[jboss-cvs] JBossAS SVN: r71492 - in projects/security/security-jboss-sx/trunk/jbosssx/src: main/org/jboss/security/authorization/modules/web and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 31 14:00:27 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-03-31 14:00:27 -0400 (Mon, 31 Mar 2008)
New Revision: 71492
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
Log:
SECURITY-122: PolicyRegistration considers type of policy
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-03-31 17:59:36 UTC (rev 71491)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-03-31 18:00:27 UTC (rev 71492)
@@ -111,7 +111,8 @@
RequestCtx requestCtx = util.createXACMLRequest(this.ejbName,
this.ejbMethod.getName(),this.principal, callerRoles);
- Policy policy = (Policy)policyRegistration.getPolicy(policyContextID,null);
+ Policy policy = (Policy)policyRegistration.getPolicy(policyContextID,
+ PolicyRegistration.XACML, null);
if(policy == null)
{
if(trace)
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-03-31 17:59:36 UTC (rev 71491)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-03-31 18:00:27 UTC (rev 71492)
@@ -127,7 +127,8 @@
{
RequestCtx requestCtx = util.createXACMLRequest(request,callerRoles);
String contextID = PolicyContext.getContextID();
- Policy policy = (Policy)policyRegistration.getPolicy(contextID,null);
+ Policy policy = (Policy)policyRegistration.getPolicy(contextID,
+ PolicyRegistration.XACML, null);
if(policy == null)
throw new IllegalStateException("Missing xacml policy for contextid:"+contextID);
result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2008-03-31 17:59:36 UTC (rev 71491)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2008-03-31 18:00:27 UTC (rev 71492)
@@ -23,8 +23,6 @@
import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
-import java.io.InputStream;
-import java.net.URL;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.acl.Group;
@@ -57,7 +55,6 @@
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.EntitlementHolder;
-import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.callbacks.SecurityContextCallback;
import org.jboss.security.identity.Identity;
@@ -70,11 +67,7 @@
import org.jboss.security.plugins.acl.JBossACLContext;
import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
import org.jboss.util.NotImplementedException;
-import org.jboss.util.xml.DOMUtils;
-import org.w3c.dom.Element;
-import com.sun.xacml.Policy;
-
//$Id$
/**
@@ -84,12 +77,10 @@
* @version $Revision$
*/
public class JBossAuthorizationManager
-implements AuthorizationManager,PolicyRegistration
+implements AuthorizationManager
{
- private String securityDomain;
+ private String securityDomain;
- private Map<String,Policy> contextIdToPolicy = new HashMap<String,Policy>();
-
private static Logger log = Logger.getLogger(JBossAuthorizationManager.class);
protected boolean trace = log.isTraceEnabled();
@@ -248,61 +239,8 @@
return isMember;
}
-
- /**
- * @see PolicyRegistration#registerPolicy(String, URL)
- */
- public void registerPolicy(String contextID, URL location)
- {
- try
- {
- if(trace)
- log.trace("Registering policy for contextId:" +
- contextID + " and location:"+location.getPath());
- registerPolicy( contextID, location.openStream());
- }
- catch(Exception e)
- {
- log.debug("Error in registering xacml policy:",e);
- }
- }
/**
- * @see PolicyRegistration#registerPolicy(String, InputStream)
- */
- public void registerPolicy(String contextID, InputStream stream)
- {
- try
- {
- Element elm = DOMUtils.parse(stream);
- Policy policy = Policy.getInstance(elm);
- this.contextIdToPolicy.put(contextID, policy);
- }
- catch(Exception e)
- {
- log.debug("Error in registering xacml policy:",e);
- }
- }
-
- /**
- * @see PolicyRegistration#deRegisterPolicy(String)
- */
- public void deRegisterPolicy(String contextID)
- {
- this.contextIdToPolicy.remove(contextID);
- if(trace)
- log.trace("DeRegistered policy for contextId:" + contextID);
- }
-
- /**
- * @see PolicyRegistration#getPolicy(String, Map)
- */
- public Object getPolicy(String contextID, Map<String, Object> contextMap)
- {
- return this.contextIdToPolicy.get(contextID);
- }
-
- /**
*
*/
public String toString()
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java 2008-03-31 18:00:27 UTC (rev 71492)
@@ -0,0 +1,118 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.util.NotImplementedException;
+import org.jboss.util.xml.DOMUtils;
+import org.w3c.dom.Element;
+
+import com.sun.xacml.Policy;
+
+/**
+ * Default implementation of Policy Registration interface
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 31, 2008
+ * @version $Revision$
+ */
+public class JBossPolicyRegistration implements PolicyRegistration
+{
+ private static Logger log = Logger.getLogger(JBossPolicyRegistration.class);
+
+ protected boolean trace = log.isTraceEnabled();
+
+ private Map<String,Policy> contextIdToXACMLPolicy = new HashMap<String,Policy>();
+
+
+ public void deRegisterPolicy(String contextID, String type)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ this.contextIdToXACMLPolicy.remove(contextID);
+ if(trace)
+ log.trace("DeRegistered policy for contextId:" + contextID + ":type=" + type);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public <T> T getPolicy(String contextID, String type, Map<String, Object> contextMap)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ return (T) this.contextIdToXACMLPolicy.get(contextID);
+ }
+ throw new RuntimeException("Unsupported type:" + type);
+ }
+
+ /**
+ * @see PolicyRegistration#registerPolicy(String, String, URL)
+ */
+ public void registerPolicy(String contextID, String type, URL location)
+ {
+ try
+ {
+ if(trace)
+ log.trace("Registering policy for contextId:" +
+ contextID + " type: " + type +
+ "and location:" + location.getPath());
+ registerPolicy( contextID, type, location.openStream());
+ }
+ catch(Exception e)
+ {
+ log.debug("Error in registering xacml policy:",e);
+ }
+ }
+
+ /**
+ * @see PolicyRegistration#registerPolicy(String, String, InputStream)
+ */
+ public void registerPolicy(String contextID, String type, InputStream stream)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ try
+ {
+ Element elm = DOMUtils.parse(stream);
+ Policy policy = Policy.getInstance(elm);
+ this.contextIdToXACMLPolicy.put(contextID, policy);
+ }
+ catch(Exception e)
+ {
+ log.debug("Error in registering xacml policy:",e);
+ }
+ }
+ }
+
+ /**
+ * @see PolicyRegistration#registerPolicyConfigFile(String, String, InputStream)
+ */
+ public void registerPolicyConfigFile(String contextId, String type, InputStream stream)
+ {
+ throw new NotImplementedException();
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java 2008-03-31 17:59:36 UTC (rev 71491)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java 2008-03-31 18:00:27 UTC (rev 71492)
@@ -29,10 +29,10 @@
import junit.framework.TestCase;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
@@ -41,10 +41,8 @@
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-
-//$Id$
-
+import org.jboss.security.plugins.JBossPolicyRegistration;
+
/**
* XACML integration tests for the EJB Layer
* @author Anil.Saldhana at redhat.com
@@ -67,7 +65,11 @@
public void testValidEJBPolicyContextHandler() throws Exception
{
EJBXACMLPolicyModuleDelegate pc = new EJBXACMLPolicyModuleDelegate();
- EJBResource er = getEJBResource();
+
+ PolicyRegistration policyRegistration = new JBossPolicyRegistration();
+ registerPolicy(policyRegistration);
+ EJBResource er = getEJBResource(policyRegistration);
+
er.setPolicyContextID(contextID);
int res = pc.authorize(er, new Subject(), getRoleGroup());
assertEquals(AuthorizationContext.PERMIT, res);
@@ -76,7 +78,11 @@
public void testInvalidEJBPolicyContextHandler() throws Exception
{
EJBXACMLPolicyModuleDelegate pc = new EJBXACMLPolicyModuleDelegate();
- EJBResource er = getEJBResource();
+
+ PolicyRegistration policyRegistration = new JBossPolicyRegistration();
+ registerPolicy(policyRegistration);
+ EJBResource er = getEJBResource(policyRegistration);
+
er.setPolicyContextID(contextID);
er.setPrincipal(new SimplePrincipal("baduser"));
@@ -84,11 +90,10 @@
assertEquals(AuthorizationContext.DENY, res);
}
- private EJBResource getEJBResource()
+ private EJBResource getEJBResource(PolicyRegistration policyRegistration)
{
HashMap<String,Object> map = new HashMap<String,Object>();
- // map.put(ResourceKeys.SECURITY_CONTEXT_ROLES, getRoleGroup());
- map.put(ResourceKeys.POLICY_REGISTRATION, this.getAuthorizationManager());
+ map.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
EJBResource er = new EJBResource(map);
er.setEjbName("StatelessSession");
@@ -97,58 +102,23 @@
return er;
}
- private AuthorizationManager getAuthorizationManager()
+ private void registerPolicy(PolicyRegistration policyRegistration)
{
String xacmlPolicyFile = "authorization/xacml/jboss-xacml-ejb-policy.xml";
- JBossAuthorizationManager jam = new JBossAuthorizationManager("other");
ClassLoader cl = Thread.currentThread().getContextClassLoader();
InputStream is = cl.getResourceAsStream(xacmlPolicyFile);
if(is == null)
throw new RuntimeException("Input stream is null");
- jam.registerPolicy(contextID, is);
- return jam;
- }
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, is);
+ }
private RoleGroup getRoleGroup()
{
SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
srg.getRoles().add(new SimpleRole("ProjectUser"));
return srg;
- }
+ }
- /*private Group getRoleGroup()
- {
- Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- gp.addMember(new SimplePrincipal("ProjectUser"));
- return gp;
- }
-
- private void setSecurityContext()
- {
- Subject subj = new Subject();
- SecurityActions.addPrincipalToSubject(subj, p);
- subj.getPrincipals().add(p);
- SecurityContext sc = null;
- try
- {
- sc = SecurityContextFactory.createSecurityContext("other");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- sc.getUtil().createSubjectInfo(p, "cred", subj);
- sc.getUtil().setRoles(getRoleGroup());
- SecurityContextAssociation.setSecurityContext(sc);
- }
-
- private void setUpPolicyContext() throws Exception
- {
- PolicyContext.setContextID(contextID);
- PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
- new SubjectPolicyContextHandler(), true);
- }*/
-
private void setSecurityConfiguration() throws Exception
{
SecurityConfiguration.addApplicationPolicy(new ApplicationPolicy("other"));
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-03-31 17:59:36 UTC (rev 71491)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-03-31 18:00:27 UTC (rev 71492)
@@ -31,12 +31,13 @@
import junit.framework.TestCase;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate;
import org.jboss.security.authorization.resources.WebResource;
@@ -46,12 +47,10 @@
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.plugins.JBossPolicyRegistration;
import org.jboss.test.SecurityActions;
import org.jboss.test.util.TestHttpServletRequest;
-//$Id$
/**
* XACML integration tests for the Web Layer
@@ -76,7 +75,11 @@
public void testValidWebPolicyContextHandler() throws Exception
{
WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
- WebResource er = getResource();
+
+ PolicyRegistration policyRegistration = new JBossPolicyRegistration();
+ registerPolicy(policyRegistration);
+ WebResource er = getResource(policyRegistration);
+
er.setServletRequest(new TestHttpServletRequest(p, uri, "GET"));
assertEquals(AuthorizationContext.PERMIT,
pc.authorize(er, getSubject(), getRoleGroup()));
@@ -92,7 +95,11 @@
public void testInvalidWebPolicyContextHandler() throws Exception
{
WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
- WebResource er = getResource();
+
+ PolicyRegistration policyRegistration = new JBossPolicyRegistration();
+ registerPolicy(policyRegistration);
+ WebResource er = getResource(policyRegistration);
+
Principal principal = new SimplePrincipal("Notjduke");
HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
//Now change the ejb principal
@@ -101,25 +108,22 @@
pc.authorize(er, getSubject(), getRoleGroup()));
}
- private WebResource getResource()
+ private WebResource getResource(PolicyRegistration policyRegistration)
{
HashMap<String,Object> map = new HashMap<String,Object>();
// map.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p, uri, "GET"));
- map.put(ResourceKeys.POLICY_REGISTRATION, this.getAuthorizationManager());
-
+ map.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
return new WebResource(map);
}
- private AuthorizationManager getAuthorizationManager()
+ private void registerPolicy(PolicyRegistration policyRegistration)
{
String xacmlPolicyFile = "authorization/xacml/jboss-xacml-web-policy.xml";
- JBossAuthorizationManager jam = new JBossAuthorizationManager("other");
ClassLoader cl = Thread.currentThread().getContextClassLoader();
InputStream is = cl.getResourceAsStream(xacmlPolicyFile);
if(is == null)
throw new RuntimeException("Input stream is null");
- jam.registerPolicy(contextID, is);
- return jam;
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, is);
}
private RoleGroup getRoleGroup()
More information about the jboss-cvs-commits
mailing list