Author: sohil.shah(a)jboss.com
Date: 2010-06-13 15:46:30 -0400 (Sun, 13 Jun 2010)
New Revision: 1135
Modified:
authz/gatein/authz-plugin/trunk/service/src/main/java/org/jboss/gatein/authz/service/SecurityService.java
authz/gatein/authz-plugin/trunk/service/src/test/java/org/jboss/gatein/authz/service/TestKernelStartup.java
authz/gatein/authz-plugin/trunk/testwebapp/src/main/java/org/jboss/gatein/authz/test/web/TestKernel.java
Log:
testing SecurityService integration inside a Gatein instance on Tomcat
Modified:
authz/gatein/authz-plugin/trunk/service/src/main/java/org/jboss/gatein/authz/service/SecurityService.java
===================================================================
---
authz/gatein/authz-plugin/trunk/service/src/main/java/org/jboss/gatein/authz/service/SecurityService.java 2010-06-13
17:48:50 UTC (rev 1134)
+++
authz/gatein/authz-plugin/trunk/service/src/main/java/org/jboss/gatein/authz/service/SecurityService.java 2010-06-13
19:46:30 UTC (rev 1135)
@@ -24,12 +24,21 @@
import org.exoplatform.container.PortalContainer;
+import org.jboss.gatein.authz.service.agent.enforcement.LocalEnforcementPointComponent;
+import
org.jboss.gatein.authz.service.agent.provisioning.LocalPolicyProvisionerComponent;
+
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
public final class SecurityService
{
+ private PolicyProvisioner provisioner;
+ private PolicyEnforcementPoint enforcer;
+
public SecurityService()
{
@@ -37,15 +46,31 @@
public void start()
{
+ PortalContainer portal = PortalContainer.getInstance();
+
+ LocalPolicyProvisionerComponent provisionerComponent =
(LocalPolicyProvisionerComponent)portal.
+ getComponentInstanceOfType(LocalPolicyProvisionerComponent.class);
+ this.provisioner = provisionerComponent.getPolicyProvisioner();
+
+ //Enforcement service
+ LocalEnforcementPointComponent enforcementComponent =
(LocalEnforcementPointComponent)portal.
+ getComponentInstanceOfType(LocalEnforcementPointComponent.class);
+ this.enforcer = enforcementComponent.getEnforcementPoint();
}
public void stop()
{
-
+ this.provisioner = null;
+ this.enforcer = null;
}
- public PortalContainer getContainer()
+ public PolicyEnforcementPoint getEnforcer()
{
- return PortalContainer.getInstance();
+ return this.enforcer;
}
+
+ public PolicyProvisioner getProvisioner()
+ {
+ return this.provisioner;
+ }
}
Modified:
authz/gatein/authz-plugin/trunk/service/src/test/java/org/jboss/gatein/authz/service/TestKernelStartup.java
===================================================================
---
authz/gatein/authz-plugin/trunk/service/src/test/java/org/jboss/gatein/authz/service/TestKernelStartup.java 2010-06-13
17:48:50 UTC (rev 1134)
+++
authz/gatein/authz-plugin/trunk/service/src/test/java/org/jboss/gatein/authz/service/TestKernelStartup.java 2010-06-13
19:46:30 UTC (rev 1135)
@@ -73,7 +73,7 @@
public void testPolicyServiceBootstrap() throws Exception
{
- PortalContainer portal = this.securityService.getContainer();
+ PortalContainer portal = PortalContainer.getInstance();
//Integrating the EventBus service
LocalEventBusComponent eventBusComponent =
(LocalEventBusComponent)portal.getComponentInstanceOfType(LocalEventBusComponent.class);
Modified:
authz/gatein/authz-plugin/trunk/testwebapp/src/main/java/org/jboss/gatein/authz/test/web/TestKernel.java
===================================================================
---
authz/gatein/authz-plugin/trunk/testwebapp/src/main/java/org/jboss/gatein/authz/test/web/TestKernel.java 2010-06-13
17:48:50 UTC (rev 1134)
+++
authz/gatein/authz-plugin/trunk/testwebapp/src/main/java/org/jboss/gatein/authz/test/web/TestKernel.java 2010-06-13
19:46:30 UTC (rev 1135)
@@ -30,14 +30,14 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.exoplatform.container.PortalContainer;
import org.jboss.gatein.authz.service.SecurityService;
-import
org.jboss.gatein.authz.service.agent.provisioning.LocalPolicyProvisionerComponent;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.components.action.Read;
import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.model.Effect;
@@ -48,7 +48,6 @@
public final class TestKernel extends HttpServlet
{
private SecurityService securityService;
- private PolicyProvisioner provisioner;
@Override
public void init() throws ServletException
@@ -60,14 +59,6 @@
System.out.println("Initializing the GateIn Security Kernel....");
this.securityService = new SecurityService();
this.securityService.start();
-
- PortalContainer portal = this.securityService.getContainer();
-
- //Provisioner service
- System.out.println("Loading up Security Components............");
- LocalPolicyProvisionerComponent provisionerComponent =
(LocalPolicyProvisionerComponent)portal.
- getComponentInstanceOfType(LocalPolicyProvisionerComponent.class);
- this.provisioner = provisionerComponent.getPolicyProvisioner();
}
catch(Exception e)
{
@@ -94,6 +85,7 @@
try
{
this.executeProvisioningRequests();
+ this.executeEnforcementRequests();
this.getServletContext().getRequestDispatcher("/WEB-INF/jsp/kernel.jsp").forward(request,
response);
}
@@ -120,15 +112,58 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- this.provisioner.deploy(context);
+ this.securityService.getProvisioner().deploy(context);
System.out.println("---------------------------------------------");
System.out.println("Mock Policy successfully provisioned.........");
System.out.println("---------------------------------------------");
}
- private void executeEnforcementRequests()
+ private void executeEnforcementRequests() throws Exception
{
+ Read action = new Read();
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
+ URIResource contextResource = new URIResource();
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, action));
}
+
+ private EnforcementContext createEnforcementContext(
+ URIResource protectedResource, Read action) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Enable Hierarchial Enforcement
+ context.activateHierarchialEnforcement();
+
+ // Create Resource
+ context.setAttribute("uri-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ roles.addName("user");
+ context.setAttribute("roles", roles);
+ Identity identity = new Identity();
+ identity.setName("blah(a)blah.com");
+ context.setAttribute("identity", identity);
+
+ // Create Action
+ context.setAttribute("action", action);
+
+ return context;
+ }
+
+ protected void enforce(EnforcementContext enforcementContext) throws Exception
+ {
+ EnforcementResponse response = this.securityService.getEnforcer()
+ .checkAccess(enforcementContext);
+
+ System.out.println("-----------------------------------");
+ System.out.println("Decision=" + response.getMessage());
+ System.out.println("Access Granted=" + response.isAccessGranted());
+ }
}
Show replies by date