KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > web > security > jacc > QualifiedPatternUnitTestCase


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.test.web.security.jacc;
23
24 import java.security.Policy JavaDoc;
25 import java.security.ProtectionDomain JavaDoc;
26 import java.util.ArrayList JavaDoc;
27 import java.util.List JavaDoc;
28 import javax.security.jacc.PolicyConfiguration JavaDoc;
29 import javax.security.jacc.PolicyContext JavaDoc;
30 import javax.security.jacc.WebResourcePermission JavaDoc;
31 import javax.security.jacc.WebUserDataPermission JavaDoc;
32
33 import junit.framework.TestCase;
34 import org.jboss.metadata.WebMetaData;
35 import org.jboss.metadata.WebSecurityMetaData;
36 import org.jboss.security.SimplePrincipal;
37 import org.jboss.security.jacc.DelegatingPolicy;
38 import org.jboss.security.jacc.JBossPolicyConfigurationFactory;
39 import org.jboss.web.WebPermissionMapping;
40
41 /**
42  * Test
43  * @author Scott.Stark@jboss.org
44  * @version $Revision: 37459 $
45  */
46 public class QualifiedPatternUnitTestCase extends TestCase
47 {
48    private PolicyConfiguration JavaDoc pc;
49
50    public void testUnchecked() throws Exception JavaDoc
51    {
52       Policy JavaDoc p = Policy.getPolicy();
53       SimplePrincipal[] caller = null;
54       ProtectionDomain JavaDoc pd = new ProtectionDomain JavaDoc(null, null, null, caller);
55
56       WebResourcePermission JavaDoc wrp = new WebResourcePermission JavaDoc("/a", "GET");
57       assertTrue("/a GET", p.implies(pd, wrp));
58       wrp = new WebResourcePermission JavaDoc("/a", "POST");
59       assertTrue("/a POST", p.implies(pd, wrp));
60
61       caller = new SimplePrincipal[]{new SimplePrincipal("R1")};
62       pd = new ProtectionDomain JavaDoc(null, null, null, caller);
63       wrp = new WebResourcePermission JavaDoc("/a/x", "GET");
64       assertTrue("/a/x GET", p.implies(pd, wrp));
65       wrp = new WebResourcePermission JavaDoc("/a/x", "POST");
66       boolean implied = p.implies(pd, wrp);
67       assertTrue("/a/x POST", implied);
68       wrp = new WebResourcePermission JavaDoc("/b/x", "GET");
69       assertTrue("/b/x GET", p.implies(pd, wrp));
70       wrp = new WebResourcePermission JavaDoc("/b/x", "POST");
71       assertTrue("/b/x POST", p.implies(pd, wrp));
72       wrp = new WebResourcePermission JavaDoc("/b/x", "DELETE");
73       assertFalse("/b/x DELETE", p.implies(pd, wrp));
74
75       wrp = new WebResourcePermission JavaDoc("/a/x.asp", "GET");
76       assertTrue("/a/x.asp GET", p.implies(pd, wrp));
77       wrp = new WebResourcePermission JavaDoc("/a/x.asp", "POST");
78       assertTrue("/a/x.asp POST", p.implies(pd, wrp));
79
80       WebUserDataPermission JavaDoc wudp = new WebUserDataPermission JavaDoc("/a/*:/a", "GET:CONFIDENTIAL");
81       assertTrue("/a/*:/a GET:CONFIDENTIAL", p.implies(pd, wudp));
82       wudp = new WebUserDataPermission JavaDoc("/a/*:/a", "GET:CONFIDENTIAL");
83       assertTrue("/b/*:/b GET,POST:CONFIDENTIAL", p.implies(pd, wudp));
84       
85    }
86
87    protected void setUp() throws Exception JavaDoc
88    {
89       WebMetaData metaData = new WebMetaData();
90       ArrayList JavaDoc securityContraints = new ArrayList JavaDoc();
91       addSC1(securityContraints);
92       addSC2(securityContraints);
93       metaData.setSecurityConstraints(securityContraints);
94
95       DelegatingPolicy policy = new DelegatingPolicy();
96       Policy.setPolicy(policy);
97       JBossPolicyConfigurationFactory pcf = new JBossPolicyConfigurationFactory();
98       pc = pcf.getPolicyConfiguration("QualifiedPatternUnitTestCase", true);
99       WebPermissionMapping.createPermissions(metaData, pc);
100       pc.commit();
101       System.out.println(policy.listContextPolicies());
102       PolicyContext.setContextID("QualifiedPatternUnitTestCase");
103    }
104
105    /*
106    <security-constraint>
107       <web-resource-collection>
108          <web-resource-name>sc1.c1</web-resource-name>
109          <url-pattern>/a/*</url-pattern>
110          <url-pattern>/b/*</url-pattern>
111          <url-pattern>/a</url-pattern>
112          <url-pattern>/b</url-pattern>
113          <http-method>DELETE</http-method>
114          <http-method>PUT</http-method>
115       </web-resource-collection>
116       <web-resource-collection>
117       <web-resource-name>sc1.c2</web-resource-name>
118          <url-pattern>*.asp</url-pattern>
119       </web-resource-collection>
120       <auth-constraint/>
121    </security-constraint>
122    */
123    private void addSC1(List JavaDoc securityContraints)
124    {
125       WebSecurityMetaData wsmd = new WebSecurityMetaData();
126       securityContraints.add(wsmd);
127       // web-resource-collection/web-resource-name = sc1.c1
128 WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("sc1.c1");
129       wrc.addPattern("/a/*");
130       wrc.addPattern("/b/*");
131       wrc.addPattern("/a");
132       wrc.addPattern("/b");
133       wrc.addHttpMethod("DELETE");
134       wrc.addHttpMethod("PUT");
135
136       wrc = wsmd.addWebResource("sc1.c2");
137       wrc.addPattern("*.asp");
138
139       wsmd.setExcluded(true);
140    }
141
142    /*
143    <security-constraint>
144       <web-resource-collection>
145          <web-resource-name>sc2.c1</web-resource-name>
146          <url-pattern>/a/*</url-pattern>
147          <url-pattern>/b/*</url-pattern>
148          <http-method>GET</http-method>
149       </web-resource-collection>
150       <web-resource-collection>
151          <web-resource-name>sc2.c2</web-resource-name>
152          <url-pattern>/b/*</url-pattern>
153          <http-method>POST</http-method>
154       </web-resource-collection>
155       <auth-constraint>
156          <role-name>R1</role-name>
157       </auth-constraint>
158       <user-data-constraint>
159          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
160       </user-data-constraint>
161    </security-constraint>
162    */
163    private void addSC2(List JavaDoc securityContraints)
164    {
165       WebSecurityMetaData wsmd = new WebSecurityMetaData();
166       securityContraints.add(wsmd);
167       // web-resource-collection/web-resource-name = sc1.c1
168 WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("sc2.c1");
169       wrc.addPattern("/a/*");
170       wrc.addPattern("/b/*");
171       wrc.addHttpMethod("GET");
172
173       wrc = wsmd.addWebResource("sc2.c2");
174       wrc.addPattern("/b/*");
175       wrc.addHttpMethod("POST");
176
177       wsmd.addRole("R1");
178       wsmd.setTransportGuarantee("CONFIDENTIAL");
179    }
180 }
181
Popular Tags