JBoss Portal SVN: r12794 - in modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components: action and 1 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-08 22:21:21 -0500 (Sun, 08 Feb 2009)
New Revision: 12794
Added:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Manage.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Read.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Write.java
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
Log:
Introducing Read, Write, and Manage (Action components)
Added: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Manage.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Manage.java (rev 0)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Manage.java 2009-02-09 03:21:21 UTC (rev 12794)
@@ -0,0 +1,93 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Action;
+import org.jboss.security.authz.model.Target;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * Read represents a "Manage" action that can be performed on a Resource
+ *
+ * Management of a Resource involves all kinds of operations including Reading and Writing
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Manage
+{
+ public Manage()
+ {
+
+ }
+ //-----Services for Policy Generation------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * A Target used for Matching a "MANAGE" Action within a Policy Definition
+ *
+ * @return target
+ */
+ public Target getTarget()
+ {
+ Target target = new Target();
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, "MANAGE");
+ expression.setAttribute(attribute);
+
+ target.addActionMatch(expression);
+
+ return target;
+ }
+ //-----Services for Request Generation----------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates a "MANAGE" Action for the RequestContext
+ *
+ * @return action
+ */
+ public Action getAction()
+ {
+ Action action = new Action();
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
+ "MANAGE"
+ );
+ Attribute impliesRead = new Attribute(XACMLConstants.ATTRIBUTEID_IMPLIED_ACTION,
+ XMLSchemaConstants.DATATYPE_STRING,
+ "READ"
+ );
+ Attribute impliesWrite = new Attribute(XACMLConstants.ATTRIBUTEID_IMPLIED_ACTION,
+ XMLSchemaConstants.DATATYPE_STRING,
+ "WRITE"
+ );
+ action.addAttribute(attribute);
+ action.addAttribute(impliesRead);
+ action.addAttribute(impliesWrite);
+
+ return action;
+ }
+}
Added: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Read.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Read.java (rev 0)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Read.java 2009-02-09 03:21:21 UTC (rev 12794)
@@ -0,0 +1,81 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Action;
+import org.jboss.security.authz.model.Target;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * Read represents a "read" action that can be performed on a Resource
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Read
+{
+ public Read()
+ {
+
+ }
+ //-----Services for Policy Generation------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * A Target used for Matching a "READ" Action within a Policy Definition
+ *
+ * @return target
+ */
+ public Target getTarget()
+ {
+ Target target = new Target();
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, "READ");
+ expression.setAttribute(attribute);
+
+ target.addActionMatch(expression);
+
+ return target;
+ }
+ //-----Services for Request Generation----------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates a "READ" Action for the RequestContext
+ *
+ * @return action
+ */
+ public Action getAction()
+ {
+ Action action = new Action();
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
+ "READ"
+ );
+ action.addAttribute(attribute);
+
+ return action;
+ }
+}
Added: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Write.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Write.java (rev 0)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/action/Write.java 2009-02-09 03:21:21 UTC (rev 12794)
@@ -0,0 +1,88 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Action;
+import org.jboss.security.authz.model.Target;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * Read represents a "Write" action that can be performed on a Resource
+ *
+ * Write operation also implies that read operations are implied
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Write
+{
+ public Write()
+ {
+
+ }
+ //-----Services for Policy Generation------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * A Target used for Matching a "WRITE" Action within a Policy Definition
+ *
+ * @return target
+ */
+ public Target getTarget()
+ {
+ Target target = new Target();
+
+ AttributeExpression expression = new AttributeExpression();
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, "WRITE");
+ expression.setAttribute(attribute);
+
+ target.addActionMatch(expression);
+
+ return target;
+ }
+ //-----Services for Request Generation----------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates a "WRITE" Action for the RequestContext
+ *
+ * @return action
+ */
+ public Action getAction()
+ {
+ Action action = new Action();
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
+ "WRITE"
+ );
+ Attribute impliesRead = new Attribute(XACMLConstants.ATTRIBUTEID_IMPLIED_ACTION,
+ XMLSchemaConstants.DATATYPE_STRING,
+ "READ"
+ );
+ action.addAttribute(attribute);
+ action.addAttribute(impliesRead);
+
+ return action;
+ }
+}
Modified: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-08 15:01:03 UTC (rev 12793)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-09 03:21:21 UTC (rev 12794)
@@ -151,6 +151,36 @@
}
//-------Services for Policy Creation---------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
+ * Produces PolicyMeta used to generate a Policy object to be registered with the Policy Server
+ *
+ * @return the policy meta data
+ */
+ public PolicyMetaData getPolicyMetaData(boolean matchAllParameters)
+ {
+ PolicyMetaData metadata = new PolicyMetaData();
+
+ Target target = this.getURLTarget(matchAllParameters);
+
+ Set<Rule> rules = new HashSet<Rule>();
+
+ //Permitted Roles
+ if(this.allowedRoles != null)
+ {
+ rules.add(this.allowIfUserHasRole());
+ }
+
+ //Denied Roles
+ if(this.deniedRoles != null)
+ {
+ rules.add(this.denyIfUserHasRole());
+ }
+
+ metadata.setTarget(target);
+ metadata.setRules(rules);
+
+ return metadata;
+ }
+ /**
* Creates a Policy Target suggesting that the Policy should apply to this HttpResource
*
* @param matchAllParameters 'true' = include matching of all the parameters, 'false' = only url matching, parameters are excluded
@@ -203,33 +233,7 @@
private Rule denyIfUserHasRole()
{
return this.getDeniedRoles().denyIfUserHasRole();
- }
-
- public PolicyMetaData getPolicyMetaData(boolean matchAllParameters)
- {
- PolicyMetaData metadata = new PolicyMetaData();
-
- Target target = this.getURLTarget(matchAllParameters);
-
- Set<Rule> rules = new HashSet<Rule>();
-
- //Permitted Roles
- if(this.allowedRoles != null)
- {
- rules.add(this.allowIfUserHasRole());
- }
-
- //Denied Roles
- if(this.deniedRoles != null)
- {
- rules.add(this.denyIfUserHasRole());
- }
-
- metadata.setTarget(target);
- metadata.setRules(rules);
-
- return metadata;
- }
+ }
//---------Services for RequestContext Generation------------------------------------------------------------------------------------------------------------------------------
/**
* Represents the Resource that is currently being accessed
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12793 - branches/JBoss_Portal_Branch_2_7/core/src/bin/portal-core-war/themes/common.
by portal-commits@lists.jboss.org
Author: wesleyhales
Date: 2009-02-08 10:01:03 -0500 (Sun, 08 Feb 2009)
New Revision: 12793
Modified:
branches/JBoss_Portal_Branch_2_7/core/src/bin/portal-core-war/themes/common/portlet-editor.css
Log:
https://jira.jboss.org/jira/browse/JBPORTAL-2225
Modified: branches/JBoss_Portal_Branch_2_7/core/src/bin/portal-core-war/themes/common/portlet-editor.css
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core/src/bin/portal-core-war/themes/common/portlet-editor.css 2009-02-07 04:43:16 UTC (rev 12792)
+++ branches/JBoss_Portal_Branch_2_7/core/src/bin/portal-core-war/themes/common/portlet-editor.css 2009-02-08 15:01:03 UTC (rev 12793)
@@ -1,8 +1,8 @@
.portlet-editor-content {
height:300px;
width:500px;
- overflow: auto;
overflow-x: hidden;
+ overflow-y: scroll;
border: 1px solid #333;
}
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12792 - in modules/authorization/trunk: policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-06 23:43:16 -0500 (Fri, 06 Feb 2009)
New Revision: 12792
Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
Log:
fixing the build
Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-02-07 04:39:13 UTC (rev 12791)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-02-07 04:43:16 UTC (rev 12792)
@@ -151,11 +151,11 @@
}
//Process IP Ranges
- NodeList ipNodes = conditionElement.getElementsByTagName("ip-range");
+ /*NodeList ipNodes = conditionElement.getElementsByTagName("ip-range");
if(ipNodes != null && ipNodes.getLength() >0)
{
this.parseIpRules(httpResource, ipNodes);
- }
+ }*/
}
}
}
@@ -170,7 +170,7 @@
}
}
- private void parseIpRules(HttpResource httpResource, NodeList ipNodes)
+ /*private void parseIpRules(HttpResource httpResource, NodeList ipNodes)
{
for(int j=0; j<ipNodes.getLength(); j++)
{
@@ -179,5 +179,5 @@
httpResource.addAllowedIp(ipRange);
}
- }
+ }*/
}
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-07 04:39:13 UTC (rev 12791)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-07 04:43:16 UTC (rev 12792)
@@ -116,7 +116,7 @@
request.addSubject(subject);
//Create Resource
- Resource urlResource = httpResource.getURLResource();
+ Resource urlResource = httpResource.getResource();
request.addResource(urlResource);
//Create Action
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12791 - in modules/authorization/trunk/core-components/src: main/java/org/jboss/security/authz/components/subject and 2 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-06 23:39:13 -0500 (Fri, 06 Feb 2009)
New Revision: 12791
Added:
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
Removed:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
Log:
Core Component Implementation cleanup. The Component contract is still evolving on the whiteboard
Modified: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-06 21:51:50 UTC (rev 12790)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-07 04:39:13 UTC (rev 12791)
@@ -26,18 +26,15 @@
import java.util.HashMap;
import java.util.Set;
import java.util.HashSet;
-import java.text.MessageFormat;
import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.Resource;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.model.DroolsRuleExpression;
-import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.xacml.ExpressionBuilder;
+import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
@@ -52,41 +49,7 @@
*
*/
public class HttpResource
-{
- //make it package-level access so that unit tests can test these rules
- static final String allowedRolesRule =
- "import java.util.HashSet\n"+
- "rule \"allowedRolesRule\"\n"+
- "when\n"+
- "$ruleName: String()\n"+
- "$roles: HashSet()\n"+
- "eval($ruleName.contains(\"httpResource://permittedRoles\"))\n"+
- "eval({0})\n"+
- "then\n"+
- "insert(Boolean.TRUE);\n"+
- "end\n";
-
- static final String deniedRolesRule =
- "import java.util.HashSet\n"+
- "rule \"deniedRolesRule\"\n"+
- "when\n"+
- "$ruleName: String()\n"+
- "$roles: HashSet()\n"+
- "eval($ruleName.contains(\"httpResource://deniedRoles\"))\n"+
- "eval({0})\n"+
- "then\n"+
- "insert(Boolean.TRUE);\n"+
- "end\n";
-
- static final String allowedIpsRule =
- "rule \"allowedIpsRule\"\n"+
- "when\n"+
- "$ruleName: String()\n"+
- "eval($ruleName.contains(\"httpResource://allowedIps\"))\n"+
- "then\n"+
- "insert(Boolean.TRUE);\n"+
- "end\n";
-
+{
/**
* The URL that identifies this resource
*/
@@ -100,17 +63,13 @@
/**
* Roles that are allowed access to this resource
*/
- private Set<String> allowedRoles;
+ private Roles allowedRoles;
/**
* Roles that are denied access to this resource
*/
- private Set<String> deniedRoles;
+ private Roles deniedRoles;
- /**
- * A Range/regular expression to specify client IP addresses that have access to this resource
- */
- private Set<String> allowedIps;
/**
*
@@ -118,9 +77,6 @@
public HttpResource()
{
this.parameters = new HashMap<String, String>();
- this.allowedRoles = new HashSet<String>();
- this.deniedRoles = new HashSet<String>();
- this.allowedIps = new HashSet<String>();
}
public Map<String, String> getParameters()
@@ -146,22 +102,30 @@
this.url = url;
}
- public Set<String> getAllowedRoles()
+ public Roles getAllowedRoles()
{
+ if(this.allowedRoles == null)
+ {
+ this.allowedRoles = new Roles();
+ }
return allowedRoles;
}
- public void setAllowedRoles(Set<String> allowedRoles)
+ public void setAllowedRoles(Roles allowedRoles)
{
this.allowedRoles = allowedRoles;
}
- public Set<String> getDeniedRoles()
+ public Roles getDeniedRoles()
{
+ if(this.deniedRoles == null)
+ {
+ this.deniedRoles = new Roles();
+ }
return deniedRoles;
}
- public void setDeniedRoles(Set<String> deniedRoles)
+ public void setDeniedRoles(Roles deniedRoles)
{
this.deniedRoles = deniedRoles;
}
@@ -177,32 +141,14 @@
}
public void addAllowedRole(String allowedRole)
- {
- if(allowedRole == null || allowedRole.trim().length() == 0)
- {
- throw new IllegalArgumentException("Role Value Must Not Be Empty");
- }
-
- this.allowedRoles.add(allowedRole);
+ {
+ this.getAllowedRoles().addName(allowedRole);
}
public void addDeniedRole(String deniedRole)
- {
- if(deniedRole == null || deniedRole.trim().length() == 0)
- {
- throw new IllegalArgumentException("Role Value Must Not Be Empty");
- }
- this.deniedRoles.add(deniedRole);
- }
-
- public void addAllowedIp(String allowedIp)
- {
- if(allowedIp == null || allowedIp.trim().length() == 0)
- {
- throw new IllegalArgumentException("Allowed IP Must Not Be Empty");
- }
- this.allowedIps.add(allowedIp);
- }
+ {
+ this.getDeniedRoles().addName(deniedRole);
+ }
//-------Services for Policy Creation---------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Creates a Policy Target suggesting that the Policy should apply to this HttpResource
@@ -244,35 +190,9 @@
*
* @return the rule
*/
- private Rule getPermittedRolesRule()
+ private Rule allowIfUserHasRole()
{
- if(this.allowedRoles == null || this.allowedRoles.isEmpty())
- {
- return null;
- }
-
- Rule permitRule = new Rule();
-
- String ruleReference = "httpResource://permittedRoles/"+GeneralTool.generateUniqueId();
- permitRule.setRuleId(ruleReference);
- permitRule.setEffect(Effect.PERMIT);
-
- //Generate a Drools Rule Expression
- StringBuffer buffer = new StringBuffer();
- for(String role: this.allowedRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.allowedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference(ruleReference);
- expression.setRule(rule);
- permitRule.setExpression(expression);
-
- return permitRule;
+ return this.getAllowedRoles().allowIfUserHasRole();
}
/**
@@ -280,70 +200,11 @@
*
* @return the role
*/
- private Rule getDeniedRolesRule()
+ private Rule denyIfUserHasRole()
{
- if(this.deniedRoles == null || this.deniedRoles.isEmpty())
- {
- return null;
- }
-
- Rule denyRule = new Rule();
-
- String ruleReference = "httpResource://deniedRoles/"+GeneralTool.generateUniqueId();
- denyRule.setRuleId(ruleReference);
- denyRule.setEffect(Effect.DENY);
-
- //Generate a Drools Rule Expression
- StringBuffer buffer = new StringBuffer();
- for(String role: this.deniedRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.deniedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference(ruleReference);
- expression.setRule(rule);
- denyRule.setExpression(expression);
-
- return denyRule;
+ return this.getDeniedRoles().denyIfUserHasRole();
}
-
- private Rule getAllowedIpsRule()
- {
- if(this.allowedIps == null || this.allowedIps.isEmpty())
- {
- return null;
- }
-
- Rule rule = new Rule();
-
- String ruleReference = "httpResource://allowedIps/"+GeneralTool.generateUniqueId();
- rule.setRuleId(ruleReference);
- rule.setEffect(Effect.PERMIT);
-
- //TODO: Generate a Drools Rule Expression
- for(String allowedIp: this.allowedIps)
- {
- /*AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, allowedIp);
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);*/
- }
-
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference(ruleReference);
- expression.setRule(HttpResource.allowedIpsRule);
- rule.setExpression(expression);
-
- return rule;
- }
-
+
public PolicyMetaData getPolicyMetaData(boolean matchAllParameters)
{
PolicyMetaData metadata = new PolicyMetaData();
@@ -353,26 +214,17 @@
Set<Rule> rules = new HashSet<Rule>();
//Permitted Roles
- Rule permittedRoles = this.getPermittedRolesRule();
- if(permittedRoles != null)
- {
- rules.add(permittedRoles);
- }
+ if(this.allowedRoles != null)
+ {
+ rules.add(this.allowIfUserHasRole());
+ }
- //Denied Roles
- Rule deniedRoles = this.getDeniedRolesRule();
- if(deniedRoles != null)
+ //Denied Roles
+ if(this.deniedRoles != null)
{
- rules.add(deniedRoles);
+ rules.add(this.denyIfUserHasRole());
}
-
- //AllowedIP Rules
- Rule allowedIps = this.getAllowedIpsRule();
- if(allowedIps != null)
- {
- rules.add(allowedIps);
- }
-
+
metadata.setTarget(target);
metadata.setRules(rules);
@@ -384,7 +236,7 @@
*
* @return the Resource
*/
- public Resource getURLResource()
+ public Resource getResource()
{
Resource urlResource = new Resource();
Deleted: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2009-02-06 21:51:50 UTC (rev 12790)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Machine.java 2009-02-07 04:39:13 UTC (rev 12791)
@@ -1,285 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.components.subject;
-
-import java.net.InetAddress;
-
-import org.jboss.security.authz.model.Attribute;
-import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.Target;
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-
-/**
- * The Machine Policy Component represents the "Machine" that is accessing the System
- *
- * This Component provides an easy to use Developer API for generating commonly used Expressions/Logic related to Machine related information that must be
- * represented within an Authorization Policy
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class Machine
-{
- /**
- * IP Address of the machine
- */
- private InetAddress ipAddress;
-
- /**
- * DNS Name of the machine
- */
- private String dnsName;
-
- /**
- * Regular Expression for matching the fact whether the IP Address of the remote Machine falls within the specified range of IP Addresses
- */
- private String ipRangeRegEx;
-
- public Machine()
- {
-
- }
-
- public InetAddress getIpAddress()
- {
- return ipAddress;
- }
-
- public void setIpAddress(InetAddress ipAddress)
- {
- this.ipAddress = ipAddress;
- }
-
- public String getDnsName()
- {
- return dnsName;
- }
-
- public void setDnsName(String dnsName)
- {
- this.dnsName = dnsName;
- }
-
-
- public String getIpRangeRegEx()
- {
- return ipRangeRegEx;
- }
-
- public void setIpRangeRegEx(String ipRangeRegEx)
- {
- this.ipRangeRegEx = ipRangeRegEx;
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates a Rule specifying that the Remote Machine with this IP Address should be Allowed Access
- *
- * @return the rule
- */
- public Rule getAllowedRemoteIP()
- {
- if(this.ipAddress == null)
- {
- throw new IllegalStateException("The IP Address is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_STRING, this.ipAddress.getHostAddress());
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule specifying that the Remote Machine with this IP Address should be Denied Access
- *
- * @return the rule
- */
- public Rule getDeniedRemoteIP()
- {
- if(this.ipAddress == null)
- {
- throw new IllegalStateException("The IP Address is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_STRING, this.ipAddress.getHostAddress());
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule that specifies that the Remote Machine with its DNS address is Allowed Access
- *
- * @return the rule
- */
- public Rule getAllowedRemoteDNS()
- {
- if(this.dnsName == null || this.dnsName.trim().length() == 0)
- {
- throw new IllegalStateException("The DNSName is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_DNS_NAME,
- XMLSchemaConstants.DATATYPE_STRING, this.dnsName);
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule that specifies that the Remote Machine with its DNS address is Denied Access
- *
- * @return the rule
- */
- public Rule getDenyRemoteDNS()
- {
- if(this.dnsName == null || this.dnsName.trim().length() == 0)
- {
- throw new IllegalStateException("The DNSName is Empty");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_DNS_NAME,
- XMLSchemaConstants.DATATYPE_STRING, this.dnsName);
- expression.setAttribute(attribute);
-
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule specifying that the Remote Machine should be Allowed Access if it falls within the specified IP Range
- *
- * @return the rule
- */
- public Rule getAllowedRemoteIPRange()
- {
- if(this.ipRangeRegEx == null || this.ipRangeRegEx.trim().length() == 0)
- {
- throw new IllegalStateException("The IP Range is not specified");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, this.ipRangeRegEx);
- expression.setAttribute(attribute);
-
- return rule;
- }
-
- /**
- * Creates a Rule specifying that the Remote Machine should be Denied Access if it falls within the specified IP Range
- *
- * @return the rule
- */
- public Rule getDeniedRemoteIPRange()
- {
- if(this.ipRangeRegEx == null || this.ipRangeRegEx.trim().length() == 0)
- {
- throw new IllegalStateException("The IP Range is not specified");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_IPADDRESS_MATCH);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_IP_ADDRESS,
- XMLSchemaConstants.DATATYPE_IPADDRESS, this.ipRangeRegEx);
- expression.setAttribute(attribute);
-
- return rule;
- }
-}
Modified: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-06 21:51:50 UTC (rev 12790)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-07 04:39:13 UTC (rev 12791)
@@ -102,7 +102,7 @@
{
throw new IllegalArgumentException("Role Name should not be empty!!");
}
- this.names.add(name);
+ this.getNames().add(name);
}
//-------Services for Policy Generation-----------------------------------------------------------------------------------------------------------------------------------------------------
/**
@@ -111,7 +111,7 @@
*
* @return the rule
*/
- public Rule allow()
+ public Rule allowIfUserHasRole()
{
if(this.getNames().isEmpty())
{
@@ -148,7 +148,7 @@
*
* @return the rule
*/
- public Rule deny()
+ public Rule denyIfUserHasRole()
{
if(this.getNames().isEmpty())
{
Modified: modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
===================================================================
--- modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-02-06 21:51:50 UTC (rev 12790)
+++ modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-02-07 04:39:13 UTC (rev 12791)
@@ -90,7 +90,6 @@
httpResource.addParameter("test2", "test2://value");
httpResource.addAllowedRole("admin");
httpResource.addDeniedRole("anonymous");
- httpResource.addAllowedIp("192.168.x.x");
Policy policy = new MockPolicy("testIPRules", httpResource.getPolicyMetaData(true));
Deleted: modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java
===================================================================
--- modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java 2009-02-06 21:51:50 UTC (rev 12790)
+++ modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/http/TestHttpResourceRules.java 2009-02-07 04:39:13 UTC (rev 12791)
@@ -1,210 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authz.components.http;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.text.MessageFormat;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Iterator;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-
-
-import org.drools.RuleBase;
-import org.drools.RuleBaseFactory;
-import org.drools.StatefulSession;
-import org.drools.WorkingMemory;
-import org.drools.compiler.PackageBuilder;
-import org.jboss.security.authz.tools.GeneralTool;
-
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class TestHttpResourceRules extends TestCase
-{
- private static Logger log = Logger.getLogger(TestHttpResourceRules.class);
- private static String rulePkg =
- "package security\n"+
- "import org.jboss.security.authz.model.*;\n"+
- "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
-
- private RuleBase activeRuleBase;
-
- public void setUp() throws Exception
- {
- StringBuilder buffer = new StringBuilder();
-
- buffer.append(rulePkg+"\n");
- buffer.append(this.getAllowedRolesRule()+"\n");
- buffer.append(this.getDeniedRolesRule()+"\n");
- buffer.append(HttpResource.allowedIpsRule+"\n");
-
- Reader source = new InputStreamReader(new ByteArrayInputStream(buffer.toString().getBytes()));
- try
- {
- PackageBuilder packageBuilder = new PackageBuilder();
- packageBuilder.addPackageFromDrl(source);
-
- if(this.activeRuleBase == null)
- {
- this.activeRuleBase = RuleBaseFactory.newRuleBase();
- }
-
- //Perform the reloading of the RuleBase with the updated Rules
- this.activeRuleBase.lock();
- this.activeRuleBase.addPackage(packageBuilder.getPackage());
- this.activeRuleBase.unlock();
- }
- finally
- {
- source.close();
- }
- }
-
- public void tearDown() throws Exception
- {
- this.activeRuleBase = null;
- }
-
- public void testAllowedRolesRule() throws Exception
- {
- log.info("Executing----------testAllowedRolesRule");
- WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
-
- //SetUp the context data
- workingMemory.insert("httpResource://permittedRoles/"+GeneralTool.generateUniqueId());
- Set roles = new HashSet();
- roles.add("admin");
- roles.add("superuser");
- workingMemory.insert(roles);
-
- workingMemory.fireAllRules();
-
- //Extract result
- boolean success = false;
- Iterator itr = workingMemory.iterateObjects();
- while(itr.hasNext())
- {
- Object curr = itr.next();
- if(curr instanceof Boolean)
- {
- success = ((Boolean)curr).booleanValue();
- }
- }
-
- ((StatefulSession)workingMemory).dispose();
-
- assertTrue("Rule did not execute!!", success);
- }
-
- public void testDeniedRolesRule() throws Exception
- {
- log.info("Executing----------testDeniedRolesRule");
- WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
-
- //SetUp the context data
- workingMemory.insert("httpResource://deniedRoles/"+GeneralTool.generateUniqueId());
- Set roles = new HashSet();
- roles.add("anonymous");
- workingMemory.insert(roles);
-
- workingMemory.fireAllRules();
-
- //Extract result
- boolean success = false;
- Iterator itr = workingMemory.iterateObjects();
- while(itr.hasNext())
- {
- Object curr = itr.next();
- if(curr instanceof Boolean)
- {
- success = ((Boolean)curr).booleanValue();
- }
- }
-
- ((StatefulSession)workingMemory).dispose();
-
- assertTrue("Rule did not execute!!", success);
- }
-
- public void testAllowedIpsRule() throws Exception
- {
- log.info("Executing----------testAllowedIpsRule");
- WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
- workingMemory.insert("httpResource://allowedIps/"+GeneralTool.generateUniqueId());
- workingMemory.fireAllRules();
-
- //Extract result
- boolean success = false;
- Iterator itr = workingMemory.iterateObjects();
- while(itr.hasNext())
- {
- Object curr = itr.next();
- if(curr instanceof Boolean)
- {
- success = ((Boolean)curr).booleanValue();
- }
- }
-
- ((StatefulSession)workingMemory).dispose();
-
- assertTrue("Rule did not execute!!", success);
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------
- private String getAllowedRolesRule()
- {
- String[] mockRoles = new String[]{"Admin", "SupErUser"};
-
- StringBuffer buffer = new StringBuffer();
- for(String role: mockRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.allowedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- return rule;
- }
-
- private String getDeniedRolesRule()
- {
- String[] mockRoles = new String[]{"Anonymous", "Regular"};
-
- StringBuffer buffer = new StringBuffer();
- for(String role: mockRoles)
- {
- buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
- }
- String condition = buffer.toString().trim();
- String rule = MessageFormat.format(HttpResource.deniedRolesRule,
- new Object[]{condition.substring(0, condition.length()-2).trim()});
-
- return rule;
- }
-}
Added: modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java
===================================================================
--- modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java (rev 0)
+++ modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestRolesDroolsRules.java 2009-02-07 04:39:13 UTC (rev 12791)
@@ -0,0 +1,185 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.subject;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.text.MessageFormat;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+
+import org.drools.RuleBase;
+import org.drools.RuleBaseFactory;
+import org.drools.StatefulSession;
+import org.drools.WorkingMemory;
+import org.drools.compiler.PackageBuilder;
+import org.jboss.security.authz.tools.GeneralTool;
+
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestRolesDroolsRules extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestRolesDroolsRules.class);
+ private static String rulePkg =
+ "package security\n"+
+ "import org.jboss.security.authz.model.*;\n"+
+ "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
+
+ private RuleBase activeRuleBase;
+
+ public void setUp() throws Exception
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(rulePkg+"\n");
+ buffer.append(this.getAllowedRolesRule()+"\n");
+ buffer.append(this.getDeniedRolesRule()+"\n");
+
+ Reader source = new InputStreamReader(new ByteArrayInputStream(buffer.toString().getBytes()));
+ try
+ {
+ PackageBuilder packageBuilder = new PackageBuilder();
+ packageBuilder.addPackageFromDrl(source);
+
+ if(this.activeRuleBase == null)
+ {
+ this.activeRuleBase = RuleBaseFactory.newRuleBase();
+ }
+
+ //Perform the reloading of the RuleBase with the updated Rules
+ this.activeRuleBase.lock();
+ this.activeRuleBase.addPackage(packageBuilder.getPackage());
+ this.activeRuleBase.unlock();
+ }
+ finally
+ {
+ source.close();
+ }
+ }
+
+ public void tearDown() throws Exception
+ {
+ this.activeRuleBase = null;
+ }
+
+ public void testAllowedRolesRule() throws Exception
+ {
+ log.info("Executing----------testAllowedRolesRule");
+ WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
+
+ //SetUp the context data
+ workingMemory.insert("roles://allowRule/"+GeneralTool.generateUniqueId());
+ Set roles = new HashSet();
+ roles.add("admin");
+ roles.add("superuser");
+ workingMemory.insert(roles);
+
+ workingMemory.fireAllRules();
+
+ //Extract result
+ boolean success = false;
+ Iterator itr = workingMemory.iterateObjects();
+ while(itr.hasNext())
+ {
+ Object curr = itr.next();
+ if(curr instanceof Boolean)
+ {
+ success = ((Boolean)curr).booleanValue();
+ }
+ }
+
+ ((StatefulSession)workingMemory).dispose();
+
+ assertTrue("Rule did not execute!!", success);
+ }
+
+ public void testDeniedRolesRule() throws Exception
+ {
+ log.info("Executing----------testDeniedRolesRule");
+ WorkingMemory workingMemory = this.activeRuleBase.newStatefulSession();
+
+ //SetUp the context data
+ workingMemory.insert("roles://denyRule/"+GeneralTool.generateUniqueId());
+ Set roles = new HashSet();
+ roles.add("anonymous");
+ workingMemory.insert(roles);
+
+ workingMemory.fireAllRules();
+
+ //Extract result
+ boolean success = false;
+ Iterator itr = workingMemory.iterateObjects();
+ while(itr.hasNext())
+ {
+ Object curr = itr.next();
+ if(curr instanceof Boolean)
+ {
+ success = ((Boolean)curr).booleanValue();
+ }
+ }
+
+ ((StatefulSession)workingMemory).dispose();
+
+ assertTrue("Rule did not execute!!", success);
+ }
+ //------------------------------------------------------------------------------------------------------------------------------------------------------
+ private String getAllowedRolesRule()
+ {
+ String[] mockRoles = new String[]{"Admin", "SupErUser"};
+
+ StringBuffer buffer = new StringBuffer();
+ for(String role: mockRoles)
+ {
+ buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
+ }
+ String condition = buffer.toString().trim();
+ String rule = MessageFormat.format(Roles.allowRule,
+ new Object[]{condition.substring(0, condition.length()-2).trim()});
+
+ return rule;
+ }
+
+ private String getDeniedRolesRule()
+ {
+ String[] mockRoles = new String[]{"Anonymous", "Regular"};
+
+ StringBuffer buffer = new StringBuffer();
+ for(String role: mockRoles)
+ {
+ buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
+ }
+ String condition = buffer.toString().trim();
+ String rule = MessageFormat.format(Roles.denyRule,
+ new Object[]{condition.substring(0, condition.length()-2).trim()});
+
+ return rule;
+ }
+}
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12790 - in modules/authorization/trunk: core-components/src/main/java/org/jboss/security/authz/components/subject and 1 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-06 16:51:50 -0500 (Fri, 06 Feb 2009)
New Revision: 12790
Added:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java
Removed:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Role.java
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/JAXBEncoder.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
Log:
code backup
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/JAXBEncoder.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/JAXBEncoder.java 2009-02-06 14:53:56 UTC (rev 12789)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/JAXBEncoder.java 2009-02-06 21:51:50 UTC (rev 12790)
@@ -21,12 +21,20 @@
*/
package org.jboss.security.authz.xacml;
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.xml.bind.JAXB;
+import javax.xml.bind.JAXBElement;
+
import org.jboss.security.xacml.core.model.context.AttributeType;
import org.jboss.security.xacml.core.model.context.AttributeValueType;
import org.jboss.security.xacml.core.model.context.SubjectType;
import org.jboss.security.xacml.core.model.context.ResourceType;
import org.jboss.security.xacml.core.model.context.ActionType;
import org.jboss.security.xacml.core.model.context.EnvironmentType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.Subject;
@@ -149,4 +157,9 @@
return jaxbObject;
}
+
+ public static void marshall(OutputStream os, Subject subject) throws IOException
+ {
+ JAXB.marshal(JAXBEncoder.encode(subject), os);
+ }
}
Modified: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-02-06 14:53:56 UTC (rev 12789)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-02-06 21:51:50 UTC (rev 12790)
@@ -22,14 +22,13 @@
******************************************************************************/
package org.jboss.security.authz.components.subject;
-import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Subject;
+import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.xacml.ExpressionBuilder;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
@@ -50,10 +49,6 @@
*/
private String name;
- /**
- * Authentication Method used to Authenticate this Identity
- */
- private String authenticationMethod;
public Identity()
{
@@ -68,25 +63,14 @@
public void setName(String name)
{
this.name = name;
- }
-
-
- public String getAuthenticationMethod()
- {
- return authenticationMethod;
- }
-
- public void setAuthenticationMethod(String authenticationMethod)
- {
- this.authenticationMethod = authenticationMethod;
- }
+ }
//--------Services for Policy Generation----------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Creates a Rule to Allow Access to this Identity
*
* @return rule that Allows Access to this Identity
*/
- public Rule getAllowIdentityRule()
+ public Rule allow()
{
if(this.name == null || this.name.trim().length() == 0)
{
@@ -94,14 +78,11 @@
}
Rule rule = new Rule();
- Target target = new Target();
rule.setRuleId(GeneralTool.generateUniqueId());
rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
+ rule.setTarget(this.getIdentityTarget());
- target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
-
return rule;
}
@@ -110,7 +91,7 @@
*
* @return rule that Denies Access to this Identity
*/
- public Rule getDenyIdentityRule()
+ public Rule deny()
{
if(this.name == null || this.name.trim().length() == 0)
{
@@ -118,93 +99,49 @@
}
Rule rule = new Rule();
- Target target = new Target();
rule.setRuleId(GeneralTool.generateUniqueId());
rule.setEffect(Effect.DENY);
- rule.setTarget(target);
+ rule.setTarget(this.getIdentityTarget());
- target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
-
return rule;
}
/**
- * Creates a Rule to Allow Access to this Identity if User is authenticated with the Authentication Method
+ * Creates a Target that produces a Policy Match if the Input Subject has an Identity by the same 'Name' as this Identity
*
- * @return rule that Allows Access if User of this Identity is authenticated by this Authentication Method
+ * @return target
*/
- public Rule getAllowAuthMethodRule()
+ private Target getIdentityTarget()
{
- if(this.name == null || this.name.trim().length() == 0)
- {
- throw new IllegalStateException("Identity Name Is Missing!!");
- }
-
- if(this.authenticationMethod == null || this.authenticationMethod.trim().length() == 0)
- {
- throw new IllegalStateException("Authentication Method Is Missing!!");
- }
-
- Rule rule = new Rule();
Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
- target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
AttributeExpression expression = new AttributeExpression();
expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD,
- XMLSchemaConstants.DATATYPE_STRING, this.authenticationMethod);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
+ XMLSchemaConstants.DATATYPE_STRING, this.name);
expression.setAttribute(attribute);
- rule.setExpression(expression);
-
- return rule;
+
+ target.addSubjectMatch(expression);
+ return target;
}
-
+ //------------Services for RequestContext Generation--------------------------------------------------------------------------------------------------------------------
/**
- * Creates a Rule to Deny Access to this Identity if User is authenticated with the Authentication Method
+ * Creates a Subject for the RequestContext with this Identity
*
- * @return rule that Allows Access if User of this Identity is authenticated by this Authentication Method
+ * @return subject
*/
- public Rule getDenyAuthMethodRule()
+ public Subject getSubject()
{
- if(this.name == null || this.name.trim().length() == 0)
- {
- throw new IllegalStateException("Identity Name Is Missing!!");
- }
-
- if(this.authenticationMethod == null || this.authenticationMethod.trim().length() == 0)
- {
- throw new IllegalStateException("Authentication Method Is Missing!!");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
- target.addSubjectMatch(ExpressionBuilder.getInstance().createIdentityExpression(this.name));
-
- AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD,
- XMLSchemaConstants.DATATYPE_STRING, this.authenticationMethod);
- expression.setAttribute(attribute);
- rule.setExpression(expression);
-
- return rule;
- }
- //------------Services for RequestContext Generation--------------------------------------------------------------------------------------------------------------------
- public Subject getIdentitySubject()
- {
Subject subject = new Subject();
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
+ this.name
+ );
+ subject.addAttribute(attribute);
+
return subject;
}
}
Deleted: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Role.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Role.java 2009-02-06 14:53:56 UTC (rev 12789)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Role.java 2009-02-06 21:51:50 UTC (rev 12790)
@@ -1,125 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.components.subject;
-
-import org.jboss.security.authz.model.Attribute;
-import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.Target;
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-
-/**
- * The Role Policy Component represents the "Roles" that are assigned to users of a System
- *
- * This Component provides an easy to use Developer API for generating commonly used Expressions/Logic related to Role information that must be
- * represented within an Authorization Policy
- *
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class Role
-{
- /**
- * Role Name
- */
- private String name;
-
- public Role()
- {
-
- }
-
- public String getName()
- {
- return name;
- }
-
- public void setName(String name)
- {
- this.name = name;
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates a Rule that Allows Access if the Identity/User in question Belongs to the specified Role
- *
- * @return the rule
- */
- public Rule getAllowUserInRole()
- {
- if(this.name == null || this.name.trim().length() == 0)
- {
- throw new IllegalStateException("Role is not specified!!");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.PERMIT);
- rule.setTarget(target);
-
-
- AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
- XMLSchemaConstants.DATATYPE_STRING, this.name);
- expression.setAttribute(attribute);
- rule.setExpression(expression);
-
- return rule;
- }
-
- /**
- * Creates a Rule that Denies Access if the Identity/User in question Belongs to the specified Role
- *
- * @return the rule
- */
- public Rule getDenyUserInRole()
- {
- if(this.name == null || this.name.trim().length() == 0)
- {
- throw new IllegalStateException("Role is not specified!!");
- }
-
- Rule rule = new Rule();
- Target target = new Target();
-
- rule.setRuleId(GeneralTool.generateUniqueId());
- rule.setEffect(Effect.DENY);
- rule.setTarget(target);
-
-
- AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
- XMLSchemaConstants.DATATYPE_STRING, this.name);
- expression.setAttribute(attribute);
- rule.setExpression(expression);
-
- return rule;
- }
-}
Copied: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java (from rev 12785, modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Role.java)
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java (rev 0)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-02-06 21:51:50 UTC (rev 12790)
@@ -0,0 +1,204 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.components.subject;
+
+import java.text.MessageFormat;
+import java.util.Set;
+import java.util.HashSet;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Subject;
+import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * The Role Policy Component represents the "Roles" that are assigned to users of a System
+ *
+ * This Component provides an easy to use Developer API for generating commonly used Expressions/Logic related to Role information that must be
+ * represented within an Authorization Policy
+ *
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Roles
+{
+ //make it package-level access so that unit tests can test these rules
+ static final String allowRule =
+ "import java.util.HashSet\n"+
+ "rule \"allowRule\"\n"+
+ "when\n"+
+ "$ruleName: String()\n"+
+ "$roles: HashSet()\n"+
+ "eval($ruleName.contains(\"roles://allowRule\"))\n"+
+ "eval({0})\n"+
+ "then\n"+
+ "insert(Boolean.TRUE);\n"+
+ "end\n";
+
+ static final String denyRule =
+ "import java.util.HashSet\n"+
+ "rule \"denyRule\"\n"+
+ "when\n"+
+ "$ruleName: String()\n"+
+ "$roles: HashSet()\n"+
+ "eval($ruleName.contains(\"roles://denyRule\"))\n"+
+ "eval({0})\n"+
+ "then\n"+
+ "insert(Boolean.TRUE);\n"+
+ "end\n";
+
+ /**
+ * Role Names
+ */
+ private Set<String> names;
+
+ public Roles()
+ {
+
+ }
+
+ public Set<String> getNames()
+ {
+ if(this.names == null)
+ {
+ this.names = new HashSet<String>();
+ }
+ return this.names;
+ }
+
+ public void setNames(Set<String> names)
+ {
+ this.names = names;
+ }
+
+ public void addName(String name)
+ {
+ if(name == null || name.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Role Name should not be empty!!");
+ }
+ this.names.add(name);
+ }
+ //-------Services for Policy Generation-----------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates a Policy Rule suggesting the roles indicated by this object are permitted access to the 'Resource' designated in the Policy
+ * The User must belong to atleast one of the specified roles to gain access
+ *
+ * @return the rule
+ */
+ public Rule allow()
+ {
+ if(this.getNames().isEmpty())
+ {
+ throw new IllegalStateException("The List of Allowed Roles must not be empty!!");
+ }
+
+ Rule rule = new Rule();
+
+ String ruleReference = "roles://allowRule/"+GeneralTool.generateUniqueId();
+ rule.setRuleId(ruleReference);
+ rule.setEffect(Effect.PERMIT);
+
+ //Generate a Drools Rule Expression
+ StringBuffer buffer = new StringBuffer();
+ for(String role: this.getNames())
+ {
+ buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
+ }
+ String condition = buffer.toString().trim();
+ String ruleLogic = MessageFormat.format(Roles.allowRule,
+ new Object[]{condition.substring(0, condition.length()-2).trim()});
+
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference(ruleReference);
+ expression.setRule(ruleLogic);
+ rule.setExpression(expression);
+
+ return rule;
+ }
+
+ /**
+ * Creates a Policy Rule suggesting the roles indicated by this object are denied access to the 'Resource' designated in the Policy
+ * If the user belongs to atleast one of these roles, he will be denied access
+ *
+ * @return the rule
+ */
+ public Rule deny()
+ {
+ if(this.getNames().isEmpty())
+ {
+ throw new IllegalStateException("The List of Denied Roles must not be empty!!");
+ }
+
+ Rule rule = new Rule();
+
+ String ruleReference = "roles://denyRule/"+GeneralTool.generateUniqueId();
+ rule.setRuleId(ruleReference);
+ rule.setEffect(Effect.DENY);
+
+ //Generate a Drools Rule Expression
+ StringBuffer buffer = new StringBuffer();
+ for(String role: this.getNames())
+ {
+ buffer.append("$roles.contains(\""+role.toLowerCase()+"\") || ");
+ }
+ String condition = buffer.toString().trim();
+ String ruleLogic = MessageFormat.format(Roles.denyRule,
+ new Object[]{condition.substring(0, condition.length()-2).trim()});
+
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference(ruleReference);
+ expression.setRule(ruleLogic);
+ rule.setExpression(expression);
+
+ return rule;
+ }
+ //--------Services for RequestContext Generation-----------------------------------------------------------------------------------------------------------
+ /**
+ * Creates a Subject for the RequestContext with these Roles
+ *
+ * @return subject
+ */
+ public Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ for(String name: this.getNames())
+ {
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
+ XMLSchemaConstants.DATATYPE_STRING,
+ name
+ );
+ subject.addAttribute(attribute);
+ }
+
+ return subject;
+ }
+}
Property changes on: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Roles.java
___________________________________________________________________
Name: svn:mergeinfo
+
Modified: modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
===================================================================
--- modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-02-06 14:53:56 UTC (rev 12789)
+++ modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-02-06 21:51:50 UTC (rev 12790)
@@ -32,7 +32,7 @@
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.test.MockPolicy;
-import org.jboss.security.authz.xacml.ExpressionBuilder;
+import org.jboss.security.authz.xacml.*;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -40,88 +40,53 @@
public class TestIdentity extends TestCase
{
private static Logger log = Logger.getLogger(TestIdentity.class);
-
- public void testGetAllowAuthMethodRule() throws Exception
- {
- Identity identity = new Identity();
- identity.setName("admin");
- identity.setAuthenticationMethod("CERT");
- Target target = new Target();
- target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
-
- Set<Rule> rules = new HashSet<Rule>();
- rules.add(identity.getAllowAuthMethodRule());
-
- PolicyMetaData metadata = new PolicyMetaData();
- metadata.setTarget(target);
- metadata.setRules(rules);
- Policy policy = new MockPolicy("testGetAllowAuthMethodRule", metadata);
-
- log.info("----------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
- }
-
- public void testGetDenyAuthMethodRule() throws Exception
+ public void testAllow() throws Exception
{
Identity identity = new Identity();
identity.setName("admin");
- identity.setAuthenticationMethod("CERT");
Target target = new Target();
target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
-
+
Set<Rule> rules = new HashSet<Rule>();
- rules.add(identity.getDenyAuthMethodRule());
+ rules.add(identity.allow());
PolicyMetaData metadata = new PolicyMetaData();
metadata.setTarget(target);
metadata.setRules(rules);
- Policy policy = new MockPolicy("testGetDenyAuthMethodRule", metadata);
+ Policy policy = new MockPolicy("testGetAllowIdentityRule", metadata);
log.info("----------------------------------------------------------------");
log.info(policy.generateXACMLPolicy());
}
- public void testGetAllowIdentityRule() throws Exception
+ public void testDeny() throws Exception
{
Identity identity = new Identity();
identity.setName("admin");
- identity.setAuthenticationMethod("CERT");
Target target = new Target();
target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
Set<Rule> rules = new HashSet<Rule>();
- rules.add(identity.getAllowIdentityRule());
-
+ rules.add(identity.deny());
+
PolicyMetaData metadata = new PolicyMetaData();
metadata.setTarget(target);
metadata.setRules(rules);
- Policy policy = new MockPolicy("testGetAllowIdentityRule", metadata);
+ Policy policy = new MockPolicy("testGetDenyIdentityRule", metadata);
log.info("----------------------------------------------------------------");
log.info(policy.generateXACMLPolicy());
}
- public void testGetDenyIdentityRule() throws Exception
+ public void testGetSubject() throws Exception
{
Identity identity = new Identity();
- identity.setName("admin");
- identity.setAuthenticationMethod("CERT");
+ identity.setName("admin");
- Target target = new Target();
- target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression("test://Resource"));
-
- Set<Rule> rules = new HashSet<Rule>();
- rules.add(identity.getDenyIdentityRule());
-
- PolicyMetaData metadata = new PolicyMetaData();
- metadata.setTarget(target);
- metadata.setRules(rules);
- Policy policy = new MockPolicy("testGetDenyIdentityRule", metadata);
-
log.info("----------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ JAXBEncoder.marshall(System.out, identity.getSubject());
}
}
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12789 - branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31/core-cms/src/main/org/jboss/portal/core/cms/ui/admin.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-02-06 09:53:56 -0500 (Fri, 06 Feb 2009)
New Revision: 12789
Modified:
branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
JBEPP-31: Access is Denied error on saving a modified CMS file
Modified: branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-02-06 14:45:33 UTC (rev 12788)
+++ branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-02-06 14:53:56 UTC (rev 12789)
@@ -1489,7 +1489,7 @@
sMakeLive = "on";
}
- if (!"".equals(sFilePath) && !CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
+ if (!"".equals(sFilePath) && CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
{
String sContent = aReq.getParameter("elm1");
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12788 - branches.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-02-06 09:45:33 -0500 (Fri, 06 Feb 2009)
New Revision: 12788
Added:
branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31/
Log:
Branching EPP 4.3 for JBEPP-31
Copied: branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-31 (from rev 12787, tags/Enterprise_Portal_Platform_4_3_GA)
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12786 - branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-02-06 07:31:07 -0500 (Fri, 06 Feb 2009)
New Revision: 12786
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
JBEPP-31: Access is Denied error on saving a modified CMS file
Modified: branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-02-06 06:16:06 UTC (rev 12785)
+++ branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-02-06 12:31:07 UTC (rev 12786)
@@ -1489,7 +1489,7 @@
sMakeLive = "on";
}
- if (!"".equals(sFilePath) && !CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
+ if (!"".equals(sFilePath) && CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
{
String sContent = aReq.getParameter("elm1");
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12785 - in modules/authorization/trunk: common/src/main/java/org/jboss/security/authz/xacml and 5 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-06 01:16:06 -0500 (Fri, 06 Feb 2009)
New Revision: 12785
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java
Removed:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
modules/authorization/trunk/core-components/pom.xml
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
modules/authorization/trunk/policy-server/pom.xml
Log:
some refactoring
Added: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java (rev 0)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -0,0 +1,74 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+import java.util.HashSet;
+
+/**
+ * Represents the parent object to all objects that can be included within the Context of an Authorization Request being issued to the Policy Server
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public abstract class AbstractContextObject extends BaseObject
+{
+ /**
+ * Attributes associated with this object
+ */
+ protected Set<Attribute> attributes;
+
+ public AbstractContextObject()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set<Attribute> getAttributes()
+ {
+ if(this.attributes == null)
+ {
+ this.attributes = new HashSet<Attribute>();
+ }
+ return this.attributes;
+ }
+
+ /**
+ *
+ * @param attributes
+ */
+ public void setAttributes(Set<Attribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+
+ /**
+ *
+ * @param attribute
+ */
+ public void addAttribute(Attribute attribute)
+ {
+ this.getAttributes().add(attribute);
+ }
+}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -22,51 +22,20 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
-
/**
* Represents a protected Action within a system
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Action extends BaseObject
-{
+public class Action extends AbstractContextObject
+{
/**
- * Attributes associated with the Action
- */
- private Set<Attribute> attributes = null;
-
- /**
*
*
*/
public Action()
{
- this.attributes = new HashSet<Attribute>();
- }
-
- /**
- *
- * @return
- */
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
+ super();
+ }
}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -28,7 +28,7 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class BaseObject implements Serializable
+public abstract class BaseObject implements Serializable
{
/**
* unique storage/database identifier
Deleted: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -1,50 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.model;
-
-/**
- * Represents the Logic applied to data within the Authorization Context. The Expression can contain Drools rules, Bean Shell script etc
- * that could be applied to data
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class BusinessLogicExpression extends Expression
-{
- private String logic = null;
-
- public BusinessLogicExpression()
- {
-
- }
-
- public String getLogic()
- {
- return logic;
- }
-
- public void setLogic(String logic)
- {
- this.logic = logic;
- }
-}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -22,8 +22,6 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
/**
* Represents Environment information in the context of an Authroization Request
@@ -31,42 +29,13 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Environment extends BaseObject
+public class Environment extends AbstractContextObject
{
/**
- * Attributes associated with the Environment
- */
- private Set<Attribute> attributes = null;
-
- /**
*
- *
*/
public Environment()
{
- this.attributes = new HashSet<Attribute>();
+ super();
}
-
- /**
- *
- * @return
- */
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
}
Deleted: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -1,212 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.model;
-
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-
-/**
- * ExpressionBuilder provides easy to use operations for generating commonly used Expressions that must be represented within a Policy
- *
- * The purpose of this class is to provide a user friendly API for Developers to create these commonly used Expressions without having to deal with
- * low-level XACML related concepts/API
- *
- * This API will grow as more and more different types of Expressions are added to the System as part of the core API
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class ExpressionBuilder
-{
- private static ExpressionBuilder singleton = null;
-
- private ExpressionBuilder()
- {
-
- }
-
- public static ExpressionBuilder getInstance()
- {
- if(ExpressionBuilder.singleton == null)
- {
- ExpressionBuilder.singleton = new ExpressionBuilder();
- }
- return ExpressionBuilder.singleton;
- }
- //--------Resource expressions-----------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates an expression for matching a unique Resource via its unique Id
- *
- * @param resourceId Unique Id of a Resource in the system that a policy should be applied to
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createResourceIdExpression(String resourceId)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
- XMLSchemaConstants.DATATYPE_STRING, resourceId);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates an expression for matching a Resource Location
- *
- * @param resourceLocation the Location of a Resource in the system that a policy should be applied to
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createResourceLocationExpression(String resourceLocation)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_LOCATION,
- XMLSchemaConstants.DATATYPE_STRING, resourceLocation);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates an expression for matching a File stored on the machine
- *
- * @param fileName Name of the file
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createFileNameExpression(String fileName)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SIMPLE_FILE_NAME,
- XMLSchemaConstants.DATATYPE_STRING, fileName);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates a custom expression corresponding to the specified Attribute id and value
- *
- * @param attributeId
- * @param attributeValue
- * @return
- */
- public AttributeExpression createCustomResourceExpression(String attributeId, String attributeValue)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(attributeId,
- XMLSchemaConstants.DATATYPE_STRING, attributeValue);
- expression.setAttribute(attribute);
-
- return expression;
- }
- //---------Action Expressions---------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates an expression for matching an Action
- *
- * @param action signifies the Action that is to be protected on the resoource in question
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createActionExpression(String action)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
- XMLSchemaConstants.DATATYPE_STRING, action);
- expression.setAttribute(actionAttribute);
-
- return expression;
- }
- //---------Subject Expressions----------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates an expression for matching an the Identity of the Authenticated User
- *
- * @param subjectId Identity of the Authenticated User
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createIdentityExpression(String identity)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
- XMLSchemaConstants.DATATYPE_STRING, identity);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates an expression for matching the Role of the Authenticated User
- *
- * @param role Role of the Authenticated User
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createBelongsToRoleExpression(String role)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
- XMLSchemaConstants.DATATYPE_STRING, role);
- expression.setAttribute(attribute);
-
- return expression;
- }
- //---------Environment Expressions------------------------------------------------------------------------------------------------------------------------------
- //---------Custom Expressions-----------------------------------------------------------------------------------------------------------------------------------
- /**
- * A generic method used to produce an Expression related to the type of Attribute designated by the Attribute Uri specified
- * The function used within the Expression is a String equals
- *
- * @param attributeUri designates the type of Attribute in question
- * @param attributeValue the Value of the Attribute for matching
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createCustomExpression(String attributeUri, String attributeValue)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(attributeUri,
- XMLSchemaConstants.DATATYPE_STRING, attributeValue);
- expression.setAttribute(attribute);
-
- return expression;
- }
-}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -21,15 +21,15 @@
*/
package org.jboss.security.authz.model;
-import java.io.Serializable;
import java.util.Set;
+import java.util.HashSet;
/**
* Represents the Policy Information that is required to generate an instance of a Policy
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class PolicyMetaData implements Serializable
+public class PolicyMetaData extends BaseObject
{
private Target target;
private Set<Rule> rules;
@@ -50,11 +50,20 @@
public Set<Rule> getRules()
{
+ if(this.rules == null)
+ {
+ this.rules = new HashSet<Rule>();
+ }
return rules;
}
public void setRules(Set<Rule> rules)
{
this.rules = rules;
- }
+ }
+
+ public void addRule(Rule rule)
+ {
+ this.getRules().add(rule);
+ }
}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -22,53 +22,22 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
-
/**
* Represents the protected Resource of the system upon which various Actions can be performed
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Resource extends BaseObject
-{
+public class Resource extends AbstractContextObject
+{
/**
- * Attributes associated with the Resource
- */
- private Set<Attribute> attributes = null;
-
- /**
*
*
*/
public Resource()
{
- this.attributes = new HashSet<Attribute>();
- }
-
- /**
- *
- * @return
- */
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
+ super();
+ }
}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -22,23 +22,15 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
-
/**
* Represents the Identity of the user, machine, etc trying to execute a protected Action on a protected Resource
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Subject extends BaseObject
-{
+public class Subject extends AbstractContextObject
+{
/**
- * Attributes associated with the Subject
- */
- private Set<Attribute> attributes = null;
-
- /**
* Category of Subject such as a user Identity, a Machine Identity, etc
*/
private String category = null;
@@ -49,31 +41,13 @@
*/
public Subject()
{
- this.attributes = new HashSet<Attribute>();
+ super();
}
/**
*
* @return
*/
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- /**
- *
- * @return
- */
public String getCategory()
{
return category;
@@ -86,14 +60,5 @@
public void setCategory(String category)
{
this.category = category;
- }
-
- /**
- *
- * @param attribute
- */
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
+ }
}
Modified: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -26,96 +26,95 @@
import java.util.ArrayList;
/**
+ * Specifies logical expressions to match with the data supplied within the incoming Authorization Request
+ * This object is used by the Policy Engine to detect if the specified Policy should be applicable for this request or not
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public class Target extends BaseObject
{
- private List<AttributeExpression> resourceMatches = null;
- private List<AttributeExpression> actionMatches = null;
- private List<AttributeExpression> subjectMatches = null;
- private List<AttributeExpression> environmentMatches = null;
+ private List<AttributeExpression> resourceMatches;
+ private List<AttributeExpression> actionMatches;
+ private List<AttributeExpression> subjectMatches;
+ private List<AttributeExpression> environmentMatches;
public Target()
{
- this.resourceMatches = new ArrayList<AttributeExpression>();
- this.actionMatches = new ArrayList<AttributeExpression>();
- this.subjectMatches = new ArrayList<AttributeExpression>();
- this.environmentMatches = new ArrayList<AttributeExpression>();
}
public List<AttributeExpression> getActionMatches()
{
+ if(this.actionMatches == null)
+ {
+ this.actionMatches = new ArrayList<AttributeExpression>();
+ }
return actionMatches;
}
public void setActionMatches(List<AttributeExpression> actionMatches)
- {
- if(actionMatches == null)
- {
- actionMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.actionMatches = actionMatches;
}
public List<AttributeExpression> getEnvironmentMatches()
{
+ if(this.environmentMatches == null)
+ {
+ this.environmentMatches = new ArrayList<AttributeExpression>();
+ }
return environmentMatches;
}
public void setEnvironmentMatches(List<AttributeExpression> environmentMatches)
- {
- if(environmentMatches == null)
- {
- environmentMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.environmentMatches = environmentMatches;
}
public List<AttributeExpression> getResourceMatches()
{
+ if(this.resourceMatches == null)
+ {
+ this.resourceMatches = new ArrayList<AttributeExpression>();
+ }
return resourceMatches;
}
public void setResourceMatches(List<AttributeExpression> resourceMatches)
- {
- if(resourceMatches == null)
- {
- resourceMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.resourceMatches = resourceMatches;
}
public List<AttributeExpression> getSubjectMatches()
{
+ if(this.subjectMatches == null)
+ {
+ this.subjectMatches = new ArrayList<AttributeExpression>();
+ }
return subjectMatches;
}
public void setSubjectMatches(List<AttributeExpression> subjectMatches)
- {
- if(subjectMatches == null)
- {
- subjectMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.subjectMatches = subjectMatches;
}
//--------------------------------------------------------------------------------------------------------------------------------------------------------
public void addResourceMatch(AttributeExpression resourceMatch)
{
- this.resourceMatches.add(resourceMatch);
+ this.getResourceMatches().add(resourceMatch);
}
public void addActionMatch(AttributeExpression actionMatch)
{
- this.actionMatches.add(actionMatch);
+ this.getActionMatches().add(actionMatch);
}
public void addSubjectMatch(AttributeExpression subjectMatch)
{
- this.subjectMatches.add(subjectMatch);
+ this.getSubjectMatches().add(subjectMatch);
}
public void addEnvironmentMatch(AttributeExpression envMatch)
{
- this.environmentMatches.add(envMatch);
+ this.getEnvironmentMatches().add(envMatch);
}
}
Copied: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java (from rev 12784, modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java)
===================================================================
--- modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java (rev 0)
+++ modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -0,0 +1,214 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.xacml;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * ExpressionBuilder provides easy to use operations for generating commonly used Expressions that must be represented within a Policy
+ *
+ * The purpose of this class is to provide a user friendly API for Developers to create these commonly used Expressions without having to deal with
+ * low-level XACML related concepts/API
+ *
+ * This API will grow as more and more different types of Expressions are added to the System as part of the core API
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class ExpressionBuilder
+{
+ private static ExpressionBuilder singleton = null;
+
+ private ExpressionBuilder()
+ {
+
+ }
+
+ public static ExpressionBuilder getInstance()
+ {
+ if(ExpressionBuilder.singleton == null)
+ {
+ ExpressionBuilder.singleton = new ExpressionBuilder();
+ }
+ return ExpressionBuilder.singleton;
+ }
+ //--------Resource expressions-----------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates an expression for matching a unique Resource via its unique Id
+ *
+ * @param resourceId Unique Id of a Resource in the system that a policy should be applied to
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createResourceIdExpression(String resourceId)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING, resourceId);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates an expression for matching a Resource Location
+ *
+ * @param resourceLocation the Location of a Resource in the system that a policy should be applied to
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createResourceLocationExpression(String resourceLocation)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_LOCATION,
+ XMLSchemaConstants.DATATYPE_STRING, resourceLocation);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates an expression for matching a File stored on the machine
+ *
+ * @param fileName Name of the file
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createFileNameExpression(String fileName)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SIMPLE_FILE_NAME,
+ XMLSchemaConstants.DATATYPE_STRING, fileName);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates a custom expression corresponding to the specified Attribute id and value
+ *
+ * @param attributeId
+ * @param attributeValue
+ * @return
+ */
+ public AttributeExpression createCustomResourceExpression(String attributeId, String attributeValue)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(attributeId,
+ XMLSchemaConstants.DATATYPE_STRING, attributeValue);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+ //---------Action Expressions---------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates an expression for matching an Action
+ *
+ * @param action signifies the Action that is to be protected on the resoource in question
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createActionExpression(String action)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, action);
+ expression.setAttribute(actionAttribute);
+
+ return expression;
+ }
+ //---------Subject Expressions----------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates an expression for matching an the Identity of the Authenticated User
+ *
+ * @param subjectId Identity of the Authenticated User
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createIdentityExpression(String identity)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
+ XMLSchemaConstants.DATATYPE_STRING, identity);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates an expression for matching the Role of the Authenticated User
+ *
+ * @param role Role of the Authenticated User
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createBelongsToRoleExpression(String role)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
+ XMLSchemaConstants.DATATYPE_STRING, role);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+ //---------Environment Expressions------------------------------------------------------------------------------------------------------------------------------
+ //---------Custom Expressions-----------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * A generic method used to produce an Expression related to the type of Attribute designated by the Attribute Uri specified
+ * The function used within the Expression is a String equals
+ *
+ * @param attributeUri designates the type of Attribute in question
+ * @param attributeValue the Value of the Attribute for matching
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createCustomExpression(String attributeUri, String attributeValue)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(attributeUri,
+ XMLSchemaConstants.DATATYPE_STRING, attributeValue);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+}
Property changes on: modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java
___________________________________________________________________
Name: svn:mergeinfo
+
Modified: modules/authorization/trunk/core-components/pom.xml
===================================================================
--- modules/authorization/trunk/core-components/pom.xml 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/core-components/pom.xml 2009-02-06 06:16:06 UTC (rev 12785)
@@ -44,8 +44,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestHttpResourceRules.java</include>
+ <includes>
</includes>
</configuration>
</plugin>
Modified: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -30,7 +30,6 @@
import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Attribute;
@@ -38,6 +37,7 @@
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.xacml.ExpressionBuilder;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
Modified: modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java
===================================================================
--- modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -25,11 +25,11 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Subject;
import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.xacml.ExpressionBuilder;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
Modified: modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
===================================================================
--- modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-02-06 06:16:06 UTC (rev 12785)
@@ -31,8 +31,8 @@
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.test.MockPolicy;
+import org.jboss.security.authz.xacml.ExpressionBuilder;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
Modified: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/policy-server/pom.xml 2009-02-06 06:16:06 UTC (rev 12785)
@@ -65,8 +65,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestEnterprisePolicyFinderModule.java</include>
+ <includes>
</includes>
</configuration>
</plugin>
17 years, 2 months
- 1
- 0
JBoss Portal SVN: r12784 - in modules/authorization/trunk/policy-server/src: test/java/org/jboss/security/authz/policy/server/plugin and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-02-05 21:22:21 -0500 (Thu, 05 Feb 2009)
New Revision: 12784
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
Log:
cleanup
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-06 01:22:36 UTC (rev 12783)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-06 02:22:21 UTC (rev 12784)
@@ -29,9 +29,15 @@
import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServerException;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.sunxacml.ConfigurationStore;
import org.jboss.security.xacml.sunxacml.PDP;
import org.jboss.security.xacml.sunxacml.PDPConfig;
+import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
+import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
/**
* This component processes all incoming Authorization requests and responds with a response
@@ -89,10 +95,39 @@
* @param request Authorization Request
* @return response which contains the Authorization Decision
*/
- public Response evaluate(Request request)
+ public Response evaluate(Request request) throws PolicyServerException
{
- Response response = new Response();
- return response;
+ try
+ {
+ Response response = new Response();
+
+ RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
+ requestContext.setRequest(request.encode());
+
+ RequestCtx xacmlRequestCtx = (RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX);
+ ResponseCtx xacmlResponseCtx = this.policyDecisionPoint.evaluate(xacmlRequestCtx);
+
+ ResponseContext responseContext = RequestResponseContextFactory.createResponseContext();
+ responseContext.set(XACMLConstants.RESPONSE_CTX, xacmlResponseCtx);
+
+ if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
+ {
+ response.setAccessGranted(true);
+ response.setMessage("ACCESS_GRANTED");
+ }
+ else
+ {
+ response.setAccessGranted(false);
+ response.setMessage("ACCESS_DENIED");
+ }
+
+ return response;
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new PolicyServerException(e);
+ }
}
/**
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-06 01:22:36 UTC (rev 12783)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-06 02:22:21 UTC (rev 12784)
@@ -32,20 +32,13 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.components.http.HttpResource;
import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServer;
import org.jboss.security.authz.policy.server.Server;
-
-import org.jboss.security.xacml.factories.RequestResponseContextFactory;
-import org.jboss.security.xacml.interfaces.RequestContext;
-import org.jboss.security.xacml.interfaces.ResponseContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-import org.jboss.security.xacml.sunxacml.PDP;
-import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
-import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -85,46 +78,36 @@
log.info(policies[0].generateXACMLPolicy());
//Send an Enforcement request that should be allowed
- this.enforce(this.createRequestContext(httpResource, true), true);
+ this.enforce(this.createRequest(httpResource, true), true);
//Send an Enforcement request that should be denied
- this.enforce(this.createRequestContext(httpResource, false), false);
+ this.enforce(this.createRequest(httpResource, false), false);
}
//----------------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(RequestContext request, boolean mustBePermitted) throws Exception
+ private void enforce(Request request, boolean mustBePermitted) throws Exception
{
- log.info("-----------------------------------");
- request.marshall(System.out);
- PDP pdp = this.policyServer.getPolicyDecisionPoint().getPDP();
+ Response response = this.policyServer.evaluate(request);
- ResponseCtx response = pdp.evaluate((RequestCtx)request.get(XACMLConstants.REQUEST_CTX));
- assertNotNull(response);
-
- log.info("-----------------------------------");
- response.encode(System.out);
-
- ResponseContext responseContext = RequestResponseContextFactory.createResponseContext();
- responseContext.set(XACMLConstants.RESPONSE_CTX, response);
- assertNotNull(responseContext);
+ assertNotNull(response);
if(mustBePermitted)
{
- assertEquals(responseContext.getDecision(), XACMLConstants.DECISION_PERMIT);
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
}
else
{
- assertEquals(responseContext.getDecision(), XACMLConstants.DECISION_DENY);
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
}
log.info("-----------------------------------");
- log.info("Decision="+responseContext.getDecision());
+ log.info("Decision="+response.getMessage());
}
- private RequestContext createRequestContext(HttpResource httpResource, boolean mustBePermitted) throws Exception
+
+ private Request createRequest(HttpResource httpResource, boolean mustBePermitted) throws Exception
{
//Create a RequestType
Request request = new Request();
-
-
+
//Create Subjects
Subject subject = new Subject();
Attribute subjectAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
@@ -139,14 +122,10 @@
//Create Action
Action action = new Action();
Attribute actionAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
- XMLSchemaConstants.DATATYPE_STRING, "GET");
+ XMLSchemaConstants.DATATYPE_STRING, "GET");
action.addAttribute(actionAttr);
request.setAction(action);
-
- //Create RequestContext
- RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
- requestContext.setRequest(request.encode());
-
- return requestContext;
+
+ return request;
}
}
17 years, 2 months
- 1
- 0