Examples of java.security.Policy.implies()

java.security.Policy.implies()
Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted. @param domain the ProtectionDomain to test @param permission the Permission object to be tested for implication. @return true if "permission" is a proper subset of a permissiongranted to this ProtectionDomain. @see java.security.ProtectionDomain @since 1.4

      // Test the Restricted GET security-constraint
      WebResourcePermission wrp = new WebResourcePermission("/restricted/get-only", "GET");
      assertTrue("/restricted/get-only GET", p.implies(pd, wrp));


      wrp = new WebResourcePermission("/restricted/get-only/x", "GET");
      assertTrue("/restricted/get-only/x GET", p.implies(pd, wrp));


      // Test the Restricted ANY security-constraint
      wrp = new WebResourcePermission("/restricted/any/x", "GET");
      assertTrue("/restricted/any/x GET", p.implies(pd, wrp));

View Full Code Here

      wrp = new WebResourcePermission("/restricted/get-only/x", "GET");
      assertTrue("/restricted/get-only/x GET", p.implies(pd, wrp));


      // Test the Restricted ANY security-constraint
      wrp = new WebResourcePermission("/restricted/any/x", "GET");
      assertTrue("/restricted/any/x GET", p.implies(pd, wrp));


      // Test that a POST to the Restricted GET security-constraint fails
      wrp = new WebResourcePermission("/restricted/get-only/x", "POST");
      assertFalse("/restricted/get-only/x POST", p.implies(pd, wrp));

View Full Code Here

      wrp = new WebResourcePermission("/restricted/any/x", "GET");
      assertTrue("/restricted/any/x GET", p.implies(pd, wrp));


      // Test that a POST to the Restricted GET security-constraint fails
      wrp = new WebResourcePermission("/restricted/get-only/x", "POST");
      assertFalse("/restricted/get-only/x POST", p.implies(pd, wrp));


      // Test that Restricted POST security-constraint fails
      wrp = new WebResourcePermission("/restricted/post-only/x", "GET");
      assertFalse("/restricted/post-only/x GET", p.implies(pd, wrp));

View Full Code Here

      wrp = new WebResourcePermission("/restricted/get-only/x", "POST");
      assertFalse("/restricted/get-only/x POST", p.implies(pd, wrp));


      // Test that Restricted POST security-constraint fails
      wrp = new WebResourcePermission("/restricted/post-only/x", "GET");
      assertFalse("/restricted/post-only/x GET", p.implies(pd, wrp));


      // Validate that the excluded subcontext if not accessible
      wrp = new WebResourcePermission("/restricted/get-only/excluded/x", "GET");
      assertFalse("/restricted/get-only/excluded/x GET", p.implies(pd, wrp));

View Full Code Here

      wrp = new WebResourcePermission("/restricted/post-only/x", "GET");
      assertFalse("/restricted/post-only/x GET", p.implies(pd, wrp));


      // Validate that the excluded subcontext if not accessible
      wrp = new WebResourcePermission("/restricted/get-only/excluded/x", "GET");
      assertFalse("/restricted/get-only/excluded/x GET", p.implies(pd, wrp));


      caller = new SimplePrincipal[]{new SimplePrincipal("OtherRole")};
      pd = new ProtectionDomain(null, null, null, caller);
      // Test the Restricted GET security-constraint 
      wrp = new WebResourcePermission("/restricted/get-only", "GET");

View Full Code Here


      caller = new SimplePrincipal[]{new SimplePrincipal("OtherRole")};
      pd = new ProtectionDomain(null, null, null, caller);
      // Test the Restricted GET security-constraint 
      wrp = new WebResourcePermission("/restricted/get-only", "GET");
      assertFalse("/restricted/get-only GET", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/restricted/get-only/x", "GET");
      assertFalse("/restricted/get-only/x GET", p.implies(pd, wrp));


      /* Test the Restricted ANY security-constraint. Note that this would be
      allowed by the non-JACC and standalone tomcat as they interpret the "*"

View Full Code Here

      pd = new ProtectionDomain(null, null, null, caller);
      // Test the Restricted GET security-constraint 
      wrp = new WebResourcePermission("/restricted/get-only", "GET");
      assertFalse("/restricted/get-only GET", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/restricted/get-only/x", "GET");
      assertFalse("/restricted/get-only/x GET", p.implies(pd, wrp));


      /* Test the Restricted ANY security-constraint. Note that this would be
      allowed by the non-JACC and standalone tomcat as they interpret the "*"
      role-name to mean any role while the JACC mapping simply replaces "*" with
      the web.xml security-role/role-name values.

View Full Code Here

      allowed by the non-JACC and standalone tomcat as they interpret the "*"
      role-name to mean any role while the JACC mapping simply replaces "*" with
      the web.xml security-role/role-name values.
      */
      wrp = new WebResourcePermission("/restricted/any/x", "GET");
      assertFalse("/restricted/any/x GET", p.implies(pd, wrp));
   }


   /** Test that the excluded paths are not accessible by anyone
    */
   public void testExcludedAccess() throws Exception

View Full Code Here

      Policy p = Policy.getPolicy();
      SimplePrincipal[] caller = {new SimplePrincipal("GetRole")};
      ProtectionDomain pd = new ProtectionDomain(null, null, null, caller);


      WebResourcePermission wrp = new WebResourcePermission("/excluded/x", "GET");
      assertFalse("/excluded/x GET", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/excluded/x", "OPTIONS");
      assertFalse("/excluded/x OPTIONS", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/excluded/x", "HEAD");
      assertFalse("/excluded/x HEAD", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/excluded/x", "POST");

View Full Code Here

      ProtectionDomain pd = new ProtectionDomain(null, null, null, caller);


      WebResourcePermission wrp = new WebResourcePermission("/excluded/x", "GET");
      assertFalse("/excluded/x GET", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/excluded/x", "OPTIONS");
      assertFalse("/excluded/x OPTIONS", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/excluded/x", "HEAD");
      assertFalse("/excluded/x HEAD", p.implies(pd, wrp));
      wrp = new WebResourcePermission("/excluded/x", "POST");
      assertFalse("/excluded/x POST", p.implies(pd, wrp));

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.