i = perms.elements(); i.hasMoreElements();) {
+ StringPermission p = (StringPermission) i.nextElement();
+ Assert.assertTrue(allPerms.contains(p));
+ allPerms.remove(p);
}
}
-
- public void testSetOperations()
- {
- Permissions perms1 = new Permissions( "app1", new Permission[] {
- new Permission( "app1", "perm1" ),
+
+ public void testSetOperations() {
+ Permissions perms1 = newPermissions(new StringPermission[]{
+ new StringPermission("app1", "perm1"),
});
- Permissions perms2 = new Permissions( "app1", new Permission[] {
- new Permission( "app1", "perm2" ),
+ Permissions perms2 = newPermissions(new StringPermission[]{
+ new StringPermission("app1", "perm2"),
});
- Permissions perms12 = new Permissions( "app1", new Permission[] {
- new Permission( "app1", "perm1" ),
- new Permission( "app1", "perm2" ),
+ Permissions perms12 = newPermissions(new StringPermission[]{
+ new StringPermission("app1", "perm1"),
+ new StringPermission("app1", "perm2"),
});
- Permissions wrongPerms = new Permissions( "wrongApp", null );
-
-
+ Permissions wrongPerms = new Permissions();
+
// addAll
- Assert.assertEquals( perms12, perms1.addAll( perms2 ) );
- Assert.assertEquals( perms1, perms1.addAll( perms1 ) );
- try
- {
- perms1.addAll( wrongPerms );
- Assert.fail( "Exception is not thrown." );
- }
- catch( IllegalArgumentException e )
- {
- // OK
- }
-
+ Assert.assertTrue(PermissionsUtil.equivalent(perms12, PermissionsUtil.union(perms1, perms2)));
+ Assert.assertTrue(PermissionsUtil.equivalent(perms1, PermissionsUtil.union(perms1, perms1)));
+// try
+// {
+// PermissionsUtil.union(perms1, wrongPerms );
+// Assert.fail( "Exception is not thrown." );
+// }
+// catch( IllegalArgumentException e )
+// {
+// // OK
+// }
+
// removeAll
- Assert.assertEquals( perms1, perms12.removeAll( perms2 ) );
- Assert.assertEquals( perms1, perms1.removeAll( perms2 ) );
- try
- {
- perms1.removeAll( wrongPerms );
- Assert.fail( "Exception is not thrown." );
- }
- catch( IllegalArgumentException e )
- {
- // OK
- }
-
+// Assert.assertEquals( perms1, perms12.removeAll( perms2 ) );
+// Assert.assertEquals( perms1, perms1.removeAll( perms2 ) );
+// try
+// {
+// perms1.removeAll( wrongPerms );
+// Assert.fail( "Exception is not thrown." );
+// }
+// catch( IllegalArgumentException e )
+// {
+ // OK
+// }
+
// retainAll
- Assert.assertEquals( perms1, perms12.retainAll( perms1 ) );
- Assert.assertEquals(
- new Permissions( "app1", null ), perms1.retainAll( perms2 ) );
- try
- {
- perms1.retainAll( wrongPerms );
- Assert.fail( "Exception is not thrown." );
- }
- catch( IllegalArgumentException e )
- {
- // OK
- }
+// Assert.assertEquals( perms1, perms12.retainAll( perms1 ) );
+// Assert.assertEquals(
+// new Permissions( "app1", null ), perms1.retainAll( perms2 ) );
+// try
+// {
+// perms1.retainAll( wrongPerms );
+// Assert.fail( "Exception is not thrown." );
+// }
+// catch( IllegalArgumentException e )
+// {
+ // OK
+// }
// containsAll
- Assert.assertTrue( perms12.containsAll( perms12 ) );
- Assert.assertFalse( perms1.containsAll( perms12 ) );
- try
- {
- perms1.containsAll( wrongPerms );
- Assert.fail( "Exception is not thrown." );
- }
- catch( IllegalArgumentException e )
- {
- // OK
- }
+// Assert.assertTrue( perms12.containsAll( perms12 ) );
+// Assert.assertFalse( perms1.containsAll( perms12 ) );
+// try
+// {
+// perms1.containsAll( wrongPerms );
+// Assert.fail( "Exception is not thrown." );
+// }
+// catch( IllegalArgumentException e )
+// {
+// OK
+// }
}
-
- public static void main( String[] args )
- {
- junit.textui.TestRunner.run( PermissionsTest.class );
+
+ public static void main(String[] args) {
+ junit.textui.TestRunner.run(PermissionsTest.class);
}
}
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java (working copy)
@@ -22,6 +22,8 @@
import java.io.Serializable;
import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.Permissions;
import java.util.Iterator;
@@ -31,17 +33,17 @@
* to manage access controls for user profiles associated with applications.
* Profiles associate users with applications. This class models that profile
* by linking the user with an application and allowing the assignment of an
- * application specific {@link Role} set and {@link Permission} set to the
+ * application specific {@link Role} set and {@link StringPermission} set to the
* profile.
*
*
* Profiles contain three sets of Permissions and a set of Roles used for
* managing an authorization policy of a user. A Role Based Access Control
- * (RBAC) model is used to easily manage the Profile. The three Permission
+ * (RBAC) model is used to easily manage the Profile. The three StringPermission
* sets are: grants, denials and the effective calculated permissions for the
- * profile. Roles assigned to the Profile lead to the inheritance of Permission
- * granted to Role. Besides Role based Permission inheritence, additional
- * Permission may be granted or denied to influence the total effective Permission.
+ * profile. Roles assigned to the Profile lead to the inheritance of StringPermission
+ * granted to Role. Besides Role based StringPermission inheritence, additional
+ * StringPermission may be granted or denied to influence the total effective StringPermission.
* The grants Permissions set contains extra granted Permissions which may not be
* inherited by assigned Roles. The denials Permissions set contains
* {@link Permissions} that are denied whether they are inherited by assigned
@@ -73,8 +75,10 @@
private final Permissions grants;
/** the permissions denied by this Profile */
private final Permissions denials;
- /** the effective calculated permissions for this Profile */
- private final Permissions effectivePermissions;
+ /** the calculated effective granted permissions for this Profile */
+ private final Permissions effectiveGrantedPermissions;
+ /** the calculated effective denied permissions for this Profile */
+ private final Permissions effectiveDeniedPermissions;
/** a brief description of the Profile */
private final String description;
/** whether or not this profile is disabled */
@@ -143,32 +147,32 @@
}
if( grants == null )
{
- grants = new Permissions( store.getApplicationName(), null );
+ grants = new Permissions();
}
- if( !store.getApplicationName().equals( grants.getApplicationName() ) )
- {
- throw new IllegalArgumentException( "Invalid applicationName in grants: " + grants.getApplicationName() );
- }
- if( !store.getPermissions().containsAll( grants ) )
- {
- throw new IllegalArgumentException(
- "store doesn't provide all permissions specified: " +
- grants );
- }
+// if( !store.getApplicationName().equals( grants.getApplicationName() ) )
+// {
+// throw new IllegalArgumentException( "Invalid applicationName in grants: " + grants.getApplicationName() );
+// }
+// if( !store.getPermissions().containsAll( grants ) )
+// {
+// throw new IllegalArgumentException(
+// "store doesn't provide all permissions specified: " +
+// grants );
+// }
if( denials == null )
{
- denials = new Permissions( store.getApplicationName(), null );
+ denials = new Permissions();
}
- if( !store.getApplicationName().equals( denials.getApplicationName() ) )
- {
- throw new IllegalArgumentException( "Invalid applicationName in denials: " + denials.getApplicationName() );
- }
- if( !store.getPermissions().containsAll( denials ) )
- {
- throw new IllegalArgumentException(
- "store doesn't provide all permissions specified: " +
- denials );
- }
+// if( !store.getApplicationName().equals( denials.getApplicationName() ) )
+// {
+// throw new IllegalArgumentException( "Invalid applicationName in denials: " + denials.getApplicationName() );
+// }
+// if( !store.getPermissions().containsAll( denials ) )
+// {
+// throw new IllegalArgumentException(
+// "store doesn't provide all permissions specified: " +
+// denials );
+// }
this.disabled = disabled;
this.store = store;
@@ -180,14 +184,20 @@
this.description = description;
// Calculate effective permissions
- Permissions effectivePermissions = new Permissions( store.getApplicationName(), null );
+ effectiveGrantedPermissions = new Permissions();
for( Iterator i = roles.iterator(); i.hasNext(); )
{
Role r = ( Role ) i.next();
- effectivePermissions = effectivePermissions.addAll( r.getGrants() );
+ PermissionsUtil.addAll(effectiveGrantedPermissions, r.getGrantedPermissions() );
}
- effectivePermissions = effectivePermissions.addAll( grants );
- this.effectivePermissions = effectivePermissions.removeAll( denials );
+ PermissionsUtil.addAll(effectiveGrantedPermissions, grants );
+ effectiveDeniedPermissions = new Permissions();
+ for( Iterator i = roles.iterator(); i.hasNext(); )
+ {
+ Role r = ( Role ) i.next();
+ PermissionsUtil.addAll(effectiveDeniedPermissions, r.getDeniedPermissions() );
+ }
+ PermissionsUtil.addAll(effectiveDeniedPermissions, denials );
}
@@ -270,9 +280,9 @@
/**
- * Gets the set of {@link Permission}s granted to this Profile.
+ * Gets the set of {@link StringPermission}s granted to this Profile.
*
- * @return a container of granted {@link Permission} objects
+ * @return a container of granted {@link StringPermission} objects
*/
public Permissions getGrants()
{
@@ -284,7 +294,7 @@
* This is the only time and place where negative permissions will ever be
* found.
*
- * @return a container of denied {@link Permission} objects
+ * @return a container of denied {@link StringPermission} objects
*/
public Permissions getDenials()
{
@@ -298,56 +308,30 @@
* granted {@link Permissions} and denied {@link Permissions} of this
* Profile.
*
- * @return a container of effective {@link Permission} objects for this profile.
+ * @return a container of effective {@link StringPermission} objects for this profile.
*/
- public Permissions getEffectivePermissions()
+ public Permissions getEffectiveGrantedPermissions()
{
- return effectivePermissions;
+ return effectiveGrantedPermissions;
}
-
- /**
- * Assertive check to test if this Profile has the effective {@link Permission}.
- *
- * @param permissionName the permission name to check for
- * @throws AccessControlException if the permission is not granted or
- * inherited from an assigned Role
- */
- public void checkPermission( String permissionName )
- {
- checkPermission(
- permissionName,
- "User '" + profileId + "' " +
- "in application '" + getApplicationName() + '\'' +
- "does not posess the permission '" + permissionName + "'." );
+ public Permissions getEffectiveDeniedPermissions() {
+ return effectiveDeniedPermissions;
}
-
/**
* Get's whether or not this Profile has the permission.
*
* @param permission the permission to check for
* @return true if the permission is granted, false otherwise
*/
- public boolean hasPermission( Permission permission )
+ public boolean implies( Permission permission )
{
- return effectivePermissions.contains( permission );
+ return effectiveGrantedPermissions.implies( permission ) && ! effectiveDeniedPermissions.implies(permission);
}
/**
- * Get's whether or not this Profile has the permission.
- *
- * @param permissionName the permission to check for
- * @return true if the permission is granted, false otherwise
- */
- public boolean hasPermission( String permissionName )
- {
- return effectivePermissions.get( permissionName ) != null;
- }
-
-
- /**
* Assertive permission check to test if this Profile has the effective
* permission.
*
@@ -355,7 +339,7 @@
* @throws AccessControlException if the permission is not granted or
* inherited from an assigned Role
*/
- public void checkPermission( Permission permission )
+ public void checkPermission( StringPermission permission )
{
checkPermission(
permission,
@@ -369,42 +353,19 @@
* Assertive permission check to test if this Profile has the effective
* permission.
*
- * @param permissionName the permission name to check for
- * @param message to use for AccessControlException if it is thrown
- * @throws AccessControlException if the permission is not granted or
- * inherited from an assigned Role
- */
- public void checkPermission( String permissionName, String message )
- {
- if ( permissionName == null )
- {
- throw new NullPointerException( "permissionName" );
- }
-
- if ( !effectivePermissions.contains( permissionName ) )
- {
- throw new AccessControlException( message );
- }
- }
-
-
- /**
- * Assertive permission check to test if this Profile has the effective
- * permission.
- *
* @param permission the permission to check for
* @param message to use for AccessControlException if it is thrown
* @throws AccessControlException if the permission is not granted or
* inherited from an assigned Role
*/
- public void checkPermission( Permission permission, String message )
+ public void checkPermission( StringPermission permission, String message )
{
if ( permission == null )
{
throw new NullPointerException( "permission" );
}
- if ( !effectivePermissions.contains( permission ) )
+ if ( !implies( permission ) )
{
throw new AccessControlException( message );
}
@@ -468,6 +429,6 @@
public String toString()
{
- return "Profile(" + getProfileId() + ": " + effectivePermissions + ')';
+ return "Profile(" + getProfileId() + ": " + effectiveGrantedPermissions + ')';
}
}
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java (working copy)
@@ -22,6 +22,7 @@
import java.io.Serializable;
import java.security.AccessControlException;
+import java.security.Permissions;
/**
@@ -37,15 +38,13 @@
{
private static final long serialVersionUID = 6190625586883412135L;
- /** an empty byte array used as a placeholder for empty grants */
- private static final Permission[] EMPTY_PERMISSION_ARRAY = new Permission[0];
-
/** the name of this Role */
private final String name;
/** the store the Role is defined for */
private final ApplicationPolicy store;
- /** the permissions granted for this role */
- private final Permissions permissions;
+ /** the grantedPermissions granted for this role */
+ private final Permissions grantedPermissions;
+ private final Permissions deniedPermissions;
/** a brief description of the Role */
private final String description;
@@ -55,10 +54,11 @@
*
* @param store the parent store this role is defined for
* @param name the name of this role
- * @param permissions a set of permissions granted for this role
+ * @param grantedPermissions
+ * @param deniedPermissions
* @param description a breif description of the role
*/
- public Role( ApplicationPolicy store, String name, Permissions permissions, String description )
+ public Role(ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions, String description)
{
if( store == null )
{
@@ -73,28 +73,33 @@
throw new IllegalArgumentException( "name is empty." );
}
- if( permissions == null )
+ if( grantedPermissions == null )
{
- permissions = new Permissions(
- store.getApplicationName(), EMPTY_PERMISSION_ARRAY );
+ grantedPermissions = new Permissions();
}
- if( !store.getApplicationName().equals( permissions.getApplicationName() ) )
+ if( deniedPermissions == null )
{
- throw new IllegalArgumentException(
- "Invalid applicationName in permissions: " +
- permissions.getApplicationName() );
+ deniedPermissions = new Permissions();
}
+// if( !store.getApplicationName().equals( grantedPermissions.getApplicationName() ) )
+// {
+// throw new IllegalArgumentException(
+// "Invalid applicationName in grantedPermissions: " +
+// grantedPermissions.getApplicationName() );
+// }
+
+ //This is meaningless if grantedPermissions.implies is used rather than equality.
+// if( !store.getPermissions().containsAll( grantedPermissions ) )
+// {
+// throw new IllegalArgumentException(
+// "store doesn't provide all grantedPermissions specified: " +
+// grantedPermissions );
+// }
- if( !store.getPermissions().containsAll( permissions ) )
- {
- throw new IllegalArgumentException(
- "store doesn't provide all permissions specified: " +
- permissions );
- }
-
this.store = store;
this.name = name;
- this.permissions = permissions;
+ this.grantedPermissions = grantedPermissions;
+ this.deniedPermissions = deniedPermissions;
this.description = description;
}
@@ -104,11 +109,12 @@
*
* @param store the parent store this role is defined for
* @param name the name of this role
- * @param permissions a set of permissions granted for this role
+ * @param grantedPermissions
+ * @param deniedPermissions
*/
- public Role( ApplicationPolicy store, String name, Permissions permissions )
+ public Role(ApplicationPolicy store, String name, Permissions grantedPermissions, Permissions deniedPermissions)
{
- this ( store, name, permissions, null );
+ this ( store, name, grantedPermissions, deniedPermissions, null );
}
@@ -146,15 +152,18 @@
/**
- * Gets a set of permissions granted to this role.
+ * Gets a set of grantedPermissions granted to this role.
*
- * @return a set of permissions granted to this role.
+ * @return a set of grantedPermissions granted to this role.
*/
- public Permissions getGrants()
+ public Permissions getGrantedPermissions()
{
- return permissions;
+ return grantedPermissions;
}
+ public Permissions getDeniedPermissions() {
+ return deniedPermissions;
+ }
/**
* Assertive permission check to test if this role has the effective
@@ -163,7 +172,7 @@
* @param permission the permission to check for
* @throws AccessControlException if the permission is not granted
*/
- public void checkPermission( Permission permission )
+ public void checkPermission( StringPermission permission )
{
checkPermission(
permission,
@@ -176,45 +185,16 @@
/**
* Get's whether or not this Role has the permission.
*
- * @param permissionName the permission to check for
- * @return true if the permission is granted,false otherwise
- */
- public boolean hasPermission( String permissionName )
- {
- return permissions.get( permissionName ) != null;
- }
-
-
- /**
- * Get's whether or not this Role has the permission.
- *
* @param permission the name of permission to check for
* @return true if the permission is granted,false otherwise
*/
- public boolean hasPermission( Permission permission )
+ public boolean hasPermission( StringPermission permission )
{
- return permissions.contains( permission );
+ return grantedPermissions.implies( permission );
}
/**
- * Assertive permission check to test if this role has the effective
- * permission.
- *
- * @param permissionName the name of the permission to check for
- * @throws AccessControlException if the permission is not granted
- */
- public void checkPermission( String permissionName )
- {
- checkPermission(
- permissionName,
- "Role '" + name + "' " +
- "in application '" + getApplicationName() + '\'' +
- "does not posess the permission '" + permissionName + "'." );
- }
-
-
- /**
* Assertive permission check to test if this Role has the effective
* permission.
*
@@ -222,42 +202,20 @@
* @param message to use for AccessControlException if it is thrown
* @throws AccessControlException if the permission is not granted
*/
- public void checkPermission( Permission permission, String message )
+ public void checkPermission( StringPermission permission, String message )
{
if ( permission == null )
{
throw new NullPointerException( "permission" );
}
- if ( !permissions.contains( permission ) )
+ if ( !grantedPermissions.implies( permission ) )
{
throw new AccessControlException( message );
}
}
- /**
- * Assertive permission check to test if this role has the effective
- * permission.
- *
- * @param permissionName the permission name to check for
- * @param message to use for AccessControlException if it is thrown
- * @throws AccessControlException if the permission is not granted
- */
- public void checkPermission( String permissionName, String message )
- {
- if ( permissionName == null )
- {
- throw new NullPointerException( "permissionName" );
- }
-
- if ( !permissions.contains( permissionName ) )
- {
- throw new AccessControlException( message );
- }
- }
-
-
// ------------------------------------------------------------------------
// Object Overrides
// ------------------------------------------------------------------------
@@ -302,8 +260,8 @@
}
- public Object clone()
- {
+ @Override
+ public Object clone() throws CloneNotSupportedException {
try
{
return super.clone();
@@ -317,6 +275,6 @@
public String toString()
{
- return "Role(" + getName() + ": " + permissions + ')';
+ return "Role(" + getName() + ": " + grantedPermissions + ')';
}
}
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java (working copy)
@@ -40,12 +40,12 @@
}
- public void permissionChanged( ApplicationPolicy policy, Permission permission, ChangeType changeType )
+ public void permissionChanged( ApplicationPolicy policy, StringPermission permission, ChangeType changeType )
{
}
- public void permissionRenamed( ApplicationPolicy policy, Permission permission, String oldName )
+ public void permissionRenamed( ApplicationPolicy policy, StringPermission permission, String oldName )
{
}
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java (revision 0)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java (revision 0)
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.guardian;
+
+import java.util.Enumeration;
+import java.util.Set;
+import java.security.Permission;
+import java.security.Permissions;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PermissionsUtil {
+ private PermissionsUtil() {
+ }
+
+ public static boolean isEmpty(Permissions permissions) {
+ return !permissions.elements().hasMoreElements();
+ }
+
+ /**
+ * @deprecated used only in tests
+ * @param permissions
+ * @return number of Permissions in the Permissions.
+ */
+ public static int size(Permissions permissions) {
+ int i = 0;
+ for (Enumeration elements = permissions.elements(); elements.hasMoreElements();) {
+ elements.nextElement();
+ i++;
+ }
+ return i;
+ }
+
+ public static Permissions union(Permissions first, Permissions second) {
+ Permissions result = new Permissions();
+ for (Enumeration elements = first.elements(); elements.hasMoreElements();) {
+ result.add(elements.nextElement());
+ }
+ for (Enumeration elements = second.elements(); elements.hasMoreElements();) {
+ result.add(elements.nextElement());
+ }
+ return result;
+ }
+
+ public static void addAll(Permissions first, Permissions second) {
+ for (Enumeration elements = second.elements(); elements.hasMoreElements();) {
+ first.add(elements.nextElement());
+ }
+ }
+
+ public static Permissions difference(Permissions whole, Permissions remove) {
+ Permissions result = new Permissions();
+ for (Enumeration elements = whole.elements(); elements.hasMoreElements();) {
+ Permission permission = elements.nextElement();
+ if (!remove.implies(permission)) {
+ result.add(permission);
+ }
+ }
+ return result;
+ }
+
+ public static Permissions remove(Permissions whole, Permission remove) {
+ Permissions result = new Permissions();
+ for (Enumeration elements = whole.elements(); elements.hasMoreElements();) {
+ Permission permission = elements.nextElement();
+ if (!remove.implies(permission)) {
+ result.add(permission);
+ }
+ }
+ return result;
+ }
+
+ public static boolean equivalent(Permissions a, Permissions b) {
+ return impliesAll(a, b) && impliesAll(b, a);
+ }
+
+ public static boolean impliesAll(Permissions a, Permissions b) {
+ for (Enumeration elements = b.elements(); elements.hasMoreElements();) {
+ if (!a.implies(elements.nextElement())) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+// public static void addPermissions(Permissions permissions, Set permSet) {
+// for (Permission perm: permSet) {
+// permissions.add(perm);
+// }
+// }
+}
Property changes on: guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Name: svn:keywords
+ Date Revision
Name: svn:eol-style
+ native
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permissions.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permissions.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permissions.java (working copy)
@@ -1,340 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.safehaus.triplesec.guardian;
-
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
-
-
-/**
- * Represnets an immutable set of {@link Permission}s.
- *
- * @author Trustin Lee
- * @version $Rev: 52 $, $Date: 2005-08-19 23:03:36 -0400 (Fri, 19 Aug 2005) $
- */
-public class Permissions implements Cloneable, Serializable
-{
- private static final long serialVersionUID = 824005229641450076L;
- /** An empty array of {@link Permission}s which is used when null is specified */
- private static final Permission[] EMPTY_PERMISSION_ARRAY = new Permission[0];
-
- /** the name of application this permissions belong to */
- private final String applicationName;
- /** Map<String permissionName, Permission permission> */
- private final Map permissions = new HashMap();
-
-
- /**
- * Creates a new instance.
- *
- * @param applicationName The name of the application this permissions belong to
- * @param permissions The array of {@link Permission}s that will belong to this permission set
- */
- public Permissions( String applicationName, Permission[] permissions )
- {
- // Check nulls and emptiness
- if( applicationName == null )
- {
- throw new NullPointerException( "applicationName" );
- }
- if( applicationName.length() == 0 )
- {
- throw new IllegalArgumentException( "applicationName is empty." );
- }
- if( permissions == null )
- {
- permissions = EMPTY_PERMISSION_ARRAY;
- }
-
- this.applicationName = applicationName;
-
- // Add all permissions while checking if application names are all
- // same with what user specified.
- for( int i = permissions.length - 1; i >= 0; i -- )
- {
- Permission p = permissions[ i ];
- if( p == null )
- {
- continue;
- }
-
- if( !applicationName.equals( p.getApplicationName() ) )
- {
- throw new IllegalArgumentException( "Invalid applicationName: " + p.getApplicationName() );
- }
-
- this.permissions.put( p.getName(), p );
- }
- }
-
-
- /**
- * Returns the name of the application this permissions belong to
- *
- * @return the name of the application this permissions belong to
- */
- public String getApplicationName()
- {
- return applicationName;
- }
-
-
- /**
- * Returns true if and only if this set contains the specified
- * permission.
- *
- * @param permission the permission to find
- * @return true if and only if this set contains the specified
- * permission
- */
- public boolean contains( Permission permission )
- {
- return applicationName.equals( permission.getApplicationName() ) &&
- permissions.containsKey( permission.getName() );
- }
-
-
- /**
- * Returns true if and only if this set contains the {@link Permission}
- * with the specified permissionName.
- *
- * @param permissionName the name of the permission to find
- * @return true if and only if this set contains the specified
- * permissionName
- */
- public boolean contains( String permissionName )
- {
- return permissions.containsKey( permissionName );
- }
-
-
- /**
- * Returns true if and only if this set contains all elements of
- * the specified permissions.
- *
- * @param permissions another set of permissions
- * @return true if and only if this set contains all elements of
- * the specified permissions
- */
- public boolean containsAll( Permissions permissions )
- {
- checkApplicationName( permissions );
- return this.permissions.keySet().containsAll( permissions.permissions.keySet() );
- }
-
-
- /**
- * Returns the {@link Permission} with the specified permissionName.
- *
- * @param permissionName the name of the permission to find
- * @return null if there's no permission with the specified name
- */
- public Permission get( String permissionName )
- {
- return ( Permission ) permissions.get( permissionName );
- }
-
-
- /**
- * Returns true if this set is empty.
- *
- * @return true if this set is empty
- */
- public boolean isEmpty()
- {
- return permissions.isEmpty();
- }
-
-
- /**
- * Returns the number of elements this set contains.
- *
- * @return the number of elements this set contains
- */
- public int size()
- {
- return permissions.size();
- }
-
-
- /**
- * Returns an {@link Iterator} that iterates all {@link Permission}s this set contains.
- *
- * @return an {@link Iterator} that iterates all {@link Permission}s this set contains
- */
- public Iterator iterator()
- {
- return Collections.unmodifiableCollection( permissions.values() ).iterator();
- }
-
-
- /**
- * Creates a new set of {@link Permission}s which contains all elements of
- * both this set and the specified set (OR operation). This operation never
- * modifies this set.
- *
- * @param permissions a set of permissions to add
- * @return a new set
- */
- public Permissions addAll( Permissions permissions )
- {
- checkApplicationName( permissions );
- Permissions newPermissions = ( Permissions ) clone();
- newPermissions.permissions.putAll( permissions.permissions );
- return newPermissions;
- }
-
-
- /**
- * Creates a new set of {@link Permission}s which contains elements of
- * this set excluding what exists in the specified set (NAND operation).
- * This operation never modifies this set.
- *
- * @param permissions a set of permissions to remove
- * @return a new set
- */
- public Permissions removeAll( Permissions permissions )
- {
- checkApplicationName( permissions );
- Permissions newPermissions = ( Permissions ) clone();
- newPermissions.permissions.keySet().removeAll(
- permissions.permissions.keySet() );
- return newPermissions;
- }
-
-
- /**
- * Creates a new set of {@link Permission}s which contains elements which
- * exists in both this set and the specified set (AND operation). This
- * operation never modifies this set.
- *
- * @param permissions a set of permissions to retain.
- * @return a new set
- */
- public Permissions retainAll( Permissions permissions )
- {
- checkApplicationName( permissions );
- Permissions newPermissions = ( Permissions ) clone();
- newPermissions.permissions.keySet().retainAll(
- permissions.permissions.keySet() );
- return newPermissions;
- }
-
-
- // ------------------------------------------------------------------------
- // Object Overrides
- // ------------------------------------------------------------------------
-
-
- public Object clone()
- {
- Permission[] permissionArray = new Permission[ size() ];
- permissionArray = ( Permission[] ) permissions.values().toArray( permissionArray );
- return new Permissions( applicationName, permissionArray );
- }
-
-
- public int hashCode()
- {
- return applicationName.hashCode() ^ permissions.hashCode();
- }
-
-
- public boolean equals( Object that )
- {
- if( this == that )
- {
- return true;
- }
-
- if( that instanceof Permissions )
- {
- Permissions thatP = ( Permissions ) that;
- // We don't compare application name because permissions already
- // contain it.
- return this.permissions.equals( thatP.permissions );
- }
-
- return false;
- }
-
-
- public String toString()
- {
- StringBuffer buf = new StringBuffer();
- buf.append( "Permissions(" );
- buf.append( applicationName );
- buf.append( ": " );
-
- // Sort permissions by name
- Set sortedPermissions = new TreeSet( permissions.values() );
- Iterator i = sortedPermissions.iterator();
-
- // Add the first one
- if( i.hasNext() )
- {
- Permission p = ( Permission ) i.next();
- buf.append( p.getName() );
-
- // Add others
- while( i.hasNext() )
- {
- p = ( Permission ) i.next();
- buf.append( ", " );
- buf.append( p.getName() );
- }
- }
- else
- {
- buf.append( "empty" );
- }
-
- buf.append( ')' );
-
- return buf.toString();
- }
-
-
- // ------------------------------------------------------------------------
- // Private Methods
- // ------------------------------------------------------------------------
-
-
- /**
- * Checks if the application name of the specified permissions
- * equals to that of this set.
- *
- * @param permissions the permissions to check the application name
- * @throws IllegalArgumentException if mismatches
- */
- private void checkApplicationName( Permissions permissions )
- {
- if( !applicationName.equals( permissions.getApplicationName() ) )
- {
- throw new IllegalArgumentException( "Wrong application name: " + permissions.getApplicationName() );
- }
- }
-}
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java (working copy)
@@ -58,7 +58,7 @@
* @param permission the permission that was changed
* @param changeType the type of change: add, delete or modify.
*/
- void permissionChanged( ApplicationPolicy policy, Permission permission, ChangeType changeType );
+ void permissionChanged( ApplicationPolicy policy, StringPermission permission, ChangeType changeType );
/**
* Notification method called when a permission is renamed.
@@ -67,7 +67,7 @@
* @param permission the permission that was renamed
* @param oldName the old name of the permission
*/
- void permissionRenamed( ApplicationPolicy policy, Permission permission, String oldName );
+ void permissionRenamed( ApplicationPolicy policy, StringPermission permission, String oldName );
/**
* Notification method called when a profile is added, deleted, or modified.
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java (revision 0)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java (revision 488792)
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.safehaus.triplesec.guardian;
+
+import java.io.Serializable;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Enumeration;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Iterator;
+
+
+/**
+ * An application permission.
+ *
+ * @author Alex Karasulu
+ * @author Trustin Lee
+ * @version $Rev: 71 $, $Date: 2005-11-07 19:11:39 -0500 (Mon, 07 Nov 2005) $
+ */
+public class StringPermission extends Permission implements Comparable, Cloneable, Serializable {
+ private static final long serialVersionUID = -522561010304299861L;
+
+ /** the name of the permission */
+// private final String permissionName;
+ /**
+ * the name of the application this permission is associated with
+ */
+ private final String applicationName;
+ /**
+ * a short description of the permission
+ */
+ private final String description;
+
+
+ /**
+ * Creates a new permission instance.
+ *
+ * @param applicationName the name of the application this permission is associated with
+ * @param permissionName the permissionName of the permission
+ */
+ public StringPermission(String applicationName, String permissionName) {
+ this(applicationName, permissionName, null);
+ }
+
+
+ /**
+ * Creates a new permission instance with description.
+ *
+ * @param applicationName the name of the application this permission is associated with
+ * @param permissionName the permissionName of the permission
+ */
+ public StringPermission(String applicationName, String permissionName, String description) {
+ super(permissionName);
+ if (applicationName == null) {
+ throw new NullPointerException("applicationName");
+ }
+ if (permissionName == null) {
+ throw new NullPointerException("permissionName");
+ }
+ if (applicationName.length() == 0) {
+ throw new IllegalArgumentException("applicationName is empty.");
+ }
+ if (permissionName.length() == 0) {
+ throw new IllegalArgumentException("permissionName is empty.");
+ }
+
+ this.applicationName = applicationName;
+ this.description = description;
+ }
+
+
+ public String getActions() {
+ return "";
+ }
+
+
+ /**
+ * Gets the application name this permission is defined for.
+ *
+ * @return the name of the application.
+ */
+ public String getApplicationName() {
+ return applicationName;
+ }
+
+
+ /**
+ * Gets the name of this permission.
+ *
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ // ------------------------------------------------------------------------
+ // Object Overrides
+ // ------------------------------------------------------------------------
+
+
+ public int hashCode() {
+ return applicationName.hashCode() ^ getName().hashCode();
+ }
+
+
+ public boolean implies(Permission permission) {
+ return permission instanceof StringPermission && permission.getName().equals(getName());
+ }
+
+ public boolean equals(Object that) {
+ if (this == that) {
+ return true;
+ }
+
+ if (that instanceof StringPermission) {
+ StringPermission thatP = (StringPermission) that;
+ return this.applicationName.equals(thatP.applicationName) &&
+ getName().equals(thatP.getName());
+ }
+
+ return false;
+ }
+
+
+ public int compareTo(Object that) {
+ StringPermission thatP = (StringPermission) that;
+ int ret = this.applicationName.compareTo(thatP.applicationName);
+ if (ret != 0) {
+ return ret;
+ }
+
+ return this.getName().compareTo(thatP.getName());
+ }
+
+
+ public String toString() {
+ return "StringPermission(" + applicationName + ": " + getName() + ')';
+ }
+
+
+ @Override
+ public Object clone() throws CloneNotSupportedException {
+ try {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException e) {
+ throw new InternalError();
+ }
+ }
+
+ @Override
+ public PermissionCollection newPermissionCollection() {
+ return new StringPermissionCollection();
+ }
+
+ private static class StringPermissionCollection extends PermissionCollection {
+
+ private final Map permissionMap = new HashMap();
+
+
+ public void add(Permission permission) {
+ if (permission instanceof StringPermission) {
+ permissionMap.put(permission.getName(), (StringPermission) permission);
+ } else {
+ throw new IllegalArgumentException("Permission must be a StringPermission not a " + permission.getClass());
+ }
+ }
+
+ public boolean implies(Permission permission) {
+ if (permission instanceof StringPermission) {
+ return permissionMap.containsKey(permission.getName());
+ }
+ return false;
+ }
+
+ public Enumeration elements() {
+ final Iterator iterator = permissionMap.values().iterator();
+
+ return new Enumeration() {
+
+
+ public boolean hasMoreElements() {
+ return iterator.hasNext();
+ }
+
+ public StringPermission nextElement() {
+ return iterator.next();
+ }
+ };
+ }
+ }
+
+}
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java (working copy)
@@ -20,6 +20,7 @@
package org.safehaus.triplesec.guardian;
+import java.security.Permissions;
import java.util.Iterator;
import java.util.Set;
@@ -66,9 +67,9 @@
Roles getRoles();
/**
- * Gets a set of {@link Permission}s defined for this store.
+ * Gets a set of {@link StringPermission}s defined for this store.
*
- * @return a set of {@link Permission}s defined for this store.
+ * @return a set of {@link StringPermission}s defined for this store.
*/
Permissions getPermissions();
@@ -92,7 +93,7 @@
* @throws GuardianException if there is an error accessing the backing
* store or the permission is not associated with this ApplicationPolicy
*/
- Set getDependentProfileNames( Permission permission ) throws GuardianException;
+ Set getDependentProfileNames( StringPermission permission ) throws GuardianException;
/**
* Gets the set of profiles a user has for this ApplicationPolicy.
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java (working copy)
@@ -246,31 +246,8 @@
}
- public Roles getDependentRoles( String permName )
+ public Roles getDependentRoles( StringPermission perm )
{
- List dependents = new ArrayList();
- for ( Iterator ii = this.roles.values().iterator(); ii.hasNext(); /**/ )
- {
- Role role = ( Role ) ii.next();
- if ( role.hasPermission( permName ) )
- {
- dependents.add( role );
- }
- }
-
- if ( dependents.size() == 0 )
- {
- return new Roles( getApplicationName(), EMPTY_ROLE_ARRAY );
- }
-
- Role[] roleArray = new Role[dependents.size()];
- dependents.toArray( roleArray );
- return new Roles( getApplicationName(), roleArray );
- }
-
-
- public Roles getDependentRoles( Permission perm )
- {
if ( ! perm.getApplicationName().equals( getApplicationName() ) )
{
throw new IllegalArgumentException( "The permission '" + perm.getName() + "' is not " +
Index: guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java
===================================================================
--- guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java (revision 489699)
+++ guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java (working copy)
@@ -1,179 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.safehaus.triplesec.guardian;
-
-import java.io.Serializable;
-
-
-/**
- * An application permission.
- *
- * @author Alex Karasulu
- * @author Trustin Lee
- * @version $Rev: 71 $, $Date: 2005-11-07 19:11:39 -0500 (Mon, 07 Nov 2005) $
- */
-public class Permission implements Comparable, Cloneable, Serializable
-{
- private static final long serialVersionUID = -522561010304299861L;
-
- /** the name of the permission */
- private final String permissionName;
- /** the name of the application this permission is associated with */
- private final String applicationName;
- /** a short description of the permission */
- private final String description;
-
-
- /**
- * Creates a new permission instance.
- *
- * @param applicationName the name of the application this permission is associated with
- * @param permissionName the permissionName of the permission
- */
- public Permission( String applicationName, String permissionName )
- {
- this( applicationName, permissionName, null );
- }
-
-
- /**
- * Creates a new permission instance with description.
- *
- * @param applicationName the name of the application this permission is associated with
- * @param permissionName the permissionName of the permission
- */
- public Permission( String applicationName, String permissionName, String description )
- {
- if( applicationName == null )
- {
- throw new NullPointerException( "applicationName" );
- }
- if( permissionName == null )
- {
- throw new NullPointerException( "permissionName" );
- }
- if( applicationName.length() == 0 )
- {
- throw new IllegalArgumentException( "applicationName is empty.");
- }
- if( permissionName.length() == 0 )
- {
- throw new IllegalArgumentException( "permissionName is empty.");
- }
-
- this.permissionName = permissionName;
- this.applicationName = applicationName;
- this.description = description;
- }
-
-
- /**
- * Gets the name of this permission.
- *
- * @return the name
- */
- public String getName()
- {
- return permissionName;
- }
-
-
- /**
- * Gets the application name this permission is defined for.
- *
- * @return the name of the application.
- */
- public String getApplicationName()
- {
- return applicationName;
- }
-
-
- /**
- * Gets the name of this permission.
- *
- * @return the description
- */
- public String getDescription()
- {
- return description;
- }
-
-
- // ------------------------------------------------------------------------
- // Object Overrides
- // ------------------------------------------------------------------------
-
-
- public int hashCode()
- {
- return applicationName.hashCode() ^ permissionName.hashCode();
- }
-
-
- public boolean equals( Object that )
- {
- if( this == that )
- {
- return true;
- }
-
- if( that instanceof Permission )
- {
- Permission thatP = ( Permission ) that;
- return this.applicationName.equals( thatP.applicationName ) &&
- this.permissionName.equals( thatP.permissionName );
- }
-
- return false;
- }
-
-
- public int compareTo( Object that )
- {
- Permission thatP = ( Permission ) that;
- int ret = this.applicationName.compareTo( thatP.applicationName );
- if( ret != 0 )
- {
- return ret;
- }
-
- return this.permissionName.compareTo( thatP.permissionName );
- }
-
-
- public String toString()
- {
- return "Permission(" + applicationName + ": " + permissionName + ')';
- }
-
-
- public Object clone()
- {
- try
- {
- return super.clone();
- }
- catch( CloneNotSupportedException e )
- {
- throw new InternalError();
- }
- }
-}
Index: guardian-api/pom.xml
===================================================================
--- guardian-api/pom.xml (revision 489699)
+++ guardian-api/pom.xml (working copy)
@@ -20,7 +20,7 @@
4.0.0
- org.safehaus.triplesec
+ org.apache.directory.triplesec
build
1.0-SNAPSHOT
Index: sms/pom.xml
===================================================================
--- sms/pom.xml (revision 489699)
+++ sms/pom.xml (working copy)
@@ -22,7 +22,7 @@
4.0.0
- org.safehaus.triplesec
+ org.apache.directory.triplesec
build
1.0-SNAPSHOT
Index: guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
===================================================================
--- guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicyTest.java (revision 489699)
+++ guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicyTest.java (working copy)
@@ -26,9 +26,12 @@
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
+import java.net.URL;
import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.safehaus.triplesec.guardian.PermissionsUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -43,6 +46,7 @@
{
Logger log = LoggerFactory.getLogger( LdifApplicationPolicyTest.class );
LdifApplicationPolicy policy;
+ private static final String APP_NAME = "mockApplication";
public LdifApplicationPolicyTest( String string ) throws Exception
@@ -63,7 +67,8 @@
Properties props = new Properties();
props.setProperty( "applicationPrincipalDN", "appName=mockApplication,ou=applications,dc=example,dc=com" );
Class.forName( "org.safehaus.triplesec.guardian.ldif.LdifConnectionDriver" );
- String url = System.getProperty( "ldif.url", "file://src/test/resources/server.ldif" );
+ URL ldifURL = getClass().getClassLoader().getResource("server.ldif");
+ String url = ldifURL.toString();
log.info( "using url for ldif file: " + url );
policy = ( LdifApplicationPolicy ) ApplicationPolicyFactory.newInstance( url, props );
}
@@ -84,12 +89,13 @@
{
ids.add( ii.next() );
}
- assertEquals( 5, ids.size() );
+ assertEquals( 6, ids.size() );
assertTrue( ids.contains( "mockProfile0" ) );
assertTrue( ids.contains( "mockProfile1" ) );
assertTrue( ids.contains( "mockProfile2" ) );
assertTrue( ids.contains( "mockProfile3" ) );
assertTrue( ids.contains( "mockProfile4" ) );
+ assertTrue( ids.contains( "mockProfile5" ) );
assertFalse( ids.contains( "bogus" ) );
}
@@ -121,8 +127,8 @@
public void testProfile0()
{
Profile p = policy.getProfile( "mockProfile0" );
- assertTrue( p.getEffectivePermissions().isEmpty() );
- assertEquals( 5, policy.getRoles().size() );
+ assertTrue( PermissionsUtil.isEmpty(p.getEffectiveGrantedPermissions()) );
+ assertEquals( 6, policy.getRoles().size() );
assertEquals( p, policy.getProfile( "mockProfile0" ) );
}
@@ -130,10 +136,10 @@
public void testProfile1()
{
Profile p = policy.getProfile( "mockProfile1" );
- assertEquals( 2, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertTrue( p.hasPermission( "mockPerm1" ) );
- assertFalse( p.hasPermission( "mockPerm3") );
+ assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm0" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm1" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm3")));
assertEquals( p, policy.getProfile( "mockProfile1" ) );
}
@@ -141,10 +147,10 @@
public void testProfile2()
{
Profile p = policy.getProfile( "mockProfile2" );
- assertEquals( 2, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertTrue( p.hasPermission( "mockPerm1" ) );
- assertFalse( p.hasPermission( "mockPerm3") );
+ assertEquals( 2, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm0" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm1" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm3")));
assertEquals( p, policy.getProfile( "mockProfile2" ) );
}
@@ -152,12 +158,12 @@
public void testProfile3()
{
Profile p = policy.getProfile( "mockProfile3" );
- assertEquals( 4, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertTrue( p.hasPermission( "mockPerm7" ) );
- assertTrue( p.hasPermission( "mockPerm2" ) );
- assertTrue( p.hasPermission( "mockPerm3" ) );
- assertFalse( p.hasPermission( "mockPerm4" ) );
+ assertEquals( 4, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm0" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm7" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm2" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm3" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm4" )));
assertEquals( p, policy.getProfile( "mockProfile3" ) );
}
@@ -165,26 +171,46 @@
public void testProfile4()
{
Profile p = policy.getProfile( "mockProfile4" );
- assertEquals( 7, p.getEffectivePermissions().size() );
- assertTrue( p.hasPermission( "mockPerm0" ) );
- assertFalse( p.hasPermission( "mockPerm1" ) );
- assertTrue( p.hasPermission( "mockPerm2" ) );
- assertTrue( p.hasPermission( "mockPerm3" ) );
- assertTrue( p.hasPermission( "mockPerm4" ) );
- assertTrue( p.hasPermission( "mockPerm5" ) );
- assertTrue( p.hasPermission( "mockPerm6" ) );
- assertFalse( p.hasPermission( "mockPerm7" ) );
- assertFalse( p.hasPermission( "mockPerm8" ) );
- assertTrue( p.hasPermission( "mockPerm9" ) );
- assertFalse( p.hasPermission( "mockPerm14" ) );
+ assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertEquals( 1, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm0" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm1" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm2" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm3" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm4" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm5" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm6" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm7" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm8" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm9" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm14" )));
assertEquals( p, policy.getProfile( "mockProfile4" ) );
}
-
+ public void testProfile5()
+ {
+ Profile p = policy.getProfile( "mockProfile5" );
+ assertEquals( 8, PermissionsUtil.size(p.getEffectiveGrantedPermissions()) );
+ assertEquals( 2, PermissionsUtil.size(p.getEffectiveDeniedPermissions()) );
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm0" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm1" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm2" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm3" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm4" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm5" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm6" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm7" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm8" )));
+ assertTrue( p.implies( new StringPermission(APP_NAME, "mockPerm9" )));
+ assertFalse( p.implies( new StringPermission(APP_NAME, "mockPerm14" )));
+ assertEquals( p, policy.getProfile( "mockProfile5" ) );
+ }
+
+
public void testGetUserProfileIds()
{
- Set ids = policy.getUserProfileIds( "akarasulu" );
- assertEquals( 5, ids.size() );
+ Set ids = policy.getUserProfileIds( "akarasulu" );
+ assertEquals( 6, ids.size() );
ids = policy.getUserProfileIds( "trustin" );
assertEquals( 0, ids.size() );
}
Index: guardian-ldif/src/test/resources/server.ldif
===================================================================
--- guardian-ldif/src/test/resources/server.ldif (revision 489699)
+++ guardian-ldif/src/test/resources/server.ldif (working copy)
@@ -1,6 +1,6 @@
dn: ou=applications,dc=example,dc=com
objectClass: top
-objectClass: organizationalunit
+objectClass: organizationalUnit
ou: applications
dn: appName=mockApplication,ou=applications,dc=example,dc=com
@@ -103,6 +103,16 @@
grants: mockPerm4
roleName: mockRole4
+dn: roleName=mockRole5,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm9
+grants: mockPerm7
+grants: mockPerm5
+grants: mockPerm4
+denials: mockPerm6
+roleName: mockRole5
+
dn: ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
@@ -149,3 +159,14 @@
user: akarasulu
profileId: mockProfile4
+dn: profileId=mockProfile5,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyProfile
+denials: mockPerm7
+grants: mockPerm0
+roles: mockRole4
+roles: mockRole3
+roles: mockRole5
+user: akarasulu
+profileId: mockProfile5
+
Index: guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicy.java
===================================================================
--- guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicy.java (revision 489699)
+++ guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicy.java (working copy)
@@ -20,20 +20,35 @@
package org.safehaus.triplesec.guardian.ldif;
+import java.io.File;
+import java.security.Permissions;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+
import org.apache.directory.shared.ldap.ldif.Entry;
import org.apache.directory.shared.ldap.ldif.LdifReader;
-import org.safehaus.triplesec.guardian.*;
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.Roles;
+import org.safehaus.triplesec.guardian.StringPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.naming.directory.*;
-import javax.naming.NamingException;
-import javax.naming.NamingEnumeration;
-import java.io.File;
-import java.util.*;
-
-
/**
* An LDIF file backed implementation of an application policy store.
*
@@ -60,15 +75,16 @@
/** the {@link Roles} defined for this store's application */
private Roles roles;
/** the {@link Profile}s loaded from LDIF */
- private Map profileMap;
+ private Map profileMap;
/** map of userNames to sets of profile ids */
- private Map userProfilesMap;
+ private Map> userProfilesMap;
boolean isClosed = false;
/** the administrators super profile */
private Profile adminProfile;
+ private static final Set EMPTY_PROFILE_SET = Collections.unmodifiableSet(new HashSet(0));
-
+
/**
* Creates an instance of the LDIF ApplicationPolicyStore. Two properties are
* expected in the info properties. One is the dn of the application principal.
@@ -79,14 +95,14 @@
* | ldifFilePath | the path to the LDIF file containing the entries to load |
*
*
- * @param ctx the base context under which ou=applications and ou=users can be found
+ * @param ldifFile the file with the data inside
* @param info additional information needed to load the LDIF file
* @throws GuardianException if failures are encountered while loading objects from the backing store
*/
public LdifApplicationPolicy( File ldifFile, Properties info ) throws GuardianException
{
- this.userProfilesMap = new HashMap();
- this.profileMap = new HashMap();
+ this.userProfilesMap = new HashMap>();
+ this.profileMap = new HashMap();
this.applicationDn = info.getProperty( "applicationPrincipalDN" );
// extract the applicationName from the applicationPrincipalDN
this.applicationName = getApplicationName( applicationDn );
@@ -95,47 +111,36 @@
// loads the ldifs as a map of LdapNames to Attributes
load();
// create the admin profile with all permissions as grants and in all roles
- this.adminProfile = new Profile( this, "admin", "admin", roles, permissions,
- new Permissions( applicationName, new Permission[0] ), false );
+ this.adminProfile = new Profile( this, "admin", "admin", roles, permissions,
+ new Permissions(), false );
}
- private Map load() throws GuardianException
+ private void load() throws GuardianException
{
- Map roleMap = new HashMap();
- Map permissionMap = new HashMap();
- Map profileMap = new HashMap();
- Map entryMap = new HashMap();
+ Map roleMap = new HashMap();
+ Map permissionMap = new HashMap();
+ Map profileMap = new HashMap();
try
{
LdifReader reader = new LdifReader();
List entries = reader.parseLdifFile( ldifFile.getAbsolutePath() );
- for ( int ii = 0; ii < entries.size(); ii++ )
- {
- Entry entry = ( Entry ) entries.get( ii );
+ for (Object entry1 : entries) {
+ Entry entry = (Entry) entry1;
Attributes attributes = entry.getAttributes();
String dn = entry.getDn();
- entryMap.put( dn, attributes );
-
- if ( dn.equals( applicationDn ) )
- {
+
+ if (dn.equals(applicationDn)) {
// application = attributes;
- }
- else if ( dn.endsWith( applicationDn ) )
- {
- Attribute oc = attributes.get( "objectClass" );
- if ( oc.contains( "policyPermission" ) )
- {
- permissionMap.put( dn, attributes );
+ } else if (dn.endsWith(applicationDn)) {
+ Attribute oc = attributes.get("objectClass");
+ if (oc.contains("policyPermission")) {
+ permissionMap.put(dn, attributes);
+ } else if (oc.contains("policyRole")) {
+ roleMap.put(dn, attributes);
+ } else if (oc.contains("policyProfile")) {
+ profileMap.put(dn, attributes);
}
- else if ( oc.contains( "policyRole" ) )
- {
- roleMap.put( dn, attributes );
- }
- else if ( oc.contains( "policyProfile" ) )
- {
- profileMap.put( dn, attributes );
- }
}
}
}
@@ -149,7 +154,6 @@
loadPermissions( permissionMap );
loadRoles( roleMap );
loadProfiles( profileMap );
- return entryMap;
}
@@ -158,48 +162,49 @@
*
* @throws GuardianException if there is a problem with a role
*/
- private void loadRoles( Map roleMap ) throws GuardianException
+ private void loadRoles( Map roleMap ) throws GuardianException
{
- Set roleSet = new HashSet();
+ Set roleSet = new HashSet();
try
{
- Iterator keys = roleMap.keySet().iterator();
- while ( keys.hasNext() )
- {
- String dn = ( String ) keys.next();
- Attributes entry = ( Attributes ) roleMap.get( dn );
- String roleName = ( String ) entry.get( "roleName" ).get();
- Set permSet = new HashSet();
- Attribute attributes = entry.get( "grants" );
+ for (String dn : roleMap.keySet()) {
+ Attributes entry = roleMap.get(dn);
+ String roleName = (String) entry.get("roleName").get();
+ Attribute grantsAttribute = entry.get("grants");
+ Permissions grantedPermissions = new Permissions();
+ if (grantsAttribute != null) {
+ NamingEnumeration grantsEnumeration = grantsAttribute.getAll();
+ while (grantsEnumeration.hasMore()) {
+ String permName = (String) grantsEnumeration.next();
+ grantedPermissions.add(new StringPermission(applicationName, permName));
+ log.debug("granting permission '" + permName + "' to role '" + roleName
+ + " in application '" + applicationName + "'");
+ }
+ }
- if ( attributes != null )
- {
- NamingEnumeration grantsEnumeration = entry.get( "grants" ).getAll();
- while ( grantsEnumeration.hasMore() )
- {
- String permName = ( String ) grantsEnumeration.next();
- permSet.add( permissions.get( permName ) );
- log.debug( "granting permission '" + permName + "' to role '" + roleName
- + " in application '" + applicationName + "'" );
+ Permissions deniedPermissions = new Permissions();
+ Attribute denialsAttribute = entry.get("denials");
+ if (denialsAttribute != null) {
+ NamingEnumeration denialsEnumeration = denialsAttribute.getAll();
+ while (denialsEnumeration.hasMore()) {
+ String permName = (String) denialsEnumeration.next();
+ deniedPermissions.add(new StringPermission(applicationName, permName));
+ log.debug("granting permission '" + permName + "' to role '" + roleName
+ + " in application '" + applicationName + "'");
}
}
- Permission[] permArray = new Permission[permSet.size()];
- Permissions grants = new Permissions( applicationName, ( Permission[] ) permSet.toArray( permArray ) );
- Attribute description = entry.get( "description" );
+ Attribute description = entry.get("description");
Role role;
- if ( description == null || description.size() == 0 )
- {
- role = new Role( this, roleName, grants );
+ if (description == null || description.size() == 0) {
+ role = new Role(this, roleName, grantedPermissions, deniedPermissions);
+ } else {
+ role = new Role(this, roleName, grantedPermissions, deniedPermissions, (String) description.get());
}
- else
- {
- role = new Role( this, roleName, grants, ( String ) description.get() );
- }
- roleSet.add( role );
- log.debug( "loading role '" + roleName + "' for application '" + applicationName + "'" );
+ roleSet.add(role);
+ log.debug("loading role '" + roleName + "' for application '" + applicationName + "'");
}
}
catch ( NamingException e )
@@ -210,7 +215,7 @@
}
Role[] roleArray = new Role[roleSet.size()];
- roleArray = ( Role[] ) roleSet.toArray( roleArray );
+ roleArray = roleSet.toArray( roleArray );
this.roles = new Roles( applicationName, roleArray );
}
@@ -220,30 +225,23 @@
*
* @throws GuardianException if there is a problem with a permission
*/
- private void loadPermissions( Map permissionMap ) throws GuardianException
+ private void loadPermissions( Map permissionMap ) throws GuardianException
{
- Set permSet = new HashSet();
-
+ permissions = new Permissions();
try
{
- Iterator keys = permissionMap.keySet().iterator();
- while ( keys.hasNext() )
- {
- String dn = ( String ) keys.next();
- Attributes entry = ( Attributes ) permissionMap.get( dn );
- String permName = ( String ) entry.get( "permName" ).get();
- Permission perm;
- Attribute description = entry.get( "description" );
- if ( description != null )
- {
- perm = new Permission( applicationName, permName, ( String ) description.get() );
+ for (String dn : permissionMap.keySet()) {
+ Attributes entry = permissionMap.get(dn);
+ String permName = (String) entry.get("permName").get();
+ StringPermission perm;
+ Attribute description = entry.get("description");
+ if (description != null) {
+ perm = new StringPermission(applicationName, permName, (String) description.get());
+ } else {
+ perm = new StringPermission(applicationName, permName);
}
- else
- {
- perm = new Permission( applicationName, permName );
- }
- log.debug( "loading permission " + permName + " for application " + applicationName );
- permSet.add( perm );
+ log.debug("loading permission " + permName + " for application " + applicationName);
+ permissions.add(perm);
}
}
catch ( NamingException e )
@@ -253,9 +251,6 @@
throw new GuardianException( msg, e );
}
- Permission[] permArray = new Permission[permSet.size()];
- permArray = ( Permission[] ) permSet.toArray( permArray );
- this.permissions = new Permissions( applicationName, permArray );
}
@@ -285,12 +280,8 @@
private static boolean parseBoolean( String bool )
{
- if ( bool.equals( "true" ) )
- {
- return true;
- }
-
- return false;
+ return bool.equals("true");
+
}
@@ -299,19 +290,15 @@
*
* @throws GuardianException if there is a problem with a profile
*/
- private void loadProfiles( Map profileEntryMap ) throws GuardianException
+ private void loadProfiles( Map profileEntryMap ) throws GuardianException
{
- String[] profileDns = new String[profileEntryMap.size()];
- profileEntryMap.keySet().toArray( profileDns );
-
- for ( int ii = 0; ii < profileDns.length; ii++ )
+
+ for (Map.Entry mapEntry: profileEntryMap.entrySet() )
{
Profile profile;
- Permissions grants;
- Permissions denials;
Roles roles;
- String dn = profileDns[ii];
- Attributes entry = ( Attributes ) profileEntryMap.get( dn );
+ String dn = mapEntry.getKey();
+ Attributes entry = mapEntry.getValue();
String profileId;
String userName;
boolean disabled = false;
@@ -352,16 +339,16 @@
// -------------------------------------------------------------------------------
Attribute grantsAttribute = entry.get( "grants" );
+ Permissions grants = new Permissions();
if ( grantsAttribute != null )
{
- Set grantsSet = new HashSet();
try
{
NamingEnumeration grantsEnumeration = grantsAttribute.getAll();
while ( grantsEnumeration.hasMore() )
{
String grantedPermName = ( String ) grantsEnumeration.next();
- grantsSet.add( this.permissions.get( grantedPermName ) );
+ grants.add( new StringPermission(applicationName, grantedPermName ) );
}
}
catch ( NamingException e )
@@ -369,42 +356,30 @@
throw new GuardianException( "Failed to get grants for profile: " + dn );
}
- Permission[] grantsArray = new Permission[grantsSet.size()];
- grants = new Permissions( applicationName, ( Permission[] ) grantsSet.toArray( grantsArray ) );
}
- else
- {
- grants = new Permissions( applicationName, new Permission[0] );
- }
// -------------------------------------------------------------------------------
- // process and assemble the profile's granted permissions
+ // process and assemble the profile's denied permissions
// -------------------------------------------------------------------------------
Attribute denialsAttribute = entry.get( "denials" );
+ Permissions denials = new Permissions();
if ( denialsAttribute != null )
{
- Set denialsSet = new HashSet();
try
{
NamingEnumeration denialsEnumeration = denialsAttribute.getAll();
while ( denialsEnumeration.hasMore() )
{
String deniedPermName = ( String ) denialsEnumeration.next();
- denialsSet.add( this.permissions.get( deniedPermName ) );
+ denials.add( new StringPermission(applicationName, deniedPermName ) );
}
}
catch ( NamingException e )
{
throw new GuardianException( "Failed to get denials for profile: " + dn );
}
- Permission[] denialsArray = new Permission[denialsSet.size()];
- denials = new Permissions( applicationName, ( Permission[] ) denialsSet.toArray( denialsArray ) );
}
- else
- {
- denials = new Permissions( applicationName, new Permission[0] );
- }
// -------------------------------------------------------------------------------
// process and assemble the profile's assigned roles
@@ -413,7 +388,7 @@
Attribute rolesAttribute = entry.get( "roles" );
if ( rolesAttribute != null )
{
- Set rolesSet = new HashSet();
+ Set rolesSet = new HashSet();
try
{
NamingEnumeration rolesEnumeration = rolesAttribute.getAll();
@@ -428,7 +403,7 @@
throw new GuardianException( "Failed to get roles for profile: " + dn );
}
Role[] rolesArray = new Role[rolesSet.size()];
- roles = new Roles( applicationName, ( Role[] ) rolesSet.toArray( rolesArray ) );
+ roles = new Roles( applicationName, rolesSet.toArray( rolesArray ) );
}
else
{
@@ -442,7 +417,7 @@
}
else
{
- String desc = "null";
+ String desc;
try
{
desc = ( String ) description.get();
@@ -456,10 +431,10 @@
profileMap.put( profileId, profile );
- Set profileIdSet = ( Set ) userProfilesMap.get( userName );
+ Set profileIdSet = userProfilesMap.get( userName );
if ( profileIdSet == null )
{
- profileIdSet = new HashSet();
+ profileIdSet = new HashSet();
userProfilesMap.put( userName, profileIdSet );
}
profileIdSet.add( profileId );
@@ -471,17 +446,17 @@
}
}
-
- public Profile getProfile( String userName ) throws GuardianException
+ //TODO previously the parameter was called "userId" but from the userProfilesMap it looks like a user can have lots of profiles
+ public Profile getProfile( String profileId ) throws GuardianException
{
if ( isClosed )
{
throw new IllegalStateException( "This policy object has been closed." );
}
- if ( profileMap.containsKey( userName ) )
+ if ( profileMap.containsKey( profileId ) )
{
- return ( Profile ) profileMap.get( userName );
+ return profileMap.get( profileId );
}
return null;
@@ -527,18 +502,18 @@
}
- public Set getDependentProfileNames( Permission permission ) throws GuardianException
+ public Set getDependentProfileNames( StringPermission permission ) throws GuardianException
{
throw new RuntimeException( "Not implemented yet!" );
}
- public Set getUserProfileIds( String userName ) throws GuardianException
+ public Set getUserProfileIds( String userName ) throws GuardianException
{
- Set profileSet = ( Set ) userProfilesMap.get( userName );
+ Set profileSet = userProfilesMap.get( userName );
if ( profileSet == null )
{
- return Collections.EMPTY_SET;
+ return EMPTY_PROFILE_SET;
}
return Collections.unmodifiableSet( profileSet );
}
Index: guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
===================================================================
--- guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java (revision 489699)
+++ guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java (working copy)
@@ -53,7 +53,7 @@
public boolean accept( String url )
{
- if ( ( url.startsWith( "file://" ) || url.startsWith( "jar:" ) ) && url.endsWith( ".ldif" ) )
+ if ( ( url.startsWith( "file:" ) || url.startsWith( "jar:" ) ) && url.endsWith( ".ldif" ) )
{
return true;
}
@@ -80,7 +80,7 @@
throw new IllegalArgumentException( "An applicationPrincipalDN property value must be provided." );
}
- if ( url.startsWith( "file://" ) )
+ if ( url.startsWith( "file:" ) )
{
File ldifFile = null;
try
Index: guardian-ldif/pom.xml
===================================================================
--- guardian-ldif/pom.xml (revision 489699)
+++ guardian-ldif/pom.xml (working copy)
@@ -20,7 +20,7 @@
4.0.0
- org.safehaus.triplesec
+ org.apache.directory.triplesec
build
1.0-SNAPSHOT
@@ -50,14 +50,6 @@
maven-surefire-plugin
-
-
-
- ldif.url
- file://${basedir}/src/test/resources/server.ldif
-
-
-