[jboss-cvs] JBossAS SVN: r63017 - projects/security/security-spi/trunk/src/main/org/jboss/security/authorization.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Sun May 13 12:35:17 EDT 2007 

Author: anil.saldhana at jboss.com
Date: 2007-05-13 12:35:16 -0400 (Sun, 13 May 2007)
New Revision: 63017

Added:
   projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java
   projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java
Log:
refactor authorization layer into spi

Added: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java	                        (rev 0)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java	2007-05-13 16:35:16 UTC (rev 63017)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization;
+  
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map; 
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler; 
+ 
+
+//$Id: AuthorizationContext.java 62954 2007-05-10 04:12:18Z anil.saldhana at jboss.com $
+
+/**
+ *  JBAS-3374: Authorization Framework for Policy Decision Modules
+ *  For information on the behavior of the Authorization Modules,
+ *  For Authorization Modules behavior(Required, Requisite, Sufficient and Optional)
+ *  please refer to the javadoc for @see javax.security.auth.login.Configuration
+ *  
+ *  The AuthorizationContext derives the AuthorizationInfo(configuration for the modules)
+ *  in the following way:
+ *  a) If there has been an injection of ApplicationPolicy, then it will be used.
+ *  b) Util.getApplicationPolicy will be used(which relies on SecurityConfiguration static class).
+ *  c) Flag an error that there is no available Application Policy
+ *  
+ *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ *  @since  Jun 11, 2006 
+ *  @version $Revision: 62954 $
+ */
+public abstract class AuthorizationContext
+{   
+   protected String securityDomainName = null;
+   protected CallbackHandler callbackHandler = null;
+   protected Subject authenticatedSubject = null;
+   protected Map sharedState = new HashMap(); 
+   
+   protected List<AuthorizationModule> modules = new ArrayList<AuthorizationModule>();
+   
+   /**
+    * Control Flags for the individual modules
+    */
+   protected ArrayList controlFlags = new ArrayList();
+   
+   public static final int PERMIT = 1;
+   public static final int DENY = -1;  
+   
+   /**
+    * Authorize the Resource
+    * @param resource
+    * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
+    * @throws AuthorizationException
+    */
+   public abstract int authorize(final Resource resource) throws AuthorizationException;  
+}

Added: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java	                        (rev 0)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java	2007-05-13 16:35:16 UTC (rev 63017)
@@ -0,0 +1,78 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2005, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.authorization;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+//$Id: AuthorizationModule.java 45685 2006-06-20 04:46:23Z asaldhana $
+
+/**
+ *  Represents a Policy Decision Module that is used by the
+ *  Authorization Context
+ *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ *  @since  Jun 11, 2006 
+ *  @version $Revision: 45685 $
+ */
+public interface AuthorizationModule
+{
+   /**
+    * Abort the Authorization Process
+    * @return true - abort passed, false-otherwise
+    */
+   boolean abort() throws AuthorizationException;
+   
+   /**
+    * Overall authorization process has succeeded.
+    * The module can commit any decisions it has made, with
+    * third party systems like a database.
+    * @return 
+    */
+   boolean commit() throws AuthorizationException;
+   
+   /**
+    * Initialize the module
+    * 
+    * @param subject the authenticated subject
+    * @param handler CallbackHandler
+    * @param sharedState state shared with other configured modules 
+    * @param options options specified in the Configuration 
+    *                for this particular module
+    */
+   void initialize(Subject subject, CallbackHandler handler,
+         Map sharedState, Map options);
+   
+   /**
+    * Authorize the resource
+    * @param resource
+    * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
+    */
+   int authorize(Resource resource);
+   
+   /**
+    * A final cleanup opportunity offered
+    * @return cleanup by the module passed or not
+    */
+   boolean destroy();
+}

More information about the jboss-cvs-commits mailing list