JBoss Identity SVN: r1109 - in authz/trunk/portal-profile/src: test/java/org/jboss/security/authz/portal/provisioning and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-22 14:36:21 -0500 (Fri, 22 Jan 2010)
New Revision: 1109
Modified:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
Log:
some cleanup
Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-20 01:06:02 UTC (rev 1108)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-22 19:36:21 UTC (rev 1109)
@@ -1,24 +1,24 @@
/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authz.portal.configuration;
import java.io.ByteArrayInputStream;
@@ -57,7 +57,8 @@
import org.jboss.security.authz.portal.component.action.HelpMode;
/**
- * Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML
+ * Used to configure Security Policies for a Portal Object Tree using Easy
+ * Domain specific XML
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -76,14 +77,16 @@
{
this.policyComposer = policyComposer;
}
-
+
public PortletPolicyConfig()
{
-
- }
- //-----PolicyConfig Implementation--------------------------------------------------------------------------------------------------------------------------
- public Set<PolicyMetaData> configure(String easyDomainXml)
- {
+
+ }
+
+ // -----PolicyConfig
+ // Implementation--------------------------------------------------------------------------------------------------------------------------
+ public Set<PolicyMetaData> configure(String easyDomainXml)
+ {
InputStream xmlStream = null;
try
{
@@ -93,14 +96,14 @@
DocumentBuilder builder = DocumentBuilderFactory.newInstance()
.newDocumentBuilder();
Document document = builder.parse(xmlStream);
-
+
NodeList securityConstraints = document
.getElementsByTagName("security-constraint");
Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>();
for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
{
Element securityConstraint = (Element) securityConstraints.item(i);
-
+
// Parse out information related to access control based on user roles
NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
Roles allowRoles = new Roles();
@@ -134,8 +137,7 @@
}
}
}
-
-
+
// Parse out the resources and actions upon which the Policies must be
// created
Element portletResourceCollection = (Element) securityConstraint
@@ -149,70 +151,71 @@
// SetUp the Portlet Resource
PortletResource policyResource = new PortletResource();
Element portletResource = (Element) resources.item(j);
- Element portletName = (Element) portletResource.getElementsByTagName(
- "portlet-name").item(0);
+ Element portletName = (Element) portletResource
+ .getElementsByTagName("portlet-name").item(0);
- policyResource.setUri(new URI(portletName.getTextContent().trim()));
-
+ policyResource.setUri(new URI(portletName.getTextContent().trim()));
+
this.parseParameters(policyResource, portletResource);
// Setup the Action Targets to be secured on this resource
List<Operation> secureModes = this
.parseSecureModes(portletResource);
- if (secureModes != null && !secureModes.isEmpty())
+ // SetUp Policy Composition Context
+ CompositionContext context = windowPolicyContexts
+ .get(policyResource.getUri().toString());
+
+ if (context == null)
{
- // SetUp Policy Composition Context
- CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString());
-
- if(context == null)
+ context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ }
+
+ for (Operation secureMode : secureModes)
+ {
+ //Add Role-Based (RBAC) rules here
+ if (!allowRoles.isEmpty())
{
- context = new CompositionContext();
- context.setPolicyTarget(policyResource);
+ context.addPolicyRule(Effect.PERMIT, secureMode, allowRoles,
+ "allowExpression");
}
-
- for (Operation secureMode : secureModes)
+
+ if (!denyRoles.isEmpty())
{
- if (!allowRoles.isEmpty())
- {
- context.addPolicyRule(Effect.PERMIT, secureMode,
- allowRoles, "allowExpression");
- }
-
- if (!denyRoles.isEmpty())
- {
- context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
- "denyExpression");
- }
+ context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
+ "denyExpression");
}
- if(!policyResource.getUri().toString().startsWith("/window"))
- {
- // Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer
+ //TODO: Add Time based rules here
+ }
+
+ if (!policyResource.getUri().toString().startsWith("/window"))
+ {
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
.compose(context);
- policies.add(policyMetaData);
- }
- else
- {
- windowPolicyContexts.put(policyResource.getUri().toString(), context);
- }
+ policies.add(policyMetaData);
}
+ else
+ {
+ windowPolicyContexts.put(policyResource.getUri().toString(),
+ context);
+ }
}
}
}
-
- if(!windowPolicyContexts.isEmpty())
+
+ if (!windowPolicyContexts.isEmpty())
{
Collection<CompositionContext> contexts = windowPolicyContexts.values();
- for(CompositionContext context: contexts)
+ for (CompositionContext context : contexts)
{
- PolicyMetaData policyMetaData = this.policyComposer
- .compose(context);
- policies.add(policyMetaData);
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ policies.add(policyMetaData);
}
}
-
+
return policies;
}
catch (Exception e)
@@ -235,9 +238,10 @@
}
}
}
- //---------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void parseParameters(PortletResource policyResource, Element portletResourceElem)
- throws Exception
+
+ // ---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void parseParameters(PortletResource policyResource,
+ Element portletResourceElem) throws Exception
{
// Process Parameters
Element parameters = (Element) portletResourceElem.getElementsByTagName(
@@ -259,14 +263,14 @@
}
}
}
-
+
private List<Operation> parseSecureModes(Element portletResource)
throws Exception
{
List<Operation> secureModes = new ArrayList<Operation>();
NodeList modes = portletResource.getElementsByTagName("mode");
- if (modes != null && modes.getLength()>0)
+ if (modes != null && modes.getLength() > 0)
{
for (int i = 0; i < modes.getLength(); i++)
{
@@ -296,7 +300,7 @@
{
secureModes.add(new ViewMode());
}
-
+
return secureModes;
}
}
Modified: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-20 01:06:02 UTC (rev 1108)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-22 19:36:21 UTC (rev 1109)
@@ -196,7 +196,7 @@
EnforcementContext context = new EnforcementContext();
// Resource being accessed
- context.setAttribute("portlet-resource", protectedResource);
+ context.setAttribute("resource", protectedResource);
// Create Subjects
Roles roles = new Roles();
@@ -209,11 +209,11 @@
// Action being performed
if(actionComponent != null)
{
- context.setAttribute("portlet-mode", actionComponent);
+ context.setAttribute("mode", actionComponent);
}
else
{
- context.setAttribute("portlet-mode", new ViewMode());
+ context.setAttribute("mode", new ViewMode());
}
return context;
14 years, 3 months
JBoss Identity SVN: r1108 - authz/trunk.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 20:06:02 -0500 (Tue, 19 Jan 2010)
New Revision: 1108
Modified:
authz/trunk/pom.xml
Log:
refactoring
Modified: authz/trunk/pom.xml
===================================================================
--- authz/trunk/pom.xml 2010-01-20 00:57:26 UTC (rev 1107)
+++ authz/trunk/pom.xml 2010-01-20 01:06:02 UTC (rev 1108)
@@ -15,10 +15,10 @@
<module>core-components</module>
<module>agent</module>
<module>policy-server</module>
- <module>samples</module>
+ <module>samples</module>
+ <module>portal-profile</module>
<!--
<module>http-profile</module>
- <module>portal-profile</module>
-->
</modules>
14 years, 3 months
JBoss Identity SVN: r1107 - in authz/trunk/portal-profile/src: test/java/org/jboss/security/authz/portal/provisioning and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 19:57:26 -0500 (Tue, 19 Jan 2010)
New Revision: 1107
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
Removed:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
Log:
refactoring
Deleted: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20 00:47:19 UTC (rev 1106)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107)
@@ -1,302 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authz.portal.configuration;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Collection;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.log4j.Logger;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-import org.jboss.security.authz.components.action.Operation;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-
-import org.jboss.security.authz.portal.component.resource.PortletResource;
-import org.jboss.security.authz.portal.component.action.ViewMode;
-import org.jboss.security.authz.portal.component.action.AdminMode;
-import org.jboss.security.authz.portal.component.action.EditMode;
-import org.jboss.security.authz.portal.component.action.HelpMode;
-
-/**
- * Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class PortalObjectPolicyConfig implements PolicyConfig
-{
- private static Logger log = Logger.getLogger(PortalObjectPolicyConfig.class);
-
- private PolicyComposer policyComposer;
-
- public PolicyComposer getPolicyComposer()
- {
- return policyComposer;
- }
-
- public void setPolicyComposer(PolicyComposer policyComposer)
- {
- this.policyComposer = policyComposer;
- }
-
- public PortalObjectPolicyConfig()
- {
-
- }
- //-----PolicyConfig Implementation--------------------------------------------------------------------------------------------------------------------------
- public Set<PolicyMetaData> configure(String easyDomainXml)
- {
- InputStream xmlStream = null;
- try
- {
- Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
-
- xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
- DocumentBuilder builder = DocumentBuilderFactory.newInstance()
- .newDocumentBuilder();
- Document document = builder.parse(xmlStream);
-
- NodeList securityConstraints = document
- .getElementsByTagName("security-constraint");
- Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>();
- for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
- {
- Element securityConstraint = (Element) securityConstraints.item(i);
-
- // Parse out information related to access control based on user roles
- NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
- Roles allowRoles = new Roles();
- Roles denyRoles = new Roles();
- if (roleNodes != null)
- {
- for (int j = 0; j < roleNodes.getLength(); j++)
- {
- boolean allow = true;
- Element roles = (Element) roleNodes.item(j);
-
- allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
-
- NodeList roleNames = roles.getElementsByTagName("role-name");
- if (roleNames != null)
- {
- for (int k = 0; k < roleNames.getLength(); k++)
- {
- Element roleName = (Element) roleNames.item(k);
- String role = roleName.getTextContent().trim();
-
- if (allow)
- {
- allowRoles.addName(role);
- }
- else
- {
- denyRoles.addName(role);
- }
- }
- }
- }
- }
-
-
- // Parse out the resources and actions upon which the Policies must be
- // created
- Element portletResourceCollection = (Element) securityConstraint
- .getElementsByTagName("portlet-resource-collection").item(0);
- NodeList resources = portletResourceCollection
- .getElementsByTagName("portlet-resource");
- if (resources != null)
- {
- for (int j = 0; j < resources.getLength(); j++)
- {
- // SetUp the Portlet Resource
- PortletResource policyResource = new PortletResource();
- Element portletResource = (Element) resources.item(j);
- Element portletName = (Element) portletResource.getElementsByTagName(
- "portlet-name").item(0);
-
- policyResource.setUri(new URI(portletName.getTextContent().trim()));
-
- this.parseParameters(policyResource, portletResource);
-
- // Setup the Action Targets to be secured on this resource
- List<Operation> secureModes = this
- .parseSecureModes(portletResource);
-
- if (secureModes != null && !secureModes.isEmpty())
- {
- // SetUp Policy Composition Context
- CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString());
-
- if(context == null)
- {
- context = new CompositionContext();
- context.setPolicyTarget(policyResource);
- }
-
- for (Operation secureMode : secureModes)
- {
- if (!allowRoles.isEmpty())
- {
- context.addPolicyRule(Effect.PERMIT, secureMode,
- allowRoles, "allowExpression");
- }
-
- if (!denyRoles.isEmpty())
- {
- context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
- "denyExpression");
- }
- }
-
- if(!policyResource.getUri().toString().startsWith("/window"))
- {
- // Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer
- .compose(context);
- policies.add(policyMetaData);
- }
- else
- {
- windowPolicyContexts.put(policyResource.getUri().toString(), context);
- }
- }
- }
- }
- }
-
- if(!windowPolicyContexts.isEmpty())
- {
- Collection<CompositionContext> contexts = windowPolicyContexts.values();
- for(CompositionContext context: contexts)
- {
- PolicyMetaData policyMetaData = this.policyComposer
- .compose(context);
- policies.add(policyMetaData);
- }
- }
-
- return policies;
- }
- catch (Exception e)
- {
- log.error(this, e);
- throw new RuntimeException(e);
- }
- finally
- {
- try
- {
- if (xmlStream != null)
- {
- xmlStream.close();
- }
- }
- catch (IOException ioe)
- {
- log.warn(this, ioe);
- }
- }
- }
- //---------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void parseParameters(PortletResource policyResource, Element portletResourceElem)
- throws Exception
- {
- // Process Parameters
- Element parameters = (Element) portletResourceElem.getElementsByTagName(
- "request-parameters").item(0);
- if (parameters != null)
- {
- NodeList params = parameters.getElementsByTagName("parameter");
- if (params != null)
- {
- for (int i = 0, length = params.getLength(); i < length; i++)
- {
- Element parameter = (Element) params.item(i);
-
- String name = parameter.getAttribute("name").trim();
- String value = parameter.getTextContent().trim();
-
- policyResource.addParameter(name, value);
- }
- }
- }
- }
-
- private List<Operation> parseSecureModes(Element portletResource)
- throws Exception
- {
- List<Operation> secureModes = new ArrayList<Operation>();
-
- NodeList modes = portletResource.getElementsByTagName("mode");
- if (modes != null && modes.getLength()>0)
- {
- for (int i = 0; i < modes.getLength(); i++)
- {
- Element modeElem = (Element) modes.item(i);
-
- String mode = modeElem.getTextContent();
-
- if (mode.equalsIgnoreCase("view"))
- {
- secureModes.add(new ViewMode());
- }
- else if (mode.equalsIgnoreCase("edit"))
- {
- secureModes.add(new EditMode());
- }
- else if (mode.equalsIgnoreCase("admin"))
- {
- secureModes.add(new AdminMode());
- }
- else if (mode.equalsIgnoreCase("help"))
- {
- secureModes.add(new HelpMode());
- }
- }
- }
- else
- {
- secureModes.add(new ViewMode());
- }
-
- return secureModes;
- }
-}
Copied: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java (from rev 1106, authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java)
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java (rev 0)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107)
@@ -0,0 +1,302 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.configuration;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Collection;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.log4j.Logger;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+import org.jboss.security.authz.components.action.Operation;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.policy.server.spi.PolicyConfig;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+
+/**
+ * Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class PortletPolicyConfig implements PolicyConfig
+{
+ private static Logger log = Logger.getLogger(PortletPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+
+ public PolicyComposer getPolicyComposer()
+ {
+ return policyComposer;
+ }
+
+ public void setPolicyComposer(PolicyComposer policyComposer)
+ {
+ this.policyComposer = policyComposer;
+ }
+
+ public PortletPolicyConfig()
+ {
+
+ }
+ //-----PolicyConfig Implementation--------------------------------------------------------------------------------------------------------------------------
+ public Set<PolicyMetaData> configure(String easyDomainXml)
+ {
+ InputStream xmlStream = null;
+ try
+ {
+ Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
+
+ xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder();
+ Document document = builder.parse(xmlStream);
+
+ NodeList securityConstraints = document
+ .getElementsByTagName("security-constraint");
+ Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>();
+ for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
+ {
+ Element securityConstraint = (Element) securityConstraints.item(i);
+
+ // Parse out information related to access control based on user roles
+ NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
+ Roles allowRoles = new Roles();
+ Roles denyRoles = new Roles();
+ if (roleNodes != null)
+ {
+ for (int j = 0; j < roleNodes.getLength(); j++)
+ {
+ boolean allow = true;
+ Element roles = (Element) roleNodes.item(j);
+
+ allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
+
+ NodeList roleNames = roles.getElementsByTagName("role-name");
+ if (roleNames != null)
+ {
+ for (int k = 0; k < roleNames.getLength(); k++)
+ {
+ Element roleName = (Element) roleNames.item(k);
+ String role = roleName.getTextContent().trim();
+
+ if (allow)
+ {
+ allowRoles.addName(role);
+ }
+ else
+ {
+ denyRoles.addName(role);
+ }
+ }
+ }
+ }
+ }
+
+
+ // Parse out the resources and actions upon which the Policies must be
+ // created
+ Element portletResourceCollection = (Element) securityConstraint
+ .getElementsByTagName("portlet-resource-collection").item(0);
+ NodeList resources = portletResourceCollection
+ .getElementsByTagName("portlet-resource");
+ if (resources != null)
+ {
+ for (int j = 0; j < resources.getLength(); j++)
+ {
+ // SetUp the Portlet Resource
+ PortletResource policyResource = new PortletResource();
+ Element portletResource = (Element) resources.item(j);
+ Element portletName = (Element) portletResource.getElementsByTagName(
+ "portlet-name").item(0);
+
+ policyResource.setUri(new URI(portletName.getTextContent().trim()));
+
+ this.parseParameters(policyResource, portletResource);
+
+ // Setup the Action Targets to be secured on this resource
+ List<Operation> secureModes = this
+ .parseSecureModes(portletResource);
+
+ if (secureModes != null && !secureModes.isEmpty())
+ {
+ // SetUp Policy Composition Context
+ CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString());
+
+ if(context == null)
+ {
+ context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ }
+
+ for (Operation secureMode : secureModes)
+ {
+ if (!allowRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, secureMode,
+ allowRoles, "allowExpression");
+ }
+
+ if (!denyRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
+ "denyExpression");
+ }
+ }
+
+ if(!policyResource.getUri().toString().startsWith("/window"))
+ {
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ else
+ {
+ windowPolicyContexts.put(policyResource.getUri().toString(), context);
+ }
+ }
+ }
+ }
+ }
+
+ if(!windowPolicyContexts.isEmpty())
+ {
+ Collection<CompositionContext> contexts = windowPolicyContexts.values();
+ for(CompositionContext context: contexts)
+ {
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ }
+
+ return policies;
+ }
+ catch (Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ try
+ {
+ if (xmlStream != null)
+ {
+ xmlStream.close();
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.warn(this, ioe);
+ }
+ }
+ }
+ //---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void parseParameters(PortletResource policyResource, Element portletResourceElem)
+ throws Exception
+ {
+ // Process Parameters
+ Element parameters = (Element) portletResourceElem.getElementsByTagName(
+ "request-parameters").item(0);
+ if (parameters != null)
+ {
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if (params != null)
+ {
+ for (int i = 0, length = params.getLength(); i < length; i++)
+ {
+ Element parameter = (Element) params.item(i);
+
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
+
+ policyResource.addParameter(name, value);
+ }
+ }
+ }
+ }
+
+ private List<Operation> parseSecureModes(Element portletResource)
+ throws Exception
+ {
+ List<Operation> secureModes = new ArrayList<Operation>();
+
+ NodeList modes = portletResource.getElementsByTagName("mode");
+ if (modes != null && modes.getLength()>0)
+ {
+ for (int i = 0; i < modes.getLength(); i++)
+ {
+ Element modeElem = (Element) modes.item(i);
+
+ String mode = modeElem.getTextContent();
+
+ if (mode.equalsIgnoreCase("view"))
+ {
+ secureModes.add(new ViewMode());
+ }
+ else if (mode.equalsIgnoreCase("edit"))
+ {
+ secureModes.add(new EditMode());
+ }
+ else if (mode.equalsIgnoreCase("admin"))
+ {
+ secureModes.add(new AdminMode());
+ }
+ else if (mode.equalsIgnoreCase("help"))
+ {
+ secureModes.add(new HelpMode());
+ }
+ }
+ }
+ else
+ {
+ secureModes.add(new ViewMode());
+ }
+
+ return secureModes;
+ }
+}
Property changes on: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java
___________________________________________________________________
Name: svn:mergeinfo
+
Deleted: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20 00:47:19 UTC (rev 1106)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107)
@@ -1,221 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.portal.provisioning;
-
-import java.util.Set;
-import java.io.InputStream;
-import java.net.URI;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-
-import org.jboss.security.authz.portal.component.resource.PortletResource;
-import org.jboss.security.authz.portal.component.action.ViewMode;
-import org.jboss.security.authz.portal.component.action.EditMode;
-import org.jboss.security.authz.portal.component.action.HelpMode;
-import org.jboss.security.authz.portal.component.action.AdminMode;
-import org.jboss.security.authz.portal.configuration.PortalObjectPolicyConfig;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class TestPortalObjectPolicyConfig extends TestCase
-{
- private static Logger log = Logger
- .getLogger(TestPortalObjectPolicyConfig.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- public void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.policyComposer = (PolicyComposer) ServiceContainer
- .lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint) ServiceContainer
- .lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner) ServiceContainer
- .lookup("/agent/LocalPolicyProvisioner");
-
- PolicyConfig config = new PortalObjectPolicyConfig();
- ((PortalObjectPolicyConfig) config).setPolicyComposer(this.policyComposer);
-
- InputStream is = Thread.currentThread().getContextClassLoader()
- .getResourceAsStream("portal-policy.xml");
-
- Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is));
-
- assertNotNull(metadata);
-
- for (PolicyMetaData policyMetaData : metadata)
- {
- this.provisioner.deploy(policyMetaData);
- }
-
- is.close();
-
- // Assert Policy State of the Server
- Set<Policy> policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", policies != null
- && !policies.isEmpty());
- for (Policy policy : policies)
- {
- log
- .info("------------------------------------------------------------------------------");
- log.info(policy.generateSystemPolicy());
- }
- }
-
- // -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testContentSecurity() throws Exception
- {
- PortletResource r1 = new PortletResource();
- r1.setUri(new URI("/content/forums"));
- r1.addParameter("topicId", "1234");
- r1.addParameter("blah", "blahblah");
-
- PortletResource r2 = new PortletResource();
- r2.setUri(new URI("/content/forums"));
- r2.addParameter("topicId", "5678");
- r2.addParameter("blah", "blahblah");
-
- PortletResource r3 = new PortletResource();
- r3.setUri(new URI("/content/forums"));
- r3.addParameter("topicId", "9999");
- r3.addParameter("blah", "blahblah");
-
- //Testing Employees access
- this.enforce(this.createEnforcementContext(r1, new String[]{"employees", "authenticated", "marketing"}, null), true);
- this.enforce(this.createEnforcementContext(r2, new String[]{"employees", "authenticated", "marketing"}, null), true);
- this.enforce(this.createEnforcementContext(r3, new String[]{"employees", "authenticated", "marketing"}, null), false);
-
- //Testing Partners access
- this.enforce(this.createEnforcementContext(r1, new String[]{"partners", "authenticated", "insurance-company"}, null), true);
- this.enforce(this.createEnforcementContext(r2, new String[]{"partners", "authenticated", "insurance-company"}, null), true);
- this.enforce(this.createEnforcementContext(r3, new String[]{"partners", "authenticated", "insurance-company"}, null), false);
-
- //Testing Anonymous access
- this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"}, null), false);
- this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"}, null), false);
- this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"}, null), false);
-
- //Testing Authenticated but not an Employee or a Partner
- this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated", "community"}, null), false);
- this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated", "community"}, null), false);
- this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated", "community"}, null), false);
- }
-
- public void testWindowSecurity() throws Exception
- {
- PortletResource window = new PortletResource();
- window.setUri(new URI("/window/forums"));
-
- //Testing Anonymous user's access to the window
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new ViewMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new EditMode()), false);
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new HelpMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new AdminMode()), false);
-
- //Testing Authenticated user's access to the window
- this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new ViewMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new EditMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new HelpMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new AdminMode()), false);
-
- //Testing Admin user's access to the window
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new ViewMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new EditMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new HelpMode()), true);
- this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new AdminMode()), true);
- }
- // -------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(EnforcementContext enforcementContext,
- boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer
- .checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision=" + response.getMessage());
-
- if (mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(
- PortletResource protectedResource, String[] userRoles, Object actionComponent)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Resource being accessed
- context.setAttribute("portlet-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- for (int i = 0; i < userRoles.length; i++)
- {
- roles.addName(userRoles[i]);
- }
- context.setAttribute("roles", roles);
-
- // Action being performed
- if(actionComponent != null)
- {
- context.setAttribute("portlet-mode", actionComponent);
- }
- else
- {
- context.setAttribute("portlet-mode", new ViewMode());
- }
-
- return context;
- }
-}
Copied: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java (from rev 1106, authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java)
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java (rev 0)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-20 00:57:26 UTC (rev 1107)
@@ -0,0 +1,221 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.provisioning;
+
+import java.util.Set;
+import java.io.InputStream;
+import java.net.URI;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.policy.server.spi.PolicyConfig;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.configuration.PortletPolicyConfig;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestPortletPolicyConfig extends TestCase
+{
+ private static Logger log = Logger
+ .getLogger(TestPortletPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+ private PolicyEnforcementPoint enforcer;
+ private PolicyProvisioner provisioner;
+
+ public void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+
+ this.policyComposer = (PolicyComposer) ServiceContainer
+ .lookup("/agent/PolicyComposer");
+ this.enforcer = (PolicyEnforcementPoint) ServiceContainer
+ .lookup("/agent/LocalEnforcementPoint");
+ this.provisioner = (PolicyProvisioner) ServiceContainer
+ .lookup("/agent/LocalPolicyProvisioner");
+
+ PolicyConfig config = new PortletPolicyConfig();
+ ((PortletPolicyConfig) config).setPolicyComposer(this.policyComposer);
+
+ InputStream is = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream("portal-policy.xml");
+
+ Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is));
+
+ assertNotNull(metadata);
+
+ for (PolicyMetaData policyMetaData : metadata)
+ {
+ this.provisioner.deploy(policyMetaData);
+ }
+
+ is.close();
+
+ // Assert Policy State of the Server
+ Set<Policy> policies = this.provisioner.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", policies != null
+ && !policies.isEmpty());
+ for (Policy policy : policies)
+ {
+ log
+ .info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+ }
+
+ // -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testContentSecurity() throws Exception
+ {
+ PortletResource r1 = new PortletResource();
+ r1.setUri(new URI("/content/forums"));
+ r1.addParameter("topicId", "1234");
+ r1.addParameter("blah", "blahblah");
+
+ PortletResource r2 = new PortletResource();
+ r2.setUri(new URI("/content/forums"));
+ r2.addParameter("topicId", "5678");
+ r2.addParameter("blah", "blahblah");
+
+ PortletResource r3 = new PortletResource();
+ r3.setUri(new URI("/content/forums"));
+ r3.addParameter("topicId", "9999");
+ r3.addParameter("blah", "blahblah");
+
+ //Testing Employees access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"employees", "authenticated", "marketing"}, null), true);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"employees", "authenticated", "marketing"}, null), true);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"employees", "authenticated", "marketing"}, null), false);
+
+ //Testing Partners access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"partners", "authenticated", "insurance-company"}, null), true);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"partners", "authenticated", "insurance-company"}, null), true);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"partners", "authenticated", "insurance-company"}, null), false);
+
+ //Testing Anonymous access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"}, null), false);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"}, null), false);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"}, null), false);
+
+ //Testing Authenticated but not an Employee or a Partner
+ this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated", "community"}, null), false);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated", "community"}, null), false);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated", "community"}, null), false);
+ }
+
+ public void testWindowSecurity() throws Exception
+ {
+ PortletResource window = new PortletResource();
+ window.setUri(new URI("/window/forums"));
+
+ //Testing Anonymous user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new EditMode()), false);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new AdminMode()), false);
+
+ //Testing Authenticated user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new AdminMode()), false);
+
+ //Testing Admin user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new AdminMode()), true);
+ }
+ // -------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(EnforcementContext enforcementContext,
+ boolean mustBePermitted) throws Exception
+ {
+ EnforcementResponse response = this.enforcer
+ .checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision=" + response.getMessage());
+
+ if (mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private EnforcementContext createEnforcementContext(
+ PortletResource protectedResource, String[] userRoles, Object actionComponent)
+ throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Resource being accessed
+ context.setAttribute("portlet-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ for (int i = 0; i < userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
+ }
+ context.setAttribute("roles", roles);
+
+ // Action being performed
+ if(actionComponent != null)
+ {
+ context.setAttribute("portlet-mode", actionComponent);
+ }
+ else
+ {
+ context.setAttribute("portlet-mode", new ViewMode());
+ }
+
+ return context;
+ }
+}
Property changes on: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java
___________________________________________________________________
Name: svn:mergeinfo
+
14 years, 3 months
JBoss Identity SVN: r1106 - in authz/trunk/portal-profile/src: test/java/org/jboss/security/authz/portal/provisioning and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 19:47:19 -0500 (Tue, 19 Jan 2010)
New Revision: 1106
Modified:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/resources/portal-policy.xml
Log:
portal-profile
* both content security and window security implemented
Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-19 22:52:20 UTC (rev 1105)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20 00:47:19 UTC (rev 1106)
@@ -29,6 +29,9 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Collection;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -93,6 +96,7 @@
NodeList securityConstraints = document
.getElementsByTagName("security-constraint");
+ Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>();
for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
{
Element securityConstraint = (Element) securityConstraints.item(i);
@@ -148,7 +152,8 @@
Element portletName = (Element) portletResource.getElementsByTagName(
"portlet-name").item(0);
- policyResource.setUri(new URI(portletName.getTextContent().trim()));
+ policyResource.setUri(new URI(portletName.getTextContent().trim()));
+
this.parseParameters(policyResource, portletResource);
// Setup the Action Targets to be secured on this resource
@@ -158,8 +163,14 @@
if (secureModes != null && !secureModes.isEmpty())
{
// SetUp Policy Composition Context
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(policyResource);
+ CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString());
+
+ if(context == null)
+ {
+ context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ }
+
for (Operation secureMode : secureModes)
{
if (!allowRoles.isEmpty())
@@ -175,15 +186,33 @@
}
}
- // Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer
+ if(!policyResource.getUri().toString().startsWith("/window"))
+ {
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
.compose(context);
- policies.add(policyMetaData);
+ policies.add(policyMetaData);
+ }
+ else
+ {
+ windowPolicyContexts.put(policyResource.getUri().toString(), context);
+ }
}
}
}
}
+ if(!windowPolicyContexts.isEmpty())
+ {
+ Collection<CompositionContext> contexts = windowPolicyContexts.values();
+ for(CompositionContext context: contexts)
+ {
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ }
+
return policies;
}
catch (Exception e)
Modified: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-19 22:52:20 UTC (rev 1105)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20 00:47:19 UTC (rev 1106)
@@ -46,6 +46,9 @@
import org.jboss.security.authz.portal.component.resource.PortletResource;
import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
import org.jboss.security.authz.portal.configuration.PortalObjectPolicyConfig;
/**
@@ -97,26 +100,26 @@
for (Policy policy : policies)
{
log
- .debug("------------------------------------------------------------------------------");
- log.debug(policy.generateSystemPolicy());
+ .info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
}
}
// -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testAppLevelSecurity() throws Exception
+ public void testContentSecurity() throws Exception
{
PortletResource r1 = new PortletResource();
- r1.setUri(new URI("forums"));
+ r1.setUri(new URI("/content/forums"));
r1.addParameter("topicId", "1234");
r1.addParameter("blah", "blahblah");
PortletResource r2 = new PortletResource();
- r2.setUri(new URI("forums"));
+ r2.setUri(new URI("/content/forums"));
r2.addParameter("topicId", "5678");
r2.addParameter("blah", "blahblah");
PortletResource r3 = new PortletResource();
- r3.setUri(new URI("forums"));
+ r3.setUri(new URI("/content/forums"));
r3.addParameter("topicId", "9999");
r3.addParameter("blah", "blahblah");
@@ -140,6 +143,30 @@
this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated", "community"}, null), false);
this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated", "community"}, null), false);
}
+
+ public void testWindowSecurity() throws Exception
+ {
+ PortletResource window = new PortletResource();
+ window.setUri(new URI("/window/forums"));
+
+ //Testing Anonymous user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new EditMode()), false);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"}, new AdminMode()), false);
+
+ //Testing Authenticated user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"authenticated"}, new AdminMode()), false);
+
+ //Testing Admin user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new AdminMode()), true);
+ }
// -------------------------------------------------------------------------------------------------------------------------------------------------
private void enforce(EnforcementContext enforcementContext,
boolean mustBePermitted) throws Exception
Modified: authz/trunk/portal-profile/src/test/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-19 22:52:20 UTC (rev 1105)
+++ authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-20 00:47:19 UTC (rev 1106)
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<portal-security>
<!--
- Demonstrates Application Level Authorization
+ Demonstrates Application Level Authorization by protecting "Content" (Topics) of a Forums Portlet
Security Rule:
The specified topics "1234 and 5678" are available only when:
@@ -11,13 +11,13 @@
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/content/forums</portlet-name>
<request-parameters>
<parameter name="topicId">1234</parameter>
</request-parameters>
</portlet-resource>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/content/forums</portlet-name>
<request-parameters>
<parameter name="topicId">5678</parameter>
</request-parameters>
@@ -37,16 +37,15 @@
</security-constraint>
<!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Demonstrates Portlet Level Authorization by protecting "Window" Modes of the Forum Portlet
Security Rule: The Forums Portlet is available in VIEW, HELP mode:
* To all users
-->
- <!--
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/window/forums</portlet-name>
<modes>
<mode>VIEW</mode>
<mode>HELP</mode>
@@ -57,22 +56,21 @@
<roles allow="true">
<role-name>anonymous</role-name>
<role-name>authenticated</role-name>
+ <role-name>admin</role-name>
</roles>
</auth-constraint>
</security-constraint>
- -->
<!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Demonstrates Portlet Level Authorization by protecting "Window" Modes of the Forums Portlet
Security Rule: The Forums Portlet is available in EDIT mode:
* To only users in "Authenticated/Non-Anonymous" state
- -->
- <!--
+ -->
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/window/forums</portlet-name>
<modes>
<mode>EDIT</mode>
</modes>
@@ -81,22 +79,21 @@
<auth-constraint>
<roles allow="true">
<role-name>authenticated</role-name>
+ <role-name>admin</role-name>
</roles>
</auth-constraint>
</security-constraint>
- -->
<!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Demonstrates Portlet Level Authorization by protecting "Window" Modes of the Forums Portlet
Security Rule: The Forums Portlet is available in ADMIN mode when:
* User is an Admin
- -->
- <!--
+ -->
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/window/forums</portlet-name>
<modes>
<mode>ADMIN</mode>
</modes>
@@ -108,7 +105,6 @@
</roles>
</auth-constraint>
</security-constraint>
- -->
<!--
Configuration for the Portal Enforcement Engine
14 years, 3 months
JBoss Identity SVN: r1105 - in authz/trunk: policy-server/src/main/resources/META-INF and 5 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 17:52:20 -0500 (Tue, 19 Jan 2010)
New Revision: 1105
Added:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/resources/portal-policy.xml.backup
Modified:
authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
authz/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/resources/portal-policy.xml
Log:
portal-profile
* first success of App level security
Modified: authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
--- authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2010-01-19 18:39:36 UTC (rev 1104)
+++ authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2010-01-19 22:52:20 UTC (rev 1105)
@@ -344,14 +344,15 @@
throw new IllegalArgumentException("Invalid Policy Structure. A Policy without any Resource Matching Rules is not Supported!!");
}
+ Policy policy = null;
for(AttributeExpression resourceMatch: policyTarget.getResourceMatches())
{
try
{
- Policy policy = this.findByResource(resourceMatch.getAttribute());
- if(policy != null)
+ policy = this.findByResource(resourceMatch.getAttribute());
+ if(policy == null)
{
- return policy;
+ return null;
}
}
catch(Throwable t)
@@ -359,6 +360,6 @@
continue;
}
}
- return null;
+ return policy;
}
}
Modified: authz/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
===================================================================
--- authz/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2010-01-19 18:39:36 UTC (rev 1104)
+++ authz/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2010-01-19 22:52:20 UTC (rev 1105)
@@ -22,7 +22,7 @@
</bean>
<bean name="/policy-server/PolicyDecisionPoint" class="org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint">
- <property name="debug">false</property>
+ <property name="debug">true</property>
</bean>
<bean name="/policy-server/PolicyStore" class="org.jboss.security.authz.policy.server.provisioning.RelationalDBPolicyStore">
Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-19 18:39:36 UTC (rev 1104)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-19 22:52:20 UTC (rev 1105)
@@ -34,7 +34,7 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@Component(
- name="portlet-uri",
+ name="portlet-resource",
type=ComponentType.TARGET,
category=ComponentCategory.RESOURCE
)
Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-19 18:39:36 UTC (rev 1104)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-19 22:52:20 UTC (rev 1105)
@@ -21,11 +21,38 @@
*/
package org.jboss.security.authz.portal.configuration;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
import java.util.Set;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.log4j.Logger;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+import org.jboss.security.authz.components.action.Operation;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+
/**
* Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML
*
@@ -33,6 +60,20 @@
*/
public class PortalObjectPolicyConfig implements PolicyConfig
{
+ private static Logger log = Logger.getLogger(PortalObjectPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+
+ public PolicyComposer getPolicyComposer()
+ {
+ return policyComposer;
+ }
+
+ public void setPolicyComposer(PolicyComposer policyComposer)
+ {
+ this.policyComposer = policyComposer;
+ }
+
public PortalObjectPolicyConfig()
{
@@ -40,7 +81,193 @@
//-----PolicyConfig Implementation--------------------------------------------------------------------------------------------------------------------------
public Set<PolicyMetaData> configure(String easyDomainXml)
{
- return null;
+ InputStream xmlStream = null;
+ try
+ {
+ Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
+
+ xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder();
+ Document document = builder.parse(xmlStream);
+
+ NodeList securityConstraints = document
+ .getElementsByTagName("security-constraint");
+ for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
+ {
+ Element securityConstraint = (Element) securityConstraints.item(i);
+
+ // Parse out information related to access control based on user roles
+ NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
+ Roles allowRoles = new Roles();
+ Roles denyRoles = new Roles();
+ if (roleNodes != null)
+ {
+ for (int j = 0; j < roleNodes.getLength(); j++)
+ {
+ boolean allow = true;
+ Element roles = (Element) roleNodes.item(j);
+
+ allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
+
+ NodeList roleNames = roles.getElementsByTagName("role-name");
+ if (roleNames != null)
+ {
+ for (int k = 0; k < roleNames.getLength(); k++)
+ {
+ Element roleName = (Element) roleNames.item(k);
+ String role = roleName.getTextContent().trim();
+
+ if (allow)
+ {
+ allowRoles.addName(role);
+ }
+ else
+ {
+ denyRoles.addName(role);
+ }
+ }
+ }
+ }
+ }
+
+
+ // Parse out the resources and actions upon which the Policies must be
+ // created
+ Element portletResourceCollection = (Element) securityConstraint
+ .getElementsByTagName("portlet-resource-collection").item(0);
+ NodeList resources = portletResourceCollection
+ .getElementsByTagName("portlet-resource");
+ if (resources != null)
+ {
+ for (int j = 0; j < resources.getLength(); j++)
+ {
+ // SetUp the Portlet Resource
+ PortletResource policyResource = new PortletResource();
+ Element portletResource = (Element) resources.item(j);
+ Element portletName = (Element) portletResource.getElementsByTagName(
+ "portlet-name").item(0);
+
+ policyResource.setUri(new URI(portletName.getTextContent().trim()));
+ this.parseParameters(policyResource, portletResource);
+
+ // Setup the Action Targets to be secured on this resource
+ List<Operation> secureModes = this
+ .parseSecureModes(portletResource);
+
+ if (secureModes != null && !secureModes.isEmpty())
+ {
+ // SetUp Policy Composition Context
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ for (Operation secureMode : secureModes)
+ {
+ if (!allowRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, secureMode,
+ allowRoles, "allowExpression");
+ }
+
+ if (!denyRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.DENY, secureMode, denyRoles,
+ "denyExpression");
+ }
+ }
+
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ }
+ }
+ }
+
+ return policies;
+ }
+ catch (Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ try
+ {
+ if (xmlStream != null)
+ {
+ xmlStream.close();
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.warn(this, ioe);
+ }
+ }
}
- //---------------------------------------------------------------------------------------------------------------------------------------------------------
+ //---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void parseParameters(PortletResource policyResource, Element portletResourceElem)
+ throws Exception
+ {
+ // Process Parameters
+ Element parameters = (Element) portletResourceElem.getElementsByTagName(
+ "request-parameters").item(0);
+ if (parameters != null)
+ {
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if (params != null)
+ {
+ for (int i = 0, length = params.getLength(); i < length; i++)
+ {
+ Element parameter = (Element) params.item(i);
+
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
+
+ policyResource.addParameter(name, value);
+ }
+ }
+ }
+ }
+
+ private List<Operation> parseSecureModes(Element portletResource)
+ throws Exception
+ {
+ List<Operation> secureModes = new ArrayList<Operation>();
+
+ NodeList modes = portletResource.getElementsByTagName("mode");
+ if (modes != null && modes.getLength()>0)
+ {
+ for (int i = 0; i < modes.getLength(); i++)
+ {
+ Element modeElem = (Element) modes.item(i);
+
+ String mode = modeElem.getTextContent();
+
+ if (mode.equalsIgnoreCase("view"))
+ {
+ secureModes.add(new ViewMode());
+ }
+ else if (mode.equalsIgnoreCase("edit"))
+ {
+ secureModes.add(new EditMode());
+ }
+ else if (mode.equalsIgnoreCase("admin"))
+ {
+ secureModes.add(new AdminMode());
+ }
+ else if (mode.equalsIgnoreCase("help"))
+ {
+ secureModes.add(new HelpMode());
+ }
+ }
+ }
+ else
+ {
+ secureModes.add(new ViewMode());
+ }
+
+ return secureModes;
+ }
}
Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java (rev 0)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-19 22:52:20 UTC (rev 1105)
@@ -0,0 +1,194 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.provisioning;
+
+import java.util.Set;
+import java.io.InputStream;
+import java.net.URI;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.policy.server.spi.PolicyConfig;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.configuration.PortalObjectPolicyConfig;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestPortalObjectPolicyConfig extends TestCase
+{
+ private static Logger log = Logger
+ .getLogger(TestPortalObjectPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+ private PolicyEnforcementPoint enforcer;
+ private PolicyProvisioner provisioner;
+
+ public void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+
+ this.policyComposer = (PolicyComposer) ServiceContainer
+ .lookup("/agent/PolicyComposer");
+ this.enforcer = (PolicyEnforcementPoint) ServiceContainer
+ .lookup("/agent/LocalEnforcementPoint");
+ this.provisioner = (PolicyProvisioner) ServiceContainer
+ .lookup("/agent/LocalPolicyProvisioner");
+
+ PolicyConfig config = new PortalObjectPolicyConfig();
+ ((PortalObjectPolicyConfig) config).setPolicyComposer(this.policyComposer);
+
+ InputStream is = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream("portal-policy.xml");
+
+ Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is));
+
+ assertNotNull(metadata);
+
+ for (PolicyMetaData policyMetaData : metadata)
+ {
+ this.provisioner.deploy(policyMetaData);
+ }
+
+ is.close();
+
+ // Assert Policy State of the Server
+ Set<Policy> policies = this.provisioner.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", policies != null
+ && !policies.isEmpty());
+ for (Policy policy : policies)
+ {
+ log
+ .debug("------------------------------------------------------------------------------");
+ log.debug(policy.generateSystemPolicy());
+ }
+ }
+
+ // -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAppLevelSecurity() throws Exception
+ {
+ PortletResource r1 = new PortletResource();
+ r1.setUri(new URI("forums"));
+ r1.addParameter("topicId", "1234");
+ r1.addParameter("blah", "blahblah");
+
+ PortletResource r2 = new PortletResource();
+ r2.setUri(new URI("forums"));
+ r2.addParameter("topicId", "5678");
+ r2.addParameter("blah", "blahblah");
+
+ PortletResource r3 = new PortletResource();
+ r3.setUri(new URI("forums"));
+ r3.addParameter("topicId", "9999");
+ r3.addParameter("blah", "blahblah");
+
+ //Testing Employees access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"employees", "authenticated", "marketing"}, null), true);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"employees", "authenticated", "marketing"}, null), true);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"employees", "authenticated", "marketing"}, null), false);
+
+ //Testing Partners access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"partners", "authenticated", "insurance-company"}, null), true);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"partners", "authenticated", "insurance-company"}, null), true);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"partners", "authenticated", "insurance-company"}, null), false);
+
+ //Testing Anonymous access
+ this.enforce(this.createEnforcementContext(r1, new String[]{"anonymous"}, null), false);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"anonymous"}, null), false);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"anonymous"}, null), false);
+
+ //Testing Authenticated but not an Employee or a Partner
+ this.enforce(this.createEnforcementContext(r1, new String[]{"authenticated", "community"}, null), false);
+ this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated", "community"}, null), false);
+ this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated", "community"}, null), false);
+ }
+ // -------------------------------------------------------------------------------------------------------------------------------------------------
+ private void enforce(EnforcementContext enforcementContext,
+ boolean mustBePermitted) throws Exception
+ {
+ EnforcementResponse response = this.enforcer
+ .checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision=" + response.getMessage());
+
+ if (mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ private EnforcementContext createEnforcementContext(
+ PortletResource protectedResource, String[] userRoles, Object actionComponent)
+ throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Resource being accessed
+ context.setAttribute("portlet-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ for (int i = 0; i < userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
+ }
+ context.setAttribute("roles", roles);
+
+ // Action being performed
+ if(actionComponent != null)
+ {
+ context.setAttribute("portlet-mode", actionComponent);
+ }
+ else
+ {
+ context.setAttribute("portlet-mode", new ViewMode());
+ }
+
+ return context;
+ }
+}
Modified: authz/trunk/portal-profile/src/test/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-19 18:39:36 UTC (rev 1104)
+++ authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-19 22:52:20 UTC (rev 1105)
@@ -6,131 +6,109 @@
Security Rule:
The specified topics "1234 and 5678" are available only when:
* User is an Employee or a Partner
- * Time of Access falls between the specified range
+ * Time of Access is after 5:00 pm
-->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">1234</parameter>
- </request-parameters>
- </portlet-resource>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">5678</parameter>
- </request-parameters>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>employees</role-name>
- <role-name>partners</role-name>
- </roles>
- </auth-constraint>
- <!--
- <auth-constraint>
- <ip-address allow="true">
- <ip-range>
- <address-from></address-from>
- <address-to></address-to>
- </ip-range>
- </ip-address>
- </auth-constraint>
- -->
- <!--
- <auth-constraint>
- <time allow="true">
- <from></from>
- <to></to>
- </time>
- </auth-constraint>
- -->
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Application Level Authorization
-
- Security Rule:
- The specified topics "1111 and 2222" are available only when:
- * User is 18 years or older
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">1111</parameter>
- </request-parameters>
- </portlet-resource>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">2222</parameter>
- </request-parameters>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <preferences allow="true">
- <preference name="age">>=18</preference>
- </preferences>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
+ <security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1234</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">5678</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>employees</role-name>
+ <role-name>partners</role-name>
+ </roles>
+ </auth-constraint>
+ <auth-constraint>
+ <time allow="true">
+ <after>17:00</after>
+ </time>
+ </auth-constraint>
+ </security-constraint>
<!--
Demonstrates Portlet Level Authorization by protecting Portlet Modes
- Security Rule: The Forums Portlet is available in VIEW, HELP, and EDIT mode when:
- * User is a member of the Community
+ Security Rule: The Forums Portlet is available in VIEW, HELP mode:
+ * To all users
-->
- <portlet-security-constraint>
+ <!--
+ <security-constraint>
<portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <modes>
- <mode>VIEW</mode>
- <mode>HELP</mode>
- <mode>EDIT</mode>
- </modes>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>community</role-name>
- </roles>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>VIEW</mode>
+ <mode>HELP</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>anonymous</role-name>
+ <role-name>authenticated</role-name>
+ </roles>
+ </auth-constraint>
+ </security-constraint>
+ -->
<!--
Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Security Rule: The Forums Portlet is available in EDIT mode:
+ * To only users in "Authenticated/Non-Anonymous" state
+ -->
+ <!--
+ <security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>EDIT</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>authenticated</role-name>
+ </roles>
+ </auth-constraint>
+ </security-constraint>
+ -->
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
Security Rule: The Forums Portlet is available in ADMIN mode when:
* User is an Admin
-->
- <portlet-security-constraint>
+ <!--
+ <security-constraint>
<portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <modes>
- <mode>ADMIN</mode>
- </modes>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>admin</role-name>
- </roles>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>ADMIN</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>admin</role-name>
+ </roles>
+ </auth-constraint>
+ </security-constraint>
+ -->
<!--
Configuration for the Portal Enforcement Engine
Added: authz/trunk/portal-profile/src/test/resources/portal-policy.xml.backup
===================================================================
--- authz/trunk/portal-profile/src/test/resources/portal-policy.xml.backup (rev 0)
+++ authz/trunk/portal-profile/src/test/resources/portal-policy.xml.backup 2010-01-19 22:52:20 UTC (rev 1105)
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<portal-security>
+ <!--
+ Demonstrates Application Level Authorization
+
+ Security Rule:
+ The specified topics "1234 and 5678" are available only when:
+ * User is an Employee or a Partner
+ * Time of Access falls between the specified range
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1234</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">5678</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>employees</role-name>
+ <role-name>partners</role-name>
+ </roles>
+ </auth-constraint>
+ <!--
+ <auth-constraint>
+ <ip-address allow="true">
+ <ip-range>
+ <address-from></address-from>
+ <address-to></address-to>
+ </ip-range>
+ </ip-address>
+ </auth-constraint>
+ -->
+ <!--
+ <auth-constraint>
+ <time allow="true">
+ <from></from>
+ <to></to>
+ </time>
+ </auth-constraint>
+ -->
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Application Level Authorization
+
+ Security Rule:
+ The specified topics "1111 and 2222" are available only when:
+ * User is 18 years or older
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1111</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">2222</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <preferences allow="true">
+ <preference name="age">>=18</preference>
+ </preferences>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
+ Security Rule: The Forums Portlet is available in VIEW, HELP, and EDIT mode when:
+ * User is a member of the Community
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>VIEW</mode>
+ <mode>HELP</mode>
+ <mode>EDIT</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>community</role-name>
+ </roles>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
+ Security Rule: The Forums Portlet is available in ADMIN mode when:
+ * User is an Admin
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>ADMIN</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>admin</role-name>
+ </roles>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Configuration for the Portal Enforcement Engine
+ -->
+ <enforcement-config>
+ <!--
+ default value, (false)
+ If resource match is set to "policy-match-mandatory=true", it means that if there is an http request to the web application,
+ that does not have any specified/matching "security policy" for it, then this access should be "Denied".
+
+ The default value is set to "false" since this makes Policy Provisioning less intensive for most web applications. This means that if
+ a "Policy" is not specified for a http request, it means that resource does not need to be "protected", and access should be "Granted".
+
+ The protection can be increased depending on the application by changing this to "true". In which case only Http Requests that have a matching "Security Policy" will
+ be considered for "Access Control". All others will be "Denied" access.
+ -->
+ <policy-match-mandatory>false</policy-match-mandatory>
+ </enforcement-config>
+</portal-security>
\ No newline at end of file
14 years, 3 months
JBoss Identity SVN: r1104 - in authz/trunk/portal-profile/src: test/java/org/jboss/security/authz/portal/component and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 13:39:36 -0500 (Tue, 19 Jan 2010)
New Revision: 1104
Added:
authz/trunk/portal-profile/src/test/resources/portal-policy.xml
Removed:
authz/trunk/portal-profile/src/main/resources/portal-policy.xml
Modified:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
Log:
refactoring
Deleted: authz/trunk/portal-profile/src/main/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 18:25:13 UTC (rev 1103)
+++ authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 18:39:36 UTC (rev 1104)
@@ -1,152 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<portal-security>
- <!--
- Demonstrates Application Level Authorization
-
- Security Rule:
- The specified topics "1234 and 5678" are available only when:
- * User is an Employee or a Partner
- * Time of Access falls between the specified range
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">1234</parameter>
- </request-parameters>
- </portlet-resource>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">5678</parameter>
- </request-parameters>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>employees</role-name>
- <role-name>partners</role-name>
- </roles>
- </auth-constraint>
- <!--
- <auth-constraint>
- <ip-address allow="true">
- <ip-range>
- <address-from></address-from>
- <address-to></address-to>
- </ip-range>
- </ip-address>
- </auth-constraint>
- -->
- <!--
- <auth-constraint>
- <time allow="true">
- <from></from>
- <to></to>
- </time>
- </auth-constraint>
- -->
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Application Level Authorization
-
- Security Rule:
- The specified topics "1111 and 2222" are available only when:
- * User is 18 years or older
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">1111</parameter>
- </request-parameters>
- </portlet-resource>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <request-parameters>
- <parameter name="topicId">2222</parameter>
- </request-parameters>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <preferences allow="true">
- <preference name="age">>=18</preference>
- </preferences>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
-
- Security Rule: The Forums Portlet is available in VIEW, HELP, and EDIT mode when:
- * User is a member of the Community
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <modes>
- <mode>VIEW</mode>
- <mode>HELP</mode>
- <mode>EDIT</mode>
- </modes>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>community</role-name>
- </roles>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
-
- Security Rule: The Forums Portlet is available in ADMIN mode when:
- * User is an Admin
- -->
- <portlet-security-constraint>
- <portlet-resource-collection>
- <portlet-resource>
- <portlet-name>forums</portlet-name>
- <modes>
- <mode>ADMIN</mode>
- </modes>
- </portlet-resource>
- </portlet-resource-collection>
- <auth-constraints>
- <auth-constraint>
- <roles allow="true">
- <role-name>admin</role-name>
- </roles>
- </auth-constraint>
- </auth-constraints>
- </portlet-security-constraint>
-
- <!--
- Configuration for the Portal Enforcement Engine
- -->
- <enforcement-config>
- <!--
- default value, (false)
- If resource match is set to "policy-match-mandatory=true", it means that if there is an http request to the web application,
- that does not have any specified/matching "security policy" for it, then this access should be "Denied".
-
- The default value is set to "false" since this makes Policy Provisioning less intensive for most web applications. This means that if
- a "Policy" is not specified for a http request, it means that resource does not need to be "protected", and access should be "Granted".
-
- The protection can be increased depending on the application by changing this to "true". In which case only Http Requests that have a matching "Security Policy" will
- be considered for "Access Control". All others will be "Denied" access.
- -->
- <policy-match-mandatory>false</policy-match-mandatory>
- </enforcement-config>
-</portal-security>
\ No newline at end of file
Modified: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19 18:25:13 UTC (rev 1103)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19 18:39:36 UTC (rev 1104)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.portal.component;
import java.net.URI;
+import java.util.Calendar;
import junit.framework.TestCase;
@@ -32,6 +33,7 @@
import org.jboss.security.authz.agent.services.PolicyComposer;
import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.environment.TimeOfDay;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Effect;
@@ -56,7 +58,7 @@
this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
}
//------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testModeSecurity() throws Exception
+ public void testPortletModeSecurity() throws Exception
{
PortletResource portletResource = new PortletResource();
portletResource.setUri(new URI("/classic/public/forumpage/forum"));
@@ -86,7 +88,7 @@
log.info(policy.generateSystemPolicy());
}
- public void testTopicSecurity() throws Exception
+ public void testForumTopicSecurity() throws Exception
{
PortletResource portletResource = new PortletResource();
portletResource.setUri(new URI("/classic/public/forumpage/forum"));
@@ -107,4 +109,29 @@
log.info("------------------------------------------------------------------");
log.info(policy.generateSystemPolicy());
}
+
+ public void testTimebasedForumTopicSecurity() throws Exception
+ {
+ PortletResource portletResource = new PortletResource();
+ portletResource.setUri(new URI("/classic/public/forumpage/forum"));
+ portletResource.addParameter("topicId", "1111");
+
+ TimeOfDay timeOfDay = new TimeOfDay();
+ Calendar after5pm = Calendar.getInstance();
+ after5pm.set(Calendar.HOUR_OF_DAY, 17);
+ after5pm.set(Calendar.MINUTE, 0);
+ after5pm.set(Calendar.SECOND, 0);
+ after5pm.set(Calendar.MILLISECOND, 0);
+ timeOfDay.setTimeofDay(after5pm);
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(portletResource);
+ context.addPolicyRule(Effect.DENY, new ViewMode(), timeOfDay, "matchIfAfter");
+
+ Policy policy = new MockPolicy("testTimebasedForumTopicSecurity", this.policyComposer.compose(context));
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
}
Copied: authz/trunk/portal-profile/src/test/resources/portal-policy.xml (from rev 1103, authz/trunk/portal-profile/src/main/resources/portal-policy.xml)
===================================================================
--- authz/trunk/portal-profile/src/test/resources/portal-policy.xml (rev 0)
+++ authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-19 18:39:36 UTC (rev 1104)
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<portal-security>
+ <!--
+ Demonstrates Application Level Authorization
+
+ Security Rule:
+ The specified topics "1234 and 5678" are available only when:
+ * User is an Employee or a Partner
+ * Time of Access falls between the specified range
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1234</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">5678</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>employees</role-name>
+ <role-name>partners</role-name>
+ </roles>
+ </auth-constraint>
+ <!--
+ <auth-constraint>
+ <ip-address allow="true">
+ <ip-range>
+ <address-from></address-from>
+ <address-to></address-to>
+ </ip-range>
+ </ip-address>
+ </auth-constraint>
+ -->
+ <!--
+ <auth-constraint>
+ <time allow="true">
+ <from></from>
+ <to></to>
+ </time>
+ </auth-constraint>
+ -->
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Application Level Authorization
+
+ Security Rule:
+ The specified topics "1111 and 2222" are available only when:
+ * User is 18 years or older
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">1111</parameter>
+ </request-parameters>
+ </portlet-resource>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <request-parameters>
+ <parameter name="topicId">2222</parameter>
+ </request-parameters>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <preferences allow="true">
+ <preference name="age">>=18</preference>
+ </preferences>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
+ Security Rule: The Forums Portlet is available in VIEW, HELP, and EDIT mode when:
+ * User is a member of the Community
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>VIEW</mode>
+ <mode>HELP</mode>
+ <mode>EDIT</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>community</role-name>
+ </roles>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Demonstrates Portlet Level Authorization by protecting Portlet Modes
+
+ Security Rule: The Forums Portlet is available in ADMIN mode when:
+ * User is an Admin
+ -->
+ <portlet-security-constraint>
+ <portlet-resource-collection>
+ <portlet-resource>
+ <portlet-name>forums</portlet-name>
+ <modes>
+ <mode>ADMIN</mode>
+ </modes>
+ </portlet-resource>
+ </portlet-resource-collection>
+ <auth-constraints>
+ <auth-constraint>
+ <roles allow="true">
+ <role-name>admin</role-name>
+ </roles>
+ </auth-constraint>
+ </auth-constraints>
+ </portlet-security-constraint>
+
+ <!--
+ Configuration for the Portal Enforcement Engine
+ -->
+ <enforcement-config>
+ <!--
+ default value, (false)
+ If resource match is set to "policy-match-mandatory=true", it means that if there is an http request to the web application,
+ that does not have any specified/matching "security policy" for it, then this access should be "Denied".
+
+ The default value is set to "false" since this makes Policy Provisioning less intensive for most web applications. This means that if
+ a "Policy" is not specified for a http request, it means that resource does not need to be "protected", and access should be "Granted".
+
+ The protection can be increased depending on the application by changing this to "true". In which case only Http Requests that have a matching "Security Policy" will
+ be considered for "Access Control". All others will be "Denied" access.
+ -->
+ <policy-match-mandatory>false</policy-match-mandatory>
+ </enforcement-config>
+</portal-security>
\ No newline at end of file
Property changes on: authz/trunk/portal-profile/src/test/resources/portal-policy.xml
___________________________________________________________________
Name: svn:mergeinfo
+
14 years, 3 months
JBoss Identity SVN: r1102 - authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/environment.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 13:13:44 -0500 (Tue, 19 Jan 2010)
New Revision: 1102
Removed:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/environment/Preferences.java
Log:
deleting
Deleted: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/environment/Preferences.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/environment/Preferences.java 2010-01-19 17:46:00 UTC (rev 1101)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/environment/Preferences.java 2010-01-19 18:13:44 UTC (rev 1102)
@@ -1,49 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authz.portal.component.environment;
-
-import java.util.Map;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class Preferences
-{
- private Map<String, String> preferences;
-
- public Preferences()
- {
-
- }
-
- public Map<String, String> getPreferences()
- {
- return preferences;
- }
-
- public void setPreferences(Map<String, String> preferences)
- {
- this.preferences = preferences;
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------------------------------
-
-}
14 years, 3 months
JBoss Identity SVN: r1101 - in authz/trunk/portal-profile: src/main/java/org/jboss/security/authz/portal/component and 11 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2010-01-19 12:46:00 -0500 (Tue, 19 Jan 2010)
New Revision: 1101
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java
authz/trunk/portal-profile/src/test/java/org/
authz/trunk/portal-profile/src/test/java/org/jboss/
authz/trunk/portal-profile/src/test/java/org/jboss/security/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml
authz/trunk/portal-profile/src/test/resources/log4j.properties
Modified:
authz/trunk/portal-profile/pom.xml
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java
authz/trunk/portal-profile/src/main/resources/portal-policy.xml
Log:
portal-profile
Modified: authz/trunk/portal-profile/pom.xml
===================================================================
--- authz/trunk/portal-profile/pom.xml 2010-01-18 23:17:51 UTC (rev 1100)
+++ authz/trunk/portal-profile/pom.xml 2010-01-19 17:46:00 UTC (rev 1101)
@@ -29,6 +29,11 @@
<artifactId>policy-server</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>agent</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<!-- test dependencies -->
@@ -37,8 +42,13 @@
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
<scope>test</scope>
+ </dependency>
+ <!-- jboss microcontainer -->
+ <dependency>
+ <groupId>org.jboss.microcontainer</groupId>
+ <artifactId>jboss-kernel</artifactId>
+ <scope>test</scope>
</dependency>
-
<!-- Drools -->
<dependency>
<groupId>org.drools</groupId>
Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java (rev 0)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * AdminMode represents a "Admin mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-admin-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class AdminMode extends Operation
+{
+ public AdminMode()
+ {
+ this.name = "admin";
+ }
+}
Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java (rev 0)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * EditMode represents a "EDIT mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-edit-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class EditMode extends Operation
+{
+ public EditMode()
+ {
+ this.name = "edit";
+ }
+}
Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java (rev 0)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * HelpMode represents a "HELP mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-help-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class HelpMode extends Operation
+{
+ public HelpMode()
+ {
+ this.name = "help";
+ }
+}
Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java (rev 0)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * ViewMode represents a "VIEW mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-view-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class ViewMode extends Operation
+{
+ public ViewMode()
+ {
+ this.name = "view";
+ }
+}
Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java
===================================================================
--- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-18 23:17:51 UTC (rev 1100)
+++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -21,43 +21,33 @@
*/
package org.jboss.security.authz.portal.component.resource;
-import java.util.Set;
import java.util.Map;
+import java.util.HashMap;
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.component.SecurityContextData;
+import org.jboss.security.authz.components.resource.URIResource;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class PortletResource
+@Component(
+ name="portlet-uri",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.RESOURCE
+)
+public class PortletResource extends URIResource
{
- private String name;
- private Set<String> modes;
+ @SecurityContextData
private Map<String, String> parameters;
public PortletResource()
{
-
+ this.parameters = new HashMap<String, String>();
}
- public String getName()
- {
- return name;
- }
-
- public void setName(String name)
- {
- this.name = name;
- }
-
- public Set<String> getModes()
- {
- return modes;
- }
-
- public void setModes(Set<String> modes)
- {
- this.modes = modes;
- }
-
public Map<String, String> getParameters()
{
return parameters;
@@ -67,9 +57,9 @@
{
this.parameters = parameters;
}
- //------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public String getUri()
+
+ public void addParameter(String name, String value)
{
- return null;
+ this.parameters.put(name, value);
}
}
Modified: authz/trunk/portal-profile/src/main/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-18 23:17:51 UTC (rev 1100)
+++ authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 17:46:00 UTC (rev 1101)
@@ -5,8 +5,7 @@
Security Rule:
The specified topics "1234 and 5678" are available only when:
- * User is an Employee
- * User's IP fits into the specified range
+ * User is an Employee or a Partner
* Time of Access falls between the specified range
-->
<portlet-security-constraint>
@@ -31,6 +30,7 @@
<role-name>partners</role-name>
</roles>
</auth-constraint>
+ <!--
<auth-constraint>
<ip-address allow="true">
<ip-range>
@@ -39,12 +39,15 @@
</ip-range>
</ip-address>
</auth-constraint>
+ -->
+ <!--
<auth-constraint>
<time allow="true">
<from></from>
<to></to>
</time>
- </auth-constraint>
+ </auth-constraint>
+ -->
</auth-constraints>
</portlet-security-constraint>
Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java (rev 0)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,276 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.component;
+
+import java.util.List;
+import java.util.Set;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.UUID;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+import org.jboss.security.authz.xacml.PolicyUtil;
+
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.SubjectsType;
+import org.jboss.security.xacml.core.model.policy.SubjectType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+
+/**
+ * Used for specifying policies for Resources represented by unique URIs, sometimes forming a tree like relationship with other Resources in the system
+ *
+ * An example of such resources would be tree of resources/nodes in a Content Management System
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class MockPolicy extends Policy
+{
+
+ public MockPolicy(String policyUri, PolicyMetaData metaData) throws PolicyException
+ {
+ super(policyUri, metaData);
+ }
+
+
+ @Override
+ public String generateSystemPolicy() throws PolicyException
+ {
+ ByteArrayOutputStream bos = null;
+ try
+ {
+ String xacmlXml = null;
+
+ //SetUp the Policy Header
+ ObjectFactory objectFactory = new ObjectFactory();
+ PolicyType policyType = new PolicyType();
+ policyType.setPolicyId(this.policyUri);
+ policyType.setVersion("2.0");
+ policyType.setRuleCombiningAlgId(new NoPermitMeansDeniedAlg().getIdentifier().toString());
+
+ TargetType targetType = new TargetType();
+ policyType.setTarget(targetType);
+
+ //Process Resource Matches as Targets for the Policy
+ List<AttributeExpression> resourceMatches = this.metaData.getTarget().getResourceMatches();
+ if(resourceMatches != null && !resourceMatches.isEmpty())
+ {
+ ResourcesType resourcesType = new ResourcesType();
+ targetType.setResources(resourcesType);
+ ResourceType resourceType = new ResourceType();
+
+ for(AttributeExpression resourceMatch: resourceMatches)
+ {
+ ResourceMatchType rmt = new ResourceMatchType();
+
+ rmt.setMatchId(resourceMatch.getFunctionId());
+ rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch));
+ rmt.setAttributeValue(PolicyAttributeFactory
+ .createStringAttributeType(resourceMatch.getAttribute().getValue()));
+
+ resourceType.getResourceMatch().add(rmt);
+ }
+
+ resourcesType.getResource().add(resourceType);
+ }
+
+ //Process the Policy Rules
+ Set<Rule> rules = this.metaData.getRules();
+ if(rules != null && !rules.isEmpty())
+ {
+ for(Rule rule: rules)
+ {
+ RuleType ruleType = new RuleType();
+ ruleType.setRuleId(rule.getRuleId());
+ if(rule.getEffect() == Effect.PERMIT)
+ {
+ ruleType.setEffect(EffectType.PERMIT);
+ }
+ else
+ {
+ ruleType.setEffect(EffectType.DENY);
+ }
+
+ //Process the Rule Target
+ if(rule.getTarget() != null)
+ {
+ List<AttributeExpression> actionMatches = rule.getTarget().getActionMatches();
+ List<AttributeExpression> subjectMatches = rule.getTarget().getSubjectMatches();
+ TargetType ruleTarget = new TargetType();
+
+ if(actionMatches != null && !actionMatches.isEmpty())
+ {
+ ruleTarget.setActions(this.generateRuleActions(actionMatches));
+ }
+
+ if(subjectMatches != null && !subjectMatches.isEmpty())
+ {
+ ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
+ }
+
+ ruleType.setTarget(ruleTarget);
+ }
+
+ //Process the Rule Expression/Condition
+ ConditionType condition = this.generateCondition(objectFactory, rule.getExpression());
+ ruleType.setCondition(condition);
+
+ policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
+ }
+ }
+
+ bos = new ByteArrayOutputStream();
+ PolicyUtil.marshall(bos, policyType);
+ xacmlXml = new String(bos.toByteArray());
+
+ return xacmlXml;
+ }
+ catch(Exception e)
+ {
+ throw new PolicyException(e);
+ }
+ finally
+ {
+ if(bos != null)
+ {
+ try{bos.close();}catch(IOException ioe){}
+ }
+ }
+ }
+
+ private ActionsType generateRuleActions(List<AttributeExpression> actionMatches)
+ {
+ ActionsType actions = new ActionsType();
+
+ for(AttributeExpression action: actionMatches)
+ {
+ ActionType actionType = new ActionType();
+ ActionMatchType amct = new ActionMatchType();
+ amct.setMatchId(action.getFunctionId());
+ amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
+ amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action));
+ actionType.getActionMatch().add(amct);
+ actions.getAction().add(actionType);
+ }
+
+ return actions;
+ }
+
+ private SubjectsType generateRuleSubjects(List<AttributeExpression> subjectMatches)
+ {
+ SubjectsType subjects = new SubjectsType();
+
+ for(AttributeExpression subject: subjectMatches)
+ {
+ SubjectType subjectType = new SubjectType();
+ SubjectMatchType match = new SubjectMatchType();
+ match.setMatchId(subject.getFunctionId());
+ match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
+ match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject));
+ subjectType.getSubjectMatch().add(match);
+ subjects.getSubject().add(subjectType);
+ }
+
+ return subjects;
+ }
+
+ /**
+ *
+ * @param expression
+ * @return
+ */
+ private ConditionType generateCondition(ObjectFactory objectFactory, Expression expression)
+ {
+ ConditionType condition = new ConditionType();
+
+ if(expression instanceof AttributeExpression)
+ {
+ AttributeExpression attributeExpression = (AttributeExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(attributeExpression.getFunctionId());
+
+ //Value to check against
+ AttributeValueType attrValue = PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
+ JAXBElement<AttributeValueType> jaxbAttrValue = objectFactory.createAttributeValue(attrValue);
+ apply.getExpression().add(jaxbAttrValue);
+
+ //Place within the Context where this Value should exist during an Authorization Request
+ apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression));
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+ else if(expression instanceof DroolsRuleExpression)
+ {
+ DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(ruleExpression.getFunctionId());
+
+
+ VariableReferenceType ruleReference = new VariableReferenceType();
+ ruleReference.setVariableId(ruleExpression.getRuleReference());
+ JAXBElement<VariableReferenceType> jaxbRuleReference = objectFactory.createVariableReference(ruleReference);
+ apply.getExpression().add(jaxbRuleReference);
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+
+ return condition;
+ }
+
+ private String generateUniqueId()
+ {
+ return UUID.randomUUID().toString();
+ }
+}
Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java (rev 0)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,83 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.component;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public NoPermitMeansDeniedAlg() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:nopermit-means-denied"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Result result = new Result(Result.DECISION_PERMIT);
+
+ Iterator rules = ruleElements.iterator();
+ boolean permitFound = false;
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ Result currentResult = rule.evaluate(context);
+
+ if(currentResult.getDecision() == Result.DECISION_PERMIT)
+ {
+ permitFound = true;
+ break;
+ }
+ }
+
+ if(!permitFound)
+ {
+ result = new Result(Result.DECISION_DENY);
+ }
+
+ return result;
+ }
+}
Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
===================================================================
--- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java (rev 0)
+++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,110 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component;
+
+import java.net.URI;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.Effect;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestPortletResource extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestPortletResource.class);
+
+ private PolicyComposer policyComposer;
+
+ protected void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+ this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
+ }
+ //------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testModeSecurity() throws Exception
+ {
+ PortletResource portletResource = new PortletResource();
+ portletResource.setUri(new URI("/classic/public/forumpage/forum"));
+
+ Roles adminRoles = new Roles();
+ adminRoles.setMustMatchAll(true);
+ adminRoles.addName("admin");
+
+ Roles editRoles = new Roles();
+ editRoles.addName("authenticated");
+
+ Roles viewAndHelpRoles = new Roles();
+ viewAndHelpRoles.addName("anonymous");
+ viewAndHelpRoles.addName("authenticated");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(portletResource);
+ context.addPolicyRule(Effect.PERMIT, new AdminMode(), adminRoles, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new EditMode(), editRoles, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new ViewMode(), viewAndHelpRoles, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new HelpMode(), viewAndHelpRoles, "allowExpression");
+
+ Policy policy = new MockPolicy("testModeSecurity", this.policyComposer.compose(context));
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+
+ public void testTopicSecurity() throws Exception
+ {
+ PortletResource portletResource = new PortletResource();
+ portletResource.setUri(new URI("/classic/public/forumpage/forum"));
+ portletResource.addParameter("topicId", "1234");
+
+ Roles topicRoles = new Roles();
+ topicRoles.setMustMatchAll(true);
+ topicRoles.addName("employees");
+ topicRoles.addName("partners");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(portletResource);
+ context.addPolicyRule(Effect.PERMIT, new ViewMode(), topicRoles, "allowExpression");
+
+ Policy policy = new MockPolicy("testTopicSecurity", this.policyComposer.compose(context));
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+}
Added: authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml
===================================================================
--- authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml (rev 0)
+++ authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,59 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+
+<hibernate-configuration>
+ <session-factory>
+ <!-- Database connection settings -->
+ <property name="connection.driver_class">org.hsqldb.jdbcDriver</property>
+ <property name="connection.url">jdbc:hsqldb:file:target/testdb</property>
+ <property name="connection.username">sa</property>
+ <property name="connection.password"></property>
+
+ <!-- JDBC connection pool (use the built-in) -->
+ <property name="connection.pool_size">1</property>
+
+ <!-- SQL dialect -->
+ <property name="dialect">org.hibernate.dialect.HSQLDialect</property>
+
+ <!-- Enable Hibernate's automatic session context management -->
+ <property name="current_session_context_class">thread</property>
+
+ <!-- Disable the second-level cache -->
+ <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
+
+ <!-- Echo all executed SQL to stdout -->
+ <property name="show_sql">true</property>
+
+ <!--
+ Drop and re-create the database schema on startup
+ -->
+ <property name="hbm2ddl.auto">create</property>
+
+ <mapping resource="policy.hbm.xml"/>
+ </session-factory>
+</hibernate-configuration>
\ No newline at end of file
Added: authz/trunk/portal-profile/src/test/resources/log4j.properties
===================================================================
--- authz/trunk/portal-profile/src/test/resources/log4j.properties (rev 0)
+++ authz/trunk/portal-profile/src/test/resources/log4j.properties 2010-01-19 17:46:00 UTC (rev 1101)
@@ -0,0 +1,8 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=INFO, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
14 years, 3 months