[jboss-cvs] JBossAS SVN: r64171 - in projects/security/security-xacml/trunk/jboss-xacml: src/main/org/jboss/security/xacml/core and 11 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Jul 21 10:15:35 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-07-21 10:15:34 -0400 (Sat, 21 Jul 2007)
New Revision: 64171
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/webConfig.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/temp.txt
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/web-policy.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/HttpRequestUtil.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java
Modified:
projects/security/security-xacml/trunk/jboss-xacml/
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossRequestContext.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/PolicyFactory.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestAttributeFactory.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestResponseContextFactory.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/model/ContextUnitTestCase.java
Log:
web binding test case
Property changes on: projects/security/security-xacml/trunk/jboss-xacml
___________________________________________________________________
Name: svn:ignore
+ target
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -137,7 +137,7 @@
{
throw new RuntimeException(e);
}
- }
+ }
public void setLocators(Set<PolicyLocator> locators)
{
@@ -155,7 +155,11 @@
//Go through the Locators
for(PolicyLocator locator: locators)
{
- policyModules.addAll((List)locator.get(XACMLConstants.POLICY_FINDER_MODULE));
+ List finderModulesList = (List)locator.get(XACMLConstants.POLICY_FINDER_MODULE);
+ if(finderModulesList == null)
+ throw new IllegalStateException("Locator "+locator.getClass().getName()
+ + " has no policy finder modules");
+ policyModules.addAll(finderModulesList);
}
policyFinder.setModules(policyModules);
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossRequestContext.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossRequestContext.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossRequestContext.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -35,7 +35,6 @@
import org.jboss.security.xacml.core.model.context.ObjectFactory;
import org.jboss.security.xacml.core.model.context.RequestType;
-import org.jboss.security.xacml.factories.RequestResponseContextFactory;
import org.jboss.security.xacml.interfaces.RequestContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.w3c.dom.Document;
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/PolicyFactory.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/PolicyFactory.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/PolicyFactory.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -21,12 +21,19 @@
*/
package org.jboss.security.xacml.factories;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.lang.reflect.Constructor;
+import javax.xml.bind.JAXB;
+import javax.xml.bind.JAXBElement;
+
import org.jboss.security.xacml.bridge.JBossPolicyFinder;
import org.jboss.security.xacml.core.JBossXACMLPolicy;
import org.jboss.security.xacml.core.SecurityActions;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
import org.jboss.security.xacml.interfaces.XACMLPolicy;
@@ -91,6 +98,20 @@
);
}
+ public static XACMLPolicy createPolicy(PolicyType policyFile)
+ throws Exception
+ {
+ JAXBElement<PolicyType> jaxbPolicy = new ObjectFactory().createPolicy(policyFile);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ JAXB.marshal(jaxbPolicy, baos);
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ return (XACMLPolicy) getCtr().newInstance(new Object[]
+ { bis,
+ XACMLPolicy.POLICY
+ }
+ );
+ }
+
private static Constructor<XACMLPolicy> getCtr() throws Exception
{
return constructingClass.getConstructor(new Class[] {
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestAttributeFactory.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestAttributeFactory.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestAttributeFactory.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -21,6 +21,16 @@
*/
package org.jboss.security.xacml.factories;
+import java.net.InetAddress;
+import java.net.URI;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+
+import javax.security.auth.x500.X500Principal;
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.jboss.security.xacml.core.model.context.AttributeType;
import org.jboss.security.xacml.core.model.context.AttributeValueType;
@@ -36,30 +46,117 @@
public class RequestAttributeFactory
{
+ public static AttributeType createAnyURIAttributeType(String attrID, String issuer,URI value)
+ {
+ return getBareAttributeType(attrID, issuer, ""+value, "http://www.w3.org/2001/XMLSchema#anyURI");
+ }
+
+ public static AttributeType createBase64BinaryAttributeType(String attrID, String issuer,byte[] value)
+ {
+ return getBareAttributeType(attrID, issuer, value, "http://www.w3.org/2001/XMLSchema#base64Binary");
+ }
+
+ public static AttributeType createBooleanAttributeType(String attrID, String issuer,boolean value)
+ {
+ return getBareAttributeType(attrID, issuer, value, "http://www.w3.org/2001/XMLSchema#boolean");
+ }
+
+ public static AttributeType createDateAttributeType(String attrID, String issuer)
+ {
+ return getBareAttributeType(attrID, issuer, getXMLDate(), "http://www.w3.org/2001/XMLSchema#date");
+ }
+
+ public static AttributeType createDateAttributeType(String attrID, String issuer,XMLGregorianCalendar value)
+ {
+ return getBareAttributeType(attrID, issuer, value.toXMLFormat(), "http://www.w3.org/2001/XMLSchema#date");
+ }
+
+ public static AttributeType createDateTimeAttributeType(String attrID, String issuer)
+ {
+ return getBareAttributeType(attrID, issuer, getXMLDate(), "http://www.w3.org/2001/XMLSchema#dateTime");
+ }
+
+ public static AttributeType createDateTimeAttributeType(String attrID, String issuer,XMLGregorianCalendar value)
+ {
+ return getBareAttributeType(attrID, issuer, value.toXMLFormat(), "http://www.w3.org/2001/XMLSchema#dateTime");
+ }
+
+ public static AttributeType createDNSNameAttributeType(String attrID, String issuer,String hostname)
+ {
+ return getBareAttributeType(attrID, issuer, hostname, "urn:oasis:names:tc:xacml:2.0:data-type:dnsName");
+ }
+
+ public static AttributeType createDoubleAttributeType(String attrID, String issuer,double value)
+ {
+ return getBareAttributeType(attrID, issuer, "" + value, "http://www.w3.org/2001/XMLSchema#double");
+ }
+
+ public static AttributeType createEmailAttributeType(String attrID, String issuer,String value)
+ {
+ return getBareAttributeType(attrID, issuer, value, "urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name");
+ }
+
+ public static AttributeType createHexBinaryAttributeType(String attrID, String issuer,byte[] value)
+ {
+ return getBareAttributeType(attrID, issuer, value, "http://www.w3.org/2001/XMLSchema#hexBinary");
+ }
+
public static AttributeType createIntegerAttributeType(String attrID, String issuer, int value)
{
- AttributeType attributeType = new AttributeType();
- attributeType.setAttributeId(attrID);
- attributeType.setDataType("http://www.w3.org/2001/XMLSchema#integer");
- if(issuer != null)
- attributeType.setIssuer(issuer);
- AttributeValueType avt = new AttributeValueType();
- avt.getContent().add("" + value);
- attributeType.getAttributeValue().add(avt);
- return attributeType;
+ return getBareAttributeType(attrID, issuer, ""+value, "http://www.w3.org/2001/XMLSchema#integer");
}
+ public static AttributeType createIPAddressAttributeType(String attrID, String issuer,InetAddress address)
+ {
+ return getBareAttributeType(attrID, issuer, address, "urn:oasis:names:tc:xacml:2.0:data-type:ipAddress");
+ }
+
public static AttributeType createStringAttributeType(String attrID, String issuer, String value)
{
+ return getBareAttributeType(attrID, issuer, value, "http://www.w3.org/2001/XMLSchema#string");
+ }
+
+ public static AttributeType createTimeAttributeType(String attrID, String issuer)
+ {
+ return getBareAttributeType(attrID, issuer, getXMLDate(), "http://www.w3.org/2001/XMLSchema#time");
+ }
+
+ public static AttributeType createTimeAttributeType(String attrID, String issuer, XMLGregorianCalendar value)
+ {
+ return getBareAttributeType(attrID, issuer, value.toXMLFormat(), "http://www.w3.org/2001/XMLSchema#time");
+ }
+
+ public static AttributeType createX509NameAttributeType(String attrID, String issuer, X500Principal value)
+ {
+ return getBareAttributeType(attrID, issuer, value, "urn:oasis:names:tc:xacml:1.0:data-type:x500Name");
+ }
+
+ private static AttributeType getBareAttributeType(String attrID, String issuer, Object value,
+ String dataType)
+ {
AttributeType attributeType = new AttributeType();
attributeType.setAttributeId(attrID);
- attributeType.setDataType("http://www.w3.org/2001/XMLSchema#string");
+ attributeType.setDataType(dataType);
if(issuer != null)
attributeType.setIssuer(issuer);
AttributeValueType avt = new AttributeValueType();
avt.getContent().add(value);
attributeType.getAttributeValue().add(avt);
- return attributeType;
+ return attributeType;
}
-
+
+ private static String getXMLDate()
+ {
+ DatatypeFactory dtf;
+ try
+ {
+ dtf = DatatypeFactory.newInstance();
+ }
+ catch (DatatypeConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+ XMLGregorianCalendar value = dtf.newXMLGregorianCalendar((GregorianCalendar) Calendar.getInstance());
+ return value.toXMLFormat();
+ }
}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestResponseContextFactory.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestResponseContextFactory.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/factories/RequestResponseContextFactory.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -23,8 +23,6 @@
import org.jboss.security.xacml.core.JBossRequestContext;
import org.jboss.security.xacml.core.JBossResponseContext;
-import org.jboss.security.xacml.core.model.context.AttributeType;
-import org.jboss.security.xacml.core.model.context.AttributeValueType;
import org.jboss.security.xacml.interfaces.RequestContext;
import org.jboss.security.xacml.interfaces.ResponseContext;
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -37,8 +37,21 @@
String REQUEST_CTX = "request_ctx";
String RESPONSE_CTX = "response_ctx";
- String contextSchema = "urn:oasis:names:tc:xacml:2.0:context:schema:os";
+ String CONTEXT_SCHEMA = "urn:oasis:names:tc:xacml:2.0:context:schema:os";
+ //Identifiers
+ String ACTION_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:action:action-id";
+ String CURRENT_TIME_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:environment:current-time";
+ String RESOURCE_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
+ String SUBJECT_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
+ String SUBJECT_ROLE_IDENTIFIER = "urn:oasis:names:tc:xacml:2.0:subject:role";
+
+ //Functions
+ String FUNCTION_ANYURI_EQUALS = "urn:oasis:names:tc:xacml:1.0:function:anyURI-equal";
+ String FUNCTION_STRING_EQUAL = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
+ String FUNCTION_STRING_IS_IN = "urn:oasis:names:tc:xacml:1.0:function:string-is-in";
+ String FUNCTION_STRING_ONE_AND_ONLY = "urn:oasis:names:tc:xacml:1.0:function:string-one-and-only";
+
/**
* The decision to permit the request
*/
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/webConfig.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/webConfig.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/webConfig.xml 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,11 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:Policy>
+ <ns:Location>test/policies/bindings/web/web-policy.xml</ns:Location>
+ </ns:Policy>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicyLocator">
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/temp.txt
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/temp.txt (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/temp.txt 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
+Version="2.0" PolicyId="ExamplePolicy">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://test/developer-guide.html</AttributeValue>
+ <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule Effect="Permit" RuleId="ReadRule">
+ <Target>
+ <Actions>
+ <Action>
+ <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">developer</AttributeValue>
+ <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" />
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Deny" RuleId="DenyRule"/>
+</Policy>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/web-policy.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/web-policy.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/bindings/web/web-policy.xml 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
+Version="2.0" PolicyId="ExamplePolicy">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://test/developer-guide.html</AttributeValue>
+ <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule Effect="Permit" RuleId="ReadRule">
+ <Target>
+ <Actions>
+ <Action>
+ <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">developer</AttributeValue>
+ <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" />
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Deny" RuleId="DenyRule"/>
+</Policy>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/HttpRequestUtil.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/HttpRequestUtil.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/HttpRequestUtil.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,264 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.bindings.web;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+/**
+ * Utility class for the web binding
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 10, 2007
+ * @version $Revision$
+ */
+public class HttpRequestUtil
+{
+ public HttpServletRequest createRequest(final Principal gp, final String uri)
+ {
+ return new HttpServletRequest(){
+
+ public String getAuthType() {
+ return null;
+ }
+
+ public String getContextPath() {
+ return null;
+ }
+
+ public Cookie[] getCookies() {
+ return null;
+ }
+
+ public long getDateHeader(String arg0) {
+ return 0;
+ }
+
+ public String getHeader(String arg0) {
+ return null;
+ }
+
+ public Enumeration getHeaderNames() {
+ return null;
+ }
+
+ public Enumeration getHeaders(String arg0) {
+ return null;
+ }
+
+ public int getIntHeader(String arg0) {
+ return 0;
+ }
+
+ public String getMethod() {
+ return "GET";
+ }
+
+ public String getPathInfo() {
+ return null;
+ }
+
+ public String getPathTranslated() {
+ return null;
+ }
+
+ public String getQueryString() {
+ return null;
+ }
+
+ public String getRemoteUser() {
+ return null;
+ }
+
+ public String getRequestURI() {
+ return uri;
+ }
+
+ public StringBuffer getRequestURL() {
+ return null;
+ }
+
+ public String getRequestedSessionId() {
+ return null;
+ }
+
+ public String getServletPath() {
+ return null;
+ }
+
+ public HttpSession getSession() {
+ return null;
+ }
+
+ public HttpSession getSession(boolean arg0) {
+ return null;
+ }
+
+ public Principal getUserPrincipal() {
+ return gp;
+ }
+
+ public boolean isRequestedSessionIdFromCookie() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdValid() {
+ return false;
+ }
+
+ public boolean isUserInRole(String arg0) {
+ return false;
+ }
+
+ public Object getAttribute(String arg0) {
+ return null;
+ }
+
+ public Enumeration getAttributeNames() {
+ return null;
+ }
+
+ public String getCharacterEncoding() {
+ return null;
+ }
+
+ public int getContentLength() {
+ return 0;
+ }
+
+ public String getContentType() {
+ return null;
+ }
+
+ public ServletInputStream getInputStream() throws IOException {
+ return null;
+ }
+
+ public String getLocalAddr() {
+ return null;
+ }
+
+ public String getLocalName() {
+ return null;
+ }
+
+ public int getLocalPort() {
+ return 0;
+ }
+
+ public Locale getLocale() {
+ return null;
+ }
+
+ public Enumeration getLocales() {
+ return null;
+ }
+
+ public String getParameter(String arg0) {
+ return null;
+ }
+
+ public Map getParameterMap() {
+ return null;
+ }
+
+ public Enumeration getParameterNames() {
+ return null;
+ }
+
+ public String[] getParameterValues(String arg0) {
+ return null;
+ }
+
+ public String getProtocol() {
+ return null;
+ }
+
+ public BufferedReader getReader() throws IOException {
+ return null;
+ }
+
+ public String getRealPath(String arg0) {
+ return null;
+ }
+
+ public String getRemoteAddr() {
+ return null;
+ }
+
+ public String getRemoteHost() {
+ return null;
+ }
+
+ public int getRemotePort() {
+ return 0;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String arg0) {
+ return null;
+ }
+
+ public String getScheme() {
+ return null;
+ }
+
+ public String getServerName() {
+ return null;
+ }
+
+ public int getServerPort() {
+ return 0;
+ }
+
+ public boolean isSecure() {
+ return false;
+ }
+
+ public void removeAttribute(String arg0) {
+ }
+
+ public void setAttribute(String arg0, Object arg1) {
+ }
+
+ public void setCharacterEncoding(String arg0)
+ throws UnsupportedEncodingException {
+ }};
+ }
+}
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,296 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.bindings.web;
+
+import java.io.InputStream;
+import java.net.URI;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.ExpressionType;
+import org.jboss.security.xacml.core.model.policy.FunctionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+import org.jboss.security.xacml.factories.PolicyFactory;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.PolicyLocator;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XACMLPolicy;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.xacml.locators.JBossPolicyLocator;
+
+import junit.framework.TestCase;
+
+//$Id$
+
+/**
+ * Test Case that constructs the policy dynamically
+ * and then applies the web access rules
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 20, 2007
+ * @version $Revision$
+ */
+public class WebLayerDynamicPolicyUnitTestCase extends TestCase
+{
+ private boolean debug = false; //Enable for request trace
+
+ public void testWebBinding() throws Exception
+ {
+ PolicyType policyType = constructPolicy();
+ PolicyDecisionPoint pdp = new JBossPDP();
+
+ XACMLPolicy policy = PolicyFactory.createPolicy(policyType);
+ Set<XACMLPolicy> policies = new HashSet<XACMLPolicy>();
+ policies.add(policy);
+
+ pdp.setPolicies(policies);
+
+ //Add the basic locators also
+ PolicyLocator policyLocator = new JBossPolicyLocator();
+ policyLocator.setPolicies(policies);
+ Set<PolicyLocator> locators = new HashSet<PolicyLocator>();
+ locators.add(policyLocator);
+ pdp.setLocators(locators);
+ assertNotNull("JBossPDP is != null", pdp);
+
+ Principal p = new Principal()
+ {
+ public String getName()
+ {
+ return "testuser";
+ }
+ };
+
+ //Create Role Group
+ Group grp = this.getRoleGroup("developer");
+
+ String requestURI = "http://test/developer-guide.html";
+ HttpRequestUtil util = new HttpRequestUtil();
+ HttpServletRequest req = util.createRequest(p, requestURI);
+
+ //Check PERMIT condition
+ WebPEP pep = new WebPEP();
+ RequestContext request = pep.createXACMLRequest(req, p, grp);
+ if(debug)
+ request.marshall(System.out);
+
+ assertEquals("Access Allowed?", XACMLConstants.DECISION_PERMIT,
+ getDecision(pdp,request));
+ }
+
+ public void testNegativeAccessWebBinding() throws Exception
+ {
+ PolicyType policyType = constructPolicy();
+ PolicyDecisionPoint pdp = new JBossPDP();
+
+ XACMLPolicy policy = PolicyFactory.createPolicy(policyType);
+ Set<XACMLPolicy> policies = new HashSet<XACMLPolicy>();
+ policies.add(policy);
+
+ pdp.setPolicies(policies);
+
+ //Add the basic locators also
+ PolicyLocator policyLocator = new JBossPolicyLocator();
+ policyLocator.setPolicies(policies);
+ Set<PolicyLocator> locators = new HashSet<PolicyLocator>();
+ locators.add(policyLocator);
+ pdp.setLocators(locators);
+ assertNotNull("JBossPDP is != null", pdp);
+
+
+ Principal p = new Principal()
+ {
+ public String getName()
+ {
+ return "testuser";
+ }
+ };
+
+ //Create Role Group
+ Group grp = this.getRoleGroup("imposter");
+ String requestURI = "http://test/developer-guide.html";
+ HttpRequestUtil util = new HttpRequestUtil();
+ HttpServletRequest req = util.createRequest(p, requestURI);
+
+ //Check DENY condition
+ WebPEP pep = new WebPEP();
+ RequestContext request = pep.createXACMLRequest(req, p, grp);
+ request.marshall(System.out);
+
+ assertEquals("Access Disallowed?", XACMLConstants.DECISION_DENY,
+ getDecision(pdp,request));
+ }
+
+
+
+ private PolicyType constructPolicy() throws Exception
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ String PERMIT_OVERRIDES="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides";
+ PolicyType policyType = new PolicyType();
+ policyType.setPolicyId("ExamplePolicy");
+ policyType.setVersion("2.0");
+ policyType.setRuleCombiningAlgId(PERMIT_OVERRIDES);
+
+ //Create a target
+ TargetType targetType = new TargetType();
+
+ ResourcesType resourcesType = new ResourcesType();
+ ResourceType resourceType = new ResourceType();
+ ResourceMatchType rmt = new ResourceMatchType();
+ rmt.setMatchId(XACMLConstants.FUNCTION_ANYURI_EQUALS);
+ rmt.setResourceAttributeDesignator(PolicyAttributeFactory.createAttributeDesignatorType(
+ XACMLConstants.RESOURCE_IDENTIFIER,XMLSchemaConstants.DATATYPE_ANYURI));
+ rmt.setAttributeValue(PolicyAttributeFactory.createAnyURIAttributeType(
+ new URI("http://test/developer-guide.html")));
+ resourceType.getResourceMatch().add(rmt);
+ resourcesType.getResource().add(resourceType);
+
+ targetType.setResources(resourcesType);
+
+ policyType.setTarget(targetType);
+
+
+ //Create a Rule
+ RuleType permitRule = new RuleType();
+ permitRule.setRuleId("ReadRule");
+ permitRule.setEffect(EffectType.PERMIT);
+
+ ActionsType permitRuleActionsType = new ActionsType();
+ ActionType permitRuleActionType = new ActionType();
+
+ ActionMatchType amct = new ActionMatchType();
+ amct.setMatchId("urn:oasis:names:tc:xacml:1.0:function:string-equal");
+ amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType("read"));
+ amct.setActionAttributeDesignator(PolicyAttributeFactory.createAttributeDesignatorType(
+ XACMLConstants.ACTION_IDENTIFIER, XMLSchemaConstants.DATATYPE_STRING));
+ permitRuleActionType.getActionMatch().add(amct);
+ TargetType permitRuleTargetType = new TargetType();
+ permitRuleActionsType.getAction().add(permitRuleActionType);
+ permitRuleTargetType.setActions(permitRuleActionsType);
+ permitRule.setTarget(permitRuleTargetType);
+
+ ConditionType permitRuleConditionType = new ConditionType();
+ FunctionType functionType = new FunctionType();
+ functionType.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ JAXBElement<ExpressionType> jaxbElementFunctionType = objectFactory.createExpression(functionType);
+ permitRuleConditionType.setExpression(jaxbElementFunctionType);
+
+ ApplyType permitRuleApplyType = new ApplyType();
+ permitRuleApplyType.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
+
+ SubjectAttributeDesignatorType sadt = PolicyAttributeFactory.createSubjectAttributeDesignatorType(
+ XACMLConstants.SUBJECT_ROLE_IDENTIFIER, XMLSchemaConstants.DATATYPE_STRING);
+ JAXBElement<SubjectAttributeDesignatorType> sadtElement = objectFactory.createSubjectAttributeDesignator(sadt);
+ AttributeValueType avt = PolicyAttributeFactory.createStringAttributeType("developer");
+ JAXBElement<AttributeValueType> jaxbAVT = objectFactory.createAttributeValue(avt);
+ permitRuleApplyType.getExpression().add(jaxbAVT);
+ permitRuleApplyType.getExpression().add(sadtElement);
+
+
+ permitRuleConditionType.setExpression(objectFactory.createApply(permitRuleApplyType));
+
+ permitRule.setCondition(permitRuleConditionType);
+
+ policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(permitRule);
+ //Create a Deny Rule
+ RuleType denyRule = new RuleType();
+ denyRule.setRuleId("DenyRule");
+ denyRule.setEffect(EffectType.DENY);
+ policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(denyRule);
+
+ return policyType;
+ }
+
+ private int getDecision(PolicyDecisionPoint pdp, RequestContext request) throws Exception
+ {
+ ResponseContext response = pdp.evaluate(request);
+ assertNotNull("Response is not null", response);
+ return response.getDecision();
+ }
+
+ private Group getRoleGroup( final String roleName)
+ {
+ return new Group() {
+
+ private Vector vect = new Vector();
+ public boolean addMember(final Principal principal)
+ {
+ return vect.add(principal);
+ }
+
+ public boolean isMember(Principal principal)
+ {
+ return vect.contains(principal);
+ }
+
+ public Enumeration<? extends Principal> members()
+ {
+ vect.add(new Principal()
+ {
+
+ public String getName()
+ {
+ return roleName;
+ }});
+ return vect.elements();
+ }
+
+ public boolean removeMember(Principal principal)
+ {
+ return vect.remove(principal);
+ }
+
+ public String getName()
+ {
+ return "ROLES";
+ }
+ };
+ }
+}
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerUnitTestCase.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerUnitTestCase.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,163 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.bindings.web;
+
+import java.io.InputStream;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.Vector;
+
+import javax.servlet.http.HttpServletRequest;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+//$Id$
+
+/**
+ * Unit Tests for the Web bindings
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 10, 2007
+ * @version $Revision$
+ */
+public class WebLayerUnitTestCase extends TestCase
+{
+ private boolean debug = false; //Enable for request trace
+
+ public void testWebBinding() throws Exception
+ {
+ PolicyDecisionPoint pdp = getPDP();
+ assertNotNull("JBossPDP is != null", pdp);
+
+ Principal p = new Principal()
+ {
+ public String getName()
+ {
+ return "testuser";
+ }
+ };
+
+ //Create Role Group
+ Group grp = this.getRoleGroup("developer");
+
+ String requestURI = "http://test/developer-guide.html";
+ HttpRequestUtil util = new HttpRequestUtil();
+ HttpServletRequest req = util.createRequest(p, requestURI);
+
+ //Check PERMIT condition
+ WebPEP pep = new WebPEP();
+ RequestContext request = pep.createXACMLRequest(req, p, grp);
+ if(debug)
+ request.marshall(System.out);
+
+ assertEquals("Access Allowed?", XACMLConstants.DECISION_PERMIT,
+ getDecision(pdp,request));
+ }
+
+ public void testNegativeAccessWebBinding() throws Exception
+ {
+ PolicyDecisionPoint pdp = getPDP();
+ assertNotNull("JBossPDP is != null", pdp);
+ Principal p = new Principal()
+ {
+ public String getName()
+ {
+ return "testuser";
+ }
+ };
+
+ //Create Role Group
+ Group grp = this.getRoleGroup("imposter");
+ String requestURI = "http://test/developer-guide.html";
+ HttpRequestUtil util = new HttpRequestUtil();
+ HttpServletRequest req = util.createRequest(p, requestURI);
+
+ //Check DENY condition
+ WebPEP pep = new WebPEP();
+ RequestContext request = pep.createXACMLRequest(req, p, grp);
+ request.marshall(System.out);
+
+ assertEquals("Access Disallowed?", XACMLConstants.DECISION_DENY,
+ getDecision(pdp,request));
+ }
+
+ private PolicyDecisionPoint getPDP()
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("test/config/webConfig.xml");
+ assertNotNull("InputStream != null", is);
+
+ return new JBossPDP(is);
+ }
+
+ private int getDecision(PolicyDecisionPoint pdp, RequestContext request) throws Exception
+ {
+ ResponseContext response = pdp.evaluate(request);
+ assertNotNull("Response is not null", response);
+ return response.getDecision();
+ }
+
+ private Group getRoleGroup( final String roleName)
+ {
+ return new Group() {
+
+ private Vector vect = new Vector();
+ public boolean addMember(final Principal principal)
+ {
+ return vect.add(principal);
+ }
+
+ public boolean isMember(Principal principal)
+ {
+ return vect.contains(principal);
+ }
+
+ public Enumeration<? extends Principal> members()
+ {
+ vect.add(new Principal()
+ {
+
+ public String getName()
+ {
+ return roleName;
+ }});
+ return vect.elements();
+ }
+
+ public boolean removeMember(Principal principal)
+ {
+ return vect.remove(principal);
+ }
+
+ public String getName()
+ {
+ return "ROLES";
+ }
+ };
+ }
+}
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -0,0 +1,101 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.bindings.web;
+
+import java.net.URI;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.EnvironmentType;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestAttributeFactory;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+
+//$Id$
+
+/**
+ * PEP for the web layer
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 10, 2007
+ * @version $Revision$
+ */
+public class WebPEP
+{
+ String ACTION_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:action:action-id";
+ String CURRENT_TIME_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:environment:current-time";
+ String RESOURCE_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
+ String SUBJECT_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
+ String SUBJECT_ROLE_IDENTIFIER = "urn:oasis:names:tc:xacml:2.0:subject:role";
+
+ public RequestContext createXACMLRequest(HttpServletRequest request,
+ Principal principal, Group roleGroup) throws Exception
+ {
+ RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a subject type
+ SubjectType subject = new SubjectType();
+ subject.getAttribute().add(RequestAttributeFactory.createStringAttributeType(
+ SUBJECT_IDENTIFIER, "jboss.org", principal.getName()));
+ Enumeration<Principal> roles = (Enumeration<Principal>) roleGroup.members();
+ while(roles.hasMoreElements())
+ {
+ Principal rolePrincipal = roles.nextElement();
+ AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
+ SUBJECT_ROLE_IDENTIFIER, "jboss.org", rolePrincipal.getName());
+ subject.getAttribute().add(attSubjectID);
+ }
+
+ //Create a resource type
+ ResourceType resourceType = new ResourceType();
+ resourceType.getAttribute().add(RequestAttributeFactory.createAnyURIAttributeType(
+ RESOURCE_IDENTIFIER, null, new URI(request.getRequestURI())));
+
+ //Create an action type
+ ActionType actionType = new ActionType();
+ actionType.getAttribute().add(RequestAttributeFactory.createStringAttributeType(
+ ACTION_IDENTIFIER, "jboss.org", "read"));
+
+ //Create an Environment Type (Optional)
+ EnvironmentType environmentType = new EnvironmentType();
+ environmentType.getAttribute().add(RequestAttributeFactory.createDateTimeAttributeType(
+ CURRENT_TIME_IDENTIFIER, null));
+
+ //Create a Request Type
+ RequestType requestType = new RequestType();
+ requestType.getSubject().add(subject);
+ requestType.getResource().add(resourceType);
+ requestType.setAction(actionType);
+ requestType.setEnvironment(environmentType);
+
+ requestCtx.setRequest(requestType);
+
+ return requestCtx;
+ }
+}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -93,8 +93,8 @@
InputStream is = tcl.getResourceAsStream("test/config/interopPolicySetConfig.xml");
assertNotNull("InputStream != null", is);
PolicyDecisionPoint pdp = new JBossPDP(is);
- assertNotNull("JBossPDP is != null", pdp);
-
+ assertNotNull("JBossPDP is != null", pdp);
+
assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY,
getDecision(pdp,getRequestContext("false","false",10)));
assertEquals("Case 2 should be deny", XACMLConstants.DECISION_PERMIT,
@@ -108,8 +108,7 @@
assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY,
getDecision(pdp,getRequestContext("true","false",15)));
assertEquals("Case 7 should be deny", XACMLConstants.DECISION_PERMIT,
- getDecision(pdp,getRequestContext("true","true",10)));
-
+ getDecision(pdp,getRequestContext("true","true",10)));
}
private RequestContext getRequestContext(String reqTradeAppr, String reqCreditAppr,
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/model/ContextUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/model/ContextUnitTestCase.java 2007-07-21 14:14:21 UTC (rev 64170)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/core/model/ContextUnitTestCase.java 2007-07-21 14:15:34 UTC (rev 64171)
@@ -21,20 +21,14 @@
*/
package org.jboss.test.security.xacml.core.model;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
import java.io.InputStream;
-import javax.xml.bind.JAXB;
-import javax.xml.bind.JAXBElement;
-
import junit.framework.TestCase;
import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.core.model.context.ActionType;
import org.jboss.security.xacml.core.model.context.AttributeType;
import org.jboss.security.xacml.core.model.context.EnvironmentType;
-import org.jboss.security.xacml.core.model.context.ObjectFactory;
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResourceType;
import org.jboss.security.xacml.core.model.context.SubjectType;
@@ -56,19 +50,14 @@
{
public void testConstructRequest() throws Exception
{
- RequestType request = new RequestType();
- request.getSubject().add(createSubject());
- request.getResource().add(createResource());
- request.setAction(createAction());
- request.setEnvironment( new EnvironmentType());
+ RequestType requestType = new RequestType();
+ requestType.getSubject().add(createSubject());
+ requestType.getResource().add(createResource());
+ requestType.setAction(createAction());
+ requestType.setEnvironment( new EnvironmentType());
- JAXBElement<RequestType> requestJAXB = new ObjectFactory().createRequest(request);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- JAXB.marshal(requestJAXB, baos);
- ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
- requestCtx.readRequest(bis);
- requestCtx.marshall(System.out);
+ requestCtx.setRequest(requestType);
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream("test/config/interopPolicySetConfig.xml");
@@ -130,32 +119,32 @@
AttributeType attOwnerID = RequestAttributeFactory.createStringAttributeType(
- "urn:oasis:names:tc:xacml:1.0:resource:owner-id",
+ "urn:xacml:2.0:interop:example:resource:owner-id",
"xacml20.interop.com", "123456");
resourceType.getAttribute().add(attOwnerID);
AttributeType attOwnerName = RequestAttributeFactory.createStringAttributeType(
- "urn:oasis:names:tc:xacml:1.0:resource:owner-name",
+ "urn:xacml:2.0:interop:example:resource:owner-name",
"xacml20.interop.com", "John Smith");
resourceType.getAttribute().add(attOwnerName);
AttributeType attAccountStatus = RequestAttributeFactory.createStringAttributeType(
- "urn:oasis:names:tc:xacml:1.0:resource:account-status",
+ "urn:xacml:2.0:interop:example:resource:account-status",
"xacml20.interop.com", "Active");
resourceType.getAttribute().add(attAccountStatus);
AttributeType attCreditLine = RequestAttributeFactory.createIntegerAttributeType(
- "urn:oasis:names:tc:xacml:1.0:resource:credit-line",
+ "urn:xacml:2.0:interop:example:resource:credit-line",
"xacml20.interop.com", 15000);
resourceType.getAttribute().add(attCreditLine);
AttributeType attCurrentCredit = RequestAttributeFactory.createIntegerAttributeType(
- "urn:oasis:names:tc:xacml:1.0:resource:current-credit",
+ "urn:xacml:2.0:interop:example:resource:current-credit",
"xacml20.interop.com", 10000);
resourceType.getAttribute().add(attCurrentCredit);
AttributeType attTradeLimit = RequestAttributeFactory.createIntegerAttributeType(
- "urn:oasis:names:tc:xacml:1.0:resource:trade-limit",
+ "urn:xacml:2.0:interop:example:resource:trade-limit",
"xacml20.interop.com", 10000);
resourceType.getAttribute().add(attTradeLimit);
return resourceType;
More information about the jboss-cvs-commits
mailing list