JBoss Portal SVN: r13090 - branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-51/core-cms/src/main/org/jboss/portal/core/cms/ui/admin.
by portal-commits@lists.jboss.org
Author: mmillson
Date: 2009-03-26 23:31:43 -0400 (Thu, 26 Mar 2009)
New Revision: 13090
Modified:
branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-51/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
Fix Access is Denied error on saving a modified CMS file for [JBEPP-51]
Modified: branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-51/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-51/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-03-26 20:37:42 UTC (rev 13089)
+++ branches/Enterprise_Portal_Platform_4_3_GA_JBEPP-51/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-03-27 03:31:43 UTC (rev 13090)
@@ -1489,7 +1489,7 @@
sMakeLive = "on";
}
- if (!"".equals(sFilePath) && !CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
+ if (!"".equals(sFilePath) && CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
{
String sContent = aReq.getParameter("elm1");
17 years, 1 month
- 1
- 0
JBoss Portal SVN: r13089 - in branches/JBoss_Portal_Branch_2_7: core-admin/src/resources/portal-admin-war/WEB-INF/classes and 4 other directories.
by portal-commits@lists.jboss.org
Author: sviluppatorefico
Date: 2009-03-26 16:37:42 -0400 (Thu, 26 Mar 2009)
New Revision: 13089
Added:
branches/JBoss_Portal_Branch_2_7/core-samples/src/resources/portal-jsp-samples-war/WEB-INF/classes/Resource_it.properties
branches/JBoss_Portal_Branch_2_7/core-wsrp/src/resources/portal-wsrp-admin-war/WEB-INF/classes/Resource_it.properties
Modified:
branches/JBoss_Portal_Branch_2_7/core-admin/src/resources/portal-admin-war/WEB-INF/classes/Resource_it.properties
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties
branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_it.properties
branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-core-war/WEB-INF/classes/Resource_it.properties
Log:
new italian i18n updates
Modified: branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-core-war/WEB-INF/classes/Resource_it.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-core-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:23:08 UTC (rev 13088)
+++ branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-core-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:37:42 UTC (rev 13089)
@@ -34,4 +34,4 @@
PORTAL=Portale
ADMIN=Amministrazione
MEMBERS=Membri
-LOGGED=Connesso come
\ No newline at end of file
+LOGGED=Connesso come
Modified: branches/JBoss_Portal_Branch_2_7/core-admin/src/resources/portal-admin-war/WEB-INF/classes/Resource_it.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-admin/src/resources/portal-admin-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:23:08 UTC (rev 13088)
+++ branches/JBoss_Portal_Branch_2_7/core-admin/src/resources/portal-admin-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:37:42 UTC (rev 13089)
@@ -104,6 +104,7 @@
COMMON_DEFINE_NAME_WINDOW=Dai un nome alla finestra dei contenuti (opzionale)
COMMON_WINDOW_NAME=Nome Finestra
COMMON_SELECT_TYPE_CONTENT=Seleziona il tipo di contenuto che sar\u00e0 aggiunto alla pagina
+COMMON_NO_SELECTED_CONTENT=Devi selezionare un tipo di contenuto!
COMMON_CONTENT_TYPE=Tipo del Contenuto
COMMON_SELECT_CONTENT=Seleziona il contenuto che sar\u00e0 aggiunto alla pagina
COMMON_PAGE_LAYOUT=Layout della Pagina
@@ -266,4 +267,74 @@
CONTROL_POLICY_PORTAL_RESOURCE_URI_NAME=In caso di errore redireziona sulla risorsa
CONTROL_POLICY_PORTAL_RESOURCE_URI_DESCRIPTION=In caso di errore redireziona sulla risorsa
-NO_BOUND_LISTENER=nessun listener
\ No newline at end of file
+NO_BOUND_LISTENER=nessun listener
+
+COORDINATION_COORDINATION=Coordinazione
+COORDINATION_PARAMETER_BINDINGS=Collegamenti ai parametri
+COORDINATION_PARAMETER_EXPLICIT_MODE=Usa un esplicito collegamento al parametro
+COORDINATION_PARAMETER_MANAGE_EXISTING=Gestisci i collegamenti ai parametri esistenti:
+COORDINATION_PARAMETER_EXISTING_NONE=Nessun collegamento esplicito ai parametri.
+COORDINATION_PARAMETER_EXISTING_NAME=Nome
+COORDINATION_PARAMETER_EXISTING_PAIRS=Finestra / coppia di parametri
+COORDINATION_PARAMETER_EXISTING_ACTIONS=Azioni
+COORDINATION_PARAMETER_CREATE=Crea un nuovo collegamento al parametro:
+COORDINATION_PARAMETER_CREATE_NO_PAIRS=Non ci sono parametri pubblici disponibili. Non posso creare il collegamento al parametro.
+COORDINATION_PARAMETER_CREATE_STEP1=1. Seleziona il parametro pubblico / coppia di finestre:
+COORDINATION_PARAMETER_CREATE_STEP2=2. Assegna un nome al collegamento al parametro:
+COORDINATION_PARAMETER_CREATE_CREATE=Crea il collegamento
+
+COORDINATION_WINDOWS=Finestre
+
+COORDINATION_ALIAS_BINDINGS=Gestione degli alias
+COORDINATION_ALIAS_MANAGE_EXISTING=Gestisci gli alias esistenti:
+COORDINATION_ALIAS_EXISTING_NONE=Nessun alias esistente.
+COORDINATION_ALIAS_EXISTING_NAME=Nome
+COORDINATION_ALIAS_EXISTING_ORIGINAL=QName originale
+COORDINATION_ALIAS_EXISTING_ACTIONS=Azioni
+COORDINATION_ALIAS_CREATE=Crea un nuovo alias:
+COORDINATION_ALIAS_CREATE_NO_PARAMS=on ci sono parametri pubblici disponibili. Non posso creare l\'alias.
+COORDINATION_ALIAS_CREATE_STEP1=1. Seleziona il parametro pubblico:
+COORDINATION_ALIAS_CREATE_STEP2=2. Assegna un nome all'alias:
+COORDINATION_ALIAS_CREATE_CREATE=Crea l\'alias
+
+COORDINATION_EVENT_WIRINGS=Gestori di eventi
+COORDINATION_EVENT_EXPLICIT_MODE=Usa la gestione esplicita degli eventi
+COORDINATION_EVENT_MANAGE_EXISTING=Gestisci i gestori di eventi esistenti:
+COORDINATION_EVENT_EXISTING_NONE=Nessun gestore di eventi esistente.
+COORDINATION_EVENT_EXISTING_NAME=Nome
+COORDINATION_EVENT_EXISTING_SOURCE_WINDOWS=Sorgente delle finestre
+COORDINATION_EVENT_EXISTING_SOURCE_EVENTS=Sorgente degli eventi
+COORDINATION_EVENT_EXISTING_DESTINATION_EVENTS=Destinazione degli eventi
+COORDINATION_EVENT_EXISTING_DESTINATION_WINDOWS=Destinazione delle finestre
+COORDINATION_EVENT_EXISTING_ACTIONS=Azioni
+COORDINATION_EVENT_CREATE=Crea un nuovo gestore di eventi:
+COORDINATION_EVENT_CREATE_NO_EVENTS=Non ci sono eventi disponibili. Non posso creare il gestore di eventi.
+COORDINATION_EVENT_CREATE_STEP1=1. Seleziona l'evento sorgente:
+COORDINATION_EVENT_CREATE_STEP2=2. Seleziona la finestra sorgente che produce l\'evento:
+COORDINATION_EVENT_CREATE_STEP3=3. Seleziona la destinazione dell\'evento:
+COORDINATION_EVENT_CREATE_STEP4=4. Seleziona la finestra destinataria che produce l\'evento:
+COORDINATION_EVENT_CREATE_STEP5=5. Assegna un nome al gestore:
+COORDINATION_EVENT_CREATE_CREATE=Crea il gestore
+COORDINATION_EVENT_CREATE_PREVIEW=Anteprima del nuovo gestore di eventi:
+COORDINATION_EVENT_CREATE_PREVIEW_STEP1=Hai selezionato il seguente sorgente dell\'evento:
+COORDINATION_EVENT_CREATE_PREVIEW_STEP2=lanciato dalla seguente finestra sorgente:
+COORDINATION_EVENT_CREATE_PREVIEW_STEP3=Gli eventi prodotti dalla finestra saranno eseguiti nella seguente destinazione dell\'evento:
+COORDINATION_EVENT_CREATE_PREVIEW_STEP4=per le seguenti finestre destinatarie:
+
+COORDINATION_WIRING=gestione dell'evento
+COORDINATION_PARAMETER=collegamento al parametro
+COORDINATION_ALIAS=collegamento all'alias
+
+INVALID_NAME_ERROR=''{0}'' non \u00e8 un nome valido per {1}: Non pu\u00f2 essere null, vuoto o contenere '\\' o '%5c'
+NO_SELECTED_PORTLET_ERROR=Non \u00e8 stata selezionata nessuna portlet!
+DUPLICATE_ERROR=Esiste gi\u00e0 un {1} chiamato ''{0}''!
+bean_support_unexpected_error=Errore inatteso:
+bean_support_cause=Causa:
+
+INSTANCE_TYPE=Istanza
+PAGE_TYPE=pagina
+PORTAL_TYPE=portale
+DISPLAY_NAME_TYPE=nome visualizzato
+PROPERTY_TYPE=propriet\u00e0
+PORTAL_OBJECT_TYPE=oggetto del portale
+WINDOW_TYPE=finestra
Modified: branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:23:08 UTC (rev 13088)
+++ branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:37:42 UTC (rev 13089)
@@ -97,7 +97,7 @@
CMS_APPROVAL=Oggetti in sospeso
CMS_PATH=Localit\u00e0
-CMS_EMPTY_FOLDER=Questa cartella \u00e8 vuota .
+CMS_EMPTY_FOLDER=Questa cartella \u00e8 vuota.
CMS_ERROR_UPLOADARCHIVE_ASYNC=Si \u00e8 verificato un errore nel processare l\'archivio. Riprova attivando il servizio di processione asincrona
CMS_MSG_UPLOADARCHIVE_ASYNC=Il tuo archivio sta per essere processato. Una volta terminato il processo le risorse appariranno nella tua cartella
@@ -105,6 +105,7 @@
CMS_REQUIRED=Obbligatorio
CMS_LINK_TO_RESOURCES=I link alle risorse all\'interno del portale devono essere assoluti. Per esempio: Un link a un\'immagine che si trova in in default/images/back.gif deve essere digitato esattamente come mostrato. Non iniziare mai il percorso con uno (/). Puoi verificare la correttezza del link cliccando sul bottone di anteprima dell1'editor
CMS_ERROR_PROCESSING=ERRORE nel processare l\'esportazione
+CMS_ERROR_EXPORT=E\' avvenuto un errore durante l\'operazione di esportazione. Assicurati che la directory che si sta esportando non sia vuota
CMS_YOUR_EXPORT_0=L\'esportazione di
CMS_YOUR_EXPORT_1=\u00e8 pronta per il Download
CMS_CLICK_TO_DOWNLOAD=Clicca per il Download
@@ -146,4 +147,9 @@
CMS_MSG_DESTINATION_ALREADY_EXISTS=Il comando non pu\u00F2 essere eseguito, perch\u00e8 la destinazione esiste gi\u00e0.
CMS_CANT_MOVE_SAME_DESTINATION=Non puoi spostare la cartella nella stessa destinazione
-CMS_DATE_PATTERN=MM/dd/yy HH:mm
\ No newline at end of file
+CMS_DATE_PATTERN=MM/dd/yy HH:mm
+
+INVALID_ARCHIVE_MESSAGE=L\'archivio che si sta aggiornando non \u00e8 un file valido
+CMS_MISSING_RESOURCE=La risorsa CMS richiesta non pu\u00F2 essere trovata
+
+
Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_it.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_it.properties 2009-03-26 20:23:08 UTC (rev 13088)
+++ branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_it.properties 2009-03-26 20:37:42 UTC (rev 13089)
@@ -21,6 +21,8 @@
# 02110-1301 USA, or see the FSF site: http://www.fsf.org. #
################################################################################
+javax.faces.validator.LengthValidator.MINIMUM= Il valore troppo \u00e8 corto ({0} caratteri minimo).
+
IDENTITY_APPLICATION_NOT_AVAILABLE=La portlet non \u00e8 disponibile. Verifica la configurazione e il log degli errori per i dettagli.
IDENTITY_WELCOME=Benvenuto
@@ -38,8 +40,7 @@
IDENTITY_REGISTER_STATUS_TITLE=Stato della registrazione
IDENTITY_REGISTER_SUCCESS_TITLE=Il tuo account \u00e8 stato creato con successo. Puoi ora loggarti.
IDENTITY_REGISTER_PENDING_TITLE=Un' e-mail \u00e8 stata mandata al tuo indirizzo e-mail per confermare la registrazione.
-IDENTITY_REGISTER_REQUIRED_INFORMATION=indica un campo richiesto.
-IDENTITY_REGISTER_FAILED=La registrazione \u00e8 fallita per un motivo sconosciuto.
+IDENTITY_REGISTER_REQUIRED_INFORMATION=indica un campo richiesto.
IDENTITY_LOST_PASSWORD_TITLE=Dimenticati i dati del tuo login?
IDENTITY_LOST_PASSWORD_DESCRIPTION=Inserisci il tuo nome utente per azzerare la password.
@@ -48,8 +49,6 @@
IDENTITY_LOST_PASSWORD_STATUS_404=Nessun account trovato.
IDENTITY_LOST_PASSWORD_STATUS_TITLE=Password smarrita
-IDENTITY_SERVER_ERROR=Errore inaspettato sul Server dell\'identit\u00e0
-
IDENTITY_EDIT_PROFILE_ERROR=Errore nell'aggiornamento del profilo.
IDENTITY_EDIT_PASSWORD_TITLE=Cambia la password
IDENTITY_EDIT_PASSWORD_CURRENT=Password corrente
@@ -119,7 +118,9 @@
IDENTITY_MANAGEMENT_EDIT_ROLE=Modifica il ruolo
IDENTITY_MANAGEMENT_CREATE_ROLE=Crea il ruolo
IDENTITY_MANAGEMENT_DISABLE=Disabilita
+IDENTITY_MANAGEMENT_DISABLE_USER_DISABLED=Utente disabilitato
IDENTITY_MANAGEMENT_ENABLE=Abilita
+IDENTITY_MANAGEMENT_ENABLE_USER_ENABLED=Utente attivato
IDENTITY_MANAGEMENT_RESET_PASSWORD=Azzera la password
IDENTITY_MANAGEMENT_RESET_PASSWORD_FOR_USER=Azzera la password all'utente
IDENTITY_MANAGEMENT_RESET_PASSWORD_DESCRIPTION=L'utente ricever\u00e0 una password casuale al suo indirizzo e-mail.
@@ -168,8 +169,10 @@
IDENTITY_VERIFICATION_STATUS_REGISTER_CUSTOM=Il tuo account \u00e8 stato attivato. Puoi ora loggarti.
IDENTITY_VALIDATION_ERROR_REGISTRATION=Fallita la registrazione dell'utente.
-IDENTITY_VALIDATION_ERROR_USERNAME_TAKEN=Il nome utente esiste gi\u00e0. Errore durante la validazione della password.
+IDENTITY_VALIDATION_ERROR_USERNAME_TAKEN=Il nome utente esiste gi\u00e0.
IDENTITY_VALIDATION_ERROR_USERNAME_ERROR=Errore durante la validazione del nome utente.
+IDENTITY_VALIDATION_ERROR_ROLENAME_TAKEN=Il nome del ruolo esiste gi\u00e0.
+IDENTITY_VALIDATION_ERROR_ROLENAME_ERROR=Errore durante la validazione del nome del ruolo.
IDENTITY_VALIDATION_ERROR_PASSWORD_DOESNT_MATCH=Le passwords non coincidono.
IDENTITY_VALIDATION_ERROR_PASSWORD_ERROR=Errore durante la validazione della password.
IDENTITY_VALIDATION_ERROR_INVALID_EMAIL=Indirizzo e-mail non valido.
@@ -178,4 +181,9 @@
# Example usage for dynamic values
IDENTITY_DYNAMIC_VALUE_TEST=titolo di test
-IDENTITY_DYNAMIC_VALUE_TEST2=titolo di test2
\ No newline at end of file
+IDENTITY_DYNAMIC_VALUE_TEST2=titolo di test2
+
+javax.portlet.title=Profilo utente
+javax.portlet.keywords=amministrazione,utente
+
+javax.faces.component.UIInput.REQUIRED=Il valore \u00e8 richiesto
Added: branches/JBoss_Portal_Branch_2_7/core-samples/src/resources/portal-jsp-samples-war/WEB-INF/classes/Resource_it.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-samples/src/resources/portal-jsp-samples-war/WEB-INF/classes/Resource_it.properties (rev 0)
+++ branches/JBoss_Portal_Branch_2_7/core-samples/src/resources/portal-jsp-samples-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:37:42 UTC (rev 13089)
@@ -0,0 +1,2 @@
+javax.portlet.title=Saluti !
+javax.portlet.keywords=esempio,prova
\ No newline at end of file
Added: branches/JBoss_Portal_Branch_2_7/core-wsrp/src/resources/portal-wsrp-admin-war/WEB-INF/classes/Resource_it.properties
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-wsrp/src/resources/portal-wsrp-admin-war/WEB-INF/classes/Resource_it.properties (rev 0)
+++ branches/JBoss_Portal_Branch_2_7/core-wsrp/src/resources/portal-wsrp-admin-war/WEB-INF/classes/Resource_it.properties 2009-03-26 20:37:42 UTC (rev 13089)
@@ -0,0 +1,182 @@
+################################################################################
+# JBoss, a division of Red Hat #
+# Copyright 2009, Red Hat Middleware, LLC, and individual #
+# contributors as indicated by the @authors tag. See the #
+# copyright.txt in the distribution for a full listing of #
+# individual contributors. #
+# #
+# This is free software; you can redistribute it and/or modify it #
+# under the terms of the GNU Lesser General Public License as #
+# published by the Free Software Foundation; either version 2.1 of #
+# the License, or (at your option) any later version. #
+# #
+# This software is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU #
+# Lesser General Public License for more details. #
+# #
+# You should have received a copy of the GNU Lesser General Public #
+# License along with this software; if not, write to the Free #
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA #
+# 02110-1301 USA, or see the FSF site: http://www.fsf.org. #
+################################################################################
+
+## WSRP GUI localization
+
+# JBoss Portal display information
+org.jboss.portal.object.name.WSRPConfigurationPortlet = Configurazione WSRP
+org.jboss.portal.instance.name.WSRPConfigurationPortletInstance = Portlet di configurazione WSRP
+
+# Tabs
+nav_tabs_consumers = Configurazione dei Consumer
+nav_tabs_producer_config = Configurazione del Producer
+nav_tabs_producer_management = Gestione del Producer
+
+# Object path in consumer template
+path_consumers_root = Consumer
+path_consumers_consumer = Configurazione del Consumer ''{0}''
+path_consumers_active = attivo
+path_consumers_inactive = inattivo
+path_consumers_refreshNeeded = (\u00e8 necessario il refresh)
+
+# Confirm deletion of a consumer screen
+confirm_delete_consumer_title = Elimino il consumer ''{0}''?
+confirm_delete_consumer_message = Stai per eliminare il consumer ''{0}''!
+confirm_detete_consumer_proceed = Sicuro di voler continuare?
+confirm_delete_consumer_submit = Elimina il consumer
+confirm_delete_consumer_cancel = Annulla
+
+# Confirm deletion of local registration information screen
+confirm_delete_registration_title = Elimino la registrazione locale per il consumer ''{0}''?
+confirm_delete_registration_message = Stai per eliminare le informazioni della registrazione locale del consumer ''{0}''! \n\
+E' necessario soltanto se il consumer si \u00e8 prima registrato con il producer remoto e il producer \u00e8 \n\
+stato configurato in modo da non richiedere pi\u00f9 la registrazione. \n\
+Elimina le informazioni della registrazione locale soltanto se riscontri degli errori per \n\
+questa particolare situazione. Se si cancella la registrazione in alcune situazioni c'� il rischio di non poter pi\u00f9 lavorare \n\
+con quel producer.
+confirm_delete_registration_proceed = Sicuro di voler procedere?
+confirm_delete_registration_submit = Elimina la registrazione locale
+confirm_delete_registration_cancel = Annulla
+
+# Consumers screen
+consumers_title = Gestione dei Consumer
+consumers_create_title = Crea un Consumer chiamato:
+consumers_create_submit = Crea un Consumer
+
+# Consumers list
+consumers_table_column_consumer = Consumer
+consumers_table_column_consumer_status = stato:
+consumers_table_column_actions = Azioni
+consumers_table_action_configure = Configura
+consumers_table_action_refresh = Aggiorna
+consumers_table_action_activate = Attiva
+consumers_table_action_deactivate = Disattiva
+consumers_table_action_register = Registra
+consumers_table_action_deregister = Togli dalla registrazione
+consumers_table_action_delete = Elimina
+consumers_table_reload = Ricarica i consumer
+
+# Consumer editing screen
+edit_consumer_producer = Id del Producer:
+edit_consumer_cache = Scadenza della cache:
+edit_consumer_cache_seconds = (secondi prima della scadenza)
+edit_consumer_endpoint = Configurazione dell\'Endpoint:
+edit_consumer_endpoint_wsdl = Uso il WSDL?
+edit_consumer_endpoint_sd = Service Description URL:
+edit_consumer_endpoint_m = Markup URL:
+edit_consumer_endpoint_r = Registration URL:
+edit_consumer_endpoint_pm = Portlet Management URL:
+edit_consumer_registration = Informazioni sulla registratione:
+edit_consumer_registration_current = Informazioni sulla registratione corrente:
+edit_consumer_prop_name = Nome
+edit_consumer_prop_desc = Descrizione
+edit_consumer_prop_value = Valore
+edit_consumer_registration_update_props = Propriet\u00e0 dell\'update
+edit_consumer_registration_no_props = E' richiesta una registrazione senza le propriet\u00e0 di registrazione.
+edit_consumer_registration_modify = Modifica la registrazione
+edit_consumer_registration_modify_title = Modifica la registrazione secondo questo producer
+edit_consumer_registration_expected = Informazioni richieste dalla registrazione:
+edit_consumer_no_registration = Il Producer non richiede la registrazione.
+edit_consumer_registration_context = Contesto della registrazione:
+edit_consumer_registration_context_handle = Gestore:
+edit_consumer_registration_context_erase = Elimina la registrazione locale
+edit_consumer_registration_context_erase_title = Elimina l\'informazione della registrazione locale (potenzialmente pericoloso!)
+edit_consumer_refresh = Aggiorna e salva
+edit_consumer_refresh_title = Salva le modifiche e aggiorna le informazioni del producer
+edit_consumer_cancel = Cancel
+
+# Confirm registration property deletion screen
+confirm_delete_reg_property_title = Elimino ''{0}'' descrizioni sulla propriet\u00e0 di registrazione?
+confirm_delete_reg_property_message = Stai per cancellare ''{0}'' descrizioni sulla propriet\u00e0 di registrazione! \n\
+Render\u00e0 non valide le registrazioni del consumer che dovr\u00e0 modificare la propria informazione \n\
+sulla registrazione.
+confirm_delete_reg_property_proceed = Sicuro di voler procedere?
+confirm_delete_reg_property_submit = Elimina la propriet\u00e0
+confirm_delete_reg_property_cancel = Annulla
+
+# Producer configuration screen
+producer_config_title = Configurazione del Producer
+producer_config_sd_requires_reg = L'accesso all\'intera descrizione del servizio richiede la registrazione da parte dei consumer.
+producer_config_strict = Usa per intero le propriet\u00e0 WSRP.
+producer_config_requires_reg = E\' richiesta la registrazione. La modifica di quest\'informazione render\u00e0 non valide le registrazioni del consumer.
+producer_config_reg_policy = Nome della classe della policy di registrazione:
+producer_config_reg_prop_validator = Nome della classe del validatore delle propriet\u00e0 di registrazione:
+producer_config_reg_props = Propriet\u00e0 della registratione
+producer_config_reg_prop_name = Nome
+producer_config_reg_prop_type = Tipo
+producer_config_reg_prop_label = Titolo
+producer_config_reg_prop_hint = Hint
+producer_config_reg_prop_action = Azione
+producer_config_reg_prop_remove = Elimina
+producer_config_no_reg_props = Non \u00e8 richiesta alcuna propriet\u00e0 di registrazione.
+producer_config_add_reg_prop = Aggiungi propriet\u00e0
+producer_config_save = Salva
+producer_config_cancel = Annulla
+
+## Localized messages in JSF beans
+
+bean_support_unexpected_error = Si \u00e8 verificato un errore inaspettato:
+bean_support_cause = Causa:
+CONSUMER_TYPE = Consumer
+
+# ConsumerBean
+bean_consumer_cannot_find_consumer = Non posso trovare il consumer ''{0}''!
+bean_consumer_cannot_update_consumer = Non posso aggiornare il consumer!
+bean_consumer_cannot_refresh_consumer = Non posso eseguire il refresh del consumer!
+bean_consumer_modify_reg_success = Registrazione modificata con successo!
+bean_consumer_invalid_modify = Tentativo non valido di modifica di una registrazione modificata localmente!
+bean_consumer_cannot_modify_reg = Non posso modificare la registrazione!
+bean_consumer_cannot_erase_reg = Non posso eliminare la registrazione locale!
+bean_consumer_malformed_url = ''{0}'' non \u00e8 un URL valido: {1}
+bean_consumer_update_success = Consumer aggiornato con successo!
+
+# ConsumerManagerBean
+bean_consumermanager_invalid_new_consumer_name = E\' necessario un nome di campo non null o non vuoto per il nuovo consumer!
+bean_consumermanager_no_consumer = Non \u00e8 stato selezionato nessun consuer!
+bean_consumermanager_refresh_bypassed = Non \u00e8 necessario alcun aggiornamento.
+bean_consumermanager_refresh_success = Aggiornamento eseguito con successo.
+bean_consumermanager_refresh_failure = Aggiornamento fallito (probabilmente perch\u00e8 le informazioni di registrazione non sono valide).
+bean_consumermanager_refresh_exception = Si \u00e8 verificato un errore inaspettato.
+bean_consumermanager_refresh_modify = Le informazioni locali e remote sono cambiate, dovresti modificare la registrazione al producer remoto.\n\
+Le nuove informazioni locali saranno salvate ma i dati della registrazione corrente non saranno usati finch\u00e8 non modifichi \
+con successo la registrazione al producer.
+
+# ProducerBean
+bean_producer_regpolicy_unset = RegistrationPolicy non inserita
+bean_producer_cannot_save = Non posso salvare la configurazione del producer. Causa: {0}
+bean_producer_cannot_reload = Non posso ricaricare la configurazione del producer. Causa: {0}
+bean_producer_save_success = La configurazione del producer \u00e8 stata salvata con successo!
+bean_producer_cancel_success = Tutte le modifiche fatte al producer sono state annullate!
+
+## RegistrationProperty Status localization
+registration_property_status_inexistent = Non esiste nel producer
+registration_property_status_missing = Mancante
+registration_property_status_missing_value = Valore mancante
+registration_property_status_unchecked_value = Stato non determinto
+registration_property_status_invalid_value = Valore non valido
+registration_property_status_valid = Valido
+
+org.jboss.portal.object.name.admin.WSRP=WSRP
+
+INVALID_NAME_ERROR=''{0}'' non \u00e8 un nome valido di {1} : Non \u00f2 essere null, vuoto o contenere '\\' o '%5c'
+DUPLICATE_ERROR=Un valore {1} con nome ''{0}'' esiste gi\u00e0!
\ No newline at end of file
17 years, 1 month
- 1
- 0
JBoss Portal SVN: r13088 - in modules/authorization/trunk: common-api and 20 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-03-26 16:23:08 -0400 (Thu, 26 Mar 2009)
New Revision: 13088
Added:
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java
modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/
modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/
modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html
modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/
modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html
Removed:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java
Modified:
modules/authorization/trunk/.classpath
modules/authorization/trunk/common-api/pom.xml
modules/authorization/trunk/core-components-api/pom.xml
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java
modules/authorization/trunk/enforcement/pom.xml
modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java
modules/authorization/trunk/http-profile/pom.xml
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml
modules/authorization/trunk/policy-server/pom.xml
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
modules/authorization/trunk/pom.xml
Log:
code backup
* first pass at supporting access control on http methods (GET, POST) etc.....more refinement needed
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/.classpath 2009-03-26 20:23:08 UTC (rev 13088)
@@ -39,5 +39,6 @@
<classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.2.GA/jboss-dependency-2.0.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.9.GA/jboss-common-core-2.2.9.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
Modified: modules/authorization/trunk/common-api/pom.xml
===================================================================
--- modules/authorization/trunk/common-api/pom.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/common-api/pom.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -19,19 +19,5 @@
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
</dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.3.1</version>
- <configuration>
- <includes>
- </includes>
- </configuration>
- </plugin>
- </plugins>
- </build>
+ </dependencies>
</project>
Modified: modules/authorization/trunk/core-components-api/pom.xml
===================================================================
--- modules/authorization/trunk/core-components-api/pom.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/core-components-api/pom.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -35,19 +35,5 @@
<groupId>org.drools</groupId>
<artifactId>drools-compiler</artifactId>
</dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.3.1</version>
- <configuration>
- <includes>
- </includes>
- </configuration>
- </plugin>
- </plugins>
- </build>
+ </dependencies>
</project>
Added: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java (rev 0)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Get.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,37 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action.http;
+
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * Get represents a "GET" action that can be performed on a Http Servlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Get extends Operation
+{
+ public Get()
+ {
+ this.name = "get";
+ }
+}
Added: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java (rev 0)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/http/Post.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,37 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.components.action.http;
+
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * Post represents a "POST" action that can be performed on a Http Servlet
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Post extends Operation
+{
+ public Post()
+ {
+ this.name = "post";
+ }
+}
Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java
===================================================================
--- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/HttpResource.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -30,8 +30,12 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.Resource;
import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.xacml.ExpressionBuilder;
+import org.jboss.security.authz.components.action.Operation;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
/**
@@ -43,12 +47,17 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class HttpResource extends URIResource
+public class HttpResource extends URIResource implements Cloneable
{
/**
* The HTTP Parameters that are used to access this resource
*/
private Map<String, String> parameters;
+
+ /**
+ * Used to apply the Policy based on Http Method being invoked
+ */
+ private Operation httpMethod;
/**
*
@@ -77,6 +86,16 @@
{
this.getParameters().put(name, value);
}
+
+ public Operation getHttpMethod()
+ {
+ return this.httpMethod;
+ }
+
+ public void setHttpMethod(Operation httpMethod)
+ {
+ this.httpMethod = httpMethod;
+ }
//-------Services for Policy Creation---------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Produces PolicyMeta used to generate a Policy object to be registered with the Policy Server
@@ -98,6 +117,19 @@
metadata.getTarget().addResourceMatch(paramExpression);
}
}
+
+ if(this.httpMethod != null)
+ {
+ AttributeExpression actionExpression = new AttributeExpression();
+
+ actionExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, this.httpMethod.getName());
+ actionExpression.setAttribute(attribute);
+
+ Target actionTarget = this.httpMethod.getTarget();
+ metadata.getTarget().addActionMatch(actionTarget.getActionMatches().iterator().next());
+ }
return metadata;
}
@@ -128,4 +160,9 @@
return urlResource;
}
+ //-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
}
Modified: modules/authorization/trunk/enforcement/pom.xml
===================================================================
--- modules/authorization/trunk/enforcement/pom.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/enforcement/pom.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -25,19 +25,5 @@
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
</dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.3.1</version>
- <configuration>
- <includes>
- </includes>
- </configuration>
- </plugin>
- </plugins>
- </build>
+ </dependencies>
</project>
Modified: modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java
===================================================================
--- modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/enforcement/src/main/java/org/jboss/security/authz/enforcement/Response.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -57,4 +57,28 @@
{
this.message = message;
}
+
+ public boolean isIndeterminate()
+ {
+ boolean isIndeterminate = false;
+
+ if(this.message.toLowerCase().contains("indeterminate"))
+ {
+ isIndeterminate = true;
+ }
+
+ return isIndeterminate;
+ }
+
+ public boolean isNotApplicable()
+ {
+ boolean isNotApplicable = false;
+
+ if(this.message.toLowerCase().contains("notapplicable"))
+ {
+ isNotApplicable = true;
+ }
+
+ return isNotApplicable;
+ }
}
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -68,7 +68,9 @@
<version>2.3.1</version>
<configuration>
<includes>
+ <!--
<include>**/components/Test*.java</include>
+ -->
<include>**/provisioning/Test*.java</include>
</includes>
</configuration>
Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -39,6 +39,8 @@
import org.w3c.dom.NodeList;
import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.action.http.Get;
+import org.jboss.security.authz.components.action.http.Post;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
@@ -128,29 +130,67 @@
policyResource.setUri(new URI(urlPattern.getTextContent().trim()));
this.parseParameters(policyResource, webResource);
- webResources.add(policyResource);
+ List<HttpResource> methodResources = this.parseHttpMethods(policyResource, webResource);
+ if(methodResources != null && !methodResources.isEmpty())
+ {
+ webResources.addAll(methodResources);
+ }
+ else
+ {
+ webResources.add(policyResource);
+ }
}
}
return webResources;
}
+ private List<HttpResource> parseHttpMethods(HttpResource policyResource, Element webResource) throws Exception
+ {
+ List<HttpResource> webResources = new ArrayList<HttpResource>();
+ NodeList httpMethods = webResource.getElementsByTagName("http-method");
+ if(httpMethods != null)
+ {
+ for(int i=0; i<httpMethods.getLength(); i++)
+ {
+ Element httpMethodElem = (Element)httpMethods.item(i);
+
+ String httpMethod = httpMethodElem.getTextContent();
+ HttpResource methodResource = (HttpResource)policyResource.clone();
+
+ if(httpMethod.equalsIgnoreCase("get"))
+ {
+ methodResource.setHttpMethod(new Get());
+ }
+ else if(httpMethod.equalsIgnoreCase("post"))
+ {
+ methodResource.setHttpMethod(new Post());
+ }
+ webResources.add(methodResource);
+ }
+ }
+ return webResources;
+ }
+
private void parseParameters(HttpResource policyResource, Element webResource) throws Exception
{
//Process Parameters
Element parameters = (Element)webResource.getElementsByTagName("parameters").item(0);
- NodeList params = parameters.getElementsByTagName("parameter");
- if(params != null)
+ if(parameters != null)
{
- for(int i=0, length=params.getLength(); i<length; i++)
- {
- Element parameter = (Element)params.item(i);
-
- String name = parameter.getAttribute("name").trim();
- String value = parameter.getTextContent().trim();
-
- policyResource.addParameter(name, value);
- }
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if(params != null)
+ {
+ for(int i=0, length=params.getLength(); i<length; i++)
+ {
+ Element parameter = (Element)params.item(i);
+
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
+
+ policyResource.addParameter(name, value);
+ }
+ }
}
}
Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -21,8 +21,11 @@
*/
package org.jboss.security.authz.http.enforcement;
+import java.util.Enumeration;
import java.io.IOException;
import java.io.InputStream;
+import java.io.ByteArrayInputStream;
+import java.net.URI;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -31,16 +34,32 @@
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.UnavailableException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.Element;
+import org.w3c.dom.Document;
+
import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
+import org.jboss.security.authz.tools.GeneralTool;
+
import org.jboss.security.authz.model.Policy;
+
import org.jboss.security.authz.policy.server.Server;
import org.jboss.security.authz.policy.server.PolicyServer;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.HttpResource;
+import org.jboss.security.authz.components.subject.Roles;
+
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -49,6 +68,7 @@
private static Logger log = Logger.getLogger(SecurityFilter.class);
private PolicyServer policyServer;
+ private boolean isPolicyMatchMandatory = false; //set to "false" by default
public SecurityFilter()
{
@@ -73,8 +93,9 @@
PolicyConfig policyConfig = new HttpPolicyConfig();
is = config.getServletContext().getResourceAsStream("/WEB-INF/http-policy.xml");
+ String httpPolicy = GeneralTool.readStream(is);
- Policy[] policies = policyConfig.configure(GeneralTool.readStream(is));
+ Policy[] policies = policyConfig.configure(httpPolicy);
log.debug("----------------------------------------------------------");
for(Policy policy: policies)
@@ -84,6 +105,10 @@
}
log.debug("----------------------------------------------------------");
+ //Parse the enforcement configuration
+ this.configure(httpPolicy);
+
+
log.info("----------------------------------------------------------");
log.info("Security Filter successfully initialized...................");
log.info("----------------------------------------------------------");
@@ -111,9 +136,98 @@
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
- log.info("--------------------------------------------------------");
- log.info("Security Filter successfully called.....................");
+ try
+ {
+ HttpServletRequest httpRequest = (HttpServletRequest)request;
+ HttpServletResponse httpResponse = (HttpServletResponse)response;
+
+ //Perform a Security check
+ Request authzRequest = this.createAuthorizationRequest(httpRequest);
+ Response authzResponse = this.policyServer.evaluate(authzRequest);
+
+ //Process the authorization response and allow or deny further processing
+ if(!authzResponse.isAccessGranted())
+ {
+ if(authzResponse.isIndeterminate() ||
+ (authzResponse.isNotApplicable() && this.isPolicyMatchMandatory)
+ )
+ {
+ //Send back an access denied status
+ httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ }
+
+ chain.doFilter(request, response);
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new ServletException(e);
+ }
+ }
+ //------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Request createAuthorizationRequest(HttpServletRequest httpRequest) throws Exception
+ {
+ Request authzRequest = new Request();
- chain.doFilter(request, response);
- }
+ HttpResource contextResource = new HttpResource();
+
+ //Setup URI pattern context
+ String contextPath = httpRequest.getContextPath();
+ String requestURI = httpRequest.getRequestURI();
+ String uri = requestURI.substring(contextPath.length());
+ contextResource.setUri(new URI(uri));
+
+ //Setup Role context
+ //TODO: replace mock code with actual loading of Roles information of the authenticated user via the new Identity API
+ Roles roles = new Roles();
+ roles.addName("Admin");
+ authzRequest.addSubject(roles.getSubject());
+
+ //Setup Parameter context
+ Enumeration parameters = httpRequest.getParameterNames();
+ while(parameters.hasMoreElements())
+ {
+ String name = (String)parameters.nextElement();
+ String value = httpRequest.getParameter(name);
+ contextResource.addParameter(name, value);
+ }
+
+
+ //Setup Resource context
+ authzRequest.addResource(contextResource.getResource());
+
+ //Setup Action context
+ //TODO: add support for all the Http methods here and not just GET
+ authzRequest.setAction(new Read().getAction());
+
+ return authzRequest;
+ }
+
+ private void configure(String httpPolicy) throws Exception
+ {
+ InputStream xmlStream = null;
+ try
+ {
+ xmlStream = new ByteArrayInputStream(httpPolicy.getBytes());
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ Document document = builder.parse(xmlStream);
+
+ Element enforcementConfig = (Element)document.getElementsByTagName("enforcement-config").item(0);
+ if(enforcementConfig != null)
+ {
+ Element policyMatchMandatory = (Element)enforcementConfig.getElementsByTagName("policy-match-mandatory").item(0);
+
+ this.isPolicyMatchMandatory = Boolean.parseBoolean(policyMatchMandatory.getTextContent());
+ }
+ }
+ finally
+ {
+ if(xmlStream != null)
+ {
+ xmlStream.close();
+ }
+ }
+ }
}
Deleted: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -1,54 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.http.container;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.Logger;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class TestHelloWorldHttpServlet extends TestCase
-{
- /**
- *
- */
- private static Logger log = Logger.getLogger(TestHelloWorldHttpServlet.class);
-
-
- /**
- *
- */
- protected void setUp() throws Exception
- {
-
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testHelloWorld() throws Exception
- {
- String url = "/httpprofile-testsuite/index.html";
- Thread.currentThread().sleep(20000);
- }
-}
Copied: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java (from rev 13005, modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestHelloWorldHttpServlet.java)
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,72 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.http.container;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpStatus;
+import org.apache.commons.httpclient.methods.GetMethod;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestSecurityFilterDeployment extends TestCase
+{
+ /**
+ *
+ */
+ private static Logger log = Logger.getLogger(TestSecurityFilterDeployment.class);
+
+
+ /**
+ *
+ */
+ protected void setUp() throws Exception
+ {
+
+ }
+ //------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void test() throws Exception
+ {
+ HttpClient client = new HttpClient();
+ String url = "http://localhost:8080/httpprofile-testsuite/index.html";
+ GetMethod method = new GetMethod(url);
+
+ int status = client.executeMethod(method);
+ String response = method.getResponseBodyAsString();
+
+ log.info("-----------------------------------------------------------");
+ log.info("Status="+status);
+ log.info(response);
+ log.info("-----------------------------------------------------------");
+
+ assertEquals("Request Failed!!", status, HttpStatus.SC_OK);
+ assertTrue("Proper content must be present!!", response.contains("<h1>Http Profile Container TestSuite</h1>"));
+
+ Thread.currentThread().sleep(20000);
+ }
+}
Property changes on: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/container/TestSecurityFilterDeployment.java
___________________________________________________________________
Name: svn:mergeinfo
+
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -29,7 +29,8 @@
import org.apache.log4j.Logger;
-import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.http.Get;
+import org.jboss.security.authz.components.action.http.Post;
import org.jboss.security.authz.components.resource.HttpResource;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.enforcement.Request;
@@ -74,8 +75,11 @@
for(int i=0; i<policies.length; i++)
{
+ String xacmlPolicy = policies[i].generateXACMLPolicy();
+ this.policyServer.newPolicy(policies[i].getMetaData());
+
log.info("------------------------------------------------------");
- this.policyServer.newPolicy(policies[i].getMetaData());
+ log.info(xacmlPolicy);
log.info("------------------------------------------------------");
}
@@ -87,16 +91,18 @@
incoming.addParameter("id", "1234");
//Executive is allowed
- this.enforce(this.createRequest(incoming, new String[]{"executive"}), true);
+ this.enforce(this.createGetRequest(incoming, new String[]{"executive"}), true);
+ this.enforce(this.createPostRequest(incoming, new String[]{"executive"}), true);
//Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
- this.enforce(this.createRequest(incoming, new String[]{"executive", "manager"}), true);
+ this.enforce(this.createGetRequest(incoming, new String[]{"executive", "manager"}), true);
+ this.enforce(this.createPostRequest(incoming, new String[]{"executive", "manager"}), true);
//Manager is Not Allowed
- this.enforce(this.createRequest(incoming, new String[]{"manager"}), false);
+ this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false);
//Anonymous is Not Allowed
- this.enforce(this.createRequest(incoming, new String[]{"anonymous"}), false);
+ this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);
}
public void testBoardFiles() throws Exception
@@ -110,9 +116,11 @@
for(int i=0; i<policies.length; i++)
{
- log.info("------------------------------------------------------");
- this.policyServer.newPolicy(policies[i].getMetaData());
- log.info("------------------------------------------------------");
+ String xacmlPolicy = policies[i].generateXACMLPolicy();
+ this.policyServer.newPolicy(policies[i].getMetaData());
+ log.info("------------------------------------------------------");
+ log.info(xacmlPolicy);
+ log.info("------------------------------------------------------");
}
is.close();
@@ -123,17 +131,59 @@
incoming.addParameter("id", "5678");
//Executive is allowed
- this.enforce(this.createRequest(incoming, new String[]{"executive"}), true);
+ this.enforce(this.createGetRequest(incoming, new String[]{"executive"}), true);
+ this.enforce(this.createPostRequest(incoming, new String[]{"executive"}), false);
//Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
- this.enforce(this.createRequest(incoming, new String[]{"executive", "manager"}), true);
+ this.enforce(this.createGetRequest(incoming, new String[]{"executive", "manager"}), true);
+ this.enforce(this.createPostRequest(incoming, new String[]{"executive", "manager"}), false);
//Manager is Not Allowed
- this.enforce(this.createRequest(incoming, new String[]{"manager"}), false);
+ this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false);
//Anonymous is Not Allowed
- this.enforce(this.createRequest(incoming, new String[]{"anonymous"}), false);
+ this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);
}
+
+ public void testEditUser() throws Exception
+ {
+ PolicyConfig config = new HttpPolicyConfig();
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
+
+ Policy[] policies = config.configure(GeneralTool.readStream(is));
+
+ assertNotNull(policies);
+
+ for(int i=0; i<policies.length; i++)
+ {
+ String xacmlPolicy = policies[i].generateXACMLPolicy();
+ this.policyServer.newPolicy(policies[i].getMetaData());
+ log.info("------------------------------------------------------");
+ log.info(xacmlPolicy);
+ log.info("------------------------------------------------------");
+ }
+
+ is.close();
+
+ //Perform an Enforcement
+ HttpResource incoming = new HttpResource();
+ incoming.setUri(new URI("/editUser"));
+ incoming.addParameter("userId", "9101112");
+
+ //Executive is allowed
+ this.enforce(this.createGetRequest(incoming, new String[]{"executive"}), true);
+ this.enforce(this.createPostRequest(incoming, new String[]{"executive"}), true);
+
+ //Executive is allowed but Manager is not.....Permit overrides Deny according to the Rule Combining Algorithm used for this Policy
+ this.enforce(this.createGetRequest(incoming, new String[]{"executive", "manager"}), true);
+ this.enforce(this.createPostRequest(incoming, new String[]{"executive", "manager"}), true);
+
+ //Manager is Not Allowed
+ this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false);
+
+ //Anonymous is Not Allowed
+ this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);
+ }
//-------------------------------------------------------------------------------------------------------------------------------------------------
private void enforce(Request request, boolean mustBePermitted) throws Exception
{
@@ -154,7 +204,7 @@
}
}
- private Request createRequest(HttpResource contextResource, String[] userRoles) throws Exception
+ private Request createGetRequest(HttpResource contextResource, String[] userRoles) throws Exception
{
//Create a RequestType
Request request = new Request();
@@ -171,8 +221,30 @@
request.addResource(contextResource.getResource());
//Create Action
- request.setAction(new Read().getAction());
+ request.setAction(new Get().getAction());
return request;
- }
+ }
+
+ private Request createPostRequest(HttpResource contextResource, String[] userRoles) throws Exception
+ {
+ //Create a RequestType
+ Request request = new Request();
+
+ //Create Subjects
+ Roles roles = new Roles();
+ for(int i=0; i<userRoles.length; i++)
+ {
+ roles.addName(userRoles[i]);
+ }
+ request.addSubject(roles.getSubject());
+
+ //Create Resource
+ request.addResource(contextResource.getResource());
+
+ //Create Action
+ request.setAction(new Post().getAction());
+
+ return request;
+ }
}
Modified: modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/resources/http-policy.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -8,6 +8,8 @@
<parameters>
<parameter name="id">1234</parameter>
</parameters>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
</web-resource>
<web-resource>
<web-resource-name>Board/Investor Files</web-resource-name>
@@ -15,6 +17,7 @@
<parameters>
<parameter name="id">5678</parameter>
</parameters>
+ <http-method>GET</http-method>
</web-resource>
</web-resource-collection>
<auth-constraint>
@@ -47,4 +50,34 @@
<!-- constraints based on data and/or time -->
</auth-constraint>
</security-constraint>
+
+ <!--
+ To demonstrate granularity of applying policies based on type of http method being invoked on a resource
+
+ This Policy means apply this Security Policy on the "Http Resource", for both "GET", and "POST" requests
+ -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource>
+ <web-resource-name>Edit User</web-resource-name>
+ <url-pattern>/editUser</url-pattern>
+ <parameters>
+ <parameter name="userId">9101112</parameter>
+ </parameters>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource>
+ </web-resource-collection>
+ <auth-constraint>
+ <!-- constaints based on user roles -->
+ <roles allow="true">
+ <role-name>Admin</role-name>
+ <role-name>Executive</role-name>
+ </roles>
+ <roles allow="false">
+ <role-name>Manager</role-name>
+ <role-name>Developer</role-name>
+ </roles>
+ </auth-constraint>
+ </security-constraint>
</web-security>
\ No newline at end of file
Modified: modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/WEB-INF/http-policy.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -1,5 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
-<web-security>
+<web-security>
+ <enforcement-config>
+ <!--
+ default value, (false)
+ If resource match is set to "mandatory", it means that if there is an http request to the web application,
+ that does not have any specified/matching "security policy" for it, then this access should be "Denied".
+
+ The default value is set to "false" since this makes Policy Provisioning less intensive for most web applications. This means that if
+ a "Policy" is not specified for a http request, it means that resource does not need to be "protected", and access should be "Granted".
+
+ The protection can be increased depending on the application by changing this to "true". In which case only Http Requests that have a matching "Security Policy" will
+ be considered for "Access Control". All others will be "Denied" access.
+ -->
+ <policy-match-mandatory>true</policy-match-mandatory>
+ </enforcement-config>
+
<security-constraint>
<web-resource-collection>
<web-resource>
@@ -8,6 +23,13 @@
<parameters>
<parameter name="id">1234</parameter>
</parameters>
+ <http-method>DELETE</http-method>
+ <http-method>PUT</http-method>
+ <http-method>HEAD</http-method>
+ <http-method>OPTIONS</http-method>
+ <http-method>TRACE</http-method>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
</web-resource>
<web-resource>
<web-resource-name>Board/Investor Files</web-resource-name>
@@ -46,5 +68,5 @@
-->
<!-- constraints based on data and/or time -->
</auth-constraint>
- </security-constraint>
+ </security-constraint>
</web-security>
\ No newline at end of file
Added: modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/board/index.html 2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,8 @@
+<html>
+ <head>
+ <title>Http Profile Container TestSuite</title>
+ </head>
+ <body>
+ <h1>Board Members</h1>
+ </body>
+</html>
\ No newline at end of file
Added: modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/resources/httpprofile-testsuite.war/private/executives/index.html 2009-03-26 20:23:08 UTC (rev 13088)
@@ -0,0 +1,8 @@
+<html>
+ <head>
+ <title>Http Profile Container TestSuite</title>
+ </head>
+ <body>
+ <h1>Company Executives</h1>
+ </body>
+</html>
\ No newline at end of file
Modified: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/policy-server/pom.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -51,19 +51,5 @@
<groupId>org.drools</groupId>
<artifactId>drools-compiler</artifactId>
</dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.3.1</version>
- <configuration>
- <includes>
- </includes>
- </configuration>
- </plugin>
- </plugins>
- </build>
+ </dependencies>
</project>
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -155,13 +155,23 @@
if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
{
response.setAccessGranted(true);
- response.setMessage("ACCESS_GRANTED");
+ response.setMessage("permit");
}
- else
+ else if(responseContext.getDecision() == XACMLConstants.DECISION_DENY)
{
response.setAccessGranted(false);
- response.setMessage("ACCESS_DENIED");
+ response.setMessage("deny");
}
+ else if(responseContext.getDecision() == XACMLConstants.DECISION_INDETERMINATE)
+ {
+ response.setAccessGranted(false);
+ response.setMessage("indeterminate");
+ }
+ else if(responseContext.getDecision() == XACMLConstants.DECISION_NOT_APPLICABLE)
+ {
+ response.setAccessGranted(false);
+ response.setMessage("notapplicable");
+ }
return response;
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-03-26 20:23:08 UTC (rev 13088)
@@ -125,6 +125,15 @@
resourcesType.getResource().add(resourceType);
}
+ //Process Action Matches as Targets for the Policy
+ List<AttributeExpression> targetActionMatches = this.metaData.getTarget().getActionMatches();
+ if(targetActionMatches != null && !targetActionMatches.isEmpty())
+ {
+ ActionsType actionsType = this.generateRuleActions(targetActionMatches);
+ targetType.setActions(actionsType);
+ }
+
+
//Process the Policy Rules
Set<Rule> rules = this.metaData.getRules();
if(rules != null && !rules.isEmpty())
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2009-03-26 13:58:58 UTC (rev 13087)
+++ modules/authorization/trunk/pom.xml 2009-03-26 20:23:08 UTC (rev 13088)
@@ -44,7 +44,8 @@
<version.org.jboss.microcontainer>2.0.2.GA</version.org.jboss.microcontainer>
<version.org.jboss.jboss-reflect>2.0.2.GA</version.org.jboss.jboss-reflect>
<version.org.jboss.jboss-common-core>2.2.9.GA</version.org.jboss.jboss-common-core>
- <version.org.jboss.jboss-mdr>2.0.1.GA</version.org.jboss.jboss-mdr>
+ <version.org.jboss.jboss-mdr>2.0.1.GA</version.org.jboss.jboss-mdr>
+ <version.commons-httpclient>3.1</version.commons-httpclient>
</properties>
<dependencyManagement>
@@ -262,7 +263,14 @@
<version>${version.javax.servlet.servlet-api}</version>
<scope>provided</scope>
</dependency>
- </dependencies>
+
+ <!-- Commons Http Client -->
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>${version.commons-httpclient}</version>
+ </dependency>
+ </dependencies>
</dependencyManagement>
<!-- project wide dependencies -->
@@ -285,6 +293,13 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+
+ <!-- http client -->
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
@@ -301,8 +316,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
- <configuration>
- <skip>false</skip>
+ <configuration>
</configuration>
</plugin>
</plugins>
17 years, 1 month
- 1
- 0