December 2008 - portal-commits - Jboss List Archives

Your order

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Your order

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Delivery Status Notification (Failure)

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

JBoss Portal SVN: r12380 - in modules/authorization/trunk/common/src/main/java/org/jboss/security/authz: components and 2 other directories.

by portal-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2008-12-13 01:41:52 -0500 (Sat, 13 Dec 2008) New Revision: 12380 Added: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/tools/ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/tools/GeneralTool.java Log: code backup Added: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java (rev 0) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2008-12-13 06:41:52 UTC (rev 12380) @@ -0,0 +1,108 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.components.subject; + +import org.jboss.security.authz.model.Attribute; +import org.jboss.security.authz.model.AttributeExpression; +import org.jboss.security.xacml.interfaces.XACMLConstants; +import org.jboss.security.xacml.interfaces.XMLSchemaConstants; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class Identity +{ + private String name; + private String authenticationMethod; + + public Identity(String name) + { + if(name == null || name.trim().length() == 0) + { + throw new IllegalArgumentException("Identity Name Cannot Be Empty"); + } + } + + public String getName() + { + return name; + } + + public void setName(String name) + { + this.name = name; + } + + + public String getAuthenticationMethod() + { + return authenticationMethod; + } + + public void setAuthenticationMethod(String authenticationMethod) + { + this.authenticationMethod = authenticationMethod; + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------ + /** + * Creates an expression for matching an the Identity of the Authenticated User + * + * @return an expression that will be used within the Policy Definition + */ + public AttributeExpression createIdentityExpression() + { + AttributeExpression expression = new AttributeExpression(); + + expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); + + Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID, + XMLSchemaConstants.DATATYPE_STRING, this.name); + expression.setAttribute(attribute); + + return expression; + } + + /** + * Creates an expression for matching the Authentication Method of the User + * + * @return an expression that will be used within the Policy Definition + */ + public AttributeExpression createAuthMethodExpression() + { + if(this.authenticationMethod == null || this.authenticationMethod.trim().length() == 0) + { + throw new IllegalStateException("Authentication Method is Empty"); + } + + AttributeExpression expression = new AttributeExpression(); + + expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); + + Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD, + XMLSchemaConstants.DATATYPE_STRING, this.authenticationMethod); + expression.setAttribute(attribute); + + return expression; + } +} Added: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java (rev 0) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2008-12-13 06:41:52 UTC (rev 12380) @@ -0,0 +1,32 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.components.subject; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class Machine +{ + +} Added: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java (rev 0) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/components/subject/Role.java 2008-12-13 06:41:52 UTC (rev 12380) @@ -0,0 +1,73 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.components.subject; + +import org.jboss.security.authz.model.Attribute; +import org.jboss.security.authz.model.AttributeExpression; +import org.jboss.security.xacml.interfaces.XACMLConstants; +import org.jboss.security.xacml.interfaces.XMLSchemaConstants; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class Role +{ + private String name; + + public Role(String name) + { + if(name == null || name.trim().length() == 0) + { + throw new IllegalArgumentException("Role Name Cannot Be Empty"); + } + } + + public String getName() + { + return name; + } + + public void setName(String name) + { + this.name = name; + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------ + /** + * Creates an expression for matching the Role of the Authenticated User + * + * @return an expression that will be used within the Policy Definition + */ + public AttributeExpression createIsUserInRole() + { + AttributeExpression expression = new AttributeExpression(); + + expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN); + + Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE, + XMLSchemaConstants.DATATYPE_STRING, this.name); + expression.setAttribute(attribute); + + return expression; + } +} Added: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/tools/GeneralTool.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/tools/GeneralTool.java (rev 0) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/tools/GeneralTool.java 2008-12-13 06:41:52 UTC (rev 12380) @@ -0,0 +1,37 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.tools; + +import java.util.UUID; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class GeneralTool +{ + public static String generateUniqueId() + { + return UUID.randomUUID().toString(); + } +}

17 years, 5 months

1
0
0 / 0

Delivery Status Notification (Failure)

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Delivery Status Notification

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

RE: Message

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

JBoss Portal SVN: r12379 - in modules/authorization/trunk: PAP/src/main/java/org/jboss/security/authz/pap/policy and 10 other directories.

by portal-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2008-12-12 17:27:01 -0500 (Fri, 12 Dec 2008) New Revision: 12379 Added: modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyStore.java modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyDeployer.java modules/authorization/trunk/http-authz/src/test/resources/META-INF/ modules/authorization/trunk/http-authz/src/test/resources/META-INF/jboss-beans.xml modules/authorization/trunk/http-authz/src/test/resources/http-policy.xml Removed: modules/authorization/trunk/PAP/src/main/resources/META-INF/ modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/server/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java Modified: modules/authorization/trunk/PAP/pom.xml modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java modules/authorization/trunk/PEP/pom.xml modules/authorization/trunk/http-authz/pom.xml Log: code backup Modified: modules/authorization/trunk/PAP/pom.xml =================================================================== --- modules/authorization/trunk/PAP/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/PAP/pom.xml 2008-12-12 22:27:01 UTC (rev 12379) @@ -74,8 +74,10 @@ <artifactId>maven-surefire-plugin</artifactId> <version>2.3.1</version> <configuration> - <includes> + <includes> +  </includes> </configuration> </plugin> Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java 2008-12-12 22:27:01 UTC (rev 12379) @@ -77,6 +77,7 @@ try { is = new BufferedInputStream(url.openStream()); + bos = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; //using a 1K buffer int bytesRead = -1; Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java 2008-12-12 22:27:01 UTC (rev 12379) @@ -32,7 +32,7 @@ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> * */ -public class Server +public final class Server { private static Kernel kernel; @@ -40,17 +40,7 @@ { } - - public void start() - { - System.out.println("PAP Server successfully started......."); - } - - public void stop() - { - } - public static void bootstrap() { try @@ -69,17 +59,17 @@ } } - public static Server getInstance() + public static Object lookup(String serviceId) { - Server server = null; + Object service = null; KernelController kernelController = kernel.getController(); - ControllerContext controllerContext = kernelController.getInstalledContext("PAP://Server"); + ControllerContext controllerContext = kernelController.getInstalledContext(serviceId); if(controllerContext != null) { - server = (Server)controllerContext.getTarget(); + service = controllerContext.getTarget(); } - return server; + return service; } } Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java 2008-12-12 22:27:01 UTC (rev 12379) @@ -22,9 +22,6 @@ ******************************************************************************/ package org.jboss.security.authz.pap.spi; -import java.util.List; - - import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyException; @@ -47,7 +44,7 @@ * * @return all the stored Policies */ - public List<Policy> readAllPolicies() throws PolicyException; + public Policy[] readAllPolicies() throws PolicyException; /** * Saves a Policy into storage. If this policy already exists in storage, then it updates it Modified: modules/authorization/trunk/PEP/pom.xml =================================================================== --- modules/authorization/trunk/PEP/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/PEP/pom.xml 2008-12-12 22:27:01 UTC (rev 12379) @@ -59,7 +59,9 @@ <version>2.3.1</version> <configuration> <includes> +  </includes> </configuration> </plugin> Modified: modules/authorization/trunk/http-authz/pom.xml =================================================================== --- modules/authorization/trunk/http-authz/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/http-authz/pom.xml 2008-12-12 22:27:01 UTC (rev 12379) @@ -35,7 +35,13 @@ <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> - </dependency> + </dependency> + + <dependency> + <groupId>org.jboss.microcontainer</groupId> + <artifactId>jboss-kernel</artifactId> + <scope>test</scope> + </dependency> </dependencies> <build> @@ -45,7 +51,10 @@ <artifactId>maven-surefire-plugin</artifactId> <version>2.3.1</version> <configuration> - <includes> + <includes> +  </includes> </configuration> </plugin> Deleted: modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java =================================================================== --- modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java 2008-12-12 19:54:33 UTC (rev 12378) +++ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java 2008-12-12 22:27:01 UTC (rev 12379) @@ -1,32 +0,0 @@ -/****************************************************************************** - * JBoss, a division of Red Hat * - * Copyright 2006, Red Hat Middleware, LLC, and individual * - * contributors as indicated by the @authors tag. See the * - * copyright.txt in the distribution for a full listing of * - * individual contributors. * - * * - * This is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as * - * published by the Free Software Foundation; either version 2.1 of * - * the License, or (at your option) any later version. * - * * - * This software is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * - * Lesser General Public License for more details. * - * * - * You should have received a copy of the GNU Lesser General Public * - * License along with this software; if not, write to the Free * - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * - ******************************************************************************/ -package org.jboss.security.authz.http.pap; - -/** - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - * - */ -public class FileSystemPolicyStore -{ - -} Added: modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyStore.java =================================================================== --- modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyStore.java (rev 0) +++ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyStore.java 2008-12-12 22:27:01 UTC (rev 12379) @@ -0,0 +1,90 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.pap; + +import java.util.Map; +import java.util.HashMap; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyException; +import org.jboss.security.authz.pap.spi.PolicyStore; + +/** + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class HttpPolicyStore implements PolicyStore +{ + /** + * TODO: this method of Policy Storage is only for testing. Eventually this should be replaced by + * a Database based Policy Storage Implementation + */ + private Map<String, Policy> policies; + + public HttpPolicyStore() + { + this.policies = new HashMap<String, Policy>(); + } + + /** + * Read a stored Policy identified by the unique policyUri + * + * @param policyUri + * @return a stored Policy + */ + public Policy readPolicy(String policyUri) throws PolicyException + { + return this.policies.get(policyUri); + } + + /** + * Returns all the stored Policies for the system + * + * @return all the stored Policies + */ + public Policy[] readAllPolicies() throws PolicyException + { + return this.policies.values().toArray(new Policy[0]); + } + + /** + * Saves a Policy into storage. If this policy already exists in storage, then it updates it + * + * @param policy Policy to be saved into storage + */ + public void savePolicy(Policy policy) throws PolicyException + { + this.policies.put(policy.getPolicyUri(), policy); + } + + /** + * Deletes the specified Policy from storage + * + * @param policyUri unique identifier for the Policy + */ + public void deletePolicy(String policyUri) throws PolicyException + { + this.policies.remove(policyUri); + } +} Added: modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyDeployer.java =================================================================== --- modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyDeployer.java (rev 0) +++ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyDeployer.java 2008-12-12 22:27:01 UTC (rev 12379) @@ -0,0 +1,61 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.pap; + +import junit.framework.TestCase; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.pap.server.Server; +import org.jboss.security.authz.pap.policy.PolicyDeployer; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class TestHttpPolicyDeployer extends TestCase +{ + private static Logger log = Logger.getLogger(TestHttpPolicyDeployer.class); + + @Override + protected void setUp() throws Exception + { + Server.bootstrap(); + } + + public void testPolicyDeploy() throws Exception + { + PolicyDeployer httpPolicyDeployer = (PolicyDeployer)Server.lookup("http://PolicyDeployer"); + + httpPolicyDeployer.deploy(Thread.currentThread().getContextClassLoader().getResource("http-policy.xml")); + + Policy[] policies = httpPolicyDeployer.getStore().readAllPolicies(); + for(int i=0; i<policies.length; i++) + { + log.info("-------------------------------------------------------------"); + log.info(policies[i].generateXACMLPolicy()); + log.info("-------------------------------------------------------------"); + } + } +} Added: modules/authorization/trunk/http-authz/src/test/resources/META-INF/jboss-beans.xml =================================================================== --- modules/authorization/trunk/http-authz/src/test/resources/META-INF/jboss-beans.xml (rev 0) +++ modules/authorization/trunk/http-authz/src/test/resources/META-INF/jboss-beans.xml 2008-12-12 22:27:01 UTC (rev 12379) @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:jboss:bean-deployer:2.0 bean-deployer_2_0.xsd" + xmlns="urn:jboss:bean-deployer:2.0"> + + <bean name="http://PolicyDeployer" class="org.jboss.security.authz.pap.policy.PolicyDeployer"> + <property name="configuration"><inject bean="http://PolicyConfig"/></property> + <property name="store"><inject bean="http://PolicyStore"/></property> + </bean> + + <bean name="http://PolicyConfig" class="org.jboss.security.authz.http.pap.HttpPolicyConfig"/> + <bean name="http://PolicyStore" class="org.jboss.security.authz.http.pap.HttpPolicyStore"/> +</deployment> \ No newline at end of file Added: modules/authorization/trunk/http-authz/src/test/resources/http-policy.xml =================================================================== --- modules/authorization/trunk/http-authz/src/test/resources/http-policy.xml (rev 0) +++ modules/authorization/trunk/http-authz/src/test/resources/http-policy.xml 2008-12-12 22:27:01 UTC (rev 12379) @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<web-acl> + <acl-rule id="simplePolicy"> + <resource> + <request-uri>/portal/admin-tool/modifyLayout</request-uri> + <params> + <param> + <name>page</name> + <value>marketing_index.html</value> + </param> + <param> + <name>action</name> + <value>update</value> + </param> + </params> + </resource> + <conditions> + <condition> + <roles> + <role-name>Root-Admin</role-name> + <role-name>Marketing Team</role-name> + </roles> + </condition> + </conditions> + </acl-rule> + <acl-rule id="complexPolicy"> + <resource> + <request-uri>/portal/admin-tool/modifyLayout</request-uri> + <params> + <param> + <name>page</name> + <value>marketing_index.html</value> + </param> + <param> + <name>action</name> + <value>update</value> + </param> + </params> + </resource> + <conditions> + <condition> + <roles> + <role-name>Root-Admin</role-name> + </roles> + </condition> + <condition> + <ip-address> + <ip-range>192.168.xxx.xxx</ip-range> + </ip-address> + </condition> + </conditions> + </acl-rule> +</web-acl> \ No newline at end of file

17 years, 5 months

1
0
0 / 0

Delivery Status Notification (Failure)

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

JBoss Portal SVN: r12378 - in modules/authorization/trunk: PAP and 22 other directories.

by portal-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2008-12-12 14:54:33 -0500 (Fri, 12 Dec 2008) New Revision: 12378 Added: modules/authorization/trunk/http-authz/src/main/java/org/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyConfig.java modules/authorization/trunk/http-authz/src/test/java/org/ modules/authorization/trunk/http-authz/src/test/java/org/jboss/ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyConfig.java modules/authorization/trunk/http-authz/src/test/resources/log4j.properties Removed: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java Modified: modules/authorization/trunk/PAP/pom.xml modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java modules/authorization/trunk/PEP/pom.xml modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java modules/authorization/trunk/http-authz/ modules/authorization/trunk/http-authz/pom.xml modules/authorization/trunk/pom.xml Log: code backup Modified: modules/authorization/trunk/PAP/pom.xml =================================================================== --- modules/authorization/trunk/PAP/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/PAP/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) @@ -75,7 +75,7 @@ <version>2.3.1</version> <configuration> <includes> - <include>**/TestServer.java</include> + <include>**/TestHierarchialPolicy.java</include> </includes> </configuration> </plugin> Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -26,6 +26,7 @@ import java.util.Set; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.util.UUID; import javax.xml.bind.JAXBElement; @@ -36,6 +37,7 @@ import org.jboss.security.authz.model.Effect; import org.jboss.security.authz.model.PolicyException; import org.jboss.security.authz.model.AttributeExpression; +import org.jboss.security.authz.model.Attribute; import org.jboss.security.authz.model.DroolsRuleExpression; import org.jboss.security.authz.model.Expression; import org.jboss.security.authz.xacml.AttributeDesignatorUtil; @@ -118,20 +120,21 @@ if(resourceMatches != null && !resourceMatches.isEmpty()) { ResourcesType resourcesType = new ResourcesType(); - targetType.setResources(resourcesType); - - AttributeExpression resourceMatch = resourceMatches.get(0); + targetType.setResources(resourcesType); ResourceType resourceType = new ResourceType(); - ResourceMatchType rmt = new ResourceMatchType(); - rmt.setMatchId(resourceMatch.getFunctionId()); + for(AttributeExpression resourceMatch: resourceMatches) + { + ResourceMatchType rmt = new ResourceMatchType(); + + rmt.setMatchId(resourceMatch.getFunctionId()); + rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute())); + rmt.setAttributeValue(PolicyAttributeFactory + .createStringAttributeType(resourceMatch.getAttribute().getValue())); + + resourceType.getResourceMatch().add(rmt); + } - rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute())); - - rmt.setAttributeValue(PolicyAttributeFactory - .createStringAttributeType(resourceMatch.getAttribute().getValue())); - - resourceType.getResourceMatch().add(rmt); resourcesType.getResource().add(resourceType); } @@ -281,7 +284,12 @@ } return condition; - } + } + + private String generateUniqueId() + { + return UUID.randomUUID().toString(); + } //---------A Developer Friendly API for generating Hierarchial Policies------------------------------------------------------------------------------------------------------------------------- /** * Specifies that this Hierarchial Policy should be applied the specified Resource identified by the Unique Resource Uri @@ -301,6 +309,37 @@ } /** + * Specifies that this Hierarchial Policy should be applied the specified Resource identified by the Unique Resource Uri And the other + * Attribute Data associated with this Resource, such as Http Parameters in the case of an Http Request Resource + * + * @param resourceUri Unique identifier for the Resource being protected by this Hierarchial Policy + * @param otherResourceCriteria Other Attribute Data associated with this Resource which should match as well for the Policy to apply + */ + public void setResourceCriteria(String resourceUri, List<Attribute> otherResourceCriteria) + { + if(resourceUri == null || resourceUri.trim().length() == 0) + { + throw new IllegalArgumentException("Resource Criteria cannot be Empty"); + } + + if(otherResourceCriteria == null) + { + throw new IllegalArgumentException("Other Criteria cannot be Null"); + } + + Target target = new Target(); + target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression(resourceUri)); + + for(Attribute attribute: otherResourceCriteria) + { + target.addResourceMatch(ExpressionBuilder.getInstance(). + createCustomResourceExpression(attribute.getUri(), attribute.getValue())); + } + + this.target = target; + } + + /** * Specifies a Policy Rule that must be applied to the specified "Action" such that the specified "Role" should be allowed * to execute this "Action" on the Resource protected by this Policy instance * @@ -336,6 +375,32 @@ } /** + * Specifies a Policy Rule that says the specified "Role" should be allowed to access the "Resource" protected by this Policy + * + * @param role the Role that is permitted to access the Resource + */ + public void setPermitCriteria(String role) + { + if(role == null || role.trim().length()==0) + { + throw new IllegalArgumentException("Role cannot be Empty"); + } + + Rule permitRule = new Rule(); + Target ruleTarget = new Target(); + + permitRule.setRuleId(this.generateUniqueId()); + permitRule.setEffect(Effect.PERMIT); + permitRule.setTarget(ruleTarget); + + //Create a Subject Match Function + ruleTarget.addSubjectMatch(ExpressionBuilder.getInstance().createBelongsToRoleExpression(role)); + + //Add the Rule to the Policy + this.rules.add(permitRule); + } + + /** * Specifies a Policy Rule that must be applied to the specified "Action" such that the specified "Role" should *NOT* be allowed * to execute this "Action" on the Resource protected by this Policy instance * @@ -371,6 +436,32 @@ } /** + * Specifies a Policy Rule that says the specified "Role" should be *Not* be allowed to access the "Resource" protected by this Policy + * + * @param role the Role that is *NOT* allowed to access the Resource + */ + public void setDenyCriteria(String role) + { + if(role == null || role.trim().length()==0) + { + throw new IllegalArgumentException("Role cannot be Empty"); + } + + Rule permitRule = new Rule(); + Target ruleTarget = new Target(); + + permitRule.setRuleId(this.generateUniqueId()); + permitRule.setEffect(Effect.DENY); + permitRule.setTarget(ruleTarget); + + //Create a Subject Match Function + ruleTarget.addSubjectMatch(ExpressionBuilder.getInstance().createBelongsToRoleExpression(role)); + + //Add the Rule to the Policy + this.rules.add(permitRule); + } + + /** * Specifies a Policy Rule that must be applied to the specified "Action" such that the Authenticated User will be permitted to * execute it if he/she belongs to any of the specified "Roles" * Deleted: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -1,229 +0,0 @@ -/****************************************************************************** - * JBoss, a division of Red Hat * - * Copyright 2006, Red Hat Middleware, LLC, and individual * - * contributors as indicated by the @authors tag. See the * - * copyright.txt in the distribution for a full listing of * - * individual contributors. * - * * - * This is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as * - * published by the Free Software Foundation; either version 2.1 of * - * the License, or (at your option) any later version. * - * * - * This software is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * - * Lesser General Public License for more details. * - * * - * You should have received a copy of the GNU Lesser General Public * - * License along with this software; if not, write to the Free * - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * - ******************************************************************************/ -package org.jboss.security.authz.pap.service; - -import java.io.InputStream; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.util.Set; -import java.util.HashSet; - -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.DocumentBuilder; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import org.jboss.security.authz.model.Attribute; -import org.jboss.security.authz.model.AttributeExpression; -import org.jboss.security.authz.model.Effect; -import org.jboss.security.authz.model.PolicyException; -import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.model.Target; -import org.jboss.security.authz.model.Rule; -import org.jboss.security.authz.pap.policy.HierarchialPolicy; -import org.jboss.security.xacml.interfaces.XACMLConstants; -import org.jboss.security.xacml.interfaces.XMLSchemaConstants; - -/** - * The PolicyManager provides implementation for the Configuration related services of the PolicyManager. It extends the FileSystemPolicyManager in order to store the managed Policies - * on the local file system. This PolicyManager process configuration provided for securing Resources within the Web Tier of an application. - * It uses the HierarchialPolicy implementation to represent the Web Tier Policies - * - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - * - */ -public class FileSystemWebTierPolicyManager extends FileSystemPolicyManager -{ - /** - * - * - */ - public FileSystemWebTierPolicyManager() - { - } - //------Configuration service of the PolicyManager implementation---------------------------------------------------------------------------------------------------------------- - /** - * Generates a Policy that can be represented in system level XACML format. The xmlConfiguration is a user friendly XML configuration that is within the context - * of the Web Tier of an Application. For instance, to apply Access Control at the Web Tier, the XML configuration consists of Resources and - * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest parameters, HTTP actions like GET, POST, PUT, etc - * - * @param xmlConfiguration User Friendly XML configuration within the context of the Web Tier of an Application - * @return a Policy that can be represented in system level XACML format - */ - public Policy generatePolicy(String xmlConfiguration) throws PolicyException - { - InputStream xmlStream = null; - try - { - Policy policy = null; - - xmlStream = new ByteArrayInputStream(xmlConfiguration.getBytes()); - DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - Document document = builder.parse(xmlStream); - - Target target = this.parseTarget(document); - - Set<Rule> rules = this.parseRules(document); - - policy = new HierarchialPolicy(String.valueOf(this.getUniqueId()), target, rules); - - return policy; - } - catch(Exception e) - { - throw new PolicyException(e); - } - finally - { - if(xmlStream != null) - { - try{xmlStream.close();}catch(IOException ioe){} - } - } - } - //XMLParsing---------------------------------------------------------------------------------------------------------------------------------------------------- - private Target parseTarget(Document document) throws Exception - { - Target target = new Target(); - - Element resourceElem = (Element)document.getElementsByTagName("resource").item(0); - Element requestUriElem = (Element)resourceElem.getElementsByTagName("request-uri").item(0); - - //Add RequestUri as a Resource To Match - String requestUri = requestUriElem.getTextContent(); - AttributeExpression requestUriMatch = new AttributeExpression(); - requestUriMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); - Attribute attribute = new Attribute("request-uri", - XMLSchemaConstants.DATATYPE_STRING, requestUri); - requestUriMatch.setAttribute(attribute); - target.addResourceMatch(requestUriMatch); - - //Process Parameters - NodeList parameters = resourceElem.getElementsByTagName("param"); - for(int i=0; i<parameters.getLength(); i++) - { - Element parameter = (Element)parameters.item(i); - - String name = ((Element)parameter.getElementsByTagName("name").item(0)).getTextContent(); - String value = ((Element)parameter.getElementsByTagName("value").item(0)).getTextContent(); - - //Add Parameter as a Resource To Match - AttributeExpression paramMatch = new AttributeExpression(); - paramMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); - Attribute paramAttribute = new Attribute(name, - XMLSchemaConstants.DATATYPE_STRING, value); - paramMatch.setAttribute(paramAttribute); - target.addResourceMatch(paramMatch); - } - - return target; - } - - private Set<Rule> parseRules(Document document) throws Exception - { - Set<Rule> rules = new HashSet<Rule>(); - - NodeList conditionNodes = document.getElementsByTagName("condition"); - for(int i=0; i<conditionNodes.getLength(); i++) - { - Element conditionElement = (Element)conditionNodes.item(i); - - //Process Roles related conditions - NodeList roleNodes = conditionElement.getElementsByTagName("role-name"); - if(roleNodes.getLength() >0) - { - rules.addAll(this.parseRoleRules(roleNodes)); - } - - //Process IP Ranges - NodeList ipNodes = conditionElement.getElementsByTagName("ip-range"); - if(ipNodes.getLength() >0) - { - rules.addAll(this.parseIpRules(ipNodes)); - } - } - - return rules; - } - - private Set<Rule> parseRoleRules(NodeList roleNodes) - { - Set<Rule> roleRules = new HashSet<Rule>(); - - for(int j=0; j<roleNodes.getLength(); j++) - { - Element roleNameElem = (Element)roleNodes.item(j); - String roleName = roleNameElem.getTextContent(); - - Rule roleRule = new Rule(); - roleRule.setRuleId(String.valueOf(this.getUniqueId())); - roleRule.setEffect(Effect.PERMIT); - - AttributeExpression roleExpression = new AttributeExpression(); - roleExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); - Attribute roleAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE, - XMLSchemaConstants.DATATYPE_STRING, roleName); - roleExpression.setAttribute(roleAttribute); - - roleRule.setExpression(roleExpression); - - roleRules.add(roleRule); - } - - return roleRules; - } - - private Set<Rule> parseIpRules(NodeList ipNodes) - { - Set<Rule> ipRules = new HashSet<Rule>(); - - for(int j=0; j<ipNodes.getLength(); j++) - { - Element ipElem = (Element)ipNodes.item(j); - String ipRange = ipElem.getTextContent(); - - Rule rule = new Rule(); - rule.setRuleId(String.valueOf(this.getUniqueId())); - rule.setEffect(Effect.PERMIT); - - AttributeExpression expression = new AttributeExpression(); - expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH); - Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS, - XMLSchemaConstants.DATATYPE_IPADDRESS, ipRange); - expression.setAttribute(attribute); - - rule.setExpression(expression); - - ipRules.add(rule); - } - - return ipRules; - } - - private synchronized long getUniqueId() - { - return System.currentTimeMillis(); - } -} Deleted: modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java =================================================================== --- modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -1,155 +0,0 @@ -/****************************************************************************** - * JBoss, a division of Red Hat * - * Copyright 2006, Red Hat Middleware, LLC, and individual * - * contributors as indicated by the @authors tag. See the * - * copyright.txt in the distribution for a full listing of * - * individual contributors. * - * * - * This is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as * - * published by the Free Software Foundation; either version 2.1 of * - * the License, or (at your option) any later version. * - * * - * This software is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * - * Lesser General Public License for more details. * - * * - * You should have received a copy of the GNU Lesser General Public * - * License along with this software; if not, write to the Free * - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * - ******************************************************************************/ -package org.jboss.security.authz.pap.service; - -import junit.framework.TestCase; - -import org.apache.log4j.Logger; - -import org.jboss.security.authz.model.Policy; - -/** - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - * - */ -public class TestWebTierPolicyManager extends TestCase -{ - /** - * - */ - private static Logger log = Logger.getLogger(TestWebTierPolicyManager.class); - - /** - * A simple developer-friendly web tier policy that specifies: - * - * "Only Root Portal User and Users in the Marketing Department of the organization must be allowed to Modify the Layout of the "Main Marketing Portal Page" - * - * Notice: This configuration is not muddled by the vast low-level details of XACML Policy representation. That part is automated by the - * PAP (Policy Administration Point) Component of the Authorization System - */ - private static String simpleWebTierPolicy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"+ - "<web-acl>"+ - "<acl-rule>"+ - "<resource>"+ - "<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+ - "<params>"+ - "<param>"+ - "<name>page</name>"+ - "<value>marketing_index.html</value>"+ - "</param>"+ - "<param>"+ - "<name>action</name>"+ - "<value>update</value>"+ - "</param>"+ - "</params>"+ - "</resource>"+ - "<conditions>"+ - "<condition>"+ - "<roles>"+ - "<role-name>Root-Admin</role-name>"+ - "<role-name>Marketing Team</role-name>"+ - "</roles>"+ - "</condition>"+ - "</conditions>"+ - "</acl-rule>"+ - "</web-acl>"; - - /** - * A complex developer-friendly web tier policy that specifies: - * - * "Only Root Portal User and Users in the Marketing Department of the organization must be allowed to Modify the Layout of the "Main Marketing Portal Page - * as long as they are Logged in from a range of allowed IP addresses - * " - * - * Notice: This configuration is not muddled by the vast low-level details of XACML Policy representation. That part is automated by the - * PAP (Policy Administration Point) Component of the Authorization System - */ - private static String complexWebTierPolicy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"+ - "<web-acl>"+ - "<acl-rule>"+ - "<resource>"+ - "<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+ - "<params>"+ - "<param>"+ - "<name>page</name>"+ - "<value>marketing_index.html</value>"+ - "</param>"+ - "<param>"+ - "<name>action</name>"+ - "<value>update</value>"+ - "</param>"+ - "</params>"+ - "</resource>"+ - "<conditions>"+ - "<condition>"+ - "<roles>"+ - "<role-name>Root-Admin</role-name>"+ - "<role-name>Marketing Team</role-name>"+ - "</roles>"+ - "</condition>"+ - "<condition>"+ - "<ip-address>"+ - "<ip-range>192.168.xxx.xxx</ip-range>"+ - "</ip-address>"+ - "</condition>"+ - "</conditions>"+ - "</acl-rule>"+ - "</web-acl>"; - - /** - * - */ - protected void setUp() throws Exception - { - } - - - protected void tearDown() throws Exception - { - } - - - public void testSimpleWebTierPolicy() throws Exception - { - PolicyManager policyManager = new FileSystemWebTierPolicyManager(); - Policy policy = policyManager.generatePolicy(simpleWebTierPolicy); - - assertNotNull(policy); - - log.info("------------------------------------------------------"); - log.info(policy.generateXACMLPolicy()); - log.info("------------------------------------------------------"); - } - - public void testComplexWebTierPolicy() throws Exception - { - PolicyManager policyManager = new FileSystemWebTierPolicyManager(); - Policy policy = policyManager.generatePolicy(complexWebTierPolicy); - - assertNotNull(policy); - - log.info("------------------------------------------------------"); - log.info(policy.generateXACMLPolicy()); - log.info("------------------------------------------------------"); - } -} Modified: modules/authorization/trunk/PEP/pom.xml =================================================================== --- modules/authorization/trunk/PEP/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/PEP/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) @@ -58,7 +58,8 @@ <artifactId>maven-surefire-plugin</artifactId> <version>2.3.1</version> <configuration> - <includes> + <includes> + <include>**/TestPDP.java</include> </includes> </configuration> </plugin> Modified: modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java =================================================================== --- modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -141,7 +141,7 @@ } - public void testSimpleDeny() throws Exception + /*public void testSimpleDeny() throws Exception { //PDP Setup PDP pdp = new PDP(this.store.getDefaultPDPConfig()); @@ -168,7 +168,7 @@ log.info("-----------------------------------"); log.info("Decision="+responseContext.getDecision()); - } + }*/ /*public void testMultiTierPermit() throws Exception @@ -570,7 +570,8 @@ TargetType targetType = new TargetType(); ResourcesType resourcesType = new ResourcesType(); - org.jboss.security.xacml.core.model.policy.ResourceType resourceType = new org.jboss.security.xacml.core.model.policy.ResourceType(); + + org.jboss.security.xacml.core.model.policy.ResourceType resourceType = new org.jboss.security.xacml.core.model.policy.ResourceType(); ResourceMatchType rmt = new ResourceMatchType(); rmt.setMatchId(XACMLConstants.FUNCTION_ANYURI_EQUAL); rmt.setResourceAttributeDesignator(PolicyAttributeFactory.createAttributeDesignatorType( @@ -579,9 +580,27 @@ .createAnyURIAttributeType(new URI("http://www.redhat.com/protected/index.html"))); resourceType.getResourceMatch().add(rmt); resourcesType.getResource().add(resourceType); - + + /*rmt = new ResourceMatchType(); + rmt.setMatchId(XACMLConstants.FUNCTION_ANYURI_EQUAL); + rmt.setResourceAttributeDesignator(PolicyAttributeFactory.createAttributeDesignatorType( + XACMLConstants.ATTRIBUTEID_RESOURCE_LOCATION, XMLSchemaConstants.DATATYPE_ANYURI, null, false)); + rmt.setAttributeValue(PolicyAttributeFactory + .createAnyURIAttributeType(new URI("blahblah"))); + resourceType.getResourceMatch().add(rmt);*/ + + resourceType = new org.jboss.security.xacml.core.model.policy.ResourceType(); + rmt = new ResourceMatchType(); + rmt.setMatchId(XACMLConstants.FUNCTION_ANYURI_EQUAL); + rmt.setResourceAttributeDesignator(PolicyAttributeFactory.createAttributeDesignatorType( + XACMLConstants.ATTRIBUTEID_RESOURCE_LOCATION, XMLSchemaConstants.DATATYPE_ANYURI, null, false)); + rmt.setAttributeValue(PolicyAttributeFactory + .createAnyURIAttributeType(new URI("http://www.redhat.com/protected/index.html"))); + resourceType.getResourceMatch().add(rmt); + resourcesType.getResource().add(resourceType); + + targetType.setResources(resourcesType); - policyType.setTarget(targetType); //Create a Rule Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -110,6 +110,26 @@ return expression; } + + /** + * Creates a custom expression corresponding to the specified Attribute id and value + * + * @param attributeId + * @param attributeValue + * @return + */ + public AttributeExpression createCustomResourceExpression(String attributeId, String attributeValue) + { + AttributeExpression expression = new AttributeExpression(); + + expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); + + Attribute attribute = new Attribute(attributeId, + XMLSchemaConstants.DATATYPE_STRING, attributeValue); + expression.setAttribute(attribute); + + return expression; + } //---------Action Expressions--------------------------------------------------------------------------------------------------------------------------------- /** * Creates an expression for matching an Action Property changes on: modules/authorization/trunk/http-authz ___________________________________________________________________ Name: svn:ignore + target Modified: modules/authorization/trunk/http-authz/pom.xml =================================================================== --- modules/authorization/trunk/http-authz/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/http-authz/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) @@ -13,7 +13,24 @@ <url>http://www.jboss.org</url> <description>Contains Authorization Infrastructure for the HTTP tier</description> - <dependencies> + <dependencies> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>jboss-authz-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>jboss-authz-pap</artifactId> + <version>${project.version}</version> + </dependency> + +  + <dependency> + <groupId>org.jboss.security</groupId> + <artifactId>jboss-xacml</artifactId> + </dependency> +  <dependency> <groupId>junit</groupId> Added: modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java =================================================================== --- modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java (rev 0) +++ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/FileSystemPolicyStore.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -0,0 +1,32 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.pap; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class FileSystemPolicyStore +{ + +} Added: modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyConfig.java =================================================================== --- modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyConfig.java (rev 0) +++ modules/authorization/trunk/http-authz/src/main/java/org/jboss/security/authz/http/pap/HttpPolicyConfig.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -0,0 +1,212 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.pap; + +import java.io.IOException; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.List; +import java.util.ArrayList; +import java.util.UUID; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.log4j.Logger; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import org.jboss.security.authz.model.Attribute; +import org.jboss.security.authz.model.AttributeExpression; +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.Rule; +import org.jboss.security.authz.pap.policy.HierarchialPolicy; +import org.jboss.security.authz.pap.spi.PolicyConfig; + +import org.jboss.security.xacml.interfaces.XACMLConstants; +import org.jboss.security.xacml.interfaces.XMLSchemaConstants; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class HttpPolicyConfig implements PolicyConfig +{ + private static Logger log = Logger.getLogger(HttpPolicyConfig.class); + + /** + * Configures the Policy instances that can be represented in system level XACML format. The easyDomainXml is a user friendly XML configuration that is within the context + * of the application tier being protected. For instance, to apply Access Control at the web tier, the XML configuration would consist of Resources and + * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest parameters, HTTP actions like GET, POST, PUT, etc + * + * @param easyDomainXml User Friendly XML configuration within the context of the Application being protected + * @return a fully configured Policy instance + */ + public Policy[] configure(String easyDomainXml) + { + InputStream xmlStream = null; + try + { + Policy[] policies = null; + + List<Policy> cour = new ArrayList<Policy>(); + xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes()); + DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document document = builder.parse(xmlStream); + + NodeList aclRules = document.getElementsByTagName("acl-rule"); + for(int i=0, length=aclRules.getLength(); i< length; i++) + { + Element aclRuleElem = (Element)aclRules.item(i); + String policyUri = aclRuleElem.getAttribute("id"); + Policy policy = new HierarchialPolicy(policyUri); + + this.parseTarget((HierarchialPolicy)policy, aclRuleElem); + this.parseRules((HierarchialPolicy)policy, aclRuleElem); + + cour.add(policy); + } + + policies = cour.toArray(new Policy[0]); + + return policies; + } + catch(Exception e) + { + log.error(this, e); + throw new RuntimeException(e); + } + finally + { + try + { + if(xmlStream != null) + { + xmlStream.close(); + } + }catch(IOException ioe){log.warn(this, ioe);} + } + } + + //XMLParsing---------------------------------------------------------------------------------------------------------------------------------------------------- + private void parseTarget(HierarchialPolicy policy, Element aclRuleElem) throws Exception + { + Element resourceElem = (Element)aclRuleElem.getElementsByTagName("resource").item(0); + Element requestUriElem = (Element)aclRuleElem.getElementsByTagName("request-uri").item(0); + + //Add RequestUri as a Resource To Match + String requestUri = requestUriElem.getTextContent(); + List<Attribute> otherCriteria = new ArrayList<Attribute>(); + + //Process Parameters + NodeList parameters = resourceElem.getElementsByTagName("param"); + if(parameters != null) + { + for(int i=0, length=parameters.getLength(); i<length; i++) + { + Element parameter = (Element)parameters.item(i); + + String name = ((Element)parameter.getElementsByTagName("name").item(0)).getTextContent(); + String value = ((Element)parameter.getElementsByTagName("value").item(0)).getTextContent(); + + Attribute cour = new Attribute(); + cour.setUri(name); + cour.setValue(value); + + otherCriteria.add(cour); + } + } + + if(!otherCriteria.isEmpty()) + { + policy.setResourceCriteria(requestUri, otherCriteria); + } + else + { + policy.setResourceCriteria(requestUri); + } + } + + private void parseRules(HierarchialPolicy policy, Element aclRuleElem) throws Exception + { + NodeList conditionNodes = aclRuleElem.getElementsByTagName("condition"); + if(conditionNodes != null) + { + for(int i=0, length=conditionNodes.getLength(); i<length; i++) + { + Element conditionElement = (Element)conditionNodes.item(i); + + //Process Roles related conditions + NodeList roleNodes = conditionElement.getElementsByTagName("role-name"); + if(roleNodes != null && roleNodes.getLength()>0) + { + this.parseRoleRules(policy, roleNodes); + } + + //Process IP Ranges + NodeList ipNodes = conditionElement.getElementsByTagName("ip-range"); + if(ipNodes != null && ipNodes.getLength() >0) + { + this.parseIpRules(policy, ipNodes); + } + } + } + } + + private void parseRoleRules(HierarchialPolicy policy, NodeList roleNodes) + { + for(int j=0, length=roleNodes.getLength(); j<length; j++) + { + Element roleNameElem = (Element)roleNodes.item(j); + String roleName = roleNameElem.getTextContent(); + + policy.setPermitCriteria(roleName); + } + } + + private void parseIpRules(HierarchialPolicy policy, NodeList ipNodes) + { + for(int j=0; j<ipNodes.getLength(); j++) + { + Element ipElem = (Element)ipNodes.item(j); + String ipRange = ipElem.getTextContent(); + + Rule rule = new Rule(); + rule.setRuleId(UUID.randomUUID().toString()); + rule.setEffect(Effect.PERMIT); + + AttributeExpression expression = new AttributeExpression(); + expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH); + Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS, + XMLSchemaConstants.DATATYPE_IPADDRESS, ipRange); + expression.setAttribute(attribute); + + rule.setExpression(expression); + + policy.getRules().add(rule); + } + } +} Added: modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyConfig.java =================================================================== --- modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyConfig.java (rev 0) +++ modules/authorization/trunk/http-authz/src/test/java/org/jboss/security/authz/http/pap/TestHttpPolicyConfig.java 2008-12-12 19:54:33 UTC (rev 12378) @@ -0,0 +1,162 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.pap; + +import junit.framework.TestCase; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.pap.spi.PolicyConfig; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class TestHttpPolicyConfig extends TestCase +{ + /** + * + */ + private static Logger log = Logger.getLogger(TestHttpPolicyConfig.class); + + /** + * A simple developer-friendly web tier policy that specifies: + * + * "Only Root Portal User and Users in the Marketing Department of the organization must be allowed to Modify the Layout of the "Main Marketing Portal Page" + * + * Notice: This configuration is not muddled by the vast low-level details of XACML Policy representation. That part is automated by the + * PAP (Policy Administration Point) Component of the Authorization System + */ + private static String simpleWebTierPolicy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"+ + "<web-acl>"+ + "<acl-rule>"+ + "<resource>"+ + "<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+ + "<params>"+ + "<param>"+ + "<name>page</name>"+ + "<value>marketing_index.html</value>"+ + "</param>"+ + "<param>"+ + "<name>action</name>"+ + "<value>update</value>"+ + "</param>"+ + "</params>"+ + "</resource>"+ + "<conditions>"+ + "<condition>"+ + "<roles>"+ + "<role-name>Root-Admin</role-name>"+ + "<role-name>Marketing Team</role-name>"+ + "</roles>"+ + "</condition>"+ + "</conditions>"+ + "</acl-rule>"+ + "</web-acl>"; + + /** + * A complex developer-friendly web tier policy that specifies: + * + * "Only Root Portal User and Users in the Marketing Department of the organization must be allowed to Modify the Layout of the "Main Marketing Portal Page + * as long as they are Logged in from a range of allowed IP addresses + * " + * + * Notice: This configuration is not muddled by the vast low-level details of XACML Policy representation. That part is automated by the + * PAP (Policy Administration Point) Component of the Authorization System + */ + private static String complexWebTierPolicy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"+ + "<web-acl>"+ + "<acl-rule>"+ + "<resource>"+ + "<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+ + "<params>"+ + "<param>"+ + "<name>page</name>"+ + "<value>marketing_index.html</value>"+ + "</param>"+ + "<param>"+ + "<name>action</name>"+ + "<value>update</value>"+ + "</param>"+ + "</params>"+ + "</resource>"+ + "<conditions>"+ + "<condition>"+ + "<roles>"+ + "<role-name>Root-Admin</role-name>"+ + "<role-name>Marketing Team</role-name>"+ + "</roles>"+ + "</condition>"+ + "<condition>"+ + "<ip-address>"+ + "<ip-range>192.168.xxx.xxx</ip-range>"+ + "</ip-address>"+ + "</condition>"+ + "</conditions>"+ + "</acl-rule>"+ + "</web-acl>"; + + /** + * + */ + protected void setUp() throws Exception + { + } + + + protected void tearDown() throws Exception + { + } + + + public void testSimpleWebTierPolicy() throws Exception + { + PolicyConfig config = new HttpPolicyConfig(); + Policy[] policies = config.configure(simpleWebTierPolicy); + + assertNotNull(policies); + + for(int i=0; i<policies.length; i++) + { + log.info("------------------------------------------------------"); + log.info(policies[i].generateXACMLPolicy()); + log.info("------------------------------------------------------"); + } + } + + public void testComplexWebTierPolicy() throws Exception + { + PolicyConfig config = new HttpPolicyConfig(); + Policy[] policies = config.configure(complexWebTierPolicy); + + assertNotNull(policies); + + for(int i=0; i<policies.length; i++) + { + log.info("------------------------------------------------------"); + log.info(policies[i].generateXACMLPolicy()); + log.info("------------------------------------------------------"); + } + } +} Added: modules/authorization/trunk/http-authz/src/test/resources/log4j.properties =================================================================== --- modules/authorization/trunk/http-authz/src/test/resources/log4j.properties (rev 0) +++ modules/authorization/trunk/http-authz/src/test/resources/log4j.properties 2008-12-12 19:54:33 UTC (rev 12378) @@ -0,0 +1,8 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootCategory=INFO, CONSOLE + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=INFO +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n Modified: modules/authorization/trunk/pom.xml =================================================================== --- modules/authorization/trunk/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) +++ modules/authorization/trunk/pom.xml 2008-12-12 19:54:33 UTC (rev 12378) @@ -10,13 +10,13 @@ <description>JBoss Authorization</description> <modules> - <module>common</module> + <module>common</module> + <module>PEP</module> + <module>PAP</module> + <module>http-authz</module>  - <module>PEP</module> - <module>PAP</module> - <module>http-authz</module> </modules> <properties>

17 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

portal-commits December 2008