that maintains the ACLs in memory. It is
+ * used mainly for testing purposes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLProviderImpl implements ACLProvider
+{
+
+ /** persistence strategy used to retrieve the ACLs */
+ private ACLPersistenceStrategy strategy;
+
+ /**
+ * @see org.jboss.security.acl.ACLProvider#initialize(java.util.Map, java.util.Map)
+ */
+ public void initialize(Map<String, Object> sharedState, Map<String, Object> options)
+ {
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLProvider#getEntitlements(java.lang.Class, org.jboss.security.authorization.Resource,
+ * org.jboss.security.identity.Identity)
+ */
+ public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
+ throws AuthorizationException
+ {
+ throw new NotImplementedException();
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLProvider#getPersistenceStrategy()
+ */
+ public ACLPersistenceStrategy getPersistenceStrategy()
+ {
+ return this.strategy;
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLProvider#setPersistenceStrategy(org.jboss.security.acl.ACLPersistenceStrategy)
+ */
+ public void setPersistenceStrategy(ACLPersistenceStrategy strategy)
+ {
+ this.strategy = strategy;
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLProvider#isAccessGranted(org.jboss.security.authorization.Resource,
+ * org.jboss.security.identity.Identity, org.jboss.security.acl.ACLPermission)
+ */
+ public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission)
+ throws AuthorizationException
+ {
+ if (this.strategy != null)
+ {
+ ACL acl = strategy.getACL(resource);
+ if (acl != null)
+ return acl.isGranted(permission, identity);
+ else
+ throw new AuthorizationException("Unable to locate an ACL for the resource " + resource);
+ }
+ throw new AuthorizationException("Unable to retrieve ACL: persistece strategy not set");
+ }
+
+ /**
+ * @see org.jboss.security.acl.ACLProvider#tearDown()
+ */
+ public boolean tearDown()
+ {
+ return true;
+ }
+
+}
\ No newline at end of file
Added: labs/jbossrules/trunk/drools-repository/src/main/resources/META-INF/persistence.xml
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/main/resources/META-INF/persistence.xml (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/main/resources/META-INF/persistence.xml 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,21 @@
+<persistence xmlns="http://java.sun.com/xml/ns/persistence"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
+ version="1.0">
+ <persistence-unit name="ACL" transaction-type="RESOURCE_LOCAL">
+ <provider>org.hibernate.ejb.HibernatePersistence</provider>
+ <class>org.jboss.security.acl.ACLImpl</class>
+ <class>org.jboss.security.acl.ACLEntryImpl</class>
+ <exclude-unlisted-classes>true</exclude-unlisted-classes>
+ <properties>
+ <property name="hibernate.connection.url" value="jdbc:hsqldb:mem:unit-testing-jpa"/>
+ <!-- <property name="hibernate.connection.url" value="jdbc:hsqldb:hsql://localhost:9001/firstdb"/> -->
+ <property name="hibernate.connection.driver_class" value="org.hsqldb.jdbcDriver"/>
+ <property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect"/>
+ <property name="hibernate.hbm2ddl.auto" value="update"/> <!-- create-drop -->
+ <property name="hibernate.connection.username" value="sa"/>
+ <property name="hibernate.connection.password" value=""/>
+ <!-- <property name="hibernate.show_sql" value="true"/> -->
+ </properties>
+ </persistence-unit>
+</persistence>
Added: labs/jbossrules/trunk/drools-repository/src/test/java/org/drools/repository/security/AccessControlTest.java
===================================================================
--- labs/jbossrules/trunk/drools-repository/src/test/java/org/drools/repository/security/AccessControlTest.java (rev 0)
+++ labs/jbossrules/trunk/drools-repository/src/test/java/org/drools/repository/security/AccessControlTest.java 2008-03-03 20:56:21 UTC (rev 18666)
@@ -0,0 +1,111 @@
+package org.drools.repository.security;
+
+import junit.framework.TestCase;
+
+import org.apache.jackrabbit.core.NodeId;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.drools.repository.AssetItem;
+import org.drools.repository.PackageItem;
+import org.drools.repository.RepositorySessionUtil;
+import org.drools.repository.RulesRepository;
+import org.jboss.security.identity.plugins.IdentityFactory;
+
+public class AccessControlTest extends TestCase {
+
+
+ public void testSecurityACL() throws Exception {
+
+ DroolsRepositoryACLManager droolssercurity = new DroolsRepositoryACLManager( IdentityFactory.createIdentity( "group1" ) );
+
+ RulesRepository repo = RepositorySessionUtil.getRepository();
+
+ repo.loadDefaultPackage().addAsset( "testsecurityASSET1",
+ "X" );
+ repo.loadDefaultPackage().addAsset( "testsecurityASSET2",
+ "X" );
+ AssetItem item = RepositorySessionUtil.getRepository().loadDefaultPackage().loadAsset( "testsecurityASSET1" );
+
+ droolssercurity.setPermission( item.getUUID(),
+ AccessManager.READ );
+
+ assertTrue( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.READ ) );
+ assertFalse( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.WRITE ) );
+ assertFalse( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.REMOVE ) );
+
+ item = RepositorySessionUtil.getRepository().loadDefaultPackage().loadAsset( "testsecurityASSET2" );
+ droolssercurity.setPermission( item.getUUID(),
+ AccessManager.READ + AccessManager.WRITE );
+
+ assertTrue( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.READ + AccessManager.WRITE ) );
+ assertTrue( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.READ ) );
+ assertTrue( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.WRITE ) );
+ assertFalse( droolssercurity.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.REMOVE ) );
+
+ }
+
+ public void testSecurityACLMultiUsers() throws Exception {
+
+ DroolsRepositoryACLManager droolssercurity1 = new DroolsRepositoryACLManager( IdentityFactory.createIdentity( "group1" ) );
+ DroolsRepositoryACLManager droolssercurity2 = new DroolsRepositoryACLManager( IdentityFactory.createIdentity( "group2" ) );
+
+ RulesRepository repo = RepositorySessionUtil.getRepository();
+
+ repo.loadDefaultPackage().addAsset( "testsecurityASSET3",
+ "X" );
+
+ AssetItem item = RepositorySessionUtil.getRepository().loadDefaultPackage().loadAsset( "testsecurityASSET3" );
+
+ droolssercurity2.setPermission( item.getUUID(),
+ AccessManager.READ );
+
+ assertFalse( droolssercurity1.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.READ ) );
+ assertFalse( droolssercurity1.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.WRITE ) );
+ assertFalse( droolssercurity1.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.REMOVE ) );
+
+ assertTrue( droolssercurity2.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.READ ) );
+ assertFalse( droolssercurity2.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.WRITE ) );
+ assertFalse( droolssercurity2.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.REMOVE ) );
+
+ }
+
+
+ public void FIXME_testSecurityACLDeepPermission() throws Exception {
+
+ DroolsRepositoryACLManager droolssercurity1 = new DroolsRepositoryACLManager( IdentityFactory.createIdentity( "group1" ) );
+ DroolsRepositoryACLManager droolssercurity2 = new DroolsRepositoryACLManager( IdentityFactory.createIdentity( "group2" ) );
+
+ RulesRepository repo = RepositorySessionUtil.getRepository();
+
+
+ PackageItem packageitem = repo.createPackage( "testPackageSecurity", "lalalala" );
+
+ AssetItem item = packageitem.addAsset( "testsecurityASSET3",
+ "X" );
+
+
+ droolssercurity2.setPermission( item.getUUID(),
+ AccessManager.WRITE );
+
+
+ assertFalse( droolssercurity1.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.READ ) );
+ assertTrue( droolssercurity1.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.WRITE ) );
+ assertFalse( droolssercurity1.checkPermission( NodeId.valueOf( item.getUUID() ),
+ AccessManager.REMOVE ) );
+ }
+
+}
More information about the jboss-svn-commits
mailing list