Author: sohil.shah(a)jboss.com
Date: 2010-01-19 12:46:00 -0500 (Tue, 19 Jan 2010)
New Revision: 1101
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java
authz/trunk/portal-profile/src/test/java/org/
authz/trunk/portal-profile/src/test/java/org/jboss/
authz/trunk/portal-profile/src/test/java/org/jboss/security/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml
authz/trunk/portal-profile/src/test/resources/log4j.properties
Modified:
authz/trunk/portal-profile/pom.xml
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java
authz/trunk/portal-profile/src/main/resources/portal-policy.xml
Log:
portal-profile
Modified: authz/trunk/portal-profile/pom.xml
===================================================================
--- authz/trunk/portal-profile/pom.xml 2010-01-18 23:17:51 UTC (rev 1100)
+++ authz/trunk/portal-profile/pom.xml 2010-01-19 17:46:00 UTC (rev 1101)
@@ -29,6 +29,11 @@
<artifactId>policy-server</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>agent</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<!-- test dependencies -->
@@ -37,8 +42,13 @@
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
<scope>test</scope>
+ </dependency>
+ <!-- jboss microcontainer -->
+ <dependency>
+ <groupId>org.jboss.microcontainer</groupId>
+ <artifactId>jboss-kernel</artifactId>
+ <scope>test</scope>
</dependency>
-
<!-- Drools -->
<dependency>
<groupId>org.drools</groupId>
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java
(rev 0)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * AdminMode represents a "Admin mode" action that can be performed on a
Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-admin-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class AdminMode extends Operation
+{
+ public AdminMode()
+ {
+ this.name = "admin";
+ }
+}
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java
(rev 0)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * EditMode represents a "EDIT mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-edit-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class EditMode extends Operation
+{
+ public EditMode()
+ {
+ this.name = "edit";
+ }
+}
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java
(rev 0)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * HelpMode represents a "HELP mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-help-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class HelpMode extends Operation
+{
+ public HelpMode()
+ {
+ this.name = "help";
+ }
+}
Added:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java
(rev 0)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,45 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component.action;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * ViewMode represents a "VIEW mode" action that can be performed on a Portlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="portlet-view-mode",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class ViewMode extends Operation
+{
+ public ViewMode()
+ {
+ this.name = "view";
+ }
+}
Modified:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-18
23:17:51 UTC (rev 1100)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -21,43 +21,33 @@
*/
package org.jboss.security.authz.portal.component.resource;
-import java.util.Set;
import java.util.Map;
+import java.util.HashMap;
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.component.SecurityContextData;
+import org.jboss.security.authz.components.resource.URIResource;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class PortletResource
+@Component(
+ name="portlet-uri",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.RESOURCE
+)
+public class PortletResource extends URIResource
{
- private String name;
- private Set<String> modes;
+ @SecurityContextData
private Map<String, String> parameters;
public PortletResource()
{
-
+ this.parameters = new HashMap<String, String>();
}
- public String getName()
- {
- return name;
- }
-
- public void setName(String name)
- {
- this.name = name;
- }
-
- public Set<String> getModes()
- {
- return modes;
- }
-
- public void setModes(Set<String> modes)
- {
- this.modes = modes;
- }
-
public Map<String, String> getParameters()
{
return parameters;
@@ -67,9 +57,9 @@
{
this.parameters = parameters;
}
- //------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public String getUri()
+
+ public void addParameter(String name, String value)
{
- return null;
+ this.parameters.put(name, value);
}
}
Modified: authz/trunk/portal-profile/src/main/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-18 23:17:51
UTC (rev 1100)
+++ authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 17:46:00
UTC (rev 1101)
@@ -5,8 +5,7 @@
Security Rule:
The specified topics "1234 and 5678" are available only when:
- * User is an Employee
- * User's IP fits into the specified range
+ * User is an Employee or a Partner
* Time of Access falls between the specified range
-->
<portlet-security-constraint>
@@ -31,6 +30,7 @@
<role-name>partners</role-name>
</roles>
</auth-constraint>
+ <!--
<auth-constraint>
<ip-address allow="true">
<ip-range>
@@ -39,12 +39,15 @@
</ip-range>
</ip-address>
</auth-constraint>
+ -->
+ <!--
<auth-constraint>
<time allow="true">
<from></from>
<to></to>
</time>
- </auth-constraint>
+ </auth-constraint>
+ -->
</auth-constraints>
</portlet-security-constraint>
Added:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java
(rev 0)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,276 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.component;
+
+import java.util.List;
+import java.util.Set;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.UUID;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+import org.jboss.security.authz.xacml.PolicyUtil;
+
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.SubjectsType;
+import org.jboss.security.xacml.core.model.policy.SubjectType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+
+/**
+ * Used for specifying policies for Resources represented by unique URIs, sometimes
forming a tree like relationship with other Resources in the system
+ *
+ * An example of such resources would be tree of resources/nodes in a Content Management
System
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class MockPolicy extends Policy
+{
+
+ public MockPolicy(String policyUri, PolicyMetaData metaData) throws PolicyException
+ {
+ super(policyUri, metaData);
+ }
+
+
+ @Override
+ public String generateSystemPolicy() throws PolicyException
+ {
+ ByteArrayOutputStream bos = null;
+ try
+ {
+ String xacmlXml = null;
+
+ //SetUp the Policy Header
+ ObjectFactory objectFactory = new ObjectFactory();
+ PolicyType policyType = new PolicyType();
+ policyType.setPolicyId(this.policyUri);
+ policyType.setVersion("2.0");
+ policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
+
+ TargetType targetType = new TargetType();
+ policyType.setTarget(targetType);
+
+ //Process Resource Matches as Targets for the Policy
+ List<AttributeExpression> resourceMatches =
this.metaData.getTarget().getResourceMatches();
+ if(resourceMatches != null && !resourceMatches.isEmpty())
+ {
+ ResourcesType resourcesType = new ResourcesType();
+ targetType.setResources(resourcesType);
+ ResourceType resourceType = new ResourceType();
+
+ for(AttributeExpression resourceMatch: resourceMatches)
+ {
+ ResourceMatchType rmt = new ResourceMatchType();
+
+ rmt.setMatchId(resourceMatch.getFunctionId());
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch));
+ rmt.setAttributeValue(PolicyAttributeFactory
+ .createStringAttributeType(resourceMatch.getAttribute().getValue()));
+
+ resourceType.getResourceMatch().add(rmt);
+ }
+
+ resourcesType.getResource().add(resourceType);
+ }
+
+ //Process the Policy Rules
+ Set<Rule> rules = this.metaData.getRules();
+ if(rules != null && !rules.isEmpty())
+ {
+ for(Rule rule: rules)
+ {
+ RuleType ruleType = new RuleType();
+ ruleType.setRuleId(rule.getRuleId());
+ if(rule.getEffect() == Effect.PERMIT)
+ {
+ ruleType.setEffect(EffectType.PERMIT);
+ }
+ else
+ {
+ ruleType.setEffect(EffectType.DENY);
+ }
+
+ //Process the Rule Target
+ if(rule.getTarget() != null)
+ {
+ List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
+ List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
+ TargetType ruleTarget = new TargetType();
+
+ if(actionMatches != null && !actionMatches.isEmpty())
+ {
+ ruleTarget.setActions(this.generateRuleActions(actionMatches));
+ }
+
+ if(subjectMatches != null && !subjectMatches.isEmpty())
+ {
+ ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
+ }
+
+ ruleType.setTarget(ruleTarget);
+ }
+
+ //Process the Rule Expression/Condition
+ ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
+ ruleType.setCondition(condition);
+
+
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
+ }
+ }
+
+ bos = new ByteArrayOutputStream();
+ PolicyUtil.marshall(bos, policyType);
+ xacmlXml = new String(bos.toByteArray());
+
+ return xacmlXml;
+ }
+ catch(Exception e)
+ {
+ throw new PolicyException(e);
+ }
+ finally
+ {
+ if(bos != null)
+ {
+ try{bos.close();}catch(IOException ioe){}
+ }
+ }
+ }
+
+ private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
+ {
+ ActionsType actions = new ActionsType();
+
+ for(AttributeExpression action: actionMatches)
+ {
+ ActionType actionType = new ActionType();
+ ActionMatchType amct = new ActionMatchType();
+ amct.setMatchId(action.getFunctionId());
+
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action));
+ actionType.getActionMatch().add(amct);
+ actions.getAction().add(actionType);
+ }
+
+ return actions;
+ }
+
+ private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
+ {
+ SubjectsType subjects = new SubjectsType();
+
+ for(AttributeExpression subject: subjectMatches)
+ {
+ SubjectType subjectType = new SubjectType();
+ SubjectMatchType match = new SubjectMatchType();
+ match.setMatchId(subject.getFunctionId());
+
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject));
+ subjectType.getSubjectMatch().add(match);
+ subjects.getSubject().add(subjectType);
+ }
+
+ return subjects;
+ }
+
+ /**
+ *
+ * @param expression
+ * @return
+ */
+ private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
+ {
+ ConditionType condition = new ConditionType();
+
+ if(expression instanceof AttributeExpression)
+ {
+ AttributeExpression attributeExpression = (AttributeExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(attributeExpression.getFunctionId());
+
+ //Value to check against
+ AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
+ JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
+ apply.getExpression().add(jaxbAttrValue);
+
+ //Place within the Context where this Value should exist during an Authorization
Request
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression));
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+ else if(expression instanceof DroolsRuleExpression)
+ {
+ DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(ruleExpression.getFunctionId());
+
+
+ VariableReferenceType ruleReference = new VariableReferenceType();
+ ruleReference.setVariableId(ruleExpression.getRuleReference());
+ JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
+ apply.getExpression().add(jaxbRuleReference);
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+
+ return condition;
+ }
+
+ private String generateUniqueId()
+ {
+ return UUID.randomUUID().toString();
+ }
+}
Added:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java
(rev 0)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,83 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.portal.component;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public NoPermitMeansDeniedAlg() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:nopermit-means-denied"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Result result = new Result(Result.DECISION_PERMIT);
+
+ Iterator rules = ruleElements.iterator();
+ boolean permitFound = false;
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ Result currentResult = rule.evaluate(context);
+
+ if(currentResult.getDecision() == Result.DECISION_PERMIT)
+ {
+ permitFound = true;
+ break;
+ }
+ }
+
+ if(!permitFound)
+ {
+ result = new Result(Result.DECISION_DENY);
+ }
+
+ return result;
+ }
+}
Added:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java
(rev 0)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19
17:46:00 UTC (rev 1101)
@@ -0,0 +1,110 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.portal.component;
+
+import java.net.URI;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.Effect;
+
+import org.jboss.security.authz.portal.component.resource.PortletResource;
+import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestPortletResource extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestPortletResource.class);
+
+ private PolicyComposer policyComposer;
+
+ protected void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+ this.policyComposer =
(PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
+ }
+ //------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testModeSecurity() throws Exception
+ {
+ PortletResource portletResource = new PortletResource();
+ portletResource.setUri(new URI("/classic/public/forumpage/forum"));
+
+ Roles adminRoles = new Roles();
+ adminRoles.setMustMatchAll(true);
+ adminRoles.addName("admin");
+
+ Roles editRoles = new Roles();
+ editRoles.addName("authenticated");
+
+ Roles viewAndHelpRoles = new Roles();
+ viewAndHelpRoles.addName("anonymous");
+ viewAndHelpRoles.addName("authenticated");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(portletResource);
+ context.addPolicyRule(Effect.PERMIT, new AdminMode(), adminRoles,
"allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new EditMode(), editRoles,
"allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new ViewMode(), viewAndHelpRoles,
"allowExpression");
+ context.addPolicyRule(Effect.PERMIT, new HelpMode(), viewAndHelpRoles,
"allowExpression");
+
+ Policy policy = new MockPolicy("testModeSecurity",
this.policyComposer.compose(context));
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+
+ public void testTopicSecurity() throws Exception
+ {
+ PortletResource portletResource = new PortletResource();
+ portletResource.setUri(new URI("/classic/public/forumpage/forum"));
+ portletResource.addParameter("topicId", "1234");
+
+ Roles topicRoles = new Roles();
+ topicRoles.setMustMatchAll(true);
+ topicRoles.addName("employees");
+ topicRoles.addName("partners");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(portletResource);
+ context.addPolicyRule(Effect.PERMIT, new ViewMode(), topicRoles,
"allowExpression");
+
+ Policy policy = new MockPolicy("testTopicSecurity",
this.policyComposer.compose(context));
+
+ log.info("------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+}
Added: authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml
===================================================================
--- authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml
(rev 0)
+++ authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml 2010-01-19 17:46:00
UTC (rev 1101)
@@ -0,0 +1,59 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site:
http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+
+<hibernate-configuration>
+ <session-factory>
+ <!-- Database connection settings -->
+ <property
name="connection.driver_class">org.hsqldb.jdbcDriver</property>
+ <property
name="connection.url">jdbc:hsqldb:file:target/testdb</property>
+ <property name="connection.username">sa</property>
+ <property name="connection.password"></property>
+
+ <!-- JDBC connection pool (use the built-in) -->
+ <property name="connection.pool_size">1</property>
+
+ <!-- SQL dialect -->
+ <property
name="dialect">org.hibernate.dialect.HSQLDialect</property>
+
+ <!-- Enable Hibernate's automatic session context management -->
+ <property
name="current_session_context_class">thread</property>
+
+ <!-- Disable the second-level cache -->
+ <property
name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
+
+ <!-- Echo all executed SQL to stdout -->
+ <property name="show_sql">true</property>
+
+ <!--
+ Drop and re-create the database schema on startup
+ -->
+ <property name="hbm2ddl.auto">create</property>
+
+ <mapping resource="policy.hbm.xml"/>
+ </session-factory>
+</hibernate-configuration>
\ No newline at end of file
Added: authz/trunk/portal-profile/src/test/resources/log4j.properties
===================================================================
--- authz/trunk/portal-profile/src/test/resources/log4j.properties
(rev 0)
+++ authz/trunk/portal-profile/src/test/resources/log4j.properties 2010-01-19 17:46:00 UTC
(rev 1101)
@@ -0,0 +1,8 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=INFO, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n