[portal-commits] JBoss Portal SVN: r13088 - in modules/authorization/trunk: common-api and 20 other directories.

portal-commits at lists.jboss.org portal-commits at lists.jboss.org
Thu Mar 26 16:23:08 EDT 2009


Author: sohil.shah at jboss.com
Date: 2009-03-26 16:23:08 -0400 (Thu, 26 Mar 2009)
New Revision: 13088

Added:
   modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/
   modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java
   modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java
   modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java
   modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/
   modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/
   modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html
   modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/
   modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html
Removed:
   modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java
Modified:
   modules/authorization/trunk/.classpath
   modules/authorization/trunk/common-api/pom.xml
   modules/authorization/trunk/core-components-api/pom.xml
   modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java
   modules/authorization/trunk/enforcement/pom.xml
   modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java
   modules/authorization/trunk/http-profile/pom.xml
   modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
   modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
   modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
   modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
   modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml
   modules/authorization/trunk/policy-server/pom.xml
   modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
   modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
   modules/authorization/trunk/pom.xml
Log:
code backup

* first pass at supporting access control on http methods (GET, POST) etc.....more refinement needed

Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/.classpath	2009-03-26 20:23:08 UTC (rev 13088)
@@ -39,5 +39,6 @@
 	<classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.2.GA/jboss-dependency-2.0.2.GA.jar"/>
 	<classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.9.GA/jboss-common-core-2.2.9.GA.jar"/>
 	<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar"/>
 	<classpathentry kind="output" path="bin"/>
 </classpath>

Modified: modules/authorization/trunk/common-api/pom.xml
===================================================================
--- modules/authorization/trunk/common-api/pom.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/common-api/pom.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -19,19 +19,5 @@
       <groupId>org.jboss.security</groupId>
       <artifactId>jboss-xacml</artifactId>      
     </dependency>                     
-  </dependencies> 
-  
-  <build>
-      <plugins>      	 
-         <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-surefire-plugin</artifactId>
-            <version>2.3.1</version>
-            <configuration>
-               <includes>                                   		
-               </includes>
-            </configuration>
-         </plugin>         
-      </plugins>
-   </build> 
+  </dependencies>    
 </project>

Modified: modules/authorization/trunk/core-components-api/pom.xml
===================================================================
--- modules/authorization/trunk/core-components-api/pom.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/core-components-api/pom.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -35,19 +35,5 @@
         <groupId>org.drools</groupId>
         <artifactId>drools-compiler</artifactId>        
     </dependency>                                      
-  </dependencies> 
-  
-  <build>
-      <plugins>      	 
-         <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-surefire-plugin</artifactId>
-            <version>2.3.1</version>
-            <configuration>
-               <includes>                  		            		                                                     		               	
-               </includes>
-            </configuration>
-         </plugin>         
-      </plugins>
-   </build> 
+  </dependencies>    
 </project>

Added: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java	                        (rev 0)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,37 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action.http;
+
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * Get represents a "GET" action that can be performed on a Http Servlet
+ * 
+ * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
+ */
+public class Get extends Operation 
+{	
+	public Get()
+	{
+		this.name = "get";
+	}	    
+}

Added: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java	                        (rev 0)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,37 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action.http;
+
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * Post represents a "POST" action that can be performed on a Http Servlet
+ * 
+ * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
+ */
+public class Post extends Operation 
+{	
+	public Post()
+	{
+		this.name = "post";
+	}	    
+}

Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -30,8 +30,12 @@
 import org.jboss.security.authz.model.Attribute;
 import org.jboss.security.authz.model.Resource;
 import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.model.Target;
 import org.jboss.security.authz.xacml.ExpressionBuilder;
 
+import org.jboss.security.authz.components.action.Operation;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
 import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
 
 /**
@@ -43,12 +47,17 @@
  * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
  *
  */
-public class HttpResource extends URIResource
+public class HttpResource extends URIResource implements Cloneable
 {	   
    /**
     * The HTTP Parameters that are used to access this resource
     */
    private Map<String, String> parameters;
+   
+   /**
+    * Used to apply the Policy based on Http Method being invoked
+    */
+   private Operation httpMethod;
       
    /**
     * 
@@ -77,6 +86,16 @@
    {
 	   this.getParameters().put(name, value);
    }
+   
+   public Operation getHttpMethod()
+   {
+	   return this.httpMethod;
+   }
+   
+   public void setHttpMethod(Operation httpMethod)
+   {
+	   this.httpMethod = httpMethod;
+   }
    //-------Services for Policy Creation---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    /**
     * Produces PolicyMeta used to generate a Policy object to be registered with the Policy Server
@@ -98,6 +117,19 @@
 	    	   metadata.getTarget().addResourceMatch(paramExpression);
 		   }
 	   }
+	   
+	   if(this.httpMethod != null)
+	   {
+		   AttributeExpression actionExpression = new AttributeExpression();
+		   
+		   actionExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+		   Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID, 
+		   XMLSchemaConstants.DATATYPE_STRING, this.httpMethod.getName());
+		   actionExpression.setAttribute(attribute);
+		   
+		   Target actionTarget = this.httpMethod.getTarget();
+		   metadata.getTarget().addActionMatch(actionTarget.getActionMatches().iterator().next());
+	   }
 	   	   
 	   return metadata;
    }                  
@@ -128,4 +160,9 @@
 	   
 	   return urlResource;
    }   
+   //-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+   public Object clone() throws CloneNotSupportedException
+   {
+	   return super.clone();
+   }
 }

Modified: modules/authorization/trunk/enforcement/pom.xml
===================================================================
--- modules/authorization/trunk/enforcement/pom.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/enforcement/pom.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -25,19 +25,5 @@
       <groupId>org.jboss.security</groupId>
       <artifactId>jboss-xacml</artifactId>      
     </dependency>       
-  </dependencies> 
-  
-  <build>
-      <plugins>      	 
-         <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-surefire-plugin</artifactId>
-            <version>2.3.1</version>
-            <configuration>
-               <includes>                    
-               </includes>
-            </configuration>
-         </plugin>         
-      </plugins>
-   </build> 
+  </dependencies>   
 </project>

Modified: modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java
===================================================================
--- modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -57,4 +57,28 @@
 	{
 		this.message = message;
 	}	
+	
+	public boolean isIndeterminate()
+	{
+		boolean isIndeterminate = false;
+		
+		if(this.message.toLowerCase().contains("indeterminate"))
+		{
+			isIndeterminate = true;
+		}
+		
+		return isIndeterminate;
+	}
+	
+	public boolean isNotApplicable()
+	{
+		boolean isNotApplicable = false;
+		
+		if(this.message.toLowerCase().contains("notapplicable"))
+		{
+			isNotApplicable = true;
+		}
+		
+		return isNotApplicable;
+	}
 }

Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/pom.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -68,7 +68,9 @@
             <version>2.3.1</version>
             <configuration>      
             	<includes>
+            	    <!--
                		<include>**/components/Test*.java</include>
+               		-->
                		<include>**/provisioning/Test*.java</include>                		                                                    		               
                	</includes>
             </configuration>

Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -39,6 +39,8 @@
 import org.w3c.dom.NodeList;
 
 import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.action.http.Get;
+import org.jboss.security.authz.components.action.http.Post;
 import org.jboss.security.authz.model.Policy;
 import org.jboss.security.authz.tools.GeneralTool;
 import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
@@ -128,29 +130,67 @@
 			   policyResource.setUri(new URI(urlPattern.getTextContent().trim()));
 			   this.parseParameters(policyResource, webResource);
 			   
-			   webResources.add(policyResource);
+			   List<HttpResource> methodResources = this.parseHttpMethods(policyResource, webResource);
+			   if(methodResources != null && !methodResources.isEmpty())
+			   {
+				   webResources.addAll(methodResources);
+			   }
+			   else
+			   {
+				   webResources.add(policyResource);
+			   }
 		   }
 	   }
 	   
 	   return webResources;
    }
    
+   private List<HttpResource> parseHttpMethods(HttpResource policyResource, Element webResource) throws Exception
+   {
+	   List<HttpResource> webResources = new ArrayList<HttpResource>();
+	   NodeList httpMethods = webResource.getElementsByTagName("http-method");
+	   if(httpMethods != null)
+	   {
+		   for(int i=0; i<httpMethods.getLength(); i++)
+		   {
+			   Element httpMethodElem = (Element)httpMethods.item(i);
+			   
+			   String httpMethod = httpMethodElem.getTextContent();
+			   HttpResource methodResource = (HttpResource)policyResource.clone();
+			   
+			   if(httpMethod.equalsIgnoreCase("get"))
+			   {
+				   methodResource.setHttpMethod(new Get());
+			   }
+			   else if(httpMethod.equalsIgnoreCase("post"))
+			   {
+				   methodResource.setHttpMethod(new Post());
+			   }
+			   webResources.add(methodResource);
+		   }
+	   }
+	   return webResources;
+   }
+   
    private void parseParameters(HttpResource policyResource, Element webResource) throws Exception
    {
 	  //Process Parameters
       Element parameters = (Element)webResource.getElementsByTagName("parameters").item(0);
-      NodeList params = parameters.getElementsByTagName("parameter");
-      if(params != null)
+      if(parameters != null)
       {
-         for(int i=0, length=params.getLength(); i<length; i++)
-         {
-            Element parameter = (Element)params.item(i);
-            
-            String name = parameter.getAttribute("name").trim();
-            String value = parameter.getTextContent().trim();
-            
-            policyResource.addParameter(name, value);
-         }
+	      NodeList params = parameters.getElementsByTagName("parameter");
+	      if(params != null)
+	      {
+	         for(int i=0, length=params.getLength(); i<length; i++)
+	         {
+	            Element parameter = (Element)params.item(i);
+	            
+	            String name = parameter.getAttribute("name").trim();
+	            String value = parameter.getTextContent().trim();
+	            
+	            policyResource.addParameter(name, value);
+	         }
+	      }
       }
    }
    

Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -21,8 +21,11 @@
 */
 package org.jboss.security.authz.http.enforcement;
 
+import java.util.Enumeration;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.ByteArrayInputStream;
+import java.net.URI;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -31,16 +34,32 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.UnavailableException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.log4j.Logger;
 
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.Element;
+import org.w3c.dom.Document;
+
 import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
+import org.jboss.security.authz.tools.GeneralTool;
+
 import org.jboss.security.authz.model.Policy;
+
 import org.jboss.security.authz.policy.server.Server;
 import org.jboss.security.authz.policy.server.PolicyServer;
 import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-import org.jboss.security.authz.tools.GeneralTool;
 
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+
+
 /**
  * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
  */
@@ -49,6 +68,7 @@
 	private static Logger log = Logger.getLogger(SecurityFilter.class);
 	
 	private PolicyServer policyServer;
+	private boolean isPolicyMatchMandatory = false; //set to "false" by default 
 	
 	public SecurityFilter()
 	{
@@ -73,8 +93,9 @@
 			PolicyConfig policyConfig = new HttpPolicyConfig();
 			
 	        is = config.getServletContext().getResourceAsStream("/WEB-INF/http-policy.xml");
+	        String httpPolicy = GeneralTool.readStream(is);
 	      
-	        Policy[] policies = policyConfig.configure(GeneralTool.readStream(is));
+	        Policy[] policies = policyConfig.configure(httpPolicy);
 	             
 	        log.debug("----------------------------------------------------------");
 	        for(Policy policy: policies)
@@ -84,6 +105,10 @@
 	        }
 	        log.debug("----------------------------------------------------------");
 	        
+	        //Parse the enforcement configuration
+	        this.configure(httpPolicy);
+	        
+	        
 	        log.info("----------------------------------------------------------");
 	        log.info("Security Filter successfully initialized...................");
 	        log.info("----------------------------------------------------------");
@@ -111,9 +136,98 @@
 
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException 
 	{
-		log.info("--------------------------------------------------------");
-		log.info("Security Filter successfully called.....................");
+		try
+		{
+			HttpServletRequest httpRequest = (HttpServletRequest)request;
+			HttpServletResponse httpResponse = (HttpServletResponse)response;
+			
+			//Perform a Security check
+			Request authzRequest = this.createAuthorizationRequest(httpRequest);
+			Response authzResponse = this.policyServer.evaluate(authzRequest);
+			
+			//Process the authorization response and allow or deny further processing
+			if(!authzResponse.isAccessGranted())
+			{
+				if(authzResponse.isIndeterminate() ||
+				  (authzResponse.isNotApplicable() && this.isPolicyMatchMandatory)
+				)					
+				{
+					//Send back an access denied status
+					httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+					return;
+				}				
+			}
+			
+			chain.doFilter(request, response);
+		}
+		catch(Exception e)
+		{
+			log.error(this, e);
+			throw new ServletException(e);
+		}
+	}
+	//------------------------------------------------------------------------------------------------------------------------------------------------------------------
+	private Request createAuthorizationRequest(HttpServletRequest httpRequest) throws Exception
+	{
+		Request authzRequest = new Request();
 		
-		chain.doFilter(request, response);
-	}		
+		HttpResource contextResource = new HttpResource();
+		
+		//Setup URI pattern context
+		String contextPath = httpRequest.getContextPath();
+		String requestURI = httpRequest.getRequestURI();
+		String uri = requestURI.substring(contextPath.length());
+		contextResource.setUri(new URI(uri));
+		
+		//Setup Role context
+		//TODO: replace mock code with actual loading of Roles information of the authenticated user via the new Identity API
+		Roles roles = new Roles();
+		roles.addName("Admin");				
+		authzRequest.addSubject(roles.getSubject());
+		
+		//Setup Parameter context
+		Enumeration parameters = httpRequest.getParameterNames();
+		while(parameters.hasMoreElements())
+		{
+			String name = (String)parameters.nextElement();
+			String value = httpRequest.getParameter(name);
+			contextResource.addParameter(name, value);
+		}
+		
+		
+		//Setup Resource context
+		authzRequest.addResource(contextResource.getResource());
+		
+		//Setup Action context
+		//TODO: add support for all the Http methods here and not just GET
+		authzRequest.setAction(new Read().getAction());
+		
+		return authzRequest;
+	}
+	
+	private void configure(String httpPolicy) throws Exception
+	{
+		InputStream xmlStream = null;
+		try
+		{
+			xmlStream = new ByteArrayInputStream(httpPolicy.getBytes());
+			DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+	        Document document = builder.parse(xmlStream);
+	        
+	        Element enforcementConfig = (Element)document.getElementsByTagName("enforcement-config").item(0);
+	        if(enforcementConfig != null)
+	        {
+	        	Element policyMatchMandatory = (Element)enforcementConfig.getElementsByTagName("policy-match-mandatory").item(0);
+	        	
+	        	this.isPolicyMatchMandatory = Boolean.parseBoolean(policyMatchMandatory.getTextContent());
+	        }
+		}
+		finally
+		{
+			if(xmlStream != null)
+			{
+				xmlStream.close();
+			}
+		}
+	}
 }

Deleted: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -1,54 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat                                               *
- * Copyright 2006, Red Hat Middleware, LLC, and individual                    *
- * contributors as indicated by the @authors tag. See the                     *
- * copyright.txt in the distribution for a full listing of                    *
- * individual contributors.                                                   *
- *                                                                            *
- * This is free software; you can redistribute it and/or modify it            *
- * under the terms of the GNU Lesser General Public License as                *
- * published by the Free Software Foundation; either version 2.1 of           *
- * the License, or (at your option) any later version.                        *
- *                                                                            *
- * This software is distributed in the hope that it will be useful,           *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU           *
- * Lesser General Public License for more details.                            *
- *                                                                            *
- * You should have received a copy of the GNU Lesser General Public           *
- * License along with this software; if not, write to the Free                *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA         *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.                   *
- ******************************************************************************/
-package org.jboss.security.authz.http.container;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-
-/**
- * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
- *
- */
-public class TestHelloWorldHttpServlet extends TestCase
-{  
-   /**
-    * 
-    */
-   private static Logger log = Logger.getLogger(TestHelloWorldHttpServlet.class);
-      
-         
-   /**
-    * 
-    */
-   protected void setUp() throws Exception
-   {      
-	   
-   }
-   //------------------------------------------------------------------------------------------------------------------------------------------------------
-   public void testHelloWorld() throws Exception
-   {	   
-	   String url = "/httpprofile-testsuite/index.html";
-	   Thread.currentThread().sleep(20000);
-   }   
-}

Copied: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java (from rev 13005, modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java)
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java	                        (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,72 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat                                               *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual                    *
+ * contributors as indicated by the @authors tag. See the                     *
+ * copyright.txt in the distribution for a full listing of                    *
+ * individual contributors.                                                   *
+ *                                                                            *
+ * This is free software; you can redistribute it and/or modify it            *
+ * under the terms of the GNU Lesser General Public License as                *
+ * published by the Free Software Foundation; either version 2.1 of           *
+ * the License, or (at your option) any later version.                        *
+ *                                                                            *
+ * This software is distributed in the hope that it will be useful,           *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU           *
+ * Lesser General Public License for more details.                            *
+ *                                                                            *
+ * You should have received a copy of the GNU Lesser General Public           *
+ * License along with this software; if not, write to the Free                *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA         *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.                   *
+ ******************************************************************************/
+package org.jboss.security.authz.http.container;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpStatus;
+import org.apache.commons.httpclient.methods.GetMethod;
+
+/**
+ * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestSecurityFilterDeployment extends TestCase
+{  
+   /**
+    * 
+    */
+   private static Logger log = Logger.getLogger(TestSecurityFilterDeployment.class);
+      
+         
+   /**
+    * 
+    */
+   protected void setUp() throws Exception
+   {      
+	   
+   }
+   //------------------------------------------------------------------------------------------------------------------------------------------------------
+   public void test() throws Exception
+   {	   
+	   HttpClient client = new HttpClient();
+	   String url = "http://localhost:8080/httpprofile-testsuite/index.html";
+	   GetMethod method = new GetMethod(url);
+	   
+	   int status = client.executeMethod(method);	   
+	   String response = method.getResponseBodyAsString();
+	   
+	   log.info("-----------------------------------------------------------");
+	   log.info("Status="+status);
+	   log.info(response);
+	   log.info("-----------------------------------------------------------");
+	   
+	   assertEquals("Request Failed!!", status, HttpStatus.SC_OK);
+	   assertTrue("Proper content must be present!!", response.contains("<h1>Http Profile Container TestSuite</h1>"));
+	   
+	   Thread.currentThread().sleep(20000);
+   }   
+}


Property changes on: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java
___________________________________________________________________
Name: svn:mergeinfo
   + 

Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -29,7 +29,8 @@
 
 import org.apache.log4j.Logger;
 
-import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.http.Get;
+import org.jboss.security.authz.components.action.http.Post;
 import org.jboss.security.authz.components.resource.HttpResource;
 import org.jboss.security.authz.components.subject.Roles;
 import org.jboss.security.authz.enforcement.Request;
@@ -74,8 +75,11 @@
       
        for(int i=0; i<policies.length; i++)
        {
+    	 String xacmlPolicy = policies[i].generateXACMLPolicy();
+    	 this.policyServer.newPolicy(policies[i].getMetaData());
+    	 
          log.info("------------------------------------------------------");
-         this.policyServer.newPolicy(policies[i].getMetaData());
+         log.info(xacmlPolicy);         
          log.info("------------------------------------------------------");
        }
 	      
@@ -87,16 +91,18 @@
 	   incoming.addParameter("id", "1234");
 	   
 	   //Executive is allowed
-	   this.enforce(this.createRequest(incoming, new String[]{"executive"}), true);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"executive"}), true);
+	   this.enforce(this.createPostRequest(incoming, new String[]{"executive"}), true);
 	   
 	   //Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
-	   this.enforce(this.createRequest(incoming, new String[]{"executive", "manager"}), true);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"executive", "manager"}), true);
+	   this.enforce(this.createPostRequest(incoming, new String[]{"executive", "manager"}), true);
 	   
 	   //Manager is Not Allowed
-	   this.enforce(this.createRequest(incoming, new String[]{"manager"}), false);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false);
 	   
 	   //Anonymous is Not Allowed
-	   this.enforce(this.createRequest(incoming, new String[]{"anonymous"}), false);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);
    }
    
    public void testBoardFiles() throws Exception
@@ -110,9 +116,11 @@
       
        for(int i=0; i<policies.length; i++)
        {
-         log.info("------------------------------------------------------");
-         this.policyServer.newPolicy(policies[i].getMetaData());
-         log.info("------------------------------------------------------");
+    	   String xacmlPolicy = policies[i].generateXACMLPolicy();
+    	   this.policyServer.newPolicy(policies[i].getMetaData());
+    	   log.info("------------------------------------------------------");
+    	   log.info(xacmlPolicy);
+    	   log.info("------------------------------------------------------");
        }
 	      
 	   is.close();
@@ -123,17 +131,59 @@
 	   incoming.addParameter("id", "5678");
 	   
 	   //Executive is allowed
-	   this.enforce(this.createRequest(incoming, new String[]{"executive"}), true);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"executive"}), true);
+	   this.enforce(this.createPostRequest(incoming, new String[]{"executive"}), false);
 	   
 	   //Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
-	   this.enforce(this.createRequest(incoming, new String[]{"executive", "manager"}), true);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"executive", "manager"}), true);
+	   this.enforce(this.createPostRequest(incoming, new String[]{"executive", "manager"}), false);
 	   
 	   //Manager is Not Allowed
-	   this.enforce(this.createRequest(incoming, new String[]{"manager"}), false);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false);
 	   
 	   //Anonymous is Not Allowed
-	   this.enforce(this.createRequest(incoming, new String[]{"anonymous"}), false);
+	   this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);
    }
+   
+   public void testEditUser() throws Exception
+   {
+	   PolicyConfig config = new HttpPolicyConfig();
+       InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
+      
+       Policy[] policies = config.configure(GeneralTool.readStream(is));
+      
+       assertNotNull(policies);
+      
+       for(int i=0; i<policies.length; i++)
+       {
+    	   String xacmlPolicy = policies[i].generateXACMLPolicy();
+    	   this.policyServer.newPolicy(policies[i].getMetaData());
+    	   log.info("------------------------------------------------------");
+    	   log.info(xacmlPolicy);
+    	   log.info("------------------------------------------------------");
+       }
+	      
+	   is.close();
+	   
+	   //Perform an Enforcement
+	   HttpResource incoming = new HttpResource();
+	   incoming.setUri(new URI("/editUser"));
+	   incoming.addParameter("userId", "9101112");
+	   
+	   //Executive is allowed
+	   this.enforce(this.createGetRequest(incoming, new String[]{"executive"}), true);
+	   this.enforce(this.createPostRequest(incoming, new String[]{"executive"}), true);
+	   
+	   //Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
+	   this.enforce(this.createGetRequest(incoming, new String[]{"executive", "manager"}), true);
+	   this.enforce(this.createPostRequest(incoming, new String[]{"executive", "manager"}), true);
+	   
+	   //Manager is Not Allowed
+	   this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false);
+	   
+	   //Anonymous is Not Allowed
+	   this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);
+   }
    //-------------------------------------------------------------------------------------------------------------------------------------------------
 	private void enforce(Request request, boolean mustBePermitted) throws Exception
 	{
@@ -154,7 +204,7 @@
 	    }        
 	}  
 	
-	private Request createRequest(HttpResource contextResource, String[] userRoles) throws Exception
+	private Request createGetRequest(HttpResource contextResource, String[] userRoles) throws Exception
     {            
       //Create a RequestType
       Request request = new Request();
@@ -171,8 +221,30 @@
       request.addResource(contextResource.getResource());
       
       //Create Action            
-      request.setAction(new Read().getAction());
+      request.setAction(new Get().getAction());
                         
       return request;
-    }	
+    }
+	
+	private Request createPostRequest(HttpResource contextResource, String[] userRoles) throws Exception
+    {            
+      //Create a RequestType
+      Request request = new Request();
+                  
+      //Create Subjects
+      Roles roles = new Roles();
+      for(int i=0; i<userRoles.length; i++)
+      {
+    	  roles.addName(userRoles[i]);
+      }
+      request.addSubject(roles.getSubject());
+      
+      //Create Resource      
+      request.addResource(contextResource.getResource());
+      
+      //Create Action            
+      request.setAction(new Post().getAction());
+                        
+      return request;
+    }
 }

Modified: modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -8,6 +8,8 @@
 				<parameters>
 					<parameter name="id">1234</parameter>
 				</parameters>
+				<http-method>GET</http-method>
+				<http-method>POST</http-method>																				
 			</web-resource>
 			<web-resource>
 				<web-resource-name>Board/Investor Files</web-resource-name>
@@ -15,6 +17,7 @@
 				<parameters>
 					<parameter name="id">5678</parameter>
 				</parameters>
+				<http-method>GET</http-method>
 			</web-resource>
 		</web-resource-collection>
 		<auth-constraint>
@@ -47,4 +50,34 @@
 			<!--  constraints based on data and/or time -->		
 		</auth-constraint>
 	</security-constraint>
+	
+	<!--  
+		To demonstrate granularity of applying policies based on type of http method being invoked on a resource
+		
+		This Policy means apply this Security Policy on the "Http Resource", for both "GET", and "POST" requests 
+	-->
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource>
+				<web-resource-name>Edit User</web-resource-name>
+				<url-pattern>/editUser</url-pattern>
+				<parameters>
+					<parameter name="userId">9101112</parameter>
+				</parameters>
+				<http-method>GET</http-method>
+				<http-method>POST</http-method>																				
+			</web-resource>			
+		</web-resource-collection>
+		<auth-constraint>
+		    <!--  constaints based on user roles -->
+		    <roles allow="true">
+				<role-name>Admin</role-name>
+				<role-name>Executive</role-name>
+			</roles>
+			<roles allow="false">
+				<role-name>Manager</role-name>
+				<role-name>Developer</role-name>
+			</roles>								
+		</auth-constraint>
+	</security-constraint>
 </web-security>
\ No newline at end of file

Modified: modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -1,5 +1,20 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<web-security>
+<web-security>	
+    <enforcement-config>
+    	<!--  
+    		  default value, (false)
+    		  If resource match is set to "mandatory", it means that if there is an http request to the web application,
+    		  that does not have any specified/matching "security policy" for it, then this access should be "Denied".
+    		  
+    		  The default value is set to "false" since this makes Policy Provisioning less intensive for most web applications. This means that if 
+    		  a "Policy" is not specified for a http request, it means that resource does not need to be "protected", and access should be "Granted".
+    		  
+    		  The protection can be increased depending on the application by changing this to "true". In which case only Http Requests that have a matching "Security Policy" will
+    		  be considered for "Access Control". All others will be "Denied" access. 
+    	-->
+    	<policy-match-mandatory>true</policy-match-mandatory>
+    </enforcement-config>
+    
 	<security-constraint>
 		<web-resource-collection>
 			<web-resource>
@@ -8,6 +23,13 @@
 				<parameters>
 					<parameter name="id">1234</parameter>
 				</parameters>
+				<http-method>DELETE</http-method>
+				<http-method>PUT</http-method>
+				<http-method>HEAD</http-method>
+				<http-method>OPTIONS</http-method>
+				<http-method>TRACE</http-method>
+				<http-method>GET</http-method>
+				<http-method>POST</http-method>
 			</web-resource>
 			<web-resource>
 				<web-resource-name>Board/Investor Files</web-resource-name>
@@ -46,5 +68,5 @@
 			-->			
 			<!--  constraints based on data and/or time -->		
 		</auth-constraint>
-	</security-constraint>
+	</security-constraint>	
 </web-security>
\ No newline at end of file

Added: modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html	                        (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html	2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,8 @@
+<html>
+	<head>
+		<title>Http Profile Container TestSuite</title>
+	</head>
+	<body>
+		<h1>Board Members</h1>
+	</body>
+</html>
\ No newline at end of file

Added: modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html	                        (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html	2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,8 @@
+<html>
+	<head>
+		<title>Http Profile Container TestSuite</title>
+	</head>
+	<body>
+		<h1>Company Executives</h1>
+	</body>
+</html>
\ No newline at end of file

Modified: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/policy-server/pom.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -51,19 +51,5 @@
         <groupId>org.drools</groupId>
         <artifactId>drools-compiler</artifactId>        
     </dependency>             
-  </dependencies> 
-  
-  <build>
-      <plugins>      	 
-         <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-surefire-plugin</artifactId>
-            <version>2.3.1</version>
-            <configuration>
-               <includes>                		                                                 	               		                  
-               </includes>
-            </configuration>
-         </plugin>         
-      </plugins>
-   </build> 
+  </dependencies>    
 </project>

Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -155,13 +155,23 @@
 	    	if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
 	    	{
 	    		response.setAccessGranted(true);
-	    		response.setMessage("ACCESS_GRANTED");
+	    		response.setMessage("permit");
 	    	}
-	    	else
+	    	else if(responseContext.getDecision() == XACMLConstants.DECISION_DENY)
 	    	{
 	    		response.setAccessGranted(false);
-	    		response.setMessage("ACCESS_DENIED");
+	    		response.setMessage("deny");
 	    	}
+	    	else if(responseContext.getDecision() == XACMLConstants.DECISION_INDETERMINATE)
+	    	{
+	    		response.setAccessGranted(false);
+	    		response.setMessage("indeterminate");
+	    	}
+	    	else if(responseContext.getDecision() == XACMLConstants.DECISION_NOT_APPLICABLE)
+	    	{
+	    		response.setAccessGranted(false);
+	    		response.setMessage("notapplicable");
+	    	}
 		    			
 			return response;
 		}

Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java	2009-03-26 20:23:08 UTC (rev 13088)
@@ -125,6 +125,15 @@
             resourcesType.getResource().add(resourceType);
          }
          
+         //Process Action Matches as Targets for the Policy
+         List<AttributeExpression> targetActionMatches = this.metaData.getTarget().getActionMatches();
+         if(targetActionMatches != null && !targetActionMatches.isEmpty())
+         {
+        	 ActionsType actionsType = this.generateRuleActions(targetActionMatches);
+             targetType.setActions(actionsType);
+         }
+         
+         
          //Process the Policy Rules
          Set<Rule> rules = this.metaData.getRules();
          if(rules != null && !rules.isEmpty())

Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml	2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/pom.xml	2009-03-26 20:23:08 UTC (rev 13088)
@@ -44,7 +44,8 @@
   	<version.org.jboss.microcontainer>2.0.2.GA</version.org.jboss.microcontainer>
   	<version.org.jboss.jboss-reflect>2.0.2.GA</version.org.jboss.jboss-reflect>
   	<version.org.jboss.jboss-common-core>2.2.9.GA</version.org.jboss.jboss-common-core>
-  	<version.org.jboss.jboss-mdr>2.0.1.GA</version.org.jboss.jboss-mdr>    		  
+  	<version.org.jboss.jboss-mdr>2.0.1.GA</version.org.jboss.jboss-mdr>
+  	<version.commons-httpclient>3.1</version.commons-httpclient>    		  
   </properties>
 
   <dependencyManagement>
@@ -262,7 +263,14 @@
             <version>${version.javax.servlet.servlet-api}</version>
             <scope>provided</scope>
          </dependency>
-	  </dependencies>
+         
+         <!-- Commons Http Client -->
+         <dependency>
+            <groupId>commons-httpclient</groupId>
+            <artifactId>commons-httpclient</artifactId>
+            <version>${version.commons-httpclient}</version>
+         </dependency>
+	  </dependencies>	  
   </dependencyManagement> 
   
   <!-- project wide dependencies -->
@@ -285,6 +293,13 @@
         <artifactId>junit</artifactId>
         <scope>test</scope>        
      </dependency>
+     
+     <!-- http client -->
+     <dependency>
+     	<groupId>commons-httpclient</groupId>
+     	<artifactId>commons-httpclient</artifactId>
+     	<scope>test</scope>
+     </dependency>
   </dependencies>  
    
    <build>
@@ -301,8 +316,7 @@
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-surefire-plugin</artifactId>
             <version>2.3.1</version>
-            <configuration>
-               <skip>false</skip>
+            <configuration>               
             </configuration>
          </plugin>         
       </plugins>




More information about the portal-commits mailing list