December 2008 - portal-commits - Jboss List Archives

RE: Message

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

RE: Message

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

JBoss Portal SVN: r12377 - in modules/authorization/trunk: PAP and 17 other directories.

by portal-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2008-12-11 19:22:37 -0500 (Thu, 11 Dec 2008) New Revision: 12377 Added: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/EmbeddedBootstrap.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyConfig.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java modules/authorization/trunk/PAP/src/main/resources/META-INF/ modules/authorization/trunk/PAP/src/main/resources/META-INF/jboss-beans.xml modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/server/ modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/server/TestServer.java modules/authorization/trunk/http-authz/ modules/authorization/trunk/http-authz/pom.xml modules/authorization/trunk/http-authz/src/ modules/authorization/trunk/http-authz/src/main/ modules/authorization/trunk/http-authz/src/main/java/ modules/authorization/trunk/http-authz/src/main/resources/ modules/authorization/trunk/http-authz/src/test/ modules/authorization/trunk/http-authz/src/test/java/ modules/authorization/trunk/http-authz/src/test/resources/ Removed: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java Modified: modules/authorization/trunk/.classpath modules/authorization/trunk/PAP/pom.xml modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPortalObjectPolicyManager.java modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java modules/authorization/trunk/pom.xml Log: code backup Modified: modules/authorization/trunk/.classpath =================================================================== --- modules/authorization/trunk/.classpath 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/.classpath 2008-12-12 00:22:37 UTC (rev 12377) @@ -12,6 +12,10 @@ <classpathentry kind="src" path="PAP/src/main/resources"/> <classpathentry kind="src" path="PAP/src/test/java"/> <classpathentry kind="src" path="PAP/src/test/resources"/> + <classpathentry kind="src" path="http-authz/src/main/java"/> + <classpathentry kind="src" path="http-authz/src/main/resources"/> + <classpathentry kind="src" path="http-authz/src/test/java"/> + <classpathentry kind="src" path="http-authz/src/test/resources"/> <classpathentry kind="src" path="security-console/ejb/src/main/java"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="output" path="classes"/> @@ -44,4 +48,7 @@ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/> <classpathentry kind="var" path="M2_REPO/org/drools/drools-core/4.0.7/drools-core-4.0.7.jar"/> <classpathentry kind="var" path="M2_REPO/org/drools/drools-compiler/4.0.7/drools-compiler-4.0.7.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-kernel/2.0.2.GA/jboss-kernel-2.0.2.GA.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.2.GA/jboss-dependency-2.0.2.GA.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.9.GA/jboss-common-core-2.2.9.GA.jar"/> </classpath> Modified: modules/authorization/trunk/PAP/pom.xml =================================================================== --- modules/authorization/trunk/PAP/pom.xml 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/PAP/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) @@ -47,13 +47,18 @@  <dependency> <groupId>org.drools</groupId> - <artifactId>drools-core</artifactId> + <artifactId>drools-core</artifactId> </dependency> <dependency> <groupId>org.drools</groupId> <artifactId>drools-compiler</artifactId> </dependency> +  + <dependency> + <groupId>org.jboss.microcontainer</groupId> + <artifactId>jboss-kernel</artifactId> + </dependency>  <dependency> @@ -70,7 +75,7 @@ <version>2.3.1</version> <configuration> <includes> - <include>**/TestHierarchialPolicy.java</include> + <include>**/TestServer.java</include> </includes> </configuration> </plugin> Copied: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy (from rev 12356, modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial) Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java 2008-12-05 23:20:26 UTC (rev 12356) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/HierarchialPolicy.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -20,7 +20,7 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * ******************************************************************************/ -package org.jboss.security.authz.pap.hierarchial; +package org.jboss.security.authz.pap.policy; import java.util.List; import java.util.Set; @@ -38,9 +38,9 @@ import org.jboss.security.authz.model.AttributeExpression; import org.jboss.security.authz.model.DroolsRuleExpression; import org.jboss.security.authz.model.Expression; -import org.jboss.security.authz.xacml.NoPermitMeansDeniedAlg; import org.jboss.security.authz.xacml.AttributeDesignatorUtil; import org.jboss.security.authz.xacml.PolicyUtil; +import org.jboss.security.authz.pap.plugin.NoPermitMeansDeniedAlg; import org.jboss.security.xacml.core.model.policy.ActionMatchType; import org.jboss.security.xacml.core.model.policy.SubjectMatchType; @@ -72,7 +72,7 @@ * */ public class HierarchialPolicy extends Policy -{ +{ /** * * @param policyUri @@ -93,6 +93,7 @@ throw new PolicyException("The HierarchialPolicy type requires there is exactly one match specified for a Resource inside the Policy definition"); } } + @Override public String generateXACMLPolicy() throws PolicyException @@ -280,7 +281,7 @@ } return condition; - } + } //---------A Developer Friendly API for generating Hierarchial Policies------------------------------------------------------------------------------------------------------------------------- /** * Specifies that this Hierarchial Policy should be applied the specified Resource identified by the Unique Resource Uri @@ -445,6 +446,13 @@ this.rules.add(permitRule); } + /** + * Specifies a Policy Rule that mush be applied to the specified "Action" such that the specified Drools based Rule expression evaluates to + * a "PERMIT" result. The Expression will work on arbitrary data specified as Attributes within the Context of this particular Authorization Request + * + * @param action Action for which this Rule applies + * @param ruleExpression A Drools based Rule Expression + */ public void setPermitCriteria(String action, DroolsRuleExpression ruleExpression) { if(action == null || action.trim().length()==0) @@ -456,7 +464,7 @@ throw new IllegalArgumentException("RuleExpression cannot be Empty"); } - //TODO: compile the Rule that is being added, and add it to the Drools Rule Repository + //TODO: Add the Drools Rule to the Drools Rule Repository Rule permitRule = new Rule(); Target ruleTarget = new Target(); @@ -474,4 +482,41 @@ //Add the Rule to the Policy this.rules.add(permitRule); } + + /** + * Specifies a Policy Rule that mush be applied to the specified "Action" such that the specified Drools based Rule expression evaluates to + * a "DENY" result. The Expression will work on arbitrary data specified as Attributes within the Context of this particular Authorization Request + * + * @param action Action for which this Rule applies + * @param ruleExpression A Drools based Rule Expression + */ + public void setDenyCriteria(String action, DroolsRuleExpression ruleExpression) + { + if(action == null || action.trim().length()==0) + { + throw new IllegalArgumentException("Action cannot be Empty"); + } + if(ruleExpression == null) + { + throw new IllegalArgumentException("RuleExpression cannot be Empty"); + } + + //TODO: Add the Drools Rule to the Drools Rule Repository + + Rule permitRule = new Rule(); + Target ruleTarget = new Target(); + + permitRule.setRuleId(action); + permitRule.setEffect(Effect.DENY); + permitRule.setTarget(ruleTarget); + + //Create an Action Match Function + ruleTarget.addActionMatch(ExpressionBuilder.getInstance().createActionExpression(action)); + + //Create a pointer to the new Rule + permitRule.setExpression(ruleExpression); + + //Add the Rule to the Policy + this.rules.add(permitRule); + } } Added: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java (rev 0) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/policy/PolicyDeployer.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,127 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.pap.policy; + +import java.io.BufferedInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URL; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyException; +import org.jboss.security.authz.pap.spi.PolicyConfig; +import org.jboss.security.authz.pap.spi.PolicyStore; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class PolicyDeployer +{ + private static Logger log = Logger.getLogger(PolicyDeployer.class); + + private PolicyConfig configuration = null; + private PolicyStore store = null; + + public PolicyDeployer() + { + + } + + public PolicyConfig getConfiguration() + { + return configuration; + } + + public void setConfiguration(PolicyConfig configuration) + { + this.configuration = configuration; + } + + public PolicyStore getStore() + { + return store; + } + + public void setStore(PolicyStore store) + { + this.store = store; + } + + public void deploy(URL url) throws PolicyException + { + BufferedInputStream is = null; + ByteArrayOutputStream bos = null; + try + { + is = new BufferedInputStream(url.openStream()); + + byte[] buffer = new byte[1024]; //using a 1K buffer + int bytesRead = -1; + while((bytesRead=is.read(buffer)) != -1) + { + bos.write(buffer, 0, bytesRead); + } + + String deploymentXml = new String(bos.toByteArray()); + + //Get Policy instances + Policy[] policies = this.configuration.configure(deploymentXml); + + //Persist Policy instances into the Policy Store + if(policies != null) + { + for(int i=0; i<policies.length; i++) + { + this.store.savePolicy(policies[i]); + } + } + } + catch(IOException ioe) + { + log.error(this, ioe); + throw new PolicyException(ioe); + } + finally + { + try + { + if(is != null) + { + is.close(); + } + + if(bos != null) + { + bos.close(); + } + } + catch(IOException ioe) + { + log.warn(this, ioe); + } + } + } +} Added: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/EmbeddedBootstrap.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/EmbeddedBootstrap.java (rev 0) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/EmbeddedBootstrap.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,94 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.pap.server; + +import java.net.URL; + +import org.jboss.kernel.plugins.bootstrap.basic.BasicBootstrap; +import org.jboss.kernel.plugins.deployment.xml.BasicXMLDeployer; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +final class EmbeddedBootstrap extends BasicBootstrap +{ + protected BasicXMLDeployer deployer; + + public EmbeddedBootstrap() throws Exception + { + super(); + } + + public void bootstrap() throws Throwable + { + super.bootstrap(); + deployer = new BasicXMLDeployer(getKernel()); + Runtime.getRuntime().addShutdownHook(new Shutdown()); + } + + public void deploy(URL url) + { + try + { + // Workaround the fact that the BasicXMLDeployer does not handle + // redeployment correctly + if (deployer.getDeploymentNames().contains(url.toString())) + { + System.out.println("Service is already deployed."); + return; + } + deployer.deploy(url); + } + catch (Throwable t) + { + t.printStackTrace(); + } + } + + public void undeploy(URL url) + { + if (!deployer.getDeploymentNames().contains(url.toString())) + { + System.out.println("Service is already undeployed."); + return; + } + try + { + deployer.undeploy(url); + } + catch (Throwable t) + { + t.printStackTrace(); + } + } + + protected class Shutdown extends Thread + { + public void run() + { + System.out.println("Shutting down"); + deployer.shutdown(); + } + } +} Added: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java (rev 0) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/server/Server.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,85 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.pap.server; + +import java.net.URL; + +import org.jboss.kernel.Kernel; +import org.jboss.kernel.spi.dependency.KernelController; +import org.jboss.dependency.spi.ControllerContext; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class Server +{ + private static Kernel kernel; + + public Server() + { + + } + + public void start() + { + System.out.println("PAP Server successfully started......."); + } + + public void stop() + { + + } + + public static void bootstrap() + { + try + { + EmbeddedBootstrap bootstrap = new EmbeddedBootstrap(); + bootstrap.run(); + + URL url = Thread.currentThread().getContextClassLoader().getResource("META-INF/jboss-beans.xml"); + bootstrap.deploy(url); + + kernel = bootstrap.getKernel(); + } + catch(Exception e) + { + throw new RuntimeException(e); + } + } + + public static Server getInstance() + { + Server server = null; + + KernelController kernelController = kernel.getController(); + ControllerContext controllerContext = kernelController.getInstalledContext("PAP://Server"); + if(controllerContext != null) + { + server = (Server)controllerContext.getTarget(); + } + + return server; + } +} Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPortalObjectPolicyManager.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPortalObjectPolicyManager.java 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPortalObjectPolicyManager.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -42,7 +42,7 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.Target; import org.jboss.security.authz.model.Rule; -import org.jboss.security.authz.pap.hierarchial.HierarchialPolicy; +import org.jboss.security.authz.pap.policy.HierarchialPolicy; import org.jboss.security.xacml.interfaces.XACMLConstants; import org.jboss.security.xacml.interfaces.XMLSchemaConstants; Modified: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -42,7 +42,7 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.Target; import org.jboss.security.authz.model.Rule; -import org.jboss.security.authz.pap.hierarchial.HierarchialPolicy; +import org.jboss.security.authz.pap.policy.HierarchialPolicy; import org.jboss.security.xacml.interfaces.XACMLConstants; import org.jboss.security.xacml.interfaces.XMLSchemaConstants; Added: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyConfig.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyConfig.java (rev 0) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyConfig.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,42 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.pap.spi; + +import org.jboss.security.authz.model.Policy; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public interface PolicyConfig +{ + /** + * Configures the Policy instances that can be represented in system level XACML format. The easyDomainXml is a user friendly XML configuration that is within the context + * of the application tier being protected. For instance, to apply Access Control at the web tier, the XML configuration would consist of Resources and + * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest parameters, HTTP actions like GET, POST, PUT, etc + * + * @param easyDomainXml User Friendly XML configuration within the context of the Application being protected + * @return a fully configured Policy instance + */ + public Policy[] configure(String easyDomainXml); +} Added: modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java =================================================================== --- modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java (rev 0) +++ modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/spi/PolicyStore.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,65 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.pap.spi; + +import java.util.List; + + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyException; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public interface PolicyStore +{ + /** + * Read a stored Policy identified by the unique policyUri + * + * @param policyUri + * @return a stored Policy + */ + public Policy readPolicy(String policyUri) throws PolicyException; + + /** + * Returns all the stored Policies for the system + * + * @return all the stored Policies + */ + public List<Policy> readAllPolicies() throws PolicyException; + + /** + * Saves a Policy into storage. If this policy already exists in storage, then it updates it + * + * @param policy Policy to be saved into storage + */ + public void savePolicy(Policy policy) throws PolicyException; + + /** + * Deletes the specified Policy from storage + * + * @param policyUri unique identifier for the Policy + */ + public void deletePolicy(String policyUri) throws PolicyException; +} Added: modules/authorization/trunk/PAP/src/main/resources/META-INF/jboss-beans.xml =================================================================== --- modules/authorization/trunk/PAP/src/main/resources/META-INF/jboss-beans.xml (rev 0) +++ modules/authorization/trunk/PAP/src/main/resources/META-INF/jboss-beans.xml 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:jboss:bean-deployer:2.0 bean-deployer_2_0.xsd" + xmlns="urn:jboss:bean-deployer:2.0"> + <bean name="PAP://Server" class="org.jboss.security.authz.pap.server.Server"/> +</deployment> \ No newline at end of file Modified: modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java =================================================================== --- modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -27,6 +27,7 @@ import org.apache.log4j.Logger; import org.jboss.security.authz.model.DroolsRuleExpression; +import org.jboss.security.authz.pap.policy.HierarchialPolicy; /** @@ -51,6 +52,7 @@ //Populate the HierarchialPolicy HierarchialPolicy policy = new HierarchialPolicy("simpleHierarchialPolicy"); policy.setResourceCriteria("http://www.redhat.com/protected/index.html"); + policy.setPermitCriteria("Write", "developer"); String xacmlPolicy = policy.generateXACMLPolicy(); @@ -65,6 +67,7 @@ //Populate the HierarchialPolicy HierarchialPolicy policy = new HierarchialPolicy("simpleHierarchialPolicy"); policy.setResourceCriteria("http://www.redhat.com/protected/index.html"); + policy.setPermitCriteria("Write", new String[]{"developer", "designer", "sysadmin"}); String xacmlPolicy = policy.generateXACMLPolicy(); @@ -79,6 +82,7 @@ //Populate the HierarchialPolicy HierarchialPolicy policy = new HierarchialPolicy("simpleHierarchialPolicy"); policy.setResourceCriteria("http://www.redhat.com/protected/index.html"); + policy.setDenyCriteria("Write", "developer"); String xacmlPolicy = policy.generateXACMLPolicy(); @@ -93,6 +97,7 @@ //Populate the HierarchialPolicy HierarchialPolicy policy = new HierarchialPolicy("simpleHierarchialPolicy"); policy.setResourceCriteria("http://www.redhat.com/protected/index.html"); + policy.setDenyCriteria("Write", new String[]{"developer", "designer", "sysadmin"}); String xacmlPolicy = policy.generateXACMLPolicy(); @@ -110,6 +115,7 @@ DroolsRuleExpression expression = new DroolsRuleExpression(); expression.setFunctionId("WriteRule"); + policy.setPermitCriteria("Write", expression); String xacmlPolicy = policy.generateXACMLPolicy(); @@ -118,4 +124,22 @@ log.info(xacmlPolicy); log.info("--------------------------------------------------------------------"); } + + public void testSimpleDenyPolicyWithDroolsExpression() throws Exception + { + //Populate the HierarchialPolicy + HierarchialPolicy policy = new HierarchialPolicy("simpleHierarchialPolicy"); + policy.setResourceCriteria("http://www.redhat.com/protected/index.html"); + + DroolsRuleExpression expression = new DroolsRuleExpression(); + expression.setFunctionId("WriteRule"); + + policy.setDenyCriteria("Write", expression); + + String xacmlPolicy = policy.generateXACMLPolicy(); + + log.info("--------------------------------------------------------------------"); + log.info(xacmlPolicy); + log.info("--------------------------------------------------------------------"); + } } Modified: modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java =================================================================== --- modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -49,8 +49,8 @@ import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx; import org.jboss.security.authz.model.*; -import org.jboss.security.authz.pap.hierarchial.HierarchialPolicy; import org.jboss.security.authz.pap.plugin.DroolsFunction; +import org.jboss.security.authz.pap.policy.HierarchialPolicy; /** Added: modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/server/TestServer.java =================================================================== --- modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/server/TestServer.java (rev 0) +++ modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/server/TestServer.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,44 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.pap.server; + +import junit.framework.TestCase; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class TestServer extends TestCase +{ + @Override + protected void setUp() throws Exception + { + Server.bootstrap(); + } + + public void testServerLookup() throws Exception + { + Server server = Server.getInstance(); + assertNotNull("Server Not Found!!!", server); + } +} Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -128,5 +128,5 @@ * * @return XACML markup to represent this Policy */ - public abstract String generateXACMLPolicy() throws PolicyException; + public abstract String generateXACMLPolicy() throws PolicyException; } Deleted: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java =================================================================== --- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java 2008-12-12 00:22:37 UTC (rev 12377) @@ -1,83 +0,0 @@ -/****************************************************************************** - * JBoss, a division of Red Hat * - * Copyright 2006, Red Hat Middleware, LLC, and individual * - * contributors as indicated by the @authors tag. See the * - * copyright.txt in the distribution for a full listing of * - * individual contributors. * - * * - * This is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as * - * published by the Free Software Foundation; either version 2.1 of * - * the License, or (at your option) any later version. * - * * - * This software is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * - * Lesser General Public License for more details. * - * * - * You should have received a copy of the GNU Lesser General Public * - * License along with this software; if not, write to the Free * - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * - ******************************************************************************/ -package org.jboss.security.authz.xacml; - -import java.util.List; -import java.util.Iterator; -import java.net.URI; -import java.net.URISyntaxException; - -import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm; -import org.jboss.security.xacml.sunxacml.EvaluationCtx; -import org.jboss.security.xacml.sunxacml.ctx.Result; -import org.jboss.security.xacml.sunxacml.Rule; -import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement; - -/** - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - * - */ -public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm -{ - /** - * - * @throws URISyntaxException - */ - public NoPermitMeansDeniedAlg() throws URISyntaxException - { - super(new URI("rule-combining-alg:nopermit-means-denied")); - } - - /** - * - * @param context - * @param rules - * @return - */ - public Result combine(EvaluationCtx context, List parameters, List ruleElements) - { - Result result = new Result(Result.DECISION_PERMIT); - - Iterator rules = ruleElements.iterator(); - boolean permitFound = false; - while(rules.hasNext()) - { - RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next(); - Rule rule = ruleCombinerElement.getRule(); - Result currentResult = rule.evaluate(context); - - if(currentResult.getDecision() == Result.DECISION_PERMIT) - { - permitFound = true; - break; - } - } - - if(!permitFound) - { - result = new Result(Result.DECISION_DENY); - } - - return result; - } -} Added: modules/authorization/trunk/http-authz/pom.xml =================================================================== --- modules/authorization/trunk/http-authz/pom.xml (rev 0) +++ modules/authorization/trunk/http-authz/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) @@ -0,0 +1,37 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <groupId>org.jboss.security.authz</groupId> + <artifactId>jboss-authz-parent</artifactId> + <version>trunk-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <artifactId>jboss-http-authz</artifactId> + <packaging>jar</packaging> + <name>JBoss Authorization for the HTTP tier</name> + <url>http://www.jboss.org</url> + <description>Contains Authorization Infrastructure for the HTTP tier</description> + + <dependencies> +  + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.3.1</version> + <configuration> + <includes> + </includes> + </configuration> + </plugin> + </plugins> + </build> +</project> Modified: modules/authorization/trunk/pom.xml =================================================================== --- modules/authorization/trunk/pom.xml 2008-12-11 14:25:36 UTC (rev 12376) +++ modules/authorization/trunk/pom.xml 2008-12-12 00:22:37 UTC (rev 12377) @@ -14,8 +14,9 @@  - <module>PEP</module> + <module>PEP</module> <module>PAP</module> + <module>http-authz</module> </modules> <properties> @@ -35,6 +36,7 @@ <version.jboss.xacml>2.0.3-SNAPSHOT</version.jboss.xacml> <version.apache.log4j>1.2.14</version.apache.log4j> <version.org.drools>4.0.7</version.org.drools> + <version.org.jboss.microcontainer>2.0.2.GA</version.org.jboss.microcontainer>  <jboss.home>/home/soshah/appServers/jboss-4.2.2.GA</jboss.home> @@ -179,13 +181,33 @@ <artifactId>drools-core</artifactId> <version>${version.org.drools}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.drools</groupId> <artifactId>drools-compiler</artifactId> <version>${version.org.drools}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> + </exclusions> </dependency> + +  + <dependency> + <groupId>org.jboss.microcontainer</groupId> + <artifactId>jboss-kernel</artifactId> + <version>${version.org.jboss.microcontainer}</version> + <scope>provided</scope> + </dependency> </dependencies> </dependencyManagement>

17 years, 5 months

1
0
0 / 0

Delivery Status Notification

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

RE: Message

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Delivery Status Notification

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Delivery Status Notification

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Your order

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

Your order

by portal-commits＠lists.jboss.org

17 years, 5 months

1
0
0 / 0

JBoss Portal SVN: r12376 - branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/impl/model/portal.

by portal-commits＠lists.jboss.org

Author: chris.laprun(a)jboss.com Date: 2008-12-11 09:25:36 -0500 (Thu, 11 Dec 2008) New Revision: 12376 Modified: branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/impl/model/portal/ObjectNode.java Log: - JBPORTAL-2257: possible fix... Needs associated test case. Modified: branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/impl/model/portal/ObjectNode.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/impl/model/portal/ObjectNode.java 2008-12-10 22:32:43 UTC (rev 12375) +++ branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/impl/model/portal/ObjectNode.java 2008-12-11 14:25:36 UTC (rev 12376) @@ -22,6 +22,13 @@ ******************************************************************************/ package org.jboss.portal.core.impl.model.portal; +import org.jboss.logging.Logger; +import org.jboss.portal.core.model.portal.DuplicatePortalObjectException; +import org.jboss.portal.core.model.portal.NoSuchPortalObjectException; +import org.jboss.portal.core.model.portal.PortalObjectId; +import org.jboss.portal.jems.hibernate.ContextObject; +import org.jboss.portal.security.RoleSecurityBinding; + import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -30,13 +37,6 @@ import java.util.Map; import java.util.Set; -import org.jboss.logging.Logger; -import org.jboss.portal.core.model.portal.DuplicatePortalObjectException; -import org.jboss.portal.core.model.portal.NoSuchPortalObjectException; -import org.jboss.portal.core.model.portal.PortalObjectId; -import org.jboss.portal.jems.hibernate.ContextObject; -import org.jboss.portal.security.RoleSecurityBinding; - /** * @author <a href="mailto:julien@jboss.org">Julien Viet</a> * @version $Revision$ @@ -57,10 +57,11 @@ private ObjectNode parent; private Map children; private PortalObjectImpl object; - private Map securityConstraints; + private Map<String, ObjectNodeSecurityConstraint> securityConstraints; // Runtime fields private AbstractPortalObjectContainer.ContainerContext containerContext; + private static final String DASHBOARD = "dashboard"; public ObjectNode() { @@ -81,7 +82,7 @@ this.path = path; this.name = name; this.children = new HashMap(); - this.securityConstraints = new HashMap(); + this.securityConstraints = new HashMap<String, ObjectNodeSecurityConstraint>(); } // ContextObject implementation ************************************************************************************* @@ -264,18 +265,16 @@ public void setBindings(Set bindings) { // Clear existing constraints - securityConstraints.clear(); - for (Iterator i = securityConstraints.values().iterator(); i.hasNext();) + for (ObjectNodeSecurityConstraint onsc : securityConstraints.values()) { - ObjectNodeSecurityConstraint onsc = (ObjectNodeSecurityConstraint)i.next(); - i.remove(); onsc.setObjectNode(null); } + securityConstraints.clear(); // Replace with new ones - for (Iterator i = bindings.iterator(); i.hasNext();) + for (Object binding : bindings) { - RoleSecurityBinding sc = (RoleSecurityBinding)i.next(); + RoleSecurityBinding sc = (RoleSecurityBinding)binding; // Optmize a bit if (sc.getActions().size() > 0) @@ -294,10 +293,9 @@ public Set getBindings() { - Set bindings = new HashSet(); - for (Iterator i = securityConstraints.values().iterator(); i.hasNext();) + Set<RoleSecurityBinding> bindings = new HashSet<RoleSecurityBinding>(); + for (ObjectNodeSecurityConstraint onsc : securityConstraints.values()) { - ObjectNodeSecurityConstraint onsc = (ObjectNodeSecurityConstraint)i.next(); Set actions = onsc.getActions(); RoleSecurityBinding sc = new RoleSecurityBinding(actions, onsc.getRole()); bindings.add(sc); @@ -307,28 +305,26 @@ public RoleSecurityBinding getBinding(String roleName) { - Set actions = null; - for (Iterator i = securityConstraints.values().iterator(); i.hasNext();) + Set<String> actions = null; + + // + ObjectNodeSecurityConstraint onsc = securityConstraints.get(roleName); + if (onsc != null) { - ObjectNodeSecurityConstraint onsc = (ObjectNodeSecurityConstraint)i.next(); - if (onsc.getRole().equals(roleName)) - { - actions = onsc.getActions(); - break; - } + actions = onsc.getActions(); } // - if ("dashboard".equals(path.getNamespace())) + if (DASHBOARD.equals(path.getNamespace())) { if (actions == null) { - actions = Collections.singleton("dashboard"); + actions = Collections.singleton(DASHBOARD); } else { - actions = new HashSet(actions); - actions.add("dashboard"); + actions = new HashSet<String>(actions); + actions.add(DASHBOARD); } }

17 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

portal-commits December 2008