Author: sohil.shah(a)jboss.com
Date: 2009-01-28 01:09:13 -0500 (Wed, 28 Jan 2009)
New Revision: 12681
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/components/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/components/subject/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
Modified:
modules/authorization/trunk/PAP/pom.xml
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/components/HttpResource.java
Log:
Adding more security components
Modified: modules/authorization/trunk/PAP/pom.xml
===================================================================
--- modules/authorization/trunk/PAP/pom.xml 2009-01-27 21:05:15 UTC (rev 12680)
+++ modules/authorization/trunk/PAP/pom.xml 2009-01-28 06:09:13 UTC (rev 12681)
@@ -74,10 +74,8 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <!--
- <include>**/TestHierarchialPolicy.java</include>
- -->
+ <includes>
+ <include>**/TestIdentity.java</include>
</includes>
</configuration>
</plugin>
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-01-28
06:09:13 UTC (rev 12681)
@@ -0,0 +1,114 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.subject;
+
+import java.util.Set;
+import java.util.HashSet;
+
+import junit.framework.TestCase;
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.model.Target;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.ExpressionBuilder;
+import org.jboss.security.authz.pap.policy.HierarchialPolicy;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestIdentity extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestIdentity.class);
+
+ public void testGetAllowAuthMethodRule() throws Exception
+ {
+ Identity identity = new Identity();
+ identity.setName("admin");
+ identity.setAuthenticationMethod("CERT");
+
+ Target target = new Target();
+ target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
+
+ Set<Rule> rules = new HashSet<Rule>();
+ rules.add(identity.getAllowAuthMethodRule());
+
+ Policy policy = new HierarchialPolicy("testGetAllowAuthMethodRule", target,
rules);
+
+ log.info("----------------------------------------------------------------");
+ log.info(policy.generateXACMLPolicy());
+ }
+
+ public void testGetDenyAuthMethodRule() throws Exception
+ {
+ Identity identity = new Identity();
+ identity.setName("admin");
+ identity.setAuthenticationMethod("CERT");
+
+ Target target = new Target();
+ target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
+
+ Set<Rule> rules = new HashSet<Rule>();
+ rules.add(identity.getDenyAuthMethodRule());
+
+ Policy policy = new HierarchialPolicy("testGetDenyAuthMethodRule", target,
rules);
+
+ log.info("----------------------------------------------------------------");
+ log.info(policy.generateXACMLPolicy());
+ }
+
+ public void testGetAllowIdentityRule() throws Exception
+ {
+ Identity identity = new Identity();
+ identity.setName("admin");
+ identity.setAuthenticationMethod("CERT");
+
+ Target target = new Target();
+ target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
+
+ Set<Rule> rules = new HashSet<Rule>();
+ rules.add(identity.getAllowIdentityRule());
+
+ Policy policy = new HierarchialPolicy("testGetAllowIdentityRule", target,
rules);
+
+ log.info("----------------------------------------------------------------");
+ log.info(policy.generateXACMLPolicy());
+ }
+
+ public void testGetDenyIdentityRule() throws Exception
+ {
+ Identity identity = new Identity();
+ identity.setName("admin");
+ identity.setAuthenticationMethod("CERT");
+
+ Target target = new Target();
+ target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
+
+ Set<Rule> rules = new HashSet<Rule>();
+ rules.add(identity.getDenyIdentityRule());
+
+ Policy policy = new HierarchialPolicy("testGetDenyIdentityRule", target,
rules);
+
+ log.info("----------------------------------------------------------------");
+ log.info(policy.generateXACMLPolicy());
+ }
+}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-01-27
21:05:15 UTC (rev 12680)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-01-28
06:09:13 UTC (rev 12681)
@@ -24,7 +24,11 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.ExpressionBuilder;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Target;
+import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
@@ -50,14 +54,11 @@
*/
private String authenticationMethod;
- public Identity(String name)
+ public Identity()
{
- if(name == null || name.trim().length() == 0)
- {
- throw new IllegalArgumentException("Identity Name Cannot Be Empty");
- }
+
}
-
+
public String getName()
{
return name;
@@ -80,35 +81,122 @@
}
//------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
- * Creates an expression for matching an the Identity of the Authenticated User
+ * Creates a Rule to Allow Access to this Identity
*
- * @return an expression that will be used within the Policy Definition
+ * @return rule that Allows Access to this Identity
*/
- public AttributeExpression createIdentityExpression()
- {
- return ExpressionBuilder.getInstance().createIdentityExpression(this.name);
+ public Rule getAllowIdentityRule()
+ {
+ if(this.name == null || this.name.trim().length() == 0)
+ {
+ throw new IllegalStateException("Identity Name Is Missing!!");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.PERMIT);
+ rule.setTarget(target);
+
+
target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
+
+ return rule;
}
/**
- * Creates an expression for matching the Authentication Method of the User
+ * Creates a Rule to Deny Access to this Identity
*
- * @return an expression that will be used within the Policy Definition
+ * @return rule that Denies Access to this Identity
*/
- public AttributeExpression createAuthMethodExpression()
- {
- if(this.authenticationMethod == null || this.authenticationMethod.trim().length()
== 0)
- {
- throw new IllegalStateException("Authentication Method is Empty");
- }
+ public Rule getDenyIdentityRule()
+ {
+ if(this.name == null || this.name.trim().length() == 0)
+ {
+ throw new IllegalStateException("Identity Name Is Missing!!");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
- AttributeExpression expression = new AttributeExpression();
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.DENY);
+ rule.setTarget(target);
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
- Attribute attribute = new
Attribute(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD,
- XMLSchemaConstants.DATATYPE_STRING, this.authenticationMethod);
- expression.setAttribute(attribute);
-
- return expression;
+ return rule;
}
+
+ /**
+ * Creates a Rule to Allow Access to this Identity if User is authenticated with the
Authentication Method
+ *
+ * @return rule that Allows Access if User of this Identity is authenticated by this
Authentication Method
+ */
+ public Rule getAllowAuthMethodRule()
+ {
+ if(this.name == null || this.name.trim().length() == 0)
+ {
+ throw new IllegalStateException("Identity Name Is Missing!!");
+ }
+
+ if(this.authenticationMethod == null || this.authenticationMethod.trim().length() ==
0)
+ {
+ throw new IllegalStateException("Authentication Method Is Missing!!");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.PERMIT);
+ rule.setTarget(target);
+
+
target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD,
+ XMLSchemaConstants.DATATYPE_STRING, this.authenticationMethod);
+ expression.setAttribute(attribute);
+ rule.setExpression(expression);
+
+ return rule;
+ }
+
+ /**
+ * Creates a Rule to Deny Access to this Identity if User is authenticated with the
Authentication Method
+ *
+ * @return rule that Allows Access if User of this Identity is authenticated by this
Authentication Method
+ */
+ public Rule getDenyAuthMethodRule()
+ {
+ if(this.name == null || this.name.trim().length() == 0)
+ {
+ throw new IllegalStateException("Identity Name Is Missing!!");
+ }
+
+ if(this.authenticationMethod == null || this.authenticationMethod.trim().length() ==
0)
+ {
+ throw new IllegalStateException("Authentication Method Is Missing!!");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.DENY);
+ rule.setTarget(target);
+
+
target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD,
+ XMLSchemaConstants.DATATYPE_STRING, this.authenticationMethod);
+ expression.setAttribute(attribute);
+ rule.setExpression(expression);
+
+ return rule;
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2009-01-27
21:05:15 UTC (rev 12680)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2009-01-28
06:09:13 UTC (rev 12681)
@@ -26,6 +26,10 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Target;
+import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
@@ -50,6 +54,11 @@
*/
private String dnsName;
+ /**
+ * Regular Expression for matching the fact whether the IP Address of the remote
Machine falls within the specified range of IP Addresses
+ */
+ private String ipRangeRegEx;
+
public Machine()
{
@@ -74,19 +83,37 @@
{
this.dnsName = dnsName;
}
+
+
+ public String getIpRangeRegEx()
+ {
+ return ipRangeRegEx;
+ }
+
+ public void setIpRangeRegEx(String ipRangeRegEx)
+ {
+ this.ipRangeRegEx = ipRangeRegEx;
+ }
//------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
- * Creates an expression for matching the IP Address of the remote Machine
+ * Creates a Rule specifying that the Remote Machine with this IP Address should be
Allowed Access
*
- * @return an expression that will be used within the Policy Definition
+ * @return the rule
*/
- public AttributeExpression createRemoteIPExpression()
+ public Rule getAllowedRemoteIP()
{
if(this.ipAddress == null)
{
throw new IllegalStateException("The IP Address is Empty");
}
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.PERMIT);
+ rule.setTarget(target);
+
AttributeExpression expression = new AttributeExpression();
expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
@@ -95,45 +122,94 @@
XMLSchemaConstants.DATATYPE_STRING, this.ipAddress.getHostAddress());
expression.setAttribute(attribute);
- return expression;
+ rule.setExpression(expression);
+
+ return rule;
}
/**
- * Creates an expression for matching the fact whether the IP Address of the remote
Machine falls within the specified range of IP Addresses
+ * Creates a Rule specifying that the Remote Machine with this IP Address should be
Denied Access
*
- * @param ipRangeRegex A regular expression to represent the range of IP Addresses
- * @return the desired expression
+ * @return the rule
*/
- public AttributeExpression createIsMachineInRangeExpression(String ipRangeRegex)
+ public Rule getDeniedRemoteIP()
{
if(this.ipAddress == null)
{
throw new IllegalStateException("The IP Address is Empty");
}
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.DENY);
+ rule.setTarget(target);
+
AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, ipRangeRegex);
+ XMLSchemaConstants.DATATYPE_STRING, this.ipAddress.getHostAddress());
expression.setAttribute(attribute);
- return expression;
+ rule.setExpression(expression);
+
+ return rule;
}
+
+ /**
+ * Creates a Rule that specifies that the Remote Machine with its DNS address is
Allowed Access
+ *
+ * @return the rule
+ */
+ public Rule getAllowedRemoteDNS()
+ {
+ if(this.dnsName == null || this.dnsName.trim().length() == 0)
+ {
+ throw new IllegalStateException("The DNSName is Empty");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.PERMIT);
+ rule.setTarget(target);
+
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_DNS_NAME,
+ XMLSchemaConstants.DATATYPE_STRING, this.dnsName);
+ expression.setAttribute(attribute);
+
+ rule.setExpression(expression);
+
+ return rule;
+ }
/**
- * Creates an expression for matching the DNS Name of the remote Machine
+ * Creates a Rule that specifies that the Remote Machine with its DNS address is
Denied Access
*
- * @return the desired expression
+ * @return the rule
*/
- public AttributeExpression createRemoteDNSExpression()
+ public Rule getDenyRemoteDNS()
{
if(this.dnsName == null || this.dnsName.trim().length() == 0)
{
throw new IllegalStateException("The DNSName is Empty");
}
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.DENY);
+ rule.setTarget(target);
+
AttributeExpression expression = new AttributeExpression();
expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
@@ -142,6 +218,68 @@
XMLSchemaConstants.DATATYPE_STRING, this.dnsName);
expression.setAttribute(attribute);
- return expression;
+ rule.setExpression(expression);
+
+ return rule;
}
+
+ /**
+ * Creates a Rule specifying that the Remote Machine should be Allowed Access if it
falls within the specified IP Range
+ *
+ * @return the rule
+ */
+ public Rule getAllowedRemoteIPRange()
+ {
+ if(this.ipRangeRegEx == null || this.ipRangeRegEx.trim().length() == 0)
+ {
+ throw new IllegalStateException("The IP Range is not specified");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.PERMIT);
+ rule.setTarget(target);
+
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
+ XMLSchemaConstants.DATATYPE_IPADDRESS, this.ipRangeRegEx);
+ expression.setAttribute(attribute);
+
+ return rule;
+ }
+
+ /**
+ * Creates a Rule specifying that the Remote Machine should be Denied Access if it
falls within the specified IP Range
+ *
+ * @return the rule
+ */
+ public Rule getDeniedRemoteIPRange()
+ {
+ if(this.ipRangeRegEx == null || this.ipRangeRegEx.trim().length() == 0)
+ {
+ throw new IllegalStateException("The IP Range is not specified");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.DENY);
+ rule.setTarget(target);
+
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
+ XMLSchemaConstants.DATATYPE_IPADDRESS, this.ipRangeRegEx);
+ expression.setAttribute(attribute);
+
+ return rule;
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java 2009-01-27
21:05:15 UTC (rev 12680)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java 2009-01-28
06:09:13 UTC (rev 12681)
@@ -24,6 +24,10 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Target;
+import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.model.Effect;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
@@ -44,12 +48,9 @@
*/
private String name;
- public Role(String name)
+ public Role()
{
- if(name == null || name.trim().length() == 0)
- {
- throw new IllegalArgumentException("Role Name Cannot Be Empty");
- }
+
}
public String getName()
@@ -63,20 +64,62 @@
}
//------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
- * Creates an expression for matching the Role of the Authenticated User
+ * Creates a Rule that Allows Access if the Identity/User in question Belongs to the
specified Role
*
- * @return an expression that will be used within the Policy Definition
+ * @return the rule
*/
- public AttributeExpression createIsUserInRoleExpression()
+ public Rule getAllowUserInRole()
{
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
+ if(this.name == null || this.name.trim().length() == 0)
+ {
+ throw new IllegalStateException("Role is not specified!!");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.PERMIT);
+ rule.setTarget(target);
+
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
XMLSchemaConstants.DATATYPE_STRING, this.name);
expression.setAttribute(attribute);
+ rule.setExpression(expression);
- return expression;
- }
+ return rule;
+ }
+
+ /**
+ * Creates a Rule that Denies Access if the Identity/User in question Belongs to the
specified Role
+ *
+ * @return the rule
+ */
+ public Rule getDenyUserInRole()
+ {
+ if(this.name == null || this.name.trim().length() == 0)
+ {
+ throw new IllegalStateException("Role is not specified!!");
+ }
+
+ Rule rule = new Rule();
+ Target target = new Target();
+
+ rule.setRuleId(GeneralTool.generateUniqueId());
+ rule.setEffect(Effect.DENY);
+ rule.setTarget(target);
+
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
+ XMLSchemaConstants.DATATYPE_STRING, this.name);
+ expression.setAttribute(attribute);
+ rule.setExpression(expression);
+
+ return rule;
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2009-01-27
21:05:15 UTC (rev 12680)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2009-01-28
06:09:13 UTC (rev 12681)
@@ -51,7 +51,9 @@
//TODO: add all the conditions to detect a Subject Attribute
if(uri.equals(XACMLConstants.ATTRIBUTEID_ROLE) ||
- uri.equals(XACMLConstants.ATTRIBUTEID_IP_ADDRESS)
+ uri.equals(XACMLConstants.ATTRIBUTEID_IP_ADDRESS) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_SUBJECT_ID)
)
{
attributeDesignator =
PolicyAttributeFactory.createSubjectAttributeDesignatorType(attribute.getUri(),
@@ -86,13 +88,13 @@
String uri = attributeDesignator.getAttributeId();
//TODO: finish this implementation to include all Attribute Types like Resource,
Action, and Environment
- if(uri.equals(XACMLConstants.ATTRIBUTEID_ACTION_ID))
+ if(uri.equals(XACMLConstants.ATTRIBUTEID_ACTION_ID)
+ )
{
xmlRep = objectFactory.createActionAttributeDesignator(attributeDesignator);
}
}
-
-
+
return xmlRep;
}
}
Modified:
modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/components/HttpResource.java
===================================================================
---
modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/components/HttpResource.java 2009-01-27
21:05:15 UTC (rev 12680)
+++
modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/components/HttpResource.java 2009-01-28
06:09:13 UTC (rev 12681)
@@ -83,20 +83,8 @@
this.allowedRoles = new HashSet<String>();
this.deniedRoles = new HashSet<String>();
this.allowedIps = new HashSet<String>();
- }
-
- public HttpResource(String url)
- {
- this();
-
- if(url == null)
- {
- throw new IllegalArgumentException("URL Cannot Be Empty");
- }
+ }
- this.url = url;
- }
-
public Map<String, String> getParameters()
{
return parameters;