Examples of org.jboss.security.plugins.JBossAuthorizationManager

org.jboss.security.plugins.JBossAuthorizationManager
Authorization Manager implementation @author Anil Saldhana @since Jan 3, 2006 @version $Revision: 65938 $

      int count = Integer.getInteger("jbosstest.threadcount", 10).intValue();
      int iterations = Integer.getInteger("jbosstest.iterationcount", 5000).intValue();
      log.info("Creating "+count+" threads doing "+iterations+" iterations");
      PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY, 
          new SubjectPolicyContextHandler(), false);
      AuthorizationManager am = new JBossAuthorizationManager("testIdentity");
      JaasSecurityManager secMgr = new JaasSecurityManager("testIdentity", new SecurityAssociationHandler());
      TimedCachePolicy cache = new TimedCachePolicy(3, false, 100);
      cache.create();
      cache.start();
      secMgr.setCachePolicy(cache);

View Full Code Here

          * The lookup will be of the form java:/jaas/other
          * So check for name.get(1)
          */
         String securityDomainName = name.get(1);
         final SecurityDomainContext ctx = new SecurityDomainContext(getSecurityManager(securityDomainName), null);
         ctx.setAuthorizationManager(new JBossAuthorizationManager(securityDomainName));
         return new BrainlessContext()
         {
            public Object lookup(Name name) throws NamingException
            {
               log.debug("lookup " + name);

View Full Code Here

/*     */     public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable<?, ?> environment)
/*     */       throws Exception
/*     */     {
/* 115 */       String securityDomainName = name.get(1);
/* 116 */       SecurityDomainContext ctx = new SecurityDomainContext(JaasSecurityManagerService.access$000(securityDomainName), null);
/* 117 */       ctx.setAuthorizationManager(new JBossAuthorizationManager(securityDomainName, new SecurityAssociationHandler()));
/* 118 */       return new BrainlessContext(ctx)
/*     */       {
/*     */         public Object lookup(Name name) throws NamingException
/*     */         {
/* 122 */           JaasSecurityManagerService.SecurityDomainObjectFactory.log.debug("lookup " + name);

View Full Code Here

      childResources.add(resource2);
      resource1.getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
      resource2.getMap().put(ResourceKeys.PARENT_RESOURCE, resource1);


      // using the authorization manager, check the entitlements assigned to some of the identities.
      JBossAuthorizationManager jam = new JBossAuthorizationManager("test-acl");


      // start with the Administrator identity.
      EntitlementHolder<EntitlementEntry> holder = jam.getEntitlements(EntitlementEntry.class, resource1,
            IdentityFactory.createIdentity("Administrator"));
      assertNotNull("Unexpected null EntitlementHolder", holder);
      Set<EntitlementEntry> entitled = holder.getEntitled();
      assertNotNull("Unexpected null set of entitlement entries", entitled);
      assertEquals("Unexpected number of entitlement entries", 2, entitled.size());
      // Administrator should have all permissions on both resources.
      Map<Integer, EntitlementEntry> entriesMap = this.getEntriesByResourceID(entitled);
      CompositeACLPermission expectedPermission = new CompositeACLPermission(BasicACLPermission.values());
      assertTrue("Entry for ACLTestResource with id 10 missing", entriesMap.containsKey(10));
      assertEquals("Found unexpected permissions", expectedPermission, entriesMap.get(10).getPermission());
      assertTrue("Entry for ACLTestResource with id 20 missing", entriesMap.containsKey(20));
      assertEquals("Found unexpected permissions", expectedPermission, entriesMap.get(20).getPermission());


      // now check the permissions entitled to Regular_User.
      holder = jam.getEntitlements(EntitlementEntry.class, resource1, IdentityFactory.createIdentity("Regular_User"));
      assertNotNull("Unexpected null EntitlementHolder", holder);
      entitled = holder.getEntitled();
      assertNotNull("Unexpected null set of entitlement entries", entitled);
      // Regular_User should get an empty set when calling getEntitlements with resource1.
      assertEquals("Unexpected number of entitlement entries", 0, entitled.size());
      holder = jam.getEntitlements(EntitlementEntry.class, resource2, IdentityFactory.createIdentity("Regular_User"));
      assertNotNull("Unexpected null EntitlementHolder", holder);
      entitled = holder.getEntitled();
      assertNotNull("Unexpected null set of entitlement entries", entitled);
      assertEquals("Unexpected number of entitlement entries", 1, entitled.size());
      // Regular_User should have READ and UPDATE permissions on resource 2.

View Full Code Here

   {
      Resource resource1 = new ACLTestResource(10);
      Resource resource2 = new ACLTestResource(20);


      // using the authorization manager, check if the identities have the expected permissions.
      JBossAuthorizationManager jam = new JBossAuthorizationManager("test-acl");


      // check that Administrator has all permissions on both resources.
      Identity identity = IdentityFactory.createIdentity("Administrator");
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource1, identity, new CompositeACLPermission(
            BasicACLPermission.values())));
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, new CompositeACLPermission(
            BasicACLPermission.values())));


      // check that Guest has only READ permission on resource1.
      identity = IdentityFactory.createIdentity("Guest");
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource1, identity, BasicACLPermission.READ));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource1, identity, BasicACLPermission.CREATE));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource1, identity, BasicACLPermission.UPDATE));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource1, identity, BasicACLPermission.DELETE));


      // check that Guest has READ and UPDATE permissions on resource2.
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, BasicACLPermission.READ));
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, BasicACLPermission.UPDATE));
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, new CompositeACLPermission(
            BasicACLPermission.READ, BasicACLPermission.UPDATE)));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource2, identity, BasicACLPermission.CREATE));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource2, identity, BasicACLPermission.DELETE));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource2, identity, new CompositeACLPermission(
            BasicACLPermission.values())));
      
      // check that Regular_User doesn't have any permissions on resource1.
      identity = IdentityFactory.createIdentity("Regular_User");
      for(BasicACLPermission permission : BasicACLPermission.values())
         assertEquals(AuthorizationContext.DENY, jam.authorize(resource1, identity, permission));
      
      // check that Regular_User has READ and UPDATE permissions on resource2.
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, BasicACLPermission.READ));
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, BasicACLPermission.UPDATE));
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(resource2, identity, new CompositeACLPermission(
            BasicACLPermission.READ, BasicACLPermission.UPDATE)));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource2, identity, BasicACLPermission.CREATE));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource2, identity, BasicACLPermission.DELETE));
      assertEquals(AuthorizationContext.DENY, jam.authorize(resource2, identity, new CompositeACLPermission(
            BasicACLPermission.values())));
   }

View Full Code Here

   public void testAuthorization() throws Exception
   {
      HashMap<String,Object> cmap = new HashMap<String,Object>(); 
      WebResource wr = new WebResource(cmap);
      wr.setServletRequest(new TestHttpServletRequest(p,"test", "get"));
      AuthorizationManager am = new JBossAuthorizationManager("other");
      am.authorize(wr);//This should just pass as the default module PERMITS all
   }

View Full Code Here

 */
public class StandaloneJBossAMgrUnitTestCase extends TestCase
{
   public void testAuthorizationWithInjectedCtx() throws Exception
   {
      JBossAuthorizationManager jam = new JBossAuthorizationManager("test");
      Subject subject = new Subject();
      subject.getPrincipals().add(new SimplePrincipal("anil"));
      jam.setAuthorizationContext(getTestAuthorizationContext("test", subject));
      
      final HashMap<String, Object> cmap = new HashMap<String,Object>();
      Resource testResource = new Resource()
      {
         public ResourceType getLayer()
         {
            return ResourceType.WEB;
         }


         public Map<String, Object> getMap()
         {
            return Collections.unmodifiableMap(cmap);
         }
      }; 
      assertEquals(AuthorizationContext.PERMIT, jam.authorize(testResource, subject, getRoleGroup()));
   }

View Full Code Here

TOP

Related Classes of org.jboss.security.plugins.JBossAuthorizationManager

com.sun.xacml.Policy

org.jboss.ejb3.embedded.JaasSecurityManagerService$SecurityDomainObjectFactory

org.jboss.security.acl.ACLContext

org.jboss.security.authorization.AuthorizationContext

org.jboss.security.callbacks.SecurityContextCallback

org.jboss.security.identity.plugins.SimpleRole

org.jboss.security.identity.plugins.SimpleRoleGroup

org.jboss.security.identity.RoleGroup

org.jboss.security.mapping.MappingContext

org.jboss.security.mapping.MappingManager

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.