Package javax.security.jacc

Examples of javax.security.jacc.WebUserDataPermission


        PermissionCollection uncheckedPermissions = new Permissions();

        PermissionCollection excludedPermissions = new Permissions();
        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));

        Map rolePermissions = new HashMap();
        PermissionCollection permissions = new Permissions();
        permissions.add(new WebUserDataPermission("/protected/*", ""));
        permissions.add(new WebResourcePermission("/protected/*", ""));
        rolePermissions.put("content-administrator", permissions);
        rolePermissions.put("auto-administrator", permissions);

        PermissionCollection checked = permissions;
View Full Code Here


    * @return
    * @throws IOException
    */
   private boolean hasUserDataPermission() throws IOException
   {
      WebUserDataPermission perm = new WebUserDataPermission(this.canonicalRequestURI,
                                               request.getMethod());
      if( trace )
         log.trace("hasUserDataPermission, p="+perm);
      boolean ok = false;
      try
View Full Code Here

        return null;
    }

    public boolean hasUserDataPermissions(Request request, Object constraints) {
        try {
            defaultACC.checkPermission(new WebUserDataPermission(request));
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }
View Full Code Here

        ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager = null;
        //Setup default JSP Factory
        Class.forName("org.apache.jasper.compiler.JspRuntimeContext");
        if (securityHandlerFactory == null) {
            Permissions unchecked = new Permissions();
            unchecked.add(new WebUserDataPermission("/", null));
            unchecked.add(new WebResourcePermission("/", ""));
            ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), unchecked, Collections.<String, PermissionCollection>emptyMap());
            applicationPolicyConfigurationManager = setUpJACC(Collections.<String, SubjectInfo>emptyMap(), Collections.<Principal, Set<String>>emptyMap(), componentPermissions, policyContextId);
            LoginService loginService = newLoginService();
//            final ServletCallbackHandler callbackHandler = new ServletCallbackHandler(loginService);
View Full Code Here

                    Properties properties = wsSecurity.getProperties();
                    PermissionCollection uncheckedPermissions = new Permissions();
                    String transportGuarantee = wsSecurity.getTransportGuarantee().toString().trim();
                    boolean getProtected = properties.get("getProtected") == null? true: Boolean.valueOf((String) properties.get("getProtected"));
                    if (getProtected) {
                        WebUserDataPermission webUserDataPermission = new WebUserDataPermission("/*", null, transportGuarantee);
                        uncheckedPermissions.add(webUserDataPermission);
                    } else {
                        uncheckedPermissions.add(new WebUserDataPermission("/*", new String[] {"GET"}, "NONE"));
                        uncheckedPermissions.add(new WebUserDataPermission("/*", "!GET:" + transportGuarantee));
                    }
                    Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
                    //TODO allow jaspi authentication
                    boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE != (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
                    if (secured) {
View Full Code Here

        try {
            /**
             * JACC v1.0 section 4.1.1
             */
            WebUserDataPermission wudp;
            if (notIntegral) {
                wudp = new WebUserDataPermission(request);
            } else {
                wudp = new WebUserDataPermission(encodeColons(request), new String[]{request.getMethod()}, "INTEGRAL");
            }
            defaultAcc.checkPermission(wudp);
            return true;
        } catch (AccessControlException e) {
            //TODO redirect to secure port.
View Full Code Here

   }

   public void testCtor2() throws Exception
   {
      String nullActions = null;
      WebUserDataPermission p = new WebUserDataPermission("/", nullActions);
      String actions = p.getActions();
      assertTrue("actions("+actions+") == null", actions == null);
     
      p = new WebUserDataPermission("", "POST");
      actions = p.getActions();
      assertTrue("actions("+actions+") == POST", actions.equals("POST"));

      p = new WebUserDataPermission("/", "POST");
      actions = p.getActions();
      assertTrue("actions("+actions+") == POST", actions.equals("POST"));

      p = new WebUserDataPermission("/", "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE");
      actions = p.getActions();
      assertTrue("actions("+actions+") == null", actions == null);

      p = new WebUserDataPermission("/", "TRACE,GET,DELETE");
      actions = p.getActions();
      assertTrue("actions("+actions+") == DELETE,GET,TRACE",
         actions.equals("DELETE,GET,TRACE"));

      p = new WebUserDataPermission("/", "TRACE,GET,DELETE:NONE");
      actions = p.getActions();
      assertTrue("actions("+actions+") == DELETE,GET,TRACE",
         actions.equals("DELETE,GET,TRACE"));

      p = new WebUserDataPermission("/", "TRACE,GET,DELETE:CONFIDENTIAL");
      actions = p.getActions();
      assertTrue("actions("+actions+") == DELETE,GET,TRACE:CONFIDENTIAL",
         actions.equals("DELETE,GET,TRACE:CONFIDENTIAL"));
   }
View Full Code Here

   }

   public void testImpliesPermission() throws Exception
   {
      String nullActions = null;
      WebUserDataPermission p0 = new WebUserDataPermission("/", nullActions);
      WebUserDataPermission p1 = new WebUserDataPermission("/", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/", "");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p1 = new WebUserDataPermission("", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/*", nullActions);
      p1 = new WebUserDataPermission("/any", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/*", "GET");
      p1 = new WebUserDataPermission("/any", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/any/*", "GET");
      p1 = new WebUserDataPermission("/any", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p1 = new WebUserDataPermission("/any/", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/any/more/*", "GET");
      p1 = new WebUserDataPermission("/any/more/andsome", "GET");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("*.jsp", "POST,GET");
      p1 = new WebUserDataPermission("/snoop.jsp", "GET,POST");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p1 = new WebUserDataPermission("/snoop.jsp", "GET,POST:NONE");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("*.jsp", "POST,GET,TRACE");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/snoop.jsp", "POST,GET,TRACE");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("/:/secured.jsp:/unchecked.jsp:/excluded.jsp:/sslprotected.jsp", "POST,GET");
      p1 = new WebUserDataPermission("/:/secured.jsp:/excluded.jsp:/sslprotected.jsp:/unchecked.jsp", "GET,POST");
      assertTrue("p0.implies(p1)", p0.implies(p1));
     
      p0 = new WebUserDataPermission("*.jsp", "POST,GET,TRACE:NONE");
      p1 = new WebUserDataPermission("/snoop.jsp", "GET,POST");
      assertTrue("p0.implies(p1)", p0.implies(p1));

      p0 = new WebUserDataPermission("*.jsp", "POST,GET,TRACE:CONFIDENTIAL");
      p1 = new WebUserDataPermission("/snoop.jsp", "GET,POST:CONFIDENTIAL");
      assertTrue("p0.implies(p1)", p0.implies(p1));
   }
View Full Code Here

   }

   public void testNotImpliesPermission() throws Exception
   {
      String nullActions = null;
      WebUserDataPermission p0 = new WebUserDataPermission("/", "GET");
      WebUserDataPermission p1 = new WebUserDataPermission("/", nullActions);
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p1 = new WebUserDataPermission("/", "POST");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("", "");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p1 = new WebUserDataPermission("/", "GET,POST");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("/any/*", "GET");
      p1 = new WebUserDataPermission("/anymore", "GET");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p1 = new WebUserDataPermission("/anyx", "GET");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p1 = new WebUserDataPermission("/any/more", "GET,POST");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("/*", "GET");
      p1 = new WebUserDataPermission("/anyx", "GET,POST");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("*.jsp", "GET");
      p1 = new WebUserDataPermission("/", "GET");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("*.jsp", "GET");
      p1 = new WebUserDataPermission("/*", "GET");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("*.jsp", "GET");
      p1 = new WebUserDataPermission("/jsp", "GET");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("*.jsp", "GET");
      p1 = new WebUserDataPermission("/snoop,jsp", "GET");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("*.jsp", "POST,GET,TRACE:CONFIDENTIAL");
      p1 = new WebUserDataPermission("/snoop.jsp", "GET,POST");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);

      p0 = new WebUserDataPermission("*.jsp", "POST,GET,TRACE:CONFIDENTIAL");
      p1 = new WebUserDataPermission("/snoop.jsp", "GET,POST:INTEGRAL");
      assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
   }
View Full Code Here

   }

   public void testMatch()
   {
      Permissions perms = new Permissions();
      WebUserDataPermission p = new WebUserDataPermission("/protected/exact/get/roleA",
         "DELETE,HEAD,OPTIONS,POST,PUT,TRACEL");
      perms.add(p);
      p = new WebUserDataPermission("/protected/exact/get/roleA", "GET");
      perms.add(p);

      p = new WebUserDataPermission("/protected/exact/get/roleA", null);
      assertFalse("/protected/exact/get/roleA null is implied", perms.implies(p));
   }
View Full Code Here

TOP

Related Classes of javax.security.jacc.WebUserDataPermission

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.