Author: sohil.shah(a)jboss.com
Date: 2009-10-04 10:07:49 -0400 (Sun, 04 Oct 2009)
New Revision: 814
Modified:
authz/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java
authz/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/integration/TestTimeOfDay.java
authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
Log:
experimenting with introducing environment based components (currentTime)
Modified:
authz/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java
===================================================================
---
authz/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-10-02
22:09:20 UTC (rev 813)
+++
authz/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-10-04
14:07:49 UTC (rev 814)
@@ -27,6 +27,7 @@
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;
+import java.util.Calendar;
import org.apache.log4j.Logger;
@@ -36,6 +37,7 @@
import org.jboss.security.authz.model.Resource;
import org.jboss.security.authz.model.Subject;
import org.jboss.security.authz.model.Action;
+import org.jboss.security.authz.model.Environment;
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.components.subject.Identity;
import org.jboss.security.authz.components.subject.Roles;
@@ -91,6 +93,10 @@
{
input = SecurityContextDataProcessor.processEnforcementState((Map)input);
}
+ else if(Calendar.class.isAssignableFrom(input.getClass()))
+ {
+ //do nothing..
+ }
else
{
input = input.toString();
@@ -125,6 +131,10 @@
cour.add(this.generateRoles((Set<String>)input));
}
}
+ else
if(componentCategory.getAttributeCategory().equals(XACMLConstants.ATTRIBUTEID_CURRENT_TIME))
+ {
+ cour.add(this.generateCurrentTime((Calendar)input));
+ }
}
enforcementState = cour.toArray(new AbstractContextObject[0]);
@@ -213,5 +223,22 @@
}
return subject;
- }
+ }
+
+ private Environment generateCurrentTime(Calendar currentTime)
+ {
+ Environment env = new Environment();
+
+ //TODO: fix the DATATYPE_TIME parsing issues in the xacml engine...so for now just use
this
+ //as a simple string type
+ //Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_CURRENT_TIME,
+ // XMLSchemaConstants.DATATYPE_TIME, ""+currentTime.getTime().getTime());
+ //env.addAttribute(attribute);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_CURRENT_TIME,
+ XMLSchemaConstants.DATATYPE_STRING, ""+currentTime.getTime().getTime());
+ env.addAttribute(attribute);
+
+ return env;
+ }
}
Modified:
authz/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/integration/TestTimeOfDay.java
===================================================================
---
authz/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/integration/TestTimeOfDay.java 2009-10-02
22:09:20 UTC (rev 813)
+++
authz/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/integration/TestTimeOfDay.java 2009-10-04
14:07:49 UTC (rev 814)
@@ -25,14 +25,11 @@
import java.util.Calendar;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Operation;
import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.components.action.Manage;
import org.jboss.security.authz.components.environment.TimeOfDay;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
@@ -43,38 +40,68 @@
*/
public class TestTimeOfDay extends AbstractIntegrationTest
{
- public void testAccessBeforeSpecifiedTime() throws Exception
+ public void testPermitBeforeSpecifiedTime() throws Exception
{
// SetUp Resource
URIResource resource = new URIResource();
resource.setUri(new URI("/blah/index.html"));
Read action = new Read();
-
+
TimeOfDay timeOfDay = new TimeOfDay();
Calendar restrictiveCondition = Calendar.getInstance();
- int hour = restrictiveCondition.get(Calendar.HOUR_OF_DAY);
- restrictiveCondition.set(Calendar.HOUR_OF_DAY, (hour + 1));
timeOfDay.setTimeofDay(restrictiveCondition);
-
// Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, timeOfDay,
- "matchIfBefore");
+ context.addPolicyRule(Effect.PERMIT, action, timeOfDay, "matchIfBefore");
- // Store the policy into the Policy Server
+ // Store the policy into the Policy Server
this.provisioner.deploy(context);
this.assertServerState();
// Go ahead and produce a RequestContext for a "Permit" Enforcement
- this.enforce(this.createEnforcementContext(resource, new Read()), true);
- }
+ Calendar accessTime = Calendar.getInstance();
+ int hour = accessTime.get(Calendar.HOUR_OF_DAY);
+ accessTime.set(Calendar.HOUR_OF_DAY, (hour - 1));
+ this.enforce(this
+ .createEnforcementContext(resource, new Read(), accessTime), true);
+ }
+
+ public void testDeniedBeforeSpecifiedTime() throws Exception
+ {
+ // SetUp Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI("/blah/index.html"));
+
+ Read action = new Read();
+
+ TimeOfDay timeOfDay = new TimeOfDay();
+ Calendar restrictiveCondition = Calendar.getInstance();
+ timeOfDay.setTimeofDay(restrictiveCondition);
+
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.PERMIT, action, timeOfDay, "matchIfBefore");
+
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
+ Calendar accessTime = Calendar.getInstance();
+ int hour = accessTime.get(Calendar.HOUR_OF_DAY);
+ accessTime.set(Calendar.HOUR_OF_DAY, (hour + 1));
+ this.enforce(this
+ .createEnforcementContext(resource, new Read(), accessTime), false);
+ }
//
------------------------------------------------------------------------------------------------------------------------------------------------------
private EnforcementContext createEnforcementContext(URIResource uriResource,
- Operation operation) throws Exception
+ Operation operation, Calendar accessTime) throws Exception
{
// Create an EnforcementContext
EnforcementContext context = new EnforcementContext();
@@ -89,9 +116,9 @@
// Create Action
context.setAttribute("action", operation);
-
+
TimeOfDay timeOfDay = new TimeOfDay();
- timeOfDay.setTimeofDay(Calendar.getInstance());
+ timeOfDay.setTimeofDay(accessTime);
context.setAttribute("currentTime", timeOfDay);
return context;
Modified:
authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
===================================================================
---
authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-10-02
22:09:20 UTC (rev 813)
+++
authz/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-10-04
14:07:49 UTC (rev 814)
@@ -177,9 +177,11 @@
//Inject Roles
Set<String> roles = new HashSet<String>();
- EvaluationResult roleResult = context.getSubjectAttribute(new
URI(XMLSchemaConstants.DATATYPE_STRING),
- new URI(XACMLConstants.ATTRIBUTEID_ROLE),
- new URI(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT));
+ EvaluationResult roleResult = context.getSubjectAttribute(
+ new URI(XMLSchemaConstants.DATATYPE_STRING), //type
+ new URI(XACMLConstants.ATTRIBUTEID_ROLE), //id
+ new URI(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT) //category
+ );
BagAttribute roleValues = (BagAttribute)roleResult.getAttributeValue();
Iterator itr = roleValues.iterator();
@@ -187,12 +189,21 @@
{
StringAttribute str = (StringAttribute)itr.next();
roles.add(str.getValue().toLowerCase());
- }
-
-
+ }
workingMemory.insert(roles);
- //FIXME: hack job
- workingMemory.insert(new Date());
+ //extract the current time attribute if one is specified
+ EvaluationResult timeResult = context.getEnvironmentAttribute(new URI(
+ XMLSchemaConstants.DATATYPE_STRING), //type
+ new URI(XACMLConstants.ATTRIBUTEID_CURRENT_TIME), //id
+ null //issuer
+ );
+ BagAttribute currentTime = (BagAttribute)timeResult.getAttributeValue();
+ itr = currentTime.iterator();
+ while(itr.hasNext())
+ {
+ StringAttribute cour = (StringAttribute)itr.next();
+ workingMemory.insert(new Date(Long.parseLong(cour.getValue())));
+ }
}
}