Examples of org.jboss.security.authorization.resources.WebResource

• org.jboss.security.authorization.resources.WebResource
  Represents a Resource for the Web Layer @author Anil Saldhana @since Jun 18, 2006 @version $Revision: 62260 $

         throw new IllegalStateException("Authorization Manager is null");

      boolean hasPerm =  false;
      contextMap.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());

      WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
      webResource.setPolicyContextID(contextID);
      webResource.setServletRequest(request);
      webResource.setServletResponse(response);

      webResource.setCallerSubject(callerSubject);
      SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
      RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);

      try
      {

   {
      WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();

      PolicyRegistration policyRegistration = new JBossPolicyRegistration();
      registerPolicy(policyRegistration);
      WebResource er = getResource(policyRegistration);
      er.setPolicyContextID(this.contextID);

      er.setServletRequest(new TestHttpServletRequest(p, uri, "GET"));
      assertEquals(AuthorizationContext.PERMIT,
            pc.authorize(er, getSubject(), getRoleGroup()));

      Principal principal = new SimplePrincipal("Notjduke");
      HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
      //Now change the ejb principal
      er.setServletRequest(hsr);
      assertEquals(AuthorizationContext.DENY,
            pc.authorize(er, getSubject(), getRoleGroup()));
   }

   {
      WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();

      PolicyRegistration policyRegistration = new JBossPolicyRegistration();
      registerPolicy(policyRegistration);
      WebResource er = getResource(policyRegistration);
      er.setPolicyContextID(this.contextID);

      Principal principal = new SimplePrincipal("Notjduke");
      HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
      //Now change the ejb principal
      er.setServletRequest(hsr);
      assertEquals(AuthorizationContext.DENY,
            pc.authorize(er, getSubject(), getRoleGroup()));
   }

   private WebResource getResource(PolicyRegistration policyRegistration)
   {
      HashMap<String,Object> map = new HashMap<String,Object>();
      // map.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p, uri, "GET"));
      map.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
      return new WebResource(map);
   }

   }

   public void testAuthorization() throws Exception
   {
      HashMap<String,Object> cmap = new HashMap<String,Object>();
      WebResource wr = new WebResource(cmap);
      wr.setServletRequest(new TestHttpServletRequest(p,"test", "get"));
      AuthorizationManager am = new JBossAuthorizationManager("other");
      am.authorize(wr);//This should just pass as the default module PERMITS all
   }