Author: sohil.shah(a)jboss.com Date: 2010-01-19 12:46:00 -0500 (Tue, 19 Jan 2010) New Revision: 1101 Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java authz/trunk/portal-profile/src/test/java/org/ authz/trunk/portal-profile/src/test/java/org/jboss/ authz/trunk/portal-profile/src/test/java/org/jboss/security/ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml authz/trunk/portal-profile/src/test/resources/log4j.properties Modified: authz/trunk/portal-profile/pom.xml authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java authz/trunk/portal-profile/src/main/resources/portal-policy.xml Log: portal-profile Modified: authz/trunk/portal-profile/pom.xml =================================================================== --- authz/trunk/portal-profile/pom.xml 2010-01-18 23:17:51 UTC (rev 1100) +++ authz/trunk/portal-profile/pom.xml 2010-01-19 17:46:00 UTC (rev 1101) @@ -29,6 +29,11 @@ <artifactId>policy-server</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>agent</artifactId> + <version>${project.version}</version> + </dependency> <!-- test dependencies --> @@ -37,8 +42,13 @@ <groupId>org.jboss.security</groupId> <artifactId>jboss-xacml</artifactId> <scope>test</scope> + </dependency> + <!-- jboss microcontainer --> + <dependency> + <groupId>org.jboss.microcontainer</groupId> + <artifactId>jboss-kernel</artifactId> + <scope>test</scope> </dependency> - <!-- Drools --> <dependency> <groupId>org.drools</groupId> Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java (rev 0) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/AdminMode.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,45 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.portal.component.action; + +import org.jboss.security.authz.component.Component; +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.component.ComponentType; +import org.jboss.security.authz.components.action.Operation; + +/** + * AdminMode represents a "Admin mode" action that can be performed on a Portlet + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +@Component( + name="portlet-admin-mode", + type=ComponentType.TARGET, + category=ComponentCategory.ACTION +) +public class AdminMode extends Operation +{ + public AdminMode() + { + this.name = "admin"; + } +} Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java (rev 0) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/EditMode.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,45 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.portal.component.action; + +import org.jboss.security.authz.component.Component; +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.component.ComponentType; +import org.jboss.security.authz.components.action.Operation; + +/** + * EditMode represents a "EDIT mode" action that can be performed on a Portlet + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +@Component( + name="portlet-edit-mode", + type=ComponentType.TARGET, + category=ComponentCategory.ACTION +) +public class EditMode extends Operation +{ + public EditMode() + { + this.name = "edit"; + } +} Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java (rev 0) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/HelpMode.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,45 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.portal.component.action; + +import org.jboss.security.authz.component.Component; +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.component.ComponentType; +import org.jboss.security.authz.components.action.Operation; + +/** + * HelpMode represents a "HELP mode" action that can be performed on a Portlet + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +@Component( + name="portlet-help-mode", + type=ComponentType.TARGET, + category=ComponentCategory.ACTION +) +public class HelpMode extends Operation +{ + public HelpMode() + { + this.name = "help"; + } +} Added: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java (rev 0) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/action/ViewMode.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,45 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.portal.component.action; + +import org.jboss.security.authz.component.Component; +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.component.ComponentType; +import org.jboss.security.authz.components.action.Operation; + +/** + * ViewMode represents a "VIEW mode" action that can be performed on a Portlet + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +@Component( + name="portlet-view-mode", + type=ComponentType.TARGET, + category=ComponentCategory.ACTION +) +public class ViewMode extends Operation +{ + public ViewMode() + { + this.name = "view"; + } +} Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-18 23:17:51 UTC (rev 1100) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/component/resource/PortletResource.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -21,43 +21,33 @@ */ package org.jboss.security.authz.portal.component.resource; -import java.util.Set; import java.util.Map; +import java.util.HashMap; +import org.jboss.security.authz.component.Component; +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.component.ComponentType; +import org.jboss.security.authz.component.SecurityContextData; +import org.jboss.security.authz.components.resource.URIResource; + /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> */ -public class PortletResource +@Component( + name="portlet-uri", + type=ComponentType.TARGET, + category=ComponentCategory.RESOURCE +) +public class PortletResource extends URIResource { - private String name; - private Set<String> modes; + @SecurityContextData private Map<String, String> parameters; public PortletResource() { - + this.parameters = new HashMap<String, String>(); } - public String getName() - { - return name; - } - - public void setName(String name) - { - this.name = name; - } - - public Set<String> getModes() - { - return modes; - } - - public void setModes(Set<String> modes) - { - this.modes = modes; - } - public Map<String, String> getParameters() { return parameters; @@ -67,9 +57,9 @@ { this.parameters = parameters; } - //------------------------------------------------------------------------------------------------------------------------------------------------------------------ - public String getUri() + + public void addParameter(String name, String value) { - return null; + this.parameters.put(name, value); } } Modified: authz/trunk/portal-profile/src/main/resources/portal-policy.xml =================================================================== --- authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-18 23:17:51 UTC (rev 1100) +++ authz/trunk/portal-profile/src/main/resources/portal-policy.xml 2010-01-19 17:46:00 UTC (rev 1101) @@ -5,8 +5,7 @@ Security Rule: The specified topics "1234 and 5678" are available only when: - * User is an Employee - * User's IP fits into the specified range + * User is an Employee or a Partner * Time of Access falls between the specified range --> <portlet-security-constraint> @@ -31,6 +30,7 @@ <role-name>partners</role-name> </roles> </auth-constraint> + <!-- <auth-constraint> <ip-address allow="true"> <ip-range> @@ -39,12 +39,15 @@ </ip-range> </ip-address> </auth-constraint> + --> + <!-- <auth-constraint> <time allow="true"> <from></from> <to></to> </time> - </auth-constraint> + </auth-constraint> + --> </auth-constraints> </portlet-security-constraint> Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java =================================================================== --- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java (rev 0) +++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/MockPolicy.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,276 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.portal.component; + +import java.util.List; +import java.util.Set; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.UUID; + +import javax.xml.bind.JAXBElement; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; +import org.jboss.security.authz.model.Rule; +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.model.PolicyException; +import org.jboss.security.authz.model.AttributeExpression; +import org.jboss.security.authz.model.DroolsRuleExpression; +import org.jboss.security.authz.model.Expression; +import org.jboss.security.authz.xacml.AttributeDesignatorUtil; +import org.jboss.security.authz.xacml.PolicyUtil; + +import org.jboss.security.xacml.core.model.policy.ActionMatchType; +import org.jboss.security.xacml.core.model.policy.SubjectMatchType; +import org.jboss.security.xacml.core.model.policy.ApplyType; +import org.jboss.security.xacml.core.model.policy.VariableReferenceType; +import org.jboss.security.xacml.core.model.policy.EffectType; +import org.jboss.security.xacml.core.model.policy.PolicyType; +import org.jboss.security.xacml.core.model.policy.ResourceMatchType; +import org.jboss.security.xacml.core.model.policy.ResourcesType; +import org.jboss.security.xacml.core.model.policy.ResourceType; +import org.jboss.security.xacml.core.model.policy.ActionsType; +import org.jboss.security.xacml.core.model.policy.ActionType; +import org.jboss.security.xacml.core.model.policy.SubjectsType; +import org.jboss.security.xacml.core.model.policy.SubjectType; +import org.jboss.security.xacml.core.model.policy.RuleType; +import org.jboss.security.xacml.core.model.policy.TargetType; +import org.jboss.security.xacml.core.model.policy.ConditionType; +import org.jboss.security.xacml.core.model.policy.ObjectFactory; +import org.jboss.security.xacml.core.model.policy.AttributeValueType; +import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType; +import org.jboss.security.xacml.factories.PolicyAttributeFactory; + +/** + * Used for specifying policies for Resources represented by unique URIs, sometimes forming a tree like relationship with other Resources in the system + * + * An example of such resources would be tree of resources/nodes in a Content Management System + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class MockPolicy extends Policy +{ + + public MockPolicy(String policyUri, PolicyMetaData metaData) throws PolicyException + { + super(policyUri, metaData); + } + + + @Override + public String generateSystemPolicy() throws PolicyException + { + ByteArrayOutputStream bos = null; + try + { + String xacmlXml = null; + + //SetUp the Policy Header + ObjectFactory objectFactory = new ObjectFactory(); + PolicyType policyType = new PolicyType(); + policyType.setPolicyId(this.policyUri); + policyType.setVersion("2.0"); + policyType.setRuleCombiningAlgId(new NoPermitMeansDeniedAlg().getIdentifier().toString()); + + TargetType targetType = new TargetType(); + policyType.setTarget(targetType); + + //Process Resource Matches as Targets for the Policy + List<AttributeExpression> resourceMatches = this.metaData.getTarget().getResourceMatches(); + if(resourceMatches != null && !resourceMatches.isEmpty()) + { + ResourcesType resourcesType = new ResourcesType(); + targetType.setResources(resourcesType); + ResourceType resourceType = new ResourceType(); + + for(AttributeExpression resourceMatch: resourceMatches) + { + ResourceMatchType rmt = new ResourceMatchType(); + + rmt.setMatchId(resourceMatch.getFunctionId()); + rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch)); + rmt.setAttributeValue(PolicyAttributeFactory + .createStringAttributeType(resourceMatch.getAttribute().getValue())); + + resourceType.getResourceMatch().add(rmt); + } + + resourcesType.getResource().add(resourceType); + } + + //Process the Policy Rules + Set<Rule> rules = this.metaData.getRules(); + if(rules != null && !rules.isEmpty()) + { + for(Rule rule: rules) + { + RuleType ruleType = new RuleType(); + ruleType.setRuleId(rule.getRuleId()); + if(rule.getEffect() == Effect.PERMIT) + { + ruleType.setEffect(EffectType.PERMIT); + } + else + { + ruleType.setEffect(EffectType.DENY); + } + + //Process the Rule Target + if(rule.getTarget() != null) + { + List<AttributeExpression> actionMatches = rule.getTarget().getActionMatches(); + List<AttributeExpression> subjectMatches = rule.getTarget().getSubjectMatches(); + TargetType ruleTarget = new TargetType(); + + if(actionMatches != null && !actionMatches.isEmpty()) + { + ruleTarget.setActions(this.generateRuleActions(actionMatches)); + } + + if(subjectMatches != null && !subjectMatches.isEmpty()) + { + ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches)); + } + + ruleType.setTarget(ruleTarget); + } + + //Process the Rule Expression/Condition + ConditionType condition = this.generateCondition(objectFactory, rule.getExpression()); + ruleType.setCondition(condition); + + policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType); + } + } + + bos = new ByteArrayOutputStream(); + PolicyUtil.marshall(bos, policyType); + xacmlXml = new String(bos.toByteArray()); + + return xacmlXml; + } + catch(Exception e) + { + throw new PolicyException(e); + } + finally + { + if(bos != null) + { + try{bos.close();}catch(IOException ioe){} + } + } + } + + private ActionsType generateRuleActions(List<AttributeExpression> actionMatches) + { + ActionsType actions = new ActionsType(); + + for(AttributeExpression action: actionMatches) + { + ActionType actionType = new ActionType(); + ActionMatchType amct = new ActionMatchType(); + amct.setMatchId(action.getFunctionId()); + amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue())); + amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action)); + actionType.getActionMatch().add(amct); + actions.getAction().add(actionType); + } + + return actions; + } + + private SubjectsType generateRuleSubjects(List<AttributeExpression> subjectMatches) + { + SubjectsType subjects = new SubjectsType(); + + for(AttributeExpression subject: subjectMatches) + { + SubjectType subjectType = new SubjectType(); + SubjectMatchType match = new SubjectMatchType(); + match.setMatchId(subject.getFunctionId()); + match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue())); + match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject)); + subjectType.getSubjectMatch().add(match); + subjects.getSubject().add(subjectType); + } + + return subjects; + } + + /** + * + * @param expression + * @return + */ + private ConditionType generateCondition(ObjectFactory objectFactory, Expression expression) + { + ConditionType condition = new ConditionType(); + + if(expression instanceof AttributeExpression) + { + AttributeExpression attributeExpression = (AttributeExpression)expression; + + //Function to be applied + ApplyType apply = new ApplyType(); + apply.setFunctionId(attributeExpression.getFunctionId()); + + //Value to check against + AttributeValueType attrValue = PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue()); + JAXBElement<AttributeValueType> jaxbAttrValue = objectFactory.createAttributeValue(attrValue); + apply.getExpression().add(jaxbAttrValue); + + //Place within the Context where this Value should exist during an Authorization Request + apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression)); + + + condition.setExpression(objectFactory.createApply(apply)); + } + else if(expression instanceof DroolsRuleExpression) + { + DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression; + + //Function to be applied + ApplyType apply = new ApplyType(); + apply.setFunctionId(ruleExpression.getFunctionId()); + + + VariableReferenceType ruleReference = new VariableReferenceType(); + ruleReference.setVariableId(ruleExpression.getRuleReference()); + JAXBElement<VariableReferenceType> jaxbRuleReference = objectFactory.createVariableReference(ruleReference); + apply.getExpression().add(jaxbRuleReference); + + + condition.setExpression(objectFactory.createApply(apply)); + } + + return condition; + } + + private String generateUniqueId() + { + return UUID.randomUUID().toString(); + } +} Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java =================================================================== --- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java (rev 0) +++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/NoPermitMeansDeniedAlg.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,83 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.portal.component; + +import java.util.List; +import java.util.Iterator; +import java.net.URI; +import java.net.URISyntaxException; + +import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm; +import org.jboss.security.xacml.sunxacml.EvaluationCtx; +import org.jboss.security.xacml.sunxacml.ctx.Result; +import org.jboss.security.xacml.sunxacml.Rule; +import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm +{ + /** + * + * @throws URISyntaxException + */ + public NoPermitMeansDeniedAlg() throws URISyntaxException + { + super(new URI("rule-combining-alg:nopermit-means-denied")); + } + + /** + * + * @param context + * @param rules + * @return + */ + public Result combine(EvaluationCtx context, List parameters, List ruleElements) + { + Result result = new Result(Result.DECISION_PERMIT); + + Iterator rules = ruleElements.iterator(); + boolean permitFound = false; + while(rules.hasNext()) + { + RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next(); + Rule rule = ruleCombinerElement.getRule(); + Result currentResult = rule.evaluate(context); + + if(currentResult.getDecision() == Result.DECISION_PERMIT) + { + permitFound = true; + break; + } + } + + if(!permitFound) + { + result = new Result(Result.DECISION_DENY); + } + + return result; + } +} Added: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java =================================================================== --- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java (rev 0) +++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/component/TestPortletResource.java 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,110 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.portal.component; + +import java.net.URI; + +import junit.framework.TestCase; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.bootstrap.ServiceContainer; +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; + +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.Effect; + +import org.jboss.security.authz.portal.component.resource.PortletResource; +import org.jboss.security.authz.portal.component.action.ViewMode; +import org.jboss.security.authz.portal.component.action.AdminMode; +import org.jboss.security.authz.portal.component.action.EditMode; +import org.jboss.security.authz.portal.component.action.HelpMode; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class TestPortletResource extends TestCase +{ + private static Logger log = Logger.getLogger(TestPortletResource.class); + + private PolicyComposer policyComposer; + + protected void setUp() throws Exception + { + ServiceContainer.bootstrap(); + this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer"); + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------------ + public void testModeSecurity() throws Exception + { + PortletResource portletResource = new PortletResource(); + portletResource.setUri(new URI("/classic/public/forumpage/forum")); + + Roles adminRoles = new Roles(); + adminRoles.setMustMatchAll(true); + adminRoles.addName("admin"); + + Roles editRoles = new Roles(); + editRoles.addName("authenticated"); + + Roles viewAndHelpRoles = new Roles(); + viewAndHelpRoles.addName("anonymous"); + viewAndHelpRoles.addName("authenticated"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(portletResource); + context.addPolicyRule(Effect.PERMIT, new AdminMode(), adminRoles, "allowExpression"); + context.addPolicyRule(Effect.PERMIT, new EditMode(), editRoles, "allowExpression"); + context.addPolicyRule(Effect.PERMIT, new ViewMode(), viewAndHelpRoles, "allowExpression"); + context.addPolicyRule(Effect.PERMIT, new HelpMode(), viewAndHelpRoles, "allowExpression"); + + Policy policy = new MockPolicy("testModeSecurity", this.policyComposer.compose(context)); + + log.info("------------------------------------------------------------------"); + log.info(policy.generateSystemPolicy()); + } + + public void testTopicSecurity() throws Exception + { + PortletResource portletResource = new PortletResource(); + portletResource.setUri(new URI("/classic/public/forumpage/forum")); + portletResource.addParameter("topicId", "1234"); + + Roles topicRoles = new Roles(); + topicRoles.setMustMatchAll(true); + topicRoles.addName("employees"); + topicRoles.addName("partners"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(portletResource); + context.addPolicyRule(Effect.PERMIT, new ViewMode(), topicRoles, "allowExpression"); + + Policy policy = new MockPolicy("testTopicSecurity", this.policyComposer.compose(context)); + + log.info("------------------------------------------------------------------"); + log.info(policy.generateSystemPolicy()); + } +} Added: authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml =================================================================== --- authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml (rev 0) +++ authz/trunk/portal-profile/src/test/resources/hibernate.cfg.xml 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,59 @@ +<?xml version='1.0' encoding='utf-8'?> +<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ~ JBoss, a division of Red Hat ~ + ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~ + ~ contributors as indicated by the @authors tag. See the ~ + ~ copyright.txt in the distribution for a full listing of ~ + ~ individual contributors. ~ + ~ ~ + ~ This is free software; you can redistribute it and/or modify it ~ + ~ under the terms of the GNU Lesser General Public License as ~ + ~ published by the Free Software Foundation; either version 2.1 of ~ + ~ the License, or (at your option) any later version. ~ + ~ ~ + ~ This software is distributed in the hope that it will be useful, ~ + ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~ + ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~ + ~ Lesser General Public License for more details. ~ + ~ ~ + ~ You should have received a copy of the GNU Lesser General Public ~ + ~ License along with this software; if not, write to the Free ~ + ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~ + ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~--> + +<!DOCTYPE hibernate-configuration PUBLIC + "-//Hibernate/Hibernate Configuration DTD//EN" + "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> + +<hibernate-configuration> + <session-factory> + <!-- Database connection settings --> + <property name="connection.driver_class">org.hsqldb.jdbcDriver</property> + <property name="connection.url">jdbc:hsqldb:file:target/testdb</property> + <property name="connection.username">sa</property> + <property name="connection.password"></property> + + <!-- JDBC connection pool (use the built-in) --> + <property name="connection.pool_size">1</property> + + <!-- SQL dialect --> + <property name="dialect">org.hibernate.dialect.HSQLDialect</property> + + <!-- Enable Hibernate's automatic session context management --> + <property name="current_session_context_class">thread</property> + + <!-- Disable the second-level cache --> + <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property> + + <!-- Echo all executed SQL to stdout --> + <property name="show_sql">true</property> + + <!-- + Drop and re-create the database schema on startup + --> + <property name="hbm2ddl.auto">create</property> + + <mapping resource="policy.hbm.xml"/> + </session-factory> +</hibernate-configuration> \ No newline at end of file Added: authz/trunk/portal-profile/src/test/resources/log4j.properties =================================================================== --- authz/trunk/portal-profile/src/test/resources/log4j.properties (rev 0) +++ authz/trunk/portal-profile/src/test/resources/log4j.properties 2010-01-19 17:46:00 UTC (rev 1101) @@ -0,0 +1,8 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootCategory=INFO, CONSOLE + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=INFO +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n