Author: sohil.shah(a)jboss.com Date: 2010-01-22 14:36:21 -0500 (Fri, 22 Jan 2010) New Revision: 1109 Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java Log: some cleanup Modified: authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java =================================================================== --- authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-20 01:06:02 UTC (rev 1108) +++ authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortletPolicyConfig.java 2010-01-22 19:36:21 UTC (rev 1109) @@ -1,24 +1,24 @@ /* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ + * JBoss, a division of Red Hat + * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated + * by the @authors tag. See the copyright.txt in the distribution for a + * full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ package org.jboss.security.authz.portal.configuration; import java.io.ByteArrayInputStream; @@ -57,7 +57,8 @@ import org.jboss.security.authz.portal.component.action.HelpMode; /** - * Used to configure Security Policies for a Portal Object Tree using Easy Domain specific XML + * Used to configure Security Policies for a Portal Object Tree using Easy + * Domain specific XML * * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> */ @@ -76,14 +77,16 @@ { this.policyComposer = policyComposer; } - + public PortletPolicyConfig() { - - } - //-----PolicyConfig Implementation-------------------------------------------------------------------------------------------------------------------------- - public Set<PolicyMetaData> configure(String easyDomainXml) - { + + } + + // -----PolicyConfig + // Implementation-------------------------------------------------------------------------------------------------------------------------- + public Set<PolicyMetaData> configure(String easyDomainXml) + { InputStream xmlStream = null; try { @@ -93,14 +96,14 @@ DocumentBuilder builder = DocumentBuilderFactory.newInstance() .newDocumentBuilder(); Document document = builder.parse(xmlStream); - + NodeList securityConstraints = document .getElementsByTagName("security-constraint"); Map<String, CompositionContext> windowPolicyContexts = new HashMap<String, CompositionContext>(); for (int i = 0, length = securityConstraints.getLength(); i < length; i++) { Element securityConstraint = (Element) securityConstraints.item(i); - + // Parse out information related to access control based on user roles NodeList roleNodes = securityConstraint.getElementsByTagName("roles"); Roles allowRoles = new Roles(); @@ -134,8 +137,7 @@ } } } - - + // Parse out the resources and actions upon which the Policies must be // created Element portletResourceCollection = (Element) securityConstraint @@ -149,70 +151,71 @@ // SetUp the Portlet Resource PortletResource policyResource = new PortletResource(); Element portletResource = (Element) resources.item(j); - Element portletName = (Element) portletResource.getElementsByTagName( - "portlet-name").item(0); + Element portletName = (Element) portletResource + .getElementsByTagName("portlet-name").item(0); - policyResource.setUri(new URI(portletName.getTextContent().trim())); - + policyResource.setUri(new URI(portletName.getTextContent().trim())); + this.parseParameters(policyResource, portletResource); // Setup the Action Targets to be secured on this resource List<Operation> secureModes = this .parseSecureModes(portletResource); - if (secureModes != null && !secureModes.isEmpty()) + // SetUp Policy Composition Context + CompositionContext context = windowPolicyContexts + .get(policyResource.getUri().toString()); + + if (context == null) { - // SetUp Policy Composition Context - CompositionContext context = windowPolicyContexts.get(policyResource.getUri().toString()); - - if(context == null) + context = new CompositionContext(); + context.setPolicyTarget(policyResource); + } + + for (Operation secureMode : secureModes) + { + //Add Role-Based (RBAC) rules here + if (!allowRoles.isEmpty()) { - context = new CompositionContext(); - context.setPolicyTarget(policyResource); + context.addPolicyRule(Effect.PERMIT, secureMode, allowRoles, + "allowExpression"); } - - for (Operation secureMode : secureModes) + + if (!denyRoles.isEmpty()) { - if (!allowRoles.isEmpty()) - { - context.addPolicyRule(Effect.PERMIT, secureMode, - allowRoles, "allowExpression"); - } - - if (!denyRoles.isEmpty()) - { - context.addPolicyRule(Effect.DENY, secureMode, denyRoles, - "denyExpression"); - } + context.addPolicyRule(Effect.DENY, secureMode, denyRoles, + "denyExpression"); } - if(!policyResource.getUri().toString().startsWith("/window")) - { - // Generate the Policy - PolicyMetaData policyMetaData = this.policyComposer + //TODO: Add Time based rules here + } + + if (!policyResource.getUri().toString().startsWith("/window")) + { + // Generate the Policy + PolicyMetaData policyMetaData = this.policyComposer .compose(context); - policies.add(policyMetaData); - } - else - { - windowPolicyContexts.put(policyResource.getUri().toString(), context); - } + policies.add(policyMetaData); } + else + { + windowPolicyContexts.put(policyResource.getUri().toString(), + context); + } } } } - - if(!windowPolicyContexts.isEmpty()) + + if (!windowPolicyContexts.isEmpty()) { Collection<CompositionContext> contexts = windowPolicyContexts.values(); - for(CompositionContext context: contexts) + for (CompositionContext context : contexts) { - PolicyMetaData policyMetaData = this.policyComposer - .compose(context); - policies.add(policyMetaData); + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + policies.add(policyMetaData); } } - + return policies; } catch (Exception e) @@ -235,9 +238,10 @@ } } } - //--------------------------------------------------------------------------------------------------------------------------------------------------------------- - private void parseParameters(PortletResource policyResource, Element portletResourceElem) - throws Exception + + // --------------------------------------------------------------------------------------------------------------------------------------------------------------- + private void parseParameters(PortletResource policyResource, + Element portletResourceElem) throws Exception { // Process Parameters Element parameters = (Element) portletResourceElem.getElementsByTagName( @@ -259,14 +263,14 @@ } } } - + private List<Operation> parseSecureModes(Element portletResource) throws Exception { List<Operation> secureModes = new ArrayList<Operation>(); NodeList modes = portletResource.getElementsByTagName("mode"); - if (modes != null && modes.getLength()>0) + if (modes != null && modes.getLength() > 0) { for (int i = 0; i < modes.getLength(); i++) { @@ -296,7 +300,7 @@ { secureModes.add(new ViewMode()); } - + return secureModes; } } Modified: authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java =================================================================== --- authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-20 01:06:02 UTC (rev 1108) +++ authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortletPolicyConfig.java 2010-01-22 19:36:21 UTC (rev 1109) @@ -196,7 +196,7 @@ EnforcementContext context = new EnforcementContext(); // Resource being accessed - context.setAttribute("portlet-resource", protectedResource); + context.setAttribute("resource", protectedResource); // Create Subjects Roles roles = new Roles(); @@ -209,11 +209,11 @@ // Action being performed if(actionComponent != null) { - context.setAttribute("portlet-mode", actionComponent); + context.setAttribute("mode", actionComponent); } else { - context.setAttribute("portlet-mode", new ViewMode()); + context.setAttribute("mode", new ViewMode()); } return context;