[Jboss-dev-forums] [Design of Security on JBoss] - Re: Authorization framework

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Scott,  could you give a glance at the following combination of module behavior and assert that the results derived are correct.

  | /**
  |     * Test the AuthorizationModules combination behavior
  |     */
  |    public void testCombinationBehavior() throws Exception
  |    {   
  |       assertNotNull("PolicyConfig != null", policyConfig);
  | 
  |       int result = getResult("required-deny-sufficient-permit-policy");
  |       assertTrue("DENY?", AuthorizationContext.DENY == result); 
  | 
  |       result = getResult("required-permit-sufficient-deny-policy");
  |       assertTrue("PERMIT?", AuthorizationContext.PERMIT == result); 
  |      
  |       result = getResult("required-permit-required-deny-policy");
  |       assertTrue("DENY?", AuthorizationContext.DENY == result);
  |      
  |       result = getResult("required-permit-required-permit-policy");
  |       assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
  |       
  |      result = getResult("required-permit-required-permit-sufficient-deny-policy");
  |       assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
  |      
  |       result = getResult("required-permit-required-permit-requisite-deny-policy");
  |       assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
  |      
  |       result = getResult("required-permit-required-permit-optional-deny-policy"); 
  |       assertTrue("PERMIT?", AuthorizationContext.PERMIT == result)
  |       
  |      result = getResult("required-permit-required-deny-requisite-permit-policy");
  |       assertTrue("DENY?", AuthorizationContext.DENY == result); 
  | 
  |       result = getResult("requisite-permit-requisite-permit-sufficient-deny-policy");
  |       assertTrue("PERMIT?", AuthorizationContext.PERMIT == result); 
  |    }
  | 

The combination of the module control flag can be derived from the name.

For example:

  | <jbsx:application-policy name="requisite-permit-requisite-permit-sufficient-deny-policy">
  |      <jbsx:authorization>
  |         <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="requisite" />
  |         <jbsx:policy-module code="org.jboss.security.authorization.modules.AllPermitAuthorizationModule" flag="requisite" />
  |         <jbsx:policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="sufficient" />
  |      </jbsx:authorization>
  |    </jbsx:application-policy>
  | 
Here two modules (requisite) permit and one module(sufficient) denies.  The overall decision should be PERMIT.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954485#3954485

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954485