JBoss Portal SVN: r13705 - in modules/authorization/trunk: agent/src/main/java/org/jboss/security/authz/agent/enforcement and 8 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 15:40:48 -0400 (Sat, 08 Aug 2009)
New Revision: 13705
Added:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/LocalEventObserver.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEventingSystem.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/Event.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventBus.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventObserver.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/HotDeployEvent.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/LocalEventBus.java
Modified:
modules/authorization/trunk/.project
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java
modules/authorization/trunk/agent/src/main/resources/META-INF/authz-config.xml
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
Log:
Policy Hot Deployment implementation
* EnforcementCache Invalidation implemented
Modified: modules/authorization/trunk/.project
===================================================================
--- modules/authorization/trunk/.project 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/.project 2009-08-08 19:40:48 UTC (rev 13705)
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
- <name>module-authorization</name>
+ <name>jboss-authz-trunk</name>
<comment></comment>
<projects>
</projects>
@@ -10,8 +10,14 @@
<arguments>
</arguments>
</buildCommand>
+ <buildCommand>
+ <name>net.sourceforge.metrics.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>net.sourceforge.metrics.nature</nature>
</natures>
</projectDescription>
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementCache.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -75,7 +75,11 @@
enforcementResponse.setAttribute(EnforcementResponse.CACHED, new Date());
}
- //TODO: Add Cache Invalidation Operations
+ //Add Cache Invalidation Operations
+ public void clear()
+ {
+ this.responseCache.clear();
+ }
//---------------------------------------------------------------------------------------------------------------------------------------------
private Integer getCacheEntryKey(EnforcementContext enforcementContext)
{
Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/LocalEventObserver.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/LocalEventObserver.java (rev 0)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/LocalEventObserver.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,95 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.agent.services;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.tools.GeneralTool;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementCache;
+
+import org.jboss.security.authz.policy.server.event.EventBus;
+import org.jboss.security.authz.policy.server.event.EventObserver;
+import org.jboss.security.authz.policy.server.event.Event;
+import org.jboss.security.authz.policy.server.event.HotDeployEvent;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class LocalEventObserver implements EventObserver
+{
+ private static Logger log = Logger.getLogger(LocalEventObserver.class);
+
+ private String id;
+ private EventBus eventBus;
+ private EnforcementCache enforcementCache;
+
+ public LocalEventObserver()
+ {
+ }
+
+ public void start()
+ {
+ this.id = GeneralTool.generateUniqueId();
+ this.eventBus.subscribe(this);
+ }
+
+ public void stop()
+ {
+ this.eventBus.unsubscribe(this);
+ }
+
+ public EventBus getEventBus()
+ {
+ return eventBus;
+ }
+
+ public void setEventBus(EventBus eventBus)
+ {
+ this.eventBus = eventBus;
+ }
+
+ public EnforcementCache getEnforcementCache()
+ {
+ return enforcementCache;
+ }
+
+ public void setEnforcementCache(EnforcementCache enforcementCache)
+ {
+ this.enforcementCache = enforcementCache;
+ }
+ //-----------------------------------------------------------------------------------------------------------------------------------
+ public void accept(Event event)
+ {
+ if(event instanceof HotDeployEvent)
+ {
+ this.enforcementCache.clear();
+ }
+ }
+
+ public String getId()
+ {
+ return this.id;
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------
+
+}
Modified: modules/authorization/trunk/agent/src/main/resources/META-INF/authz-config.xml
===================================================================
--- modules/authorization/trunk/agent/src/main/resources/META-INF/authz-config.xml 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/agent/src/main/resources/META-INF/authz-config.xml 2009-08-08 19:40:48 UTC (rev 13705)
@@ -9,6 +9,15 @@
<bean name="/agent/EnforcementStateGenerator" class="org.jboss.security.authz.agent.services.EnforcementStateGenerator">
</bean>
+ <bean name="/agent/ServerEventObserver" class="org.jboss.security.authz.agent.services.LocalEventObserver">
+ <property name="eventBus">
+ <inject bean="/policy-server/EventBus"/>
+ </property>
+ <property name="enforcementCache">
+ <inject bean="/agent/EnforcementCache"/>
+ </property>
+ </bean>
+
<bean name="/agent/EnforcementCache" class="org.jboss.security.authz.agent.enforcement.EnforcementCache">
</bean>
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -92,9 +92,8 @@
this.assertServerState();
//Enforce and make sure new Rules apply
- //TODO: Remove This when Cache Invalidations are implemented!!!
- EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
- enforcementContext.setIgnoreCache(true);
+ //EnforcementCache must also get invalidated........
+ EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
this.enforce(enforcementContext, false);
}
@@ -148,9 +147,8 @@
this.assertServerState();
//Enforce and make sure new Rules apply
- //TODO: Remove This when Cache Invalidations are implemented!!!
- EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
- enforcementContext.setIgnoreCache(true);
+ //EnforcementCache must also get invalidated........
+ EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
this.enforce(enforcementContext, false);
}
// ------------------------------------------------------------------------------------------------------------------------------------------------------
Added: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEventingSystem.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEventingSystem.java (rev 0)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEventingSystem.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,49 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.agent.services;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+
+import org.jboss.security.authz.policy.server.event.EventBus;
+import org.jboss.security.authz.policy.server.event.HotDeployEvent;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestEventingSystem extends TestCase
+{
+ private EventBus eventBus;
+
+ protected void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+ this.eventBus = (EventBus)ServiceContainer.lookup("/policy-server/EventBus");
+ }
+ //---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testHotDeployEvent() throws Exception
+ {
+ HotDeployEvent event = new HotDeployEvent("policyUri://blahblah");
+ this.eventBus.deliver(event);
+ }
+}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -37,6 +37,7 @@
import org.jboss.security.authz.policy.server.spi.PolicyStore;
import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
+import org.jboss.security.authz.policy.server.event.EventBus;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
@@ -53,6 +54,7 @@
private PolicyStore policyStore;
private EnterprisePolicyFinderModule policyFinderModule;
private DroolsRuleManager ruleManager;
+ private EventBus eventBus;
public PolicyServer()
{
@@ -72,6 +74,7 @@
this.policyFinderModule = (EnterprisePolicyFinderModule) module;
this.policyFinderModule.setPolicyStore(this.policyStore);
this.policyFinderModule.setRuleManager(this.ruleManager);
+ this.policyFinderModule.setEventBus(this.eventBus);
this.policyFinderModule.bootup();
}
}
@@ -116,7 +119,16 @@
{
this.ruleManager = ruleManager;
}
+
+ public EventBus getEventBus()
+ {
+ return eventBus;
+ }
+ public void setEventBus(EventBus eventBus)
+ {
+ this.eventBus = eventBus;
+ }
// --------Enforcement Phase
// services--------------------------------------------------------------------------------------------------------------------------
/**
@@ -173,6 +185,7 @@
{
// Update an existing Policy
this.policyFinderModule.updatePolicy(policy, policyMetaData);
+
}
}
@@ -186,7 +199,7 @@
{
try
{
- this.policyFinderModule.deletePolicy(this.policyStore.readPolicy(policyUri));
+ this.policyFinderModule.deletePolicy(this.policyStore.readPolicy(policyUri), true);
}
catch (PolicyException pe)
{
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/Event.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/Event.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/Event.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,40 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.event;
+
+import java.io.Serializable;
+import java.util.Date;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public abstract class Event implements Serializable
+{
+ private static final long serialVersionUID = -1523445160945618953L;
+
+ private Date timestamp;
+
+ public Date getTimestamp()
+ {
+ return timestamp;
+ }
+}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventBus.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventBus.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventBus.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,32 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.event;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public interface EventBus
+{
+ public void subscribe(EventObserver observer);
+ public void unsubscribe(EventObserver observer);
+ public void deliver(Event event);
+}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventObserver.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventObserver.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/EventObserver.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,31 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.event;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public interface EventObserver
+{
+ public String getId();
+ public void accept(Event event);
+}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/HotDeployEvent.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/HotDeployEvent.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/HotDeployEvent.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,42 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.event;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class HotDeployEvent extends Event
+{
+ private static final long serialVersionUID = 8832241139903871033L;
+
+ private String policyUri;
+
+ public HotDeployEvent(String policyUri)
+ {
+
+ }
+
+ public String getPolicyUri()
+ {
+ return policyUri;
+ }
+}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/LocalEventBus.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/LocalEventBus.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/event/LocalEventBus.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -0,0 +1,86 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.event;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.HashMap;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class LocalEventBus implements EventBus
+{
+ private static Logger log = Logger.getLogger(LocalEventBus.class);
+
+ private Map<String, EventObserver> registry;
+
+ public LocalEventBus()
+ {
+
+ }
+
+ public void start()
+ {
+ this.registry = new HashMap<String, EventObserver>();
+ }
+
+ public void stop()
+ {
+ this.registry = null;
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------------
+ public void deliver(Event event)
+ {
+ Collection<EventObserver> observers = this.registry.values();
+ if(observers != null)
+ {
+ for(EventObserver observer: observers)
+ {
+ observer.accept(event);
+ }
+ }
+ }
+
+ public void subscribe(EventObserver observer)
+ {
+ if(observer == null || observer.getId() == null || observer.getId().trim().length() == 0)
+ {
+ new IllegalArgumentException("Observer or its Id Cannot be Null");
+ }
+
+ registry.put(observer.getId(), observer);
+ }
+
+ public void unsubscribe(EventObserver observer)
+ {
+ if(observer == null || observer.getId() == null || observer.getId().trim().length() == 0)
+ {
+ //Ignore......No State Changes occur...No Harm No Foul...let things flow.....
+ return;
+ }
+
+ registry.remove(observer.getId());
+ }
+}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 19:40:48 UTC (rev 13705)
@@ -34,10 +34,11 @@
import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Expression;
-import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.policy.server.event.EventBus;
import org.jboss.security.authz.policy.server.spi.PolicyStore;
import org.jboss.security.authz.policy.server.PolicyServerException;
import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.policy.server.event.HotDeployEvent;
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinder;
@@ -75,6 +76,7 @@
private PolicyReader reader;
private PolicyStore policyStore;
private DroolsRuleManager ruleManager;
+ private EventBus eventBus;
private DynamicPolicyCollection policies;
@@ -102,6 +104,16 @@
{
this.ruleManager = ruleManager;
}
+
+ public EventBus getEventBus()
+ {
+ return eventBus;
+ }
+
+ public void setEventBus(EventBus eventBus)
+ {
+ this.eventBus = eventBus;
+ }
// -----------PolicyFinderModule
// Implementation------------------------------------------------------------------------------------------------------------
/**
@@ -230,14 +242,17 @@
public void updatePolicy(Policy oldPolicy, PolicyMetaData newPolicy) throws PolicyServerException
{
- this.deletePolicy(oldPolicy);
+ this.deletePolicy(oldPolicy, false);
//TODO: This hot deployment should be done out-of-band
//and new policy should then be deployed into the rule engine
this.newPolicy(newPolicy);
+
+ HotDeployEvent hotDeployEvent = new HotDeployEvent(oldPolicy.getPolicyUri());
+ this.eventBus.deliver(hotDeployEvent);
}
- public void deletePolicy(Policy policy) throws PolicyServerException
+ public void deletePolicy(Policy policy, boolean mustHotDeploy) throws PolicyServerException
{
try
{
@@ -265,6 +280,12 @@
//Delete this Policy from the Policy Store
this.policyStore.deletePolicy(policy.getPolicyUri());
+
+ if(mustHotDeploy)
+ {
+ HotDeployEvent hotDeployEvent = new HotDeployEvent(policy.getPolicyUri());
+ this.eventBus.deliver(hotDeployEvent);
+ }
}
}
catch (PolicyException pe)
Modified: modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-08 15:36:17 UTC (rev 13704)
+++ modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-08 19:40:48 UTC (rev 13705)
@@ -13,6 +13,9 @@
<property name="ruleManager">
<inject bean="/policy-server/DroolsRuleManager"/>
</property>
+ <property name="eventBus">
+ <inject bean="/policy-server/EventBus"/>
+ </property>
</bean>
<bean name="/policy-server/PolicyDecisionPoint" class="org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint">
@@ -29,8 +32,11 @@
<property name="hibernateService">
<inject bean="/policy-server/HibernateService"/>
</property>
+ </bean>
+
+ <bean name="/policy-server/HibernateService" class="org.jboss.security.authz.policy.server.tools.HibernateService">
</bean>
- <bean name="/policy-server/HibernateService" class="org.jboss.security.authz.policy.server.tools.HibernateService">
+ <bean name="/policy-server/EventBus" class="org.jboss.security.authz.policy.server.event.LocalEventBus">
</bean>
</deployment>
\ No newline at end of file
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13704 - modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 11:36:17 -0400 (Sat, 08 Aug 2009)
New Revision: 13704
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java
Log:
Policy Hot Deployment implementation
* first success testcase....tons more to implement
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java 2009-08-08 15:16:40 UTC (rev 13703)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java 2009-08-08 15:36:17 UTC (rev 13704)
@@ -76,13 +76,13 @@
this.enforce(this.createEnforcementContext(contextResource, action), true);
//Find the Policy using the finder
+ resource.setUri(new URI("/root/level1/level2/index.html"));
ProvisioningContext provisioningContext = new ProvisioningContext();
provisioningContext.setAttribute("uri-resource", resource);
Set<Policy> policies = this.provisioner.find(provisioningContext);
assertTrue("Policy Not Found!!", policies!=null && policies.size()==1);
- //Make Policy Modifications and Deploy
- resource.setUri(new URI("/root/level1/level2/index.html"));
+ //Make Policy Modifications and Deploy
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, allowedRoles,
@@ -97,6 +97,62 @@
enforcementContext.setIgnoreCache(true);
this.enforce(enforcementContext, false);
}
+
+ public void testPolicyDeletion() throws Exception
+ {
+ // SetUp Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
+ Read action = new Read();
+
+ Roles allowedRoles = new Roles();
+ allowedRoles.addName("user");
+
+ for(int i=0; i<2; i++)
+ {
+ if(i > 0)
+ {
+ resource.setUri(new URI("/root/level1/level2/index.html/"+i));
+ }
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
+ }
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
+ URIResource contextResource = new URIResource();
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, action), true);
+
+ //Find the Policy using the finder
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+ ProvisioningContext provisioningContext = new ProvisioningContext();
+ provisioningContext.setAttribute("uri-resource", resource);
+ Set<Policy> policies = this.provisioner.find(provisioningContext);
+ assertTrue("Policy Not Found!!", policies!=null && policies.size()==1);
+
+ //Make Policy Modifications and Deploy
+ Policy policyToDelete = (Policy)policies.iterator().next();
+ this.provisioner.deletePolicy(policyToDelete.getPolicyUri());
+
+ this.assertServerState();
+
+ //Enforce and make sure new Rules apply
+ //TODO: Remove This when Cache Invalidations are implemented!!!
+ EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
+ enforcementContext.setIgnoreCache(true);
+ this.enforce(enforcementContext, false);
+ }
// ------------------------------------------------------------------------------------------------------------------------------------------------------
private EnforcementContext createEnforcementContext(
URIResource protectedResource, Read action) throws Exception
@@ -104,9 +160,6 @@
// Create an EnforcementContext
EnforcementContext context = new EnforcementContext();
- // Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
// Create Resource
context.setAttribute("uri-resource", protectedResource);
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13703 - in modules/authorization/trunk: agent/src/main/java/org/jboss/security/authz/agent/provisioning and 6 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-08 11:16:40 -0400 (Sat, 08 Aug 2009)
New Revision: 13703
Added:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java
modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml
modules/authorization/trunk/agent/src/test/resources/log4j.properties
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
Log:
Policy Hot Deployment implementation
* first success testcase....tons more to implement
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -33,6 +33,7 @@
{
private Map<String, Object> attributes;
private boolean activateHierarchialEnforcement;
+ private boolean ignoreCache;
public EnforcementContext()
{
@@ -77,5 +78,15 @@
public void activateHierarchialEnforcement()
{
this.activateHierarchialEnforcement = true;
+ }
+
+ public boolean isIgnoreCache()
+ {
+ return ignoreCache;
+ }
+
+ public void setIgnoreCache(boolean ignoreCache)
+ {
+ this.ignoreCache = ignoreCache;
}
}
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -95,7 +95,10 @@
EnforcementResponse enforcementResponse = null;
try
{
- enforcementResponse = this.enforcementCache.checkAccess(enforcementContext);
+ if(!enforcementContext.isIgnoreCache())
+ {
+ enforcementResponse = this.enforcementCache.checkAccess(enforcementContext);
+ }
if(enforcementResponse == null)
{
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -22,16 +22,22 @@
package org.jboss.security.authz.agent.provisioning;
import java.util.Set;
+import java.util.HashSet;
import org.apache.log4j.Logger;
import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.agent.services.PolicyComposer;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.policy.server.PolicyServer;
import org.jboss.security.authz.policy.server.PolicyServerException;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
/**
* This Policy Provisioner integrates with the Policy Server in the same VM.
* This provides fastest provisioning option
@@ -136,7 +142,38 @@
public Set<Policy> find(ProvisioningContext provisioningContext)
throws ProvisioningException
{
- return null;
+ try
+ {
+ Object[] values = provisioningContext.getValues();
+ if(values != null)
+ {
+ for(Object value: values)
+ {
+ if(value instanceof URIResource)
+ {
+ Set<Policy> policies = new HashSet<Policy>();
+ URIResource uriResource = (URIResource)value;
+ Attribute attribute = new Attribute();
+ attribute.setValue(uriResource.getUri().toString());
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_RESOURCE_ID);
+ attribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+
+ Policy policy = this.policyServer.findByResource(attribute);
+ if(policy != null)
+ {
+ policies.add(policy);
+ }
+ return policies;
+ }
+ }
+ }
+ return null;
+ }
+ catch (PolicyServerException pe)
+ {
+ log.error(this, pe);
+ throw new ProvisioningException(pe);
+ }
}
/**
Added: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java (rev 0)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestPolicyUpdating.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -0,0 +1,126 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.agent.features;
+
+import java.net.URI;
+import java.util.Set;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.provisioning.ProvisioningContext;
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Policy;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class TestPolicyUpdating extends AbstractFeatureTest
+{
+ public void testPolicyModification() throws Exception
+ {
+ // SetUp Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
+ Read action = new Read();
+
+ Roles allowedRoles = new Roles();
+ allowedRoles.addName("user");
+
+ for(int i=0; i<2; i++)
+ {
+ if(i > 0)
+ {
+ resource.setUri(new URI("/root/level1/level2/index.html/"+i));
+ }
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
+ }
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
+ URIResource contextResource = new URIResource();
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, action), true);
+
+ //Find the Policy using the finder
+ ProvisioningContext provisioningContext = new ProvisioningContext();
+ provisioningContext.setAttribute("uri-resource", resource);
+ Set<Policy> policies = this.provisioner.find(provisioningContext);
+ assertTrue("Policy Not Found!!", policies!=null && policies.size()==1);
+
+ //Make Policy Modifications and Deploy
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.DENY, action, allowedRoles,
+ "denyExpression");
+ this.provisioner.deploy(this.policyComposer.compose(context));
+
+ this.assertServerState();
+
+ //Enforce and make sure new Rules apply
+ //TODO: Remove This when Cache Invalidations are implemented!!!
+ EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
+ enforcementContext.setIgnoreCache(true);
+ this.enforce(enforcementContext, false);
+ }
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext createEnforcementContext(
+ URIResource protectedResource, Read action) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Enable Hierarchial Enforcement
+ context.activateHierarchialEnforcement();
+
+ // Create Resource
+ context.setAttribute("uri-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ roles.addName("user");
+ context.setAttribute("roles", roles);
+ Identity identity = new Identity();
+ identity.setName("blah(a)blah.com");
+ context.setAttribute("identity", identity);
+
+ // Create Action
+ context.setAttribute("action", action);
+
+ return context;
+ }
+}
Modified: modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml
===================================================================
--- modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml 2009-08-08 15:16:40 UTC (rev 13703)
@@ -47,7 +47,7 @@
<property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
<!-- Echo all executed SQL to stdout -->
- <property name="show_sql">true</property>
+ <property name="show_sql">false</property>
<!--
Drop and re-create the database schema on startup
Modified: modules/authorization/trunk/agent/src/test/resources/log4j.properties
===================================================================
--- modules/authorization/trunk/agent/src/test/resources/log4j.properties 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/agent/src/test/resources/log4j.properties 2009-08-08 15:16:40 UTC (rev 13703)
@@ -1,8 +1,8 @@
# Set root category priority to INFO and its only appender to CONSOLE.
-log4j.rootCategory=DEBUG, CONSOLE
+log4j.rootCategory=INFO, CONSOLE
# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
-log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.Threshold=INFO
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -25,17 +25,16 @@
import org.apache.log4j.Logger;
-import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.model.Target;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.policy.client.enforcement.Request;
import org.jboss.security.authz.policy.client.enforcement.Response;
import org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint;
import org.jboss.security.authz.policy.server.spi.PolicyStore;
-import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
@@ -72,6 +71,7 @@
{
this.policyFinderModule = (EnterprisePolicyFinderModule) module;
this.policyFinderModule.setPolicyStore(this.policyStore);
+ this.policyFinderModule.setRuleManager(this.ruleManager);
this.policyFinderModule.bootup();
}
}
@@ -117,7 +117,7 @@
this.ruleManager = ruleManager;
}
- // --------Decision making
+ // --------Enforcement Phase
// services--------------------------------------------------------------------------------------------------------------------------
/**
* Makes an Authorization Decision
@@ -150,7 +150,7 @@
return this.policyDecisionPoint.evaluate(xml);
}
- // ------- Provisioning
+ // ------- Provisioning Phase
// services-----------------------------------------------------------------------------------------------------------------------------
/**
* Generates a new Policy instance based on the supplied MetaData and stores
@@ -162,35 +162,38 @@
public void deploy(PolicyMetaData policyMetaData)
throws PolicyServerException
{
+ Policy policy = this.findPolicy(policyMetaData);
+
+ if (policy == null)
+ {
+ // Create a New Policy
+ this.policyFinderModule.newPolicy(policyMetaData);
+ }
+ else
+ {
+ // Update an existing Policy
+ this.policyFinderModule.updatePolicy(policy, policyMetaData);
+ }
+ }
+
+ /**
+ * Deletes the specified Policy from storage
+ *
+ * @param policyUri
+ * unique identifier for the Policy
+ */
+ public void deletePolicy(String policyUri) throws PolicyServerException
+ {
try
{
- Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(),
- policyMetaData);
-
- // Save the policy in the Policy Store
- this.policyStore.savePolicy(policy);
-
- // Update the PolicyFinder's runtime state with this new policy
- this.policyFinderModule.addPolicy(policy);
-
- // Update the DroolsRuleManager's runtime state with any Drools based
- // expressions if they are part of this new policy
- Set<Rule> rules = policyMetaData.getRules();
- for (Rule rule : rules)
- {
- Object expression = rule.getExpression();
- if (expression instanceof DroolsRuleExpression)
- {
- this.ruleManager.addRule((DroolsRuleExpression) expression);
- }
- }
+ this.policyFinderModule.deletePolicy(this.policyStore.readPolicy(policyUri));
}
catch (PolicyException pe)
{
throw new PolicyServerException(pe);
}
}
-
+
/**
* Returns all the stored Policies for the system
*
@@ -209,20 +212,47 @@
}
/**
- * Deletes the specified Policy from storage
+ * Finds the Policy associated with the specified URIResource
*
- * @param policyUri
- * unique identifier for the Policy
+ * @param uriResource
+ * @return
+ * @throws PolicyException
*/
- public void deletePolicy(String policyUri) throws PolicyServerException
+ public Policy findByResource(Attribute resourceAttribute) throws PolicyServerException
{
try
{
- this.policyStore.deletePolicy(policyUri);
+ return this.policyStore.findByResource(resourceAttribute);
}
catch (PolicyException pe)
{
throw new PolicyServerException(pe);
}
}
+ // --------------------------------------------------------------------------------------------------------------------------------------------
+ private Policy findPolicy(PolicyMetaData policyMetaData)
+ {
+ Target policyTarget = policyMetaData.getTarget();
+ if(policyTarget.getResourceMatches()==null || policyTarget.getResourceMatches().isEmpty())
+ {
+ throw new IllegalArgumentException("Invalid Policy Structure. A Policy without any Resource Matching Rules is not Supported!!");
+ }
+
+ for(AttributeExpression resourceMatch: policyTarget.getResourceMatches())
+ {
+ try
+ {
+ Policy policy = this.findByResource(resourceMatch.getAttribute());
+ if(policy != null)
+ {
+ return policy;
+ }
+ }
+ catch(Throwable t)
+ {
+ continue;
+ }
+ }
+ return null;
+ }
}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DynamicPolicyCollection.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -0,0 +1,69 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.Iterator;
+import java.util.TreeSet;
+
+import org.jboss.security.xacml.sunxacml.support.finder.PolicyCollection;
+import org.jboss.security.xacml.sunxacml.AbstractPolicy;
+
+/**
+ * For now, just non-versioned version
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class DynamicPolicyCollection extends PolicyCollection
+{
+ /**
+ * Removes the specified Policy from being processed
+ *
+ * @param policy
+ */
+ public void deactivate(String policyUri)
+ {
+ this.policies.remove(policyUri);
+ }
+
+ /**
+ *
+ * @param policyUri
+ * @return
+ */
+ public AbstractPolicy getPolicy(String policyUri)
+ {
+ TreeSet set = (TreeSet) (policies.get(policyUri));
+ if (set == null)
+ {
+ return null;
+ }
+
+ Iterator it = set.iterator();
+ while (it.hasNext())
+ {
+ AbstractPolicy policy = (AbstractPolicy) (it.next());
+ return policy;
+ }
+
+ return null;
+ }
+}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -28,166 +28,279 @@
import org.apache.log4j.Logger;
+import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.policy.server.spi.PolicyStore;
import org.jboss.security.authz.policy.server.PolicyServerException;
+import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinder;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderResult;
import org.jboss.security.xacml.sunxacml.support.finder.PolicyReader;
-import org.jboss.security.xacml.sunxacml.support.finder.PolicyCollection;
import org.jboss.security.xacml.sunxacml.support.finder.TopLevelPolicyException;
import org.jboss.security.xacml.sunxacml.AbstractPolicy;
/**
- * A production ready Enterprise Policy Finder that would be used by the Policy Server/PDP component.
+ * A production ready Enterprise Policy Finder that would be used by the Policy
+ * Server/PDP component.
*
- * It is designed for being production ready from a performance/scalability/clustering standpoint
+ * It is designed for being production ready from a
+ * performance/scalability/clustering standpoint
*
- * This particular version will provide performance enhancement by the use of a clustered cache based on JBoss Cache
- * The actual storage of the policies will be done within a relational database
+ * This particular version will provide performance enhancement by the use of a
+ * clustered cache based on JBoss Cache The actual storage of the policies will
+ * be done within a relational database
*
- * This also allows for runtime modification of Security Policies without requiring any restart/refresh of the Applications
+ * This also allows for runtime modification of Security Policies without
+ * requiring any restart/refresh of the Applications
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
+ *
+ * TODO: Transactional Integrity and proper Concurrency when Updating the State of the Rule Engine
+ *
*/
public class EnterprisePolicyFinderModule extends PolicyFinderModule
{
- private static Logger log = Logger.getLogger(EnterprisePolicyFinderModule.class);
-
- private PolicyReader reader;
- private PolicyCollection policies;
+ private static Logger log = Logger
+ .getLogger(EnterprisePolicyFinderModule.class);
+
+ private PolicyReader reader;
private PolicyStore policyStore;
+ private DroolsRuleManager ruleManager;
+ private DynamicPolicyCollection policies;
+
public EnterprisePolicyFinderModule()
{
- this.policies = new PolicyCollection();
+ this.policies = new DynamicPolicyCollection();
}
-
+
+ public PolicyStore getPolicyStore()
+ {
+ return policyStore;
+ }
+
+ public void setPolicyStore(PolicyStore policyStore)
+ {
+ this.policyStore = policyStore;
+ }
+
+ public DroolsRuleManager getRuleManager()
+ {
+ return ruleManager;
+ }
+
+ public void setRuleManager(DroolsRuleManager ruleManager)
+ {
+ this.ruleManager = ruleManager;
+ }
+ // -----------PolicyFinderModule
+ // Implementation------------------------------------------------------------------------------------------------------------
+ /**
+ * Initializes this module for use by the given finder. Typically this is
+ * called when a <code>PDP</code> is initialized with a <code>PDPConfig</code>
+ * containing the given <code>PolicyFinder</code>. Because
+ * <code>PolicyFinderModule</code>s usually need to parse policies, and this
+ * requires knowing their <code>PolicyFinder<code>,
+ * parsing is usually done at or after this point in the lifetime
+ * of this module. This might also be a good time to reset any internal
+ * caches or temporary data. Note that this method may be called more
+ * than once in the lifetime of a module.
+ *
+ * @param finder
+ * the <code>PolicyFinder</code> using this module
+ */
+ public void init(PolicyFinder finder)
+ {
+ this.reader = new PolicyReader(finder, java.util.logging.Logger
+ .getLogger(this.getClass().getName()));
+ }
+
+ /**
+ * Returns true if the module supports finding policies based on a request
+ * (ie, target matching). By default this method returns false.
+ *
+ * @return true if request retrieval is supported
+ */
+ public boolean isRequestSupported()
+ {
+ return true;
+ }
+
+ /**
+ * Tries to find one and only one matching policy given the request
+ * represented by the context data. If more than one policy is found, this is
+ * an error and must be reported as such. If no policies are found, then an
+ * empty result must be returned. By default this method returns an empty
+ * result. This method should never return null.
+ *
+ * @param context
+ * the representation of the request
+ *
+ * @return the result of looking for a matching policy
+ */
+ public PolicyFinderResult findPolicy(EvaluationCtx context)
+ {
+ try
+ {
+ AbstractPolicy policy = this.policies.getPolicy(context);
+ if (policy == null)
+ {
+ return new PolicyFinderResult();
+ }
+ else
+ {
+ return new PolicyFinderResult(policy);
+ }
+ }
+ catch (TopLevelPolicyException e)
+ {
+ return new PolicyFinderResult(e.getStatus());
+ }
+ }
+ // ------------------------------------------------------------------------------------------------------------------------------------------
public void bootup() throws PolicyServerException
{
try
{
- //Load the persisted Policies into the Finder's memory
- log.info("------------------------------------------------------------------");
- log.info("Booting Up the Policy Rule Engine.................................");
+ // Load the persisted Policies into the Finder's memory
+ log
+ .info("------------------------------------------------------------------");
+ log
+ .info("Booting Up the Policy Rule Engine.................................");
Set<Policy> allPolicies = this.policyStore.readAllPolicies();
- if(allPolicies != null)
+ if (allPolicies != null)
{
- for(Policy policy: allPolicies)
+ for (Policy policy : allPolicies)
{
- this.addPolicy(policy);
+ this.injectPolicy(policy);
}
- log.info("Rule Engine successfully started with ["+allPolicies.size()+"] stored Policies");
- }
- log.info("------------------------------------------------------------------");
+ log.info("Rule Engine successfully started with [" + allPolicies.size()
+ + "] stored Policies");
+ }
+ log
+ .info("------------------------------------------------------------------");
}
- catch(Throwable t)
+ catch (Throwable t)
{
log.error(this, t);
throw new PolicyServerException(t);
}
}
- public void addPolicy(Policy policy) throws PolicyServerException
+ public void newPolicy(PolicyMetaData policyMetaData) throws PolicyServerException
{
+ try
+ {
+ Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(),
+ policyMetaData);
+
+ // Save the policy in the Policy Store
+ this.policyStore.savePolicy(policy);
+
+ // Inject the new Policy into the Rule Engine
+ this.injectPolicy(policy);
+
+ // Update the DroolsRuleManager's runtime state with any Drools based
+ // expressions if they are part of this new policy
+ Set<Rule> rules = policyMetaData.getRules();
+ for (Rule rule : rules)
+ {
+ Object expression = rule.getExpression();
+ if (expression instanceof DroolsRuleExpression)
+ {
+ this.ruleManager.addRule((DroolsRuleExpression) expression);
+ }
+ }
+ }
+ catch (Throwable t)
+ {
+ log.error(this, t);
+ throw new PolicyServerException(t);
+ }
+ }
+
+ public void updatePolicy(Policy oldPolicy, PolicyMetaData newPolicy) throws PolicyServerException
+ {
+ this.deletePolicy(oldPolicy);
+
+ //TODO: This hot deployment should be done out-of-band
+ //and new policy should then be deployed into the rule engine
+ this.newPolicy(newPolicy);
+ }
+
+ public void deletePolicy(Policy policy) throws PolicyServerException
+ {
+ try
+ {
+ AbstractPolicy activePolicy = this.policies.getPolicy(policy.getPolicyUri());
+
+ //Deactivate this Policy
+ if(activePolicy != null)
+ {
+ //First deactivate this policy
+ this.policies.deactivate(policy.getPolicyUri());
+
+
+ //Delete any DroolsExpressions associated with this Policy from the Drools Manager
+ if(policy.getMetaData().getRules()!=null)
+ {
+ for(Rule policyRule: policy.getMetaData().getRules())
+ {
+ Expression ruleExpression = policyRule.getExpression();
+ if(ruleExpression instanceof DroolsRuleExpression)
+ {
+ this.ruleManager.removeRule(((DroolsRuleExpression) ruleExpression).getRuleReference());
+ }
+ }
+ }
+
+ //Delete this Policy from the Policy Store
+ this.policyStore.deletePolicy(policy.getPolicyUri());
+ }
+ }
+ catch (PolicyException pe)
+ {
+ throw new PolicyServerException(pe);
+ }
+ }
+ //-------------------------------------------------------------------------------------------------------------------------------------------
+ private void injectPolicy(Policy policy) throws PolicyServerException
+ {
ByteArrayInputStream bos = null;
try
{
String xacmlPolicyStr = policy.generateSystemPolicy();
bos = new ByteArrayInputStream(xacmlPolicyStr.getBytes());
-
-
+
AbstractPolicy xacmlPolicy = this.reader.readPolicy(bos);
this.policies.addPolicy(xacmlPolicy);
}
- catch(Exception e)
+ catch (Exception e)
{
log.error(this, e);
throw new PolicyServerException(e);
}
finally
{
- if(bos != null)
+ if (bos != null)
{
try
{
bos.close();
- }catch(IOException ioe){}
+ }
+ catch (IOException ioe)
+ {
+ }
}
}
- }
-
- public PolicyStore getPolicyStore()
- {
- return policyStore;
- }
-
- public void setPolicyStore(PolicyStore policyStore)
- {
- this.policyStore = policyStore;
- }
- //-----------PolicyFinderModule Implementation------------------------------------------------------------------------------------------------------------
- /**
- * Initializes this module for use by the given finder. Typically this
- * is called when a <code>PDP</code> is initialized with a
- * <code>PDPConfig</code> containing the given <code>PolicyFinder</code>.
- * Because <code>PolicyFinderModule</code>s usually need to parse
- * policies, and this requires knowing their <code>PolicyFinder<code>,
- * parsing is usually done at or after this point in the lifetime
- * of this module. This might also be a good time to reset any internal
- * caches or temporary data. Note that this method may be called more
- * than once in the lifetime of a module.
- *
- * @param finder the <code>PolicyFinder</code> using this module
- */
- public void init(PolicyFinder finder)
- {
- this.reader = new PolicyReader(finder, java.util.logging.Logger.getLogger(this.getClass().getName()));
- }
-
- /**
- * Returns true if the module supports finding policies based on a
- * request (ie, target matching). By default this method returns false.
- *
- * @return true if request retrieval is supported
- */
- public boolean isRequestSupported()
- {
- return true;
- }
-
- /**
- * Tries to find one and only one matching policy given the request
- * represented by the context data. If more than one policy is found,
- * this is an error and must be reported as such. If no policies are
- * found, then an empty result must be returned. By default this
- * method returns an empty result. This method should never return null.
- *
- * @param context the representation of the request
- *
- * @return the result of looking for a matching policy
- */
- public PolicyFinderResult findPolicy(EvaluationCtx context)
- {
- try
- {
- AbstractPolicy policy = this.policies.getPolicy(context);
- if (policy == null)
- {
- return new PolicyFinderResult();
- }
- else
- {
- return new PolicyFinderResult(policy);
- }
- }
- catch (TopLevelPolicyException e)
- {
- return new PolicyFinderResult(e.getStatus());
- }
- }
+ }
}
\ No newline at end of file
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -32,7 +32,6 @@
import org.hibernate.Transaction;
-import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.Attribute;
@@ -196,8 +195,87 @@
* @return
* @throws PolicyException
*/
- public Policy find(URIResource uriResource) throws PolicyException
+ public Policy findByResource(Attribute resourceAttribute) throws PolicyException
{
- return null;
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = this.hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ Object[] result = (Object[])session.createQuery("from XACMLPolicy policy " +
+ "join policy.metaData.target.resourceMatches match " +
+ "where match.attribute.uri=? and match.attribute.value=?").
+ setString(0, resourceAttribute.getUri()).setString(1, resourceAttribute.getValue()).uniqueResult();
+
+ if(result != null)
+ {
+ for(Object object: result)
+ {
+ if(object instanceof Policy)
+ {
+ return (Policy)object;
+ }
+ }
+ }
+
+ tx.commit();
+
+ return null;
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
}
+
+ /**
+ * Returns the Policy with the specified unique policy uri
+ *
+ * @param policyUri
+ * @return
+ * @throws PolicyException
+ */
+ public Policy readPolicy(String policyUri) throws PolicyException
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = this.hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ Policy policy = (Policy)session.createQuery("from XACMLPolicy where policyUri=?").
+ setString(0, policyUri).uniqueResult();
+
+ tx.commit();
+
+ return policy;
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
+ }
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-08-08 09:55:51 UTC (rev 13702)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-08-08 15:16:40 UTC (rev 13703)
@@ -26,9 +26,8 @@
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.Attribute;
-import org.jboss.security.authz.components.resource.URIResource;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
@@ -42,7 +41,7 @@
* @return
* @throws PolicyException
*/
- public Policy find(URIResource uriResource) throws PolicyException;
+ public Policy findByResource(Attribute resourceAttribute) throws PolicyException;
/**
* Returns all the stored Policies for the system
@@ -50,6 +49,15 @@
* @return all the stored Policies
*/
public Set<Policy> readAllPolicies() throws PolicyException;
+
+ /**
+ * Returns the Policy with the specified unique policy uri
+ *
+ * @param policyUri
+ * @return
+ * @throws PolicyException
+ */
+ public Policy readPolicy(String policyUri) throws PolicyException;
/**
* Saves a Policy into storage. If this policy already exists in storage, then
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13702 - tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium.
by portal-commits@lists.jboss.org
Author: vrockai
Date: 2009-08-08 05:55:51 -0400 (Sat, 08 Aug 2009)
New Revision: 13702
Modified:
tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties
Log:
[selenium] - longer timeouts
Modified: tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties 2009-08-07 22:23:24 UTC (rev 13701)
+++ tags/Enterprise_Portal_Platform_4_3_GA_CP02/testsuite/ui-tests/src/org/jboss/portal/test/selenium/assert.properties 2009-08-08 09:55:51 UTC (rev 13702)
@@ -1,5 +1,5 @@
-selenium.timeout.page=180000
-selenium.timeout.ajax=3000
+selenium.timeout.page=240000
+selenium.timeout.ajax=6000
selenium.timeout.elem=220
portal.xxs.1=/Dave</option><script>alert(document.cookie);</script>
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13701 - in modules/authorization/trunk: agent/src/test/java/org/jboss/security/authz/agent/features and 11 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-07 18:23:24 -0400 (Fri, 07 Aug 2009)
New Revision: 13701
Added:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java
Removed:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
Log:
Better Provisioning Phase related services
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.authz.agent.provisioning;
+import java.util.Set;
+
import org.apache.log4j.Logger;
import org.jboss.security.authz.agent.services.CompositionContext;
@@ -57,7 +59,6 @@
this.policyServer = policyServer;
}
-
public PolicyComposer getPolicyComposer()
{
return policyComposer;
@@ -67,27 +68,36 @@
{
this.policyComposer = policyComposer;
}
+
// --------PolicyProvisioner
// implementation-----------------------------------------------------------------------------------------------------------------------------------------------------------
- public void newPolicy(PolicyMetaData policyMetaData)
+ /**
+ * Composes a Policy based on the "Security Components" inside the composition
+ * context and *hot deploys* it to the Policy Server
+ *
+ * @param compositionContext
+ * @throws ProvisioningException
+ */
+ public void deploy(CompositionContext compositionContext)
throws ProvisioningException
{
- try
- {
- this.policyServer.newPolicy(policyMetaData);
- }
- catch (PolicyServerException pe)
- {
- log.error(this, pe);
- throw new ProvisioningException(pe);
- }
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(compositionContext);
+ this.deploy(policyMetaData);
}
- public Policy[] readAllPolicies() throws ProvisioningException
+ /**
+ * *Hot Deploys* the Policy into the Policy Server
+ *
+ * @param policyMetaData
+ * @throws ProvisioningException
+ */
+ public void deploy(PolicyMetaData policyMetaData)
+ throws ProvisioningException
{
try
{
- return this.policyServer.readAllPolicies();
+ this.policyServer.deploy(policyMetaData);
}
catch (PolicyServerException pe)
{
@@ -96,11 +106,16 @@
}
}
- public Policy readPolicy(String policyUri) throws ProvisioningException
+ /**
+ * Returns all the stored Policies for the system
+ *
+ * @return all the stored Policies
+ */
+ public Set<Policy> readAllPolicies() throws ProvisioningException
{
try
{
- return this.policyServer.readPolicy(policyUri);
+ return this.policyServer.readAllPolicies();
}
catch (PolicyServerException pe)
{
@@ -109,33 +124,32 @@
}
}
- public void deletePolicy(String policyUri) throws ProvisioningException
+ /**
+ * Finds a set Policies based on Matching Criteria provided in the
+ * Provisioning Context
+ *
+ * @param provisioningContext
+ * - Information to find Policies that match
+ * @return
+ * @throws ProvisioningException
+ */
+ public Set<Policy> find(ProvisioningContext provisioningContext)
+ throws ProvisioningException
{
- try
- {
- this.policyServer.deletePolicy(policyUri);
- }
- catch (PolicyServerException pe)
- {
- log.error(this, pe);
- throw new ProvisioningException(pe);
- }
+ return null;
}
/**
- * Composes a Policy based on the "Security Components" inside the composition
- * context and deploys it to the Policy Server
+ * Deletes the specified Policy from storage
*
- * @param compositionContext
- * @throws ProvisioningException
+ * @param policyUri
+ * unique identifier for the Policy
*/
- public void composeAndDeploy(CompositionContext compositionContext)
- throws ProvisioningException
+ public void deletePolicy(String policyUri) throws ProvisioningException
{
try
{
- PolicyMetaData policyMetaData = this.policyComposer.compose(compositionContext);
- this.policyServer.newPolicy(policyMetaData);
+ this.policyServer.deletePolicy(policyUri);
}
catch (PolicyServerException pe)
{
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -21,9 +21,10 @@
*/
package org.jboss.security.authz.agent.provisioning;
+import java.util.Set;
+
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-
import org.jboss.security.authz.agent.services.CompositionContext;
/**
@@ -32,45 +33,45 @@
public interface PolicyProvisioner
{
/**
- * Generates a new Policy instance based on the supplied MetaData and stores
- * it into the Policy Store
+ * Composes a Policy based on the "Security Components" inside the composition
+ * context and *hot deploys* it to the Policy Server
*
- * @param policyMetaData
- * meta data for the policy to be created
+ * @param compositionContext
+ * @throws ProvisioningException
*/
- public void newPolicy(PolicyMetaData policyMetaData)
+ public void deploy(CompositionContext compositionContext)
throws ProvisioningException;
-
+
/**
- * Read a stored Policy identified by the unique policyUri
+ * *Hot Deploys* the Policy into the Policy Server
*
- * @param policyUri
- * @return a stored Policy
+ * @param policyMetaData
+ * @throws ProvisioningException
*/
- public Policy readPolicy(String policyUri) throws ProvisioningException;
-
+ public void deploy(PolicyMetaData policyMetaData) throws ProvisioningException;
+
/**
* Returns all the stored Policies for the system
*
* @return all the stored Policies
*/
- public Policy[] readAllPolicies() throws ProvisioningException;
-
+ public Set<Policy> readAllPolicies() throws ProvisioningException;
+
/**
+ * Finds a set Policies based on Matching Criteria provided in the Provisioning Context
+ *
+ * @param provisioningContext - Information to find Policies that match
+ * @return
+ * @throws ProvisioningException
+ */
+ public Set<Policy> find(ProvisioningContext provisioningContext) throws ProvisioningException;
+
+
+ /**
* Deletes the specified Policy from storage
*
* @param policyUri
* unique identifier for the Policy
*/
public void deletePolicy(String policyUri) throws ProvisioningException;
-
- /**
- * Composes a Policy based on the "Security Components" inside the composition
- * context and deploys it to the Policy Server
- *
- * @param compositionContext
- * @throws ProvisioningException
- */
- public void composeAndDeploy(CompositionContext compositionContext)
- throws ProvisioningException;
}
Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java (rev 0)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -0,0 +1,70 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.agent.provisioning;
+
+import java.io.Serializable;
+import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class ProvisioningContext implements Serializable
+{
+ private Map<String, Object> attributes;
+
+ public ProvisioningContext()
+ {
+ this.attributes = new HashMap<String, Object>();
+ }
+
+ public Object getAttribute(String name)
+ {
+ return this.attributes.get(name);
+ }
+
+ public void setAttribute(String name, Object attribute)
+ {
+ this.attributes.put(name, attribute);
+ }
+
+ public Set<String> getNames()
+ {
+ return this.attributes.keySet();
+ }
+
+ public Object[] getValues()
+ {
+ return this.attributes.values().toArray();
+ }
+
+ public void clear(String name)
+ {
+ this.attributes.remove(name);
+ }
+
+ public void clearAll()
+ {
+ this.attributes.clear();
+ }
+}
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.authz.agent.features;
+import java.util.Set;
+
import junit.framework.TestCase;
import org.apache.log4j.Logger;
@@ -68,9 +70,9 @@
protected void assertServerState() throws Exception
{
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length > 0));
+ assertTrue("Policy Store must not be empty!!", (policies != null && !policies.isEmpty()));
for(Policy policy: policies)
{
log.info("------------------------------------------------------------------------------");
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -41,6 +41,16 @@
import org.jboss.security.authz.agent.services.PolicyComposer;
/**
+ * TODO: fix this test and called TestBootUp. This tests loading the RuleEngine with Policies persisted in a database on Policy Server bootup
+ * This has issues with the testsuite that runs with <property name="hbm2ddl.auto">create</property> property
+ *
+ * This test needs it to be update
+ *
+ * Need a creative way to hack around the HibernateService in the Policy Server.
+ *
+ * No time to think of this right now, since need to move on
+ *
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public class Blah extends AbstractFeatureTest
@@ -125,10 +135,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
-
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
}
finally
{
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -58,9 +58,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -58,9 +58,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -88,9 +87,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -119,9 +117,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -149,9 +146,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -180,9 +176,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Setup denied policy
resource = new URIResource();
@@ -196,9 +191,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
- // Store the policy into the Policy Server
- policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
@@ -227,7 +221,7 @@
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(context);
// Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
@@ -253,9 +247,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.PERMIT, action, identity, null);
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -58,9 +58,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -85,9 +84,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -112,9 +110,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -57,9 +57,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -89,9 +88,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Servers
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -121,9 +119,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -153,9 +150,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -185,9 +181,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Setup denied policy....User can only read level2
resource = new URIResource();
@@ -200,9 +195,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.PERMIT, read, allowedRoles, "allowExpression");
- // Store the policy into the Policy Server
- policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Go ahead and produce a RequestContext for a "Permit" Enforcement
// Trying to "Write" to level2 should be Denied
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -4,6 +4,7 @@
package org.jboss.security.authz.agent.test;
import java.net.URI;
+import java.util.Set;
import junit.framework.TestCase;
import org.apache.log4j.Logger;
@@ -69,9 +70,9 @@
protected void assertServerState() throws Exception
{
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length >0));
+ assertTrue("Policy Store must not be empty!!", (policies != null && !policies.isEmpty()));
log.info("------------------------------------------------------------------------------");
for(Policy policy: policies)
{
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -67,9 +67,8 @@
context.addPolicyRule(Effect.PERMIT, action, sysadmin, "allowExpression");
context.addPolicyRule(Effect.PERMIT, action, identity);
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
}
}
Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -28,6 +28,8 @@
import java.io.InputStream;
import java.util.List;
import java.util.ArrayList;
+import java.util.Set;
+import java.util.HashSet;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -39,10 +41,7 @@
import org.w3c.dom.NodeList;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
import org.jboss.security.authz.http.component.resource.HttpResource;
@@ -58,225 +57,242 @@
import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.agent.services.PolicyComposer;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public class HttpPolicyConfig implements PolicyConfig
{
- private static Logger log = Logger.getLogger(HttpPolicyConfig.class);
-
- private PolicyComposer policyComposer;
-
-
- public PolicyComposer getPolicyComposer()
- {
- return policyComposer;
- }
-
- public void setPolicyComposer(PolicyComposer policyComposer)
- {
- this.policyComposer = policyComposer;
- }
-
- /**
- * Configures the Policy instances that can be represented in system level XACML format. The easyDomainXml is a user friendly XML configuration that is within the context
- * of the application tier being protected. For instance, to apply Access Control at the web tier, the XML configuration would consist of Resources and
- * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest parameters, HTTP actions like GET, POST, PUT, etc
- *
- * @param easyDomainXml User Friendly XML configuration within the context of the Application being protected
- * @return a fully configured Policy instance
- */
- public Policy[] configure(String easyDomainXml)
- {
- InputStream xmlStream = null;
- try
- {
- Policy[] policies = null;
-
- List<Policy> cour = new ArrayList<Policy>();
- xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
- DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- Document document = builder.parse(xmlStream);
-
- NodeList securityConstraints = document.getElementsByTagName("security-constraint");
- for(int i=0, length=securityConstraints.getLength(); i< length; i++)
- {
- Element securityConstraint = (Element)securityConstraints.item(i);
-
- //Parse out information related to access control based on user roles
- NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
- Roles allowRoles = new Roles();
- Roles denyRoles = new Roles();
- if(roleNodes != null)
- {
- for(int j=0; j<roleNodes.getLength(); j++)
- {
- boolean allow = true;
- Element roles = (Element)roleNodes.item(j);
-
- allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
-
- NodeList roleNames = roles.getElementsByTagName("role-name");
- if(roleNames != null)
- {
- for(int k=0; k<roleNames.getLength(); k++)
- {
- Element roleName = (Element)roleNames.item(k);
- String role = roleName.getTextContent().trim();
-
- if(allow)
- {
- allowRoles.addName(role);
- }
- else
- {
- denyRoles.addName(role);
- }
- }
- }
- }
- }
-
- //Parse out the resources and actions upon which the Policies must be created
- Element webResourceCollection = (Element)securityConstraint.getElementsByTagName("web-resource-collection").item(0);
- NodeList resources = webResourceCollection.getElementsByTagName("web-resource");
- if (resources != null)
- {
- for (int j = 0; j < resources.getLength(); j++)
+ private static Logger log = Logger.getLogger(HttpPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+
+ public PolicyComposer getPolicyComposer()
+ {
+ return policyComposer;
+ }
+
+ public void setPolicyComposer(PolicyComposer policyComposer)
+ {
+ this.policyComposer = policyComposer;
+ }
+
+ /**
+ * Configures the Policy instances that can be represented in system level
+ * XACML format. The easyDomainXml is a user friendly XML configuration that
+ * is within the context of the application tier being protected. For
+ * instance, to apply Access Control at the web tier, the XML configuration
+ * would consist of Resources and Actions in the context of the Web Tier such
+ * as HTTP Uris, HttpServletRequest parameters, HTTP actions like GET, POST,
+ * PUT, etc
+ *
+ * @param easyDomainXml
+ * User Friendly XML configuration within the context of the
+ * Application being protected
+ * @return a fully configured Policy instance
+ */
+ public Set<PolicyMetaData> configure(String easyDomainXml)
+ {
+ InputStream xmlStream = null;
+ try
+ {
+ Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
+
+ xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder();
+ Document document = builder.parse(xmlStream);
+
+ NodeList securityConstraints = document
+ .getElementsByTagName("security-constraint");
+ for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
+ {
+ Element securityConstraint = (Element) securityConstraints.item(i);
+
+ // Parse out information related to access control based on user roles
+ NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
+ Roles allowRoles = new Roles();
+ Roles denyRoles = new Roles();
+ if (roleNodes != null)
{
- //SetUp the Http Resource
- HttpResource policyResource = new HttpResource();
- Element webResource = (Element) resources.item(j);
- Element urlPattern = (Element) webResource
- .getElementsByTagName("url-pattern").item(0);
+ for (int j = 0; j < roleNodes.getLength(); j++)
+ {
+ boolean allow = true;
+ Element roles = (Element) roleNodes.item(j);
- policyResource.setUri(new URI(urlPattern
- .getTextContent().trim()));
- this.parseParameters(policyResource, webResource);
+ allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
- //Setup the Action Targets to be secured on this resource
- List<Operation> secureActions = this.parseSecureWebActions(webResource);
-
- if(secureActions != null)
- {
- //SetUp Policy Composition Context
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(policyResource);
- for(Operation secureAction: secureActions)
+ NodeList roleNames = roles.getElementsByTagName("role-name");
+ if (roleNames != null)
{
- if(!allowRoles.isEmpty())
+ for (int k = 0; k < roleNames.getLength(); k++)
{
- context.addPolicyRule(Effect.PERMIT, secureAction, allowRoles, "allowExpression");
+ Element roleName = (Element) roleNames.item(k);
+ String role = roleName.getTextContent().trim();
+
+ if (allow)
+ {
+ allowRoles.addName(role);
+ }
+ else
+ {
+ denyRoles.addName(role);
+ }
}
-
- if(!denyRoles.isEmpty())
+ }
+ }
+ }
+
+ // Parse out the resources and actions upon which the Policies must be
+ // created
+ Element webResourceCollection = (Element) securityConstraint
+ .getElementsByTagName("web-resource-collection").item(0);
+ NodeList resources = webResourceCollection
+ .getElementsByTagName("web-resource");
+ if (resources != null)
+ {
+ for (int j = 0; j < resources.getLength(); j++)
+ {
+ // SetUp the Http Resource
+ HttpResource policyResource = new HttpResource();
+ Element webResource = (Element) resources.item(j);
+ Element urlPattern = (Element) webResource.getElementsByTagName(
+ "url-pattern").item(0);
+
+ policyResource.setUri(new URI(urlPattern.getTextContent().trim()));
+ this.parseParameters(policyResource, webResource);
+
+ // Setup the Action Targets to be secured on this resource
+ List<Operation> secureActions = this
+ .parseSecureWebActions(webResource);
+
+ if (secureActions != null)
+ {
+ // SetUp Policy Composition Context
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ for (Operation secureAction : secureActions)
{
- context.addPolicyRule(Effect.DENY, secureAction, denyRoles, "denyExpression");
+ if (!allowRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, secureAction,
+ allowRoles, "allowExpression");
+ }
+
+ if (!denyRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.DENY, secureAction, denyRoles,
+ "denyExpression");
+ }
}
+
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
}
-
- //Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- cour.add(new XACMLPolicy(GeneralTool.generateUniqueId(), policyMetaData));
}
}
- }
- }
-
- policies = cour.toArray(new Policy[0]);
-
- return policies;
- }
- catch(Exception e)
- {
- log.error(this, e);
- throw new RuntimeException(e);
- }
- finally
- {
- try
- {
- if(xmlStream != null)
- {
- xmlStream.close();
- }
- }catch(IOException ioe){log.warn(this, ioe);}
- }
- }
- //XML Configuration Parsing----------------------------------------------------------------------------------------------------------------------------------------------------
- private void parseParameters(HttpResource policyResource, Element webResource) throws Exception
- {
- //Process Parameters
- Element parameters = (Element)webResource.getElementsByTagName("parameters").item(0);
- if(parameters != null)
- {
- NodeList params = parameters.getElementsByTagName("parameter");
- if(params != null)
- {
- for(int i=0, length=params.getLength(); i<length; i++)
- {
- Element parameter = (Element)params.item(i);
-
- String name = parameter.getAttribute("name").trim();
- String value = parameter.getTextContent().trim();
-
- policyResource.addParameter(name, value);
- }
- }
- }
- }
-
- private List<Operation> parseSecureWebActions(Element webResource) throws Exception
- {
- List<Operation> secureWebActions = new ArrayList<Operation>();
-
- NodeList httpMethods = webResource.getElementsByTagName("http-method");
- if(httpMethods != null)
- {
- for(int i=0; i<httpMethods.getLength(); i++)
- {
- Element httpMethodElem = (Element)httpMethods.item(i);
-
- String httpMethod = httpMethodElem.getTextContent();
-
- if(httpMethod.equalsIgnoreCase("get"))
- {
- secureWebActions.add(new Get());
- }
- else if(httpMethod.equalsIgnoreCase("post"))
- {
- secureWebActions.add(new Post());
- }
- else if(httpMethod.equalsIgnoreCase("put"))
- {
- secureWebActions.add(new Put());
- }
- else if(httpMethod.equalsIgnoreCase("delete"))
- {
- secureWebActions.add(new Delete());
- }
- else if(httpMethod.equalsIgnoreCase("head"))
- {
- secureWebActions.add(new Head());
- }
- else if(httpMethod.equalsIgnoreCase("options"))
- {
- secureWebActions.add(new Options());
- }
- else if(httpMethod.equalsIgnoreCase("trace"))
- {
- secureWebActions.add(new Trace());
- }
- }
- }
-
- if(secureWebActions.isEmpty())
- {
- secureWebActions.add(new Get());
- }
-
- return secureWebActions;
- }
+ }
+ return policies;
+ }
+ catch (Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ try
+ {
+ if (xmlStream != null)
+ {
+ xmlStream.close();
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.warn(this, ioe);
+ }
+ }
+ }
+
+ // XML Configuration
+ // Parsing----------------------------------------------------------------------------------------------------------------------------------------------------
+ private void parseParameters(HttpResource policyResource, Element webResource)
+ throws Exception
+ {
+ // Process Parameters
+ Element parameters = (Element) webResource.getElementsByTagName(
+ "parameters").item(0);
+ if (parameters != null)
+ {
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if (params != null)
+ {
+ for (int i = 0, length = params.getLength(); i < length; i++)
+ {
+ Element parameter = (Element) params.item(i);
+
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
+
+ policyResource.addParameter(name, value);
+ }
+ }
+ }
+ }
+
+ private List<Operation> parseSecureWebActions(Element webResource)
+ throws Exception
+ {
+ List<Operation> secureWebActions = new ArrayList<Operation>();
+
+ NodeList httpMethods = webResource.getElementsByTagName("http-method");
+ if (httpMethods != null)
+ {
+ for (int i = 0; i < httpMethods.getLength(); i++)
+ {
+ Element httpMethodElem = (Element) httpMethods.item(i);
+
+ String httpMethod = httpMethodElem.getTextContent();
+
+ if (httpMethod.equalsIgnoreCase("get"))
+ {
+ secureWebActions.add(new Get());
+ }
+ else if (httpMethod.equalsIgnoreCase("post"))
+ {
+ secureWebActions.add(new Post());
+ }
+ else if (httpMethod.equalsIgnoreCase("put"))
+ {
+ secureWebActions.add(new Put());
+ }
+ else if (httpMethod.equalsIgnoreCase("delete"))
+ {
+ secureWebActions.add(new Delete());
+ }
+ else if (httpMethod.equalsIgnoreCase("head"))
+ {
+ secureWebActions.add(new Head());
+ }
+ else if (httpMethod.equalsIgnoreCase("options"))
+ {
+ secureWebActions.add(new Options());
+ }
+ else if (httpMethod.equalsIgnoreCase("trace"))
+ {
+ secureWebActions.add(new Trace());
+ }
+ }
+ }
+
+ if (secureWebActions.isEmpty())
+ {
+ secureWebActions.add(new Get());
+ }
+
+ return secureWebActions;
+ }
}
Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
===================================================================
--- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -26,6 +26,7 @@
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.net.URI;
+import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -55,7 +56,7 @@
import org.jboss.security.authz.http.component.resource.HttpResource;
import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.bootstrap.ServiceContainer;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
@@ -107,13 +108,12 @@
is = config.getServletContext().getResourceAsStream("/WEB-INF/http-policy.xml");
String httpPolicy = GeneralTool.readStream(is);
- Policy[] policies = policyConfig.configure(httpPolicy);
+ Set<PolicyMetaData> policies = policyConfig.configure(httpPolicy);
log.debug("----------------------------------------------------------");
- for(Policy policy: policies)
- {
- log.debug(policy.generateSystemPolicy());
- this.provisioner.newPolicy(policy.getMetaData());
+ for(PolicyMetaData policyMetaData: policies)
+ {
+ this.provisioner.deploy(policyMetaData);
}
log.debug("----------------------------------------------------------");
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.http.components;
import java.net.URI;
+import java.util.Set;
import org.apache.log4j.Logger;
@@ -80,16 +81,18 @@
context.setPolicyTarget(policyResource);
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression");
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null && !policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
//SetUp a Contextual HttpResource component representing an incoming request that needs authorization
//where access should be granted
@@ -140,16 +143,18 @@
context.setPolicyTarget(policyResource);
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression");
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null && !policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
//SetUp a Contextual HttpResource component representing an incoming request that needs authorization
//where access should not be granted
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.http.components;
import java.net.URI;
+import java.util.Set;
import org.apache.log4j.Logger;
@@ -79,16 +80,18 @@
context.setPolicyTarget(policyResource);
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression");
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null && !policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/devspace/wiki.html"));
@@ -117,15 +120,17 @@
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression");
//Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null && !policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/devspace/wiki.html"));
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.http.components;
import java.net.URI;
+import java.util.Set;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;
@@ -94,7 +95,7 @@
//this.provision("/prefix/url/index.html");
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
assertTrue("Policy Store must not be empty!!", (policies != null));
log.info("------------------------------------------------------------------------------");
@@ -173,7 +174,6 @@
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression");
//Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(context);
}
}
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
******************************************************************************/
package org.jboss.security.authz.http.provisioning;
+import java.util.Set;
import java.io.InputStream;
import java.net.URI;
@@ -41,6 +42,7 @@
import org.jboss.security.authz.http.component.action.Post;
import org.jboss.security.authz.http.component.resource.HttpResource;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.tools.GeneralTool;
@@ -72,21 +74,21 @@
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
- Policy[] policies = config.configure(GeneralTool.readStream(is));
+ Set<PolicyMetaData> metadata = config.configure(GeneralTool.readStream(is));
- assertNotNull(policies);
+ assertNotNull(metadata);
- for(Policy policy: policies)
+ for(PolicyMetaData policyMetaData: metadata)
{
- this.provisioner.newPolicy(policy.getMetaData());
+ this.provisioner.deploy(policyMetaData);
}
is.close();
//Assert Policy State of the Server
- policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", policies != null && policies.length > 0);
+ assertTrue("Policy Store must not be empty!!", policies != null && !policies.isEmpty());
for(Policy policy: policies)
{
log.info("------------------------------------------------------------------------------");
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -159,7 +159,7 @@
* @param policyMetaData
* meta data for the policy to be created
*/
- public void newPolicy(PolicyMetaData policyMetaData)
+ public void deploy(PolicyMetaData policyMetaData)
throws PolicyServerException
{
try
@@ -190,31 +190,13 @@
throw new PolicyServerException(pe);
}
}
-
+
/**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyServerException
- {
- try
- {
- return this.policyStore.readPolicy(policyUri);
- }
- catch (PolicyException pe)
- {
- throw new PolicyServerException(pe);
- }
- }
-
- /**
* Returns all the stored Policies for the system
*
* @return all the stored Policies
*/
- public Policy[] readAllPolicies() throws PolicyServerException
+ public Set<Policy> readAllPolicies() throws PolicyServerException
{
try
{
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.plugin;
+import java.util.Set;
import java.io.IOException;
import java.io.ByteArrayInputStream;
@@ -73,14 +74,14 @@
//Load the persisted Policies into the Finder's memory
log.info("------------------------------------------------------------------");
log.info("Booting Up the Policy Rule Engine.................................");
- Policy[] allPolicies = this.policyStore.readAllPolicies();
+ Set<Policy> allPolicies = this.policyStore.readAllPolicies();
if(allPolicies != null)
{
for(Policy policy: allPolicies)
{
this.addPolicy(policy);
}
- log.info("Rule Engine successfully started with ["+allPolicies.length+"] stored Policies");
+ log.info("Rule Engine successfully started with ["+allPolicies.size()+"] stored Policies");
}
log.info("------------------------------------------------------------------");
}
Deleted: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -1,102 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.provisioning;
-
-import java.util.Map;
-import java.util.HashMap;
-
-import org.apache.log4j.Logger;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.policy.server.spi.PolicyStore;
-
-/**
- * this method of Policy Storage is only for testing. In an Enterprise setup this would be replaced by a Database Policy Store
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class MemoryPolicyStore implements PolicyStore
-{
- private static Logger log = Logger.getLogger(MemoryPolicyStore.class);
-
- private Map<String, Policy> policies;
-
- public MemoryPolicyStore()
- {
- this.policies = new HashMap<String, Policy>();
- }
-
- public void start()
- {
- log.info("-----------------------------------------------------------------------");
- log.info("In-Memory Policy Store successfully started............................");
- log.info("-----------------------------------------------------------------------");
- }
-
- public void stop()
- {
-
- }
- //-----------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyException
- {
- return this.policies.get(policyUri);
- }
-
- /**
- * Returns all the stored Policies for the system
- *
- * @return all the stored Policies
- */
- public Policy[] readAllPolicies() throws PolicyException
- {
- return this.policies.values().toArray(new Policy[0]);
- }
-
- /**
- * Saves a Policy into storage. If this policy already exists in storage, then it updates it
- *
- * @param policy Policy to be saved into storage
- */
- public void savePolicy(Policy policy) throws PolicyException
- {
- this.policies.put(policy.getPolicyUri(), policy);
- }
-
- /**
- * Deletes the specified Policy from storage
- *
- * @param policyUri unique identifier for the Policy
- */
- public void deletePolicy(String policyUri) throws PolicyException
- {
- this.policies.remove(policyUri);
- }
-}
Deleted: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -1,128 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.provisioning;
-
-import java.io.BufferedInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.net.URL;
-
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-import org.jboss.security.authz.policy.server.spi.PolicyStore;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class PolicyDeployer
-{
- private static Logger log = Logger.getLogger(PolicyDeployer.class);
-
- private PolicyConfig configuration = null;
- private PolicyStore store = null;
-
- public PolicyDeployer()
- {
-
- }
-
- public PolicyConfig getConfiguration()
- {
- return configuration;
- }
-
- public void setConfiguration(PolicyConfig configuration)
- {
- this.configuration = configuration;
- }
-
- public PolicyStore getStore()
- {
- return store;
- }
-
- public void setStore(PolicyStore store)
- {
- this.store = store;
- }
-
- public void deploy(URL url) throws PolicyException
- {
- BufferedInputStream is = null;
- ByteArrayOutputStream bos = null;
- try
- {
- is = new BufferedInputStream(url.openStream());
- bos = new ByteArrayOutputStream();
-
- byte[] buffer = new byte[1024]; //using a 1K buffer
- int bytesRead = -1;
- while((bytesRead=is.read(buffer)) != -1)
- {
- bos.write(buffer, 0, bytesRead);
- }
-
- String deploymentXml = new String(bos.toByteArray());
-
- //Get Policy instances
- Policy[] policies = this.configuration.configure(deploymentXml);
-
- //Persist Policy instances into the Policy Store
- if(policies != null)
- {
- for(int i=0; i<policies.length; i++)
- {
- this.store.savePolicy(policies[i]);
- }
- }
- }
- catch(IOException ioe)
- {
- log.error(this, ioe);
- throw new PolicyException(ioe);
- }
- finally
- {
- try
- {
- if(is != null)
- {
- is.close();
- }
-
- if(bos != null)
- {
- bos.close();
- }
- }
- catch(IOException ioe)
- {
- log.warn(this, ioe);
- }
- }
- }
-}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -32,6 +32,7 @@
import org.hibernate.Transaction;
+import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.Attribute;
@@ -75,22 +76,11 @@
}
// -----------------------------------------------------------------------------------------------------------------------------------------------------------
/**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyException
- {
- return null;
- }
-
- /**
* Returns all the stored Policies for the system
*
* @return all the stored Policies
*/
- public Policy[] readAllPolicies() throws PolicyException
+ public Set<Policy> readAllPolicies() throws PolicyException
{
Session session = null;
Transaction tx = null;
@@ -102,10 +92,10 @@
List allPolicies = session.createQuery("from XACMLPolicy").list();
- Policy[] policies = null;
+ Set<Policy> policies = new HashSet<Policy>();
if(allPolicies != null && !allPolicies.isEmpty())
{
- policies = (Policy[])allPolicies.toArray(new Policy[allPolicies.size()]);
+ policies.addAll(allPolicies);
}
tx.commit();
@@ -199,9 +189,15 @@
}
}
//------------------------------------------------------------------------------------------------------------------------------------------------------------
- public Set<Policy> find(Set<Attribute> attributes) throws PolicyException
+ /**
+ * Finds the Policy associated with the specified URIResource
+ *
+ * @param uriResource
+ * @return
+ * @throws PolicyException
+ */
+ public Policy find(URIResource uriResource) throws PolicyException
{
- Set<Policy> policyPage = new HashSet<Policy>();
- return policyPage;
+ return null;
}
}
Deleted: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -1,56 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authz.policy.server.spi;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class Cursor
-{
- private int currentPosition;
- private int capacity;
-
- public Cursor()
- {
-
- }
-
- public int getCurrentPosition()
- {
- return currentPosition;
- }
-
- public void setCurrentPosition(int currentPosition)
- {
- this.currentPosition = currentPosition;
- }
-
- public int getCapacity()
- {
- return capacity;
- }
-
- public void setCapacity(int capacity)
- {
- this.capacity = capacity;
- }
-}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,7 +22,8 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.spi;
-import org.jboss.security.authz.model.Policy;
+import java.util.Set;
+import org.jboss.security.authz.model.PolicyMetaData;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -38,5 +39,5 @@
* @param easyDomainXml User Friendly XML configuration within the context of the Application being protected
* @return a fully configured Policy instance
*/
- public Policy[] configure(String easyDomainXml);
+ public Set<PolicyMetaData> configure(String easyDomainXml);
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -22,41 +22,49 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.spi;
+import java.util.Set;
+
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.components.resource.URIResource;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public interface PolicyStore
-{
- /**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyException;
-
- /**
- * Returns all the stored Policies for the system
- *
- * @return all the stored Policies
- */
- public Policy[] readAllPolicies() throws PolicyException;
-
- /**
- * Saves a Policy into storage. If this policy already exists in storage, then it updates it
- *
- * @param policy Policy to be saved into storage
- */
- public void savePolicy(Policy policy) throws PolicyException;
-
- /**
- * Deletes the specified Policy from storage
- *
- * @param policyUri unique identifier for the Policy
- */
- public void deletePolicy(String policyUri) throws PolicyException;
+{
+ /**
+ * Finds the Policy associated with the specified URIResource
+ *
+ * @param uriResource
+ * @return
+ * @throws PolicyException
+ */
+ public Policy find(URIResource uriResource) throws PolicyException;
+
+ /**
+ * Returns all the stored Policies for the system
+ *
+ * @return all the stored Policies
+ */
+ public Set<Policy> readAllPolicies() throws PolicyException;
+
+ /**
+ * Saves a Policy into storage. If this policy already exists in storage, then
+ * it updates it
+ *
+ * @param policy
+ * Policy to be saved into storage
+ */
+ public void savePolicy(Policy policy) throws PolicyException;
+
+ /**
+ * Deletes the specified Policy from storage
+ *
+ * @param policyUri
+ * unique identifier for the Policy
+ */
+ public void deletePolicy(String policyUri) throws PolicyException;
}
Modified: modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-07 22:23:24 UTC (rev 13701)
@@ -18,10 +18,7 @@
<bean name="/policy-server/PolicyDecisionPoint" class="org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint">
<property name="debug">true</property>
</bean>
-
- <bean name="/policy-server/PolicyDeployer" class="org.jboss.security.authz.policy.server.provisioning.PolicyDeployer">
- </bean>
-
+
<bean name="/policy-server/PolicyStore" class="org.jboss.security.authz.policy.server.provisioning.RelationalDBPolicyStore">
<property name="hibernateService">
<inject bean="/policy-server/HibernateService"/>
Modified: modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
--- modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2009-08-07 18:02:40 UTC (rev 13700)
+++ modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2009-08-07 22:23:24 UTC (rev 13701)
@@ -21,7 +21,9 @@
*/
package org.jboss.security.authz.portal.configuration;
-import org.jboss.security.authz.model.Policy;
+import java.util.Set;
+
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
/**
@@ -36,7 +38,7 @@
}
//-----PolicyConfig Implementation--------------------------------------------------------------------------------------------------------------------------
- public Policy[] configure(String easyDomainXml)
+ public Set<PolicyMetaData> configure(String easyDomainXml)
{
return null;
}
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13700 - in modules/authorization/trunk: agent/src/test/java/org/jboss/security/authz/agent/features and 12 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-07 14:02:40 -0400 (Fri, 07 Aug 2009)
New Revision: 13700
Added:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java
modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml
modules/authorization/trunk/http-profile/src/test/resources/hibernate.cfg.xml
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/bootstrap/ServiceContainer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
modules/authorization/trunk/policy-server/src/main/resources/policy.hbm.xml
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/provisioning/TestRelationalDBPolicyStore.java
Log:
Started Hibernate based RelationalDBPolicyStore implementation
* full testsuite success
Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
===================================================================
--- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -1,24 +1,24 @@
/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authz.agent.services;
import java.lang.reflect.Method;
@@ -41,176 +41,190 @@
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-class RuleComposition
+class RuleComposition
{
private static Logger log = Logger.getLogger(RuleComposition.class);
-
+
private String type;
private Object targetComponent;
private Object logicComponent;
private String expressionName;
private Effect effect;
-
+
RuleComposition()
{
-
+
}
- Object getTargetComponent()
+ Object getTargetComponent()
{
return targetComponent;
}
- void setTargetComponent(Object targetComponent)
+ void setTargetComponent(Object targetComponent)
{
this.targetComponent = targetComponent;
}
- Object getLogicComponent()
+ Object getLogicComponent()
{
return logicComponent;
}
- void setLogicComponent(Object logicComponent)
+ void setLogicComponent(Object logicComponent)
{
this.logicComponent = logicComponent;
}
-
- Effect getEffect()
+
+ Effect getEffect()
{
return effect;
}
- void setEffect(Effect effect)
+ void setEffect(Effect effect)
{
this.effect = effect;
}
-
- String getExpressionName()
+
+ String getExpressionName()
{
return expressionName;
}
- void setExpressionName(String expressionName)
+ void setExpressionName(String expressionName)
{
this.expressionName = expressionName;
}
-
- String getType()
+
+ String getType()
{
return type;
}
- void setType(String type)
+ void setType(String type)
{
this.type = type;
}
- //----------------------------------------------------------------------------------------------------------------------------------------------------------------
+
+ // ----------------------------------------------------------------------------------------------------------------------------------------------------------------
Set<Rule> compose()
{
- if(this.effect == null)
+ if (this.effect == null)
{
throw new IllegalStateException("Effect is missing!!");
}
-
- if(this.expressionName != null)
+
+ if (this.expressionName != null)
{
- if(this.logicComponent == null)
+ if (this.logicComponent == null)
{
throw new IllegalStateException("Logic Component is missing!!");
}
- }
-
+ }
+
try
{
Set<Rule> rules = new HashSet<Rule>();
-
+
Rule rule = new Rule();
-
+
rule.setRuleId(GeneralTool.generateUniqueId());
rule.setEffect(this.effect);
-
- //Generate the Target for this rule
+
+ // Generate the Target for this rule
Set<Target> impliedActions = new HashSet<Target>();
- if(this.targetComponent != null)
+ if (this.targetComponent != null)
{
TargetComposition targetComposition = new TargetComposition();
targetComposition.setTargetComponent(this.targetComponent);
rule.setTarget(targetComposition.compose());
-
+
Set<Target> cour = targetComposition.composeImpliedTargets();
- if(cour != null && !cour.isEmpty())
+ if (cour != null && !cour.isEmpty())
{
impliedActions.addAll(cour);
}
}
-
- //Generate the Logic Expression of this rule
- if(this.expressionName != null)
- {
- rule.setExpression(this.generateExpression());
- }
- else if(this.logicComponent != null)
- {
- //Generate a native XACML Conditional Expression
- ComponentCategory category = CompositionUtil.findComponentCategory(this.logicComponent.getClass());
- String attributeCategory = category.getAttributeCategory();
-
- //Read the SecurityContext State of the Component being provisioned
- Object[] securityContextData = AnnotationProcessor.extractSecurityContextData(this.logicComponent);
- if(securityContextData == null || securityContextData.length != 1)
- {
- throw new IllegalStateException("State of the Logic Component "+this.logicComponent+" is invalid!!");
- }
-
- //Get the Attribute expression based on the Security Context State
- String conditionContext = securityContextData[0].toString();
- AttributeExpression conditionExpression = CompositionUtil.generateConditionExpression(conditionContext, attributeCategory);
-
- rule.setExpression(conditionExpression);
- }
-
+
+ // Generate the Logic Expression of this rule
+ rule.setExpression(this.generateLogicExpression());
+
rules.add(rule);
-
- //Add any implied actions
- if(impliedActions != null && !impliedActions.isEmpty())
+
+ // Add any implied actions
+ if (impliedActions != null && !impliedActions.isEmpty())
{
- for(Target impliedAction: impliedActions)
+ for (Target impliedAction : impliedActions)
{
Rule impliedRule = new Rule();
-
+
impliedRule.setRuleId(GeneralTool.generateUniqueId());
- impliedRule.setEffect(rule.getEffect());
- impliedRule.setExpression(rule.getExpression());
+ impliedRule.setEffect(rule.getEffect());
+ impliedRule.setExpression(this.generateLogicExpression());
impliedRule.setTarget(impliedAction);
-
+
rules.add(impliedRule);
}
}
-
+
return rules;
}
- catch(Exception e)
+ catch (Exception e)
{
- //TODO: handle this properly
+ // TODO: handle this properly
log.error(this, e);
throw new RuntimeException(e);
}
}
- //----------------------------------------------------------------------------------------------------------------------------------------------------------------
+
+ // ----------------------------------------------------------------------------------------------------------------------------------------------------------------
private Expression generateExpression() throws Exception
{
DroolsRuleExpression expression = new DroolsRuleExpression();
-
- //Read the LogicExpression of the Logic Component
- Method expressionMethod = AnnotationProcessor.findExpression(this.logicComponent.getClass(), this.expressionName);
+
+ // Read the LogicExpression of the Logic Component
+ Method expressionMethod = AnnotationProcessor.findExpression(
+ this.logicComponent.getClass(), this.expressionName);
expressionMethod.setAccessible(true);
-
- String[] expressionMetaData = (String[])expressionMethod.invoke(this.logicComponent, null);
-
+
+ String[] expressionMetaData = (String[]) expressionMethod.invoke(
+ this.logicComponent, null);
+
expression.setRuleReference(expressionMetaData[0]);
expression.setRule(expressionMetaData[1]);
-
+
return expression;
- }
+ }
+
+ private Expression generateLogicExpression() throws Exception
+ {
+ if (this.expressionName != null)
+ {
+ return this.generateExpression();
+ }
+ else if (this.logicComponent != null)
+ {
+ // Generate a native XACML Conditional Expression
+ ComponentCategory category = CompositionUtil
+ .findComponentCategory(this.logicComponent.getClass());
+ String attributeCategory = category.getAttributeCategory();
+
+ // Read the SecurityContext State of the Component being provisioned
+ Object[] securityContextData = AnnotationProcessor
+ .extractSecurityContextData(this.logicComponent);
+ if (securityContextData == null || securityContextData.length != 1)
+ {
+ throw new IllegalStateException("State of the Logic Component "
+ + this.logicComponent + " is invalid!!");
+ }
+
+ // Get the Attribute expression based on the Security Context State
+ String conditionContext = securityContextData[0].toString();
+ AttributeExpression conditionExpression = CompositionUtil
+ .generateConditionExpression(conditionContext, attributeCategory);
+
+ return conditionExpression;
+ }
+ return null;
+ }
}
Added: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java (rev 0)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -0,0 +1,150 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.agent.features;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+import org.jboss.security.authz.model.Policy;
+
+import org.jboss.security.authz.policy.server.tools.HibernateService;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public abstract class AbstractFeatureTest extends TestCase
+{
+ private static Logger log = Logger.getLogger(AbstractFeatureTest.class);
+
+ PolicyComposer policyComposer;
+ PolicyEnforcementPoint enforcer;
+ PolicyProvisioner provisioner;
+ HibernateService hibernateService;
+
+
+ public void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+
+ this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
+ this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
+ this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
+ this.hibernateService = (HibernateService)ServiceContainer.lookup("/policy-server/HibernateService");
+ }
+
+ public void tearDown() throws Exception
+ {
+ ServiceContainer.shutdown();
+ }
+
+ protected void assertServerState() throws Exception
+ {
+ //Assert Policy State of the Server
+ Policy[] policies = this.provisioner.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null && policies.length > 0));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
+ }
+
+ protected void enforce(EnforcementContext enforcementContext,
+ boolean mustBePermitted) throws Exception
+ {
+ EnforcementResponse response = this.enforcer
+ .checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision=" + response.getMessage());
+
+ if (mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ protected EnforcementResponse enforceWithResponse(EnforcementContext enforcementContext,
+ boolean mustBePermitted) throws Exception
+ {
+ EnforcementResponse response = this.enforcer
+ .checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision=" + response.getMessage());
+
+ if (mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ return response;
+ }
+
+ /*protected void deleteAllPolicies()
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ session.createQuery("delete XACMLPolicy").executeUpdate();
+
+ tx.commit();
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
+ }*/
+}
Added: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java (rev 0)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -0,0 +1,142 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authz.agent.features;
+
+import java.net.URI;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.action.Read;
+
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Blah extends AbstractFeatureTest
+{
+ public void setUp() throws Exception
+ {
+ // Create Policies into Policy Store before Boot Up so that they will be
+ // loaded into the
+ // Rule Engine on startup
+ this.seedPolicyStore();
+
+ super.setUp();
+ }
+
+ public void testBootUp() throws Exception
+ {
+ this.assertServerState();
+
+ Read action = new Read();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
+ URIResource contextResource = new URIResource();
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, action), true);
+ }
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext createEnforcementContext(
+ URIResource protectedResource, Read action) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Enable Hierarchial Enforcement
+ context.activateHierarchialEnforcement();
+
+ // Create Resource
+ context.setAttribute("uri-resource", protectedResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ roles.addName("user");
+ context.setAttribute("roles", roles);
+ Identity identity = new Identity();
+ identity.setName("blah(a)blah.com");
+ context.setAttribute("identity", identity);
+
+ // Create Action
+ context.setAttribute("action", action);
+
+ return context;
+ }
+
+ private void seedPolicyStore() throws Exception
+ {
+ try
+ {
+ ServiceContainer.bootstrap();
+
+ this.policyComposer = (PolicyComposer) ServiceContainer
+ .lookup("/agent/PolicyComposer");
+ this.enforcer = (PolicyEnforcementPoint) ServiceContainer
+ .lookup("/agent/LocalEnforcementPoint");
+ this.provisioner = (PolicyProvisioner) ServiceContainer
+ .lookup("/agent/LocalPolicyProvisioner");
+
+ // SetUp Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
+ Read action = new Read();
+
+ Roles allowedRoles = new Roles();
+ allowedRoles.addName("user");
+
+ Identity identity = new Identity();
+ identity.setName("blah(a)blah.com");
+
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,"allowExpression");
+
+ // Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+
+ this.provisioner.newPolicy(policyMetaData);
+ }
+ finally
+ {
+ ServiceContainer.shutdown();
+ this.policyComposer = null;
+ this.provisioner = null;
+ this.enforcer = null;
+ this.hibernateService = null;
+ }
+ }
+}
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -23,55 +23,24 @@
import java.net.URI;
-import junit.framework.TestCase;
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Identity;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Read;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class TestAgentCache extends TestCase
+public class TestAgentCache extends AbstractFeatureTest
{
- private static Logger log = Logger.getLogger(TestAgentCache.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- public void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.policyComposer = (PolicyComposer) ServiceContainer
- .lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint) ServiceContainer
- .lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner) ServiceContainer
- .lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void tearDown() throws Exception
- {
- }
-
public void testMultipleInvocations() throws Exception
{
// SetUp Resource
@@ -103,45 +72,22 @@
for(int i=0; i<5; i++)
{
EnforcementContext enforcementContext = this.createEnforcementContext(contextResource, action);
- EnforcementResponse response = this.enforce(enforcementContext, true);
+ EnforcementResponse response = this.enforceWithResponse(enforcementContext, true);
- //Assert response state for caching related meta data
- assertTrue("Must be Cached!!", response.isCached());
if(i == 0)
{
- assertTrue("Must be Evaluated by the Policy Server", response.isEvaluated());
-
- Thread.currentThread().sleep(10); //to make sure the background caching thread finished its job
+ assertTrue("Must be Evaluated by the Policy Server", response.isEvaluated());
+ Thread.currentThread().sleep(1000); //to make sure the background caching thread finished its job
}
else
{
assertFalse("Must Not Be Evaluated. Cache should be used instead!!", response.isEvaluated());
+ //Assert response state for caching related meta data
+ assertTrue("Must be Cached!!", response.isCached());
}
}
}
-
- // ------------------------------------------------------------------------------------------------------------------------------------------------------
- private EnforcementResponse enforce(EnforcementContext enforcementContext,
- boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer
- .checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision=" + response.getMessage());
-
- if (mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- return response;
- }
-
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------
private EnforcementContext createEnforcementContext(
URIResource protectedResource, Read action) throws Exception
{
@@ -166,17 +112,5 @@
context.setAttribute("action", action);
return context;
- }
-
- private void assertServerState() throws Exception
- {
- // Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!",
- (policies != null && policies.length == 1));
- log
- .info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
- }
+ }
}
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -1,318 +1,276 @@
/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authz.agent.features;
import java.net.URI;
-import junit.framework.TestCase;
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Identity;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Read;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class TestHierarchialPropagation extends TestCase
+public class TestHierarchialPropagation extends AbstractFeatureTest
{
- private static Logger log = Logger.getLogger(TestHierarchialPropagation.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
-
- public void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void tearDown() throws Exception
- {
- }
-
public void testExplicitPermit() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
Read action = new Read();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
+ this.provisioner.newPolicy(policyMetaData);
+
this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), true);
}
-
+
public void testExplicitDeny() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
Read action = new Read();
-
+
Roles deniedRoles = new Roles();
deniedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
+
this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), false);
}
-
+
public void testPermitInheritance() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
resource.setUri(new URI("/root/level1"));
-
+
Read action = new Read();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+ this.provisioner.newPolicy(policyMetaData);
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), true);
}
-
+
public void testDenyInheritance() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1"));
-
+ resource.setUri(new URI("/root/level1"));
+
Read action = new Read();
-
+
Roles deniedRoles = new Roles();
deniedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+ this.provisioner.newPolicy(policyMetaData);
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), false);
}
-
+
public void testDenyOverridesPermitInheritance() throws Exception
{
- //SetUp Permit policy
+ // SetUp Permit policy
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1"));
-
+ resource.setUri(new URI("/root/level1"));
+
Read action = new Read();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- //Setup denied policy
+
+ // Setup denied policy
resource = new URIResource();
resource.setUri(new URI("/root/level1/level2"));
-
+
Roles deniedRoles = new Roles();
deniedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
+
+ // Store the policy into the Policy Server
policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), false);
}
-
+
public void testNotApplicable() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
resource.setUri(new URI("/root2"));
-
+
Read action = new Read();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+ this.provisioner.newPolicy(policyMetaData);
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), false);
}
-
+
public void testExplicitPermitByIdentity() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
Read action = new Read();
-
+
Identity identity = new Identity();
identity.setName("blah(a)blah.com");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, identity, null);
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, identity, null);
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
+ this.provisioner.newPolicy(policyMetaData);
+
this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), true);
}
- //------------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource protectedResource, Read action) throws Exception
- {
- // Create an EnforcementContext
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext createEnforcementContext(
+ URIResource protectedResource, Read action) throws Exception
+ {
+ // Create an EnforcementContext
EnforcementContext context = new EnforcementContext();
// Enable Hierarchial Enforcement
@@ -333,16 +291,5 @@
context.setAttribute("action", action);
return context;
- }
-
-
- private void assertServerState() throws Exception
- {
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
}
}
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -1,35 +1,29 @@
/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authz.agent.features;
import java.net.URI;
-import junit.framework.TestCase;
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.components.resource.URIResource;
@@ -40,160 +34,112 @@
import org.jboss.security.authz.components.action.Manage;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class TestImpliedActions extends TestCase
+public class TestImpliedActions extends AbstractFeatureTest
{
- private static Logger log = Logger.getLogger(TestImpliedActions.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
-
- public void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void tearDown() throws Exception
- {
- }
-
public void testReadImpliedWithWrite() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/blah/index.html"));
-
+ resource.setUri(new URI("/blah/index.html"));
+
Write action = new Write();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
+
this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
this.enforce(this.createEnforcementContext(resource, new Read()), true);
}
-
+
public void testWriteImpliedWithManage() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/blah/index.html"));
-
+ resource.setUri(new URI("/blah/index.html"));
+
Manage action = new Manage();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
+
this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
this.enforce(this.createEnforcementContext(resource, new Write()), true);
}
-
+
public void testWriteNotImpliedWithRead() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/blah/index.html"));
-
+ resource.setUri(new URI("/blah/index.html"));
+
Read action = new Read();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
+
this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Deny" Enforcement
+
+ // Go ahead and produce a RequestContext for a "Deny" Enforcement
this.enforce(this.createEnforcementContext(resource, new Write()), false);
}
- //------------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource uriResource, Operation operation) throws Exception
- {
- //Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- //Create Resource
- context.setAttribute("uri-resource", uriResource);
-
- //Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- //Create Action
- context.setAttribute("action", operation);
-
- return context;
- }
-
- private void assertServerState() throws Exception
+
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext createEnforcementContext(URIResource uriResource,
+ Operation operation) throws Exception
{
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Create Resource
+ context.setAttribute("uri-resource", uriResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ roles.addName("user");
+ context.setAttribute("roles", roles);
+
+ // Create Action
+ context.setAttribute("action", operation);
+
+ return context;
}
}
Modified: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java
===================================================================
--- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -1,42 +1,33 @@
/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authz.agent.features;
import java.net.URI;
-import junit.framework.TestCase;
-import org.apache.log4j.Logger;
-
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Operation;
@@ -44,244 +35,205 @@
import org.jboss.security.authz.components.action.Write;
import org.jboss.security.authz.components.action.Manage;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class TestImpliesHierarchialPropagation extends TestCase
+public class TestImpliesHierarchialPropagation extends AbstractFeatureTest
{
- private static Logger log = Logger.getLogger(TestImpliesHierarchialPropagation.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
-
- public void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void tearDown() throws Exception
- {
- }
-
public void testExplicitPermitReadImpliedWithWrite() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
resource.setUri(new URI("/root/level1/level2/index.html"));
-
+
Write action = new Write();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
- this.enforce(this.createEnforcementContext(contextResource, new Read()), true);
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, new Read()),
+ true);
}
-
+
public void testExplicitDenyWriteNotImpliedWithRead() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
Read action = new Read();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
- this.enforce(this.createEnforcementContext(contextResource, new Write()), false);
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, new Write()),
+ false);
}
-
+
public void testPermitInheritanceWriteImpliedWithManage() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1"));
-
+ resource.setUri(new URI("/root/level1"));
+
Manage action = new Manage();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
- this.enforce(this.createEnforcementContext(contextResource, new Write()), true);
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, new Write()),
+ true);
}
-
+
public void testDenyInheritanceManageNotImpliedWithWrite() throws Exception
{
- //SetUp Resource
+ // SetUp Resource
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1"));
-
+ resource.setUri(new URI("/root/level1"));
+
Write action = new Write();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
+
+ this.assertServerState();
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
- this.enforce(this.createEnforcementContext(contextResource, new Manage()), false);
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, new Manage()),
+ false);
}
-
+
public void testDenyOverridesPermitInheritance() throws Exception
{
- //SetUp Permit policy...User can write to level1
+ // SetUp Permit policy...User can write to level1
URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1"));
-
+ resource.setUri(new URI("/root/level1"));
+
Write action = new Write();
-
+
Roles allowedRoles = new Roles();
allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
CompositionContext context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
+ "allowExpression");
+
+ // Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
- //Setup denied policy....User can only read level2
+
+ // Setup denied policy....User can only read level2
resource = new URIResource();
resource.setUri(new URI("/root/level1/level2"));
-
+
Read read = new Read();
-
- //Setup the Context for the Composition with these components
+
+ // Setup the Context for the Composition with these components
context = new CompositionContext();
context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, read, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
+ context.addPolicyRule(Effect.PERMIT, read, allowedRoles, "allowExpression");
+
+ // Store the policy into the Policy Server
policyMetaData = this.policyComposer.compose(context);
this.provisioner.newPolicy(policyMetaData);
-
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
- //Trying to "Write" to level2 should be Denied
+
+ // Go ahead and produce a RequestContext for a "Permit" Enforcement
+ // Trying to "Write" to level2 should be Denied
URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
- this.enforce(this.createEnforcementContext(contextResource, new Write()), false);
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ // Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, new Write()),
+ false);
}
-
- private EnforcementContext createEnforcementContext(URIResource uriResource, Operation action) throws Exception
- {
- //Create a EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- //Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
- //Create Resource
- context.setAttribute("uri-resource", uriResource);
-
- //Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- //Create Action
- context.setAttribute("action", action);
-
- return context;
- }
-
- private void assertServerState() throws Exception
+ //------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext createEnforcementContext(URIResource uriResource,
+ Operation action) throws Exception
{
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ // Create a EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Enable Hierarchial Enforcement
+ context.activateHierarchialEnforcement();
+
+ // Create Resource
+ context.setAttribute("uri-resource", uriResource);
+
+ // Create Subjects
+ Roles roles = new Roles();
+ roles.addName("user");
+ context.setAttribute("roles", roles);
+
+ // Create Action
+ context.setAttribute("action", action);
+
+ return context;
}
}
Added: modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml
===================================================================
--- modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml (rev 0)
+++ modules/authorization/trunk/agent/src/test/resources/hibernate.cfg.xml 2009-08-07 18:02:40 UTC (rev 13700)
@@ -0,0 +1,59 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+
+<hibernate-configuration>
+ <session-factory>
+ <!-- Database connection settings -->
+ <property name="connection.driver_class">org.hsqldb.jdbcDriver</property>
+ <property name="connection.url">jdbc:hsqldb:file:target/testdb</property>
+ <property name="connection.username">sa</property>
+ <property name="connection.password"></property>
+
+ <!-- JDBC connection pool (use the built-in) -->
+ <property name="connection.pool_size">1</property>
+
+ <!-- SQL dialect -->
+ <property name="dialect">org.hibernate.dialect.HSQLDialect</property>
+
+ <!-- Enable Hibernate's automatic session context management -->
+ <property name="current_session_context_class">thread</property>
+
+ <!-- Disable the second-level cache -->
+ <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
+
+ <!-- Echo all executed SQL to stdout -->
+ <property name="show_sql">true</property>
+
+ <!--
+ Drop and re-create the database schema on startup
+ -->
+ <property name="hbm2ddl.auto">create</property>
+
+ <mapping resource="policy.hbm.xml"/>
+ </session-factory>
+</hibernate-configuration>
\ No newline at end of file
Modified: modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/bootstrap/ServiceContainer.java
===================================================================
--- modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/bootstrap/ServiceContainer.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/bootstrap/ServiceContainer.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -40,6 +40,7 @@
private static Logger log = Logger.getLogger(ServiceContainer.class);
private static Kernel kernel;
+ private static EmbeddedBootstrap bootstrap;
public ServiceContainer()
{
@@ -50,7 +51,7 @@
{
try
{
- EmbeddedBootstrap bootstrap = new EmbeddedBootstrap();
+ bootstrap = new EmbeddedBootstrap();
bootstrap.run();
ClassLoader cl = Thread.currentThread().getContextClassLoader();
@@ -84,4 +85,9 @@
return service;
}
+
+ public static void shutdown()
+ {
+ bootstrap.deployer.shutdown();
+ }
}
Added: modules/authorization/trunk/http-profile/src/test/resources/hibernate.cfg.xml
===================================================================
--- modules/authorization/trunk/http-profile/src/test/resources/hibernate.cfg.xml (rev 0)
+++ modules/authorization/trunk/http-profile/src/test/resources/hibernate.cfg.xml 2009-08-07 18:02:40 UTC (rev 13700)
@@ -0,0 +1,59 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+
+<hibernate-configuration>
+ <session-factory>
+ <!-- Database connection settings -->
+ <property name="connection.driver_class">org.hsqldb.jdbcDriver</property>
+ <property name="connection.url">jdbc:hsqldb:file:target/testdb</property>
+ <property name="connection.username">sa</property>
+ <property name="connection.password"></property>
+
+ <!-- JDBC connection pool (use the built-in) -->
+ <property name="connection.pool_size">1</property>
+
+ <!-- SQL dialect -->
+ <property name="dialect">org.hibernate.dialect.HSQLDialect</property>
+
+ <!-- Enable Hibernate's automatic session context management -->
+ <property name="current_session_context_class">thread</property>
+
+ <!-- Disable the second-level cache -->
+ <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
+
+ <!-- Echo all executed SQL to stdout -->
+ <property name="show_sql">true</property>
+
+ <!--
+ Drop and re-create the database schema on startup
+ -->
+ <property name="hbm2ddl.auto">create</property>
+
+ <mapping resource="policy.hbm.xml"/>
+ </session-factory>
+</hibernate-configuration>
\ No newline at end of file
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -1,24 +1,24 @@
/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authz.policy.server;
import java.util.Set;
@@ -39,100 +39,108 @@
import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
-
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
/**
- * The Central Policy Server
+ * The Central Policy Server
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class PolicyServer
+public class PolicyServer
{
private static Logger log = Logger.getLogger(PolicyServer.class);
-
+
private PolicyDecisionPoint policyDecisionPoint;
private PolicyStore policyStore;
private EnterprisePolicyFinderModule policyFinderModule;
private DroolsRuleManager ruleManager;
-
+
public PolicyServer()
{
-
+
}
-
+
public void start()
{
try
{
- Set<PolicyFinderModule> finders = this.policyDecisionPoint.getPDPConfiguration().getPolicyFinder().getModules();
- for(PolicyFinderModule module: finders)
+ Set<PolicyFinderModule> finders = this.policyDecisionPoint
+ .getPDPConfiguration().getPolicyFinder().getModules();
+ for (PolicyFinderModule module : finders)
{
- if(module instanceof EnterprisePolicyFinderModule)
+ if (module instanceof EnterprisePolicyFinderModule)
{
- this.policyFinderModule = (EnterprisePolicyFinderModule)module;
+ this.policyFinderModule = (EnterprisePolicyFinderModule) module;
+ this.policyFinderModule.setPolicyStore(this.policyStore);
+ this.policyFinderModule.bootup();
}
}
}
- catch(Exception e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
}
-
+
public void stop()
{
this.policyDecisionPoint = null;
}
-
- public PolicyDecisionPoint getPolicyDecisionPoint()
+
+ public PolicyDecisionPoint getPolicyDecisionPoint()
{
return policyDecisionPoint;
}
- public void setPolicyDecisionPoint(PolicyDecisionPoint policyDecisionPoint)
+ public void setPolicyDecisionPoint(PolicyDecisionPoint policyDecisionPoint)
{
this.policyDecisionPoint = policyDecisionPoint;
}
-
- public PolicyStore getPolicyStore()
+
+ public PolicyStore getPolicyStore()
{
return policyStore;
}
- public void setPolicyStore(PolicyStore policyStore)
+ public void setPolicyStore(PolicyStore policyStore)
{
this.policyStore = policyStore;
}
-
+
public DroolsRuleManager getRuleManager()
{
return this.ruleManager;
}
-
+
public void setRuleManager(DroolsRuleManager ruleManager)
{
this.ruleManager = ruleManager;
}
- //--------Decision making services--------------------------------------------------------------------------------------------------------------------------
+
+ // --------Decision making
+ // services--------------------------------------------------------------------------------------------------------------------------
/**
* Makes an Authorization Decision
*
- * This method is used when the PolicyDecisionPoint runs in-memory with the Application from which the native Enforcement components issue Authorization requests
+ * This method is used when the PolicyDecisionPoint runs in-memory with the
+ * Application from which the native Enforcement components issue
+ * Authorization requests
*
- * @param request Authorization Request
+ * @param request
+ * Authorization Request
* @return response which contains the Authorization Decision
*/
public Response evaluate(Request request) throws PolicyServerException
{
return this.policyDecisionPoint.evaluate(request);
}
-
+
/**
* Makes an Authorization Decision
*
- * This method is used when the PolicyDecisionPoint is accessed over the network by sending it the appropriate request in XML format
- * The XML format used is compliant with the XACML spec
+ * This method is used when the PolicyDecisionPoint is accessed over the
+ * network by sending it the appropriate request in XML format The XML format
+ * used is compliant with the XACML spec
*
* @param xml
* @return response in xml format confirming to the XACML spec
@@ -140,91 +148,99 @@
public String evaluate(String xml) throws PolicyServerException
{
return this.policyDecisionPoint.evaluate(xml);
- }
- //------- Provisioning services-----------------------------------------------------------------------------------------------------------------------------
- /**
- * Generates a new Policy instance based on the supplied MetaData and stores it into the Policy Store
- *
- * @param policyMetaData meta data for the policy to be created
- */
- public void newPolicy(PolicyMetaData policyMetaData) throws PolicyServerException
- {
- try
- {
- Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(), policyMetaData);
-
- //Save the policy in the Policy Store
- this.policyStore.savePolicy(policy);
-
- //Update the PolicyFinder's runtime state with this new policy
- this.policyFinderModule.addPolicy(policy);
-
- //Update the DroolsRuleManager's runtime state with any Drools based expressions if they are part of this new policy
- Set<Rule> rules = policyMetaData.getRules();
- for(Rule rule: rules)
- {
- Object expression = rule.getExpression();
- if(expression instanceof DroolsRuleExpression)
+ }
+
+ // ------- Provisioning
+ // services-----------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Generates a new Policy instance based on the supplied MetaData and stores
+ * it into the Policy Store
+ *
+ * @param policyMetaData
+ * meta data for the policy to be created
+ */
+ public void newPolicy(PolicyMetaData policyMetaData)
+ throws PolicyServerException
+ {
+ try
+ {
+ Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(),
+ policyMetaData);
+
+ // Save the policy in the Policy Store
+ this.policyStore.savePolicy(policy);
+
+ // Update the PolicyFinder's runtime state with this new policy
+ this.policyFinderModule.addPolicy(policy);
+
+ // Update the DroolsRuleManager's runtime state with any Drools based
+ // expressions if they are part of this new policy
+ Set<Rule> rules = policyMetaData.getRules();
+ for (Rule rule : rules)
{
- this.ruleManager.addRule((DroolsRuleExpression)expression);
+ Object expression = rule.getExpression();
+ if (expression instanceof DroolsRuleExpression)
+ {
+ this.ruleManager.addRule((DroolsRuleExpression) expression);
+ }
}
- }
- }
- catch(PolicyException pe)
- {
- throw new PolicyServerException(pe);
- }
- }
-
- /**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyServerException
- {
- try
- {
- return this.policyStore.readPolicy(policyUri);
- }
- catch(PolicyException pe)
- {
- throw new PolicyServerException(pe);
- }
- }
-
- /**
- * Returns all the stored Policies for the system
- *
- * @return all the stored Policies
- */
- public Policy[] readAllPolicies() throws PolicyServerException
- {
- try
- {
- return this.policyStore.readAllPolicies();
- }
- catch(PolicyException pe)
- {
- throw new PolicyServerException(pe);
- }
- }
-
- /**
- * Deletes the specified Policy from storage
- *
- * @param policyUri unique identifier for the Policy
- */
- public void deletePolicy(String policyUri) throws PolicyServerException
- {
- try
- {
- this.policyStore.deletePolicy(policyUri);
- }
- catch(PolicyException pe)
- {
- throw new PolicyServerException(pe);
- }
- }
+ }
+ catch (PolicyException pe)
+ {
+ throw new PolicyServerException(pe);
+ }
+ }
+
+ /**
+ * Read a stored Policy identified by the unique policyUri
+ *
+ * @param policyUri
+ * @return a stored Policy
+ */
+ public Policy readPolicy(String policyUri) throws PolicyServerException
+ {
+ try
+ {
+ return this.policyStore.readPolicy(policyUri);
+ }
+ catch (PolicyException pe)
+ {
+ throw new PolicyServerException(pe);
+ }
+ }
+
+ /**
+ * Returns all the stored Policies for the system
+ *
+ * @return all the stored Policies
+ */
+ public Policy[] readAllPolicies() throws PolicyServerException
+ {
+ try
+ {
+ return this.policyStore.readAllPolicies();
+ }
+ catch (PolicyException pe)
+ {
+ throw new PolicyServerException(pe);
+ }
+ }
+
+ /**
+ * Deletes the specified Policy from storage
+ *
+ * @param policyUri
+ * unique identifier for the Policy
+ */
+ public void deletePolicy(String policyUri) throws PolicyServerException
+ {
+ try
+ {
+ this.policyStore.deletePolicy(policyUri);
+ }
+ catch (PolicyException pe)
+ {
+ throw new PolicyServerException(pe);
+ }
+ }
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -22,182 +22,245 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.plugin;
+import java.util.List;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.ByteArrayInputStream;
import java.util.Map;
import java.util.HashMap;
+import org.apache.log4j.Logger;
+
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
import org.drools.RuleBase;
import org.drools.RuleBaseFactory;
import org.drools.compiler.PackageBuilder;
import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.policy.server.tools.HibernateService;
/**
- * This service provides management for Drools based authorization Rules/Logic used by the Drools Function extension of the XACML Engine
+ * This service provides management for Drools based authorization Rules/Logic
+ * used by the Drools Function extension of the XACML Engine
*
* TODO: Add Database Persistence to the State of this Manager
- *
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public final class DroolsRuleManager
{
- private static String rulePkg =
- "package security\n"+
- "import org.jboss.security.authz.model.*;\n"+
- "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
-
- private RuleBase activeRuleBase = null;
- private Map<String, String> drls = null;
-
- public DroolsRuleManager()
- {
- }
-
- public void start()
- {
- try
- {
- this.drls = new HashMap<String, String>();
- this.reloadActiveRuleBase();
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void stop()
- {
- this.activeRuleBase = null;
- this.drls = null;
- }
- //---------------------------------------------------------------------------------------------------------------------------------------------------------
- RuleBase getActiveRuleBase()
- {
- return this.activeRuleBase;
- }
-
- public void addRule(DroolsRuleExpression rule)
- {
- try
- {
- if(rule.getRuleReference() == null || rule.getRuleReference().trim().length() == 0)
- {
- throw new IllegalArgumentException("Rule Reference is missing");
- }
- if(rule.getRule() == null || rule.getRule().trim().length() == 0)
- {
- throw new IllegalArgumentException("LHS value is missing");
- }
-
-
- this.drls.put(rule.getRuleReference(), rule.getRule());
- this.reloadActiveRuleBase();
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public DroolsRuleExpression readRule(String ruleReference)
- {
- try
- {
- if(ruleReference == null || ruleReference.trim().length() == 0)
- {
- throw new IllegalArgumentException("Rule Reference is missing");
- }
-
- DroolsRuleExpression rule = null;
-
- String when = this.drls.get(ruleReference);
-
- rule = new DroolsRuleExpression();
- rule.setRuleReference(ruleReference);
- rule.setRule(when);
-
- return rule;
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void updateRule(DroolsRuleExpression rule)
- {
- try
- {
- if(rule.getRuleReference() == null || rule.getRuleReference().trim().length() == 0)
- {
- throw new IllegalArgumentException("Rule Reference is missing");
- }
- if(rule.getRule() == null || rule.getRule().trim().length() == 0)
- {
- throw new IllegalArgumentException("LHS value is missing");
- }
-
- this.drls.put(rule.getRuleReference(), rule.getRule());
- this.reloadActiveRuleBase();
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void removeRule(String ruleReference)
- {
- try
- {
- if(ruleReference == null || ruleReference.trim().length() == 0)
- {
- throw new IllegalArgumentException("Rule Reference is missing");
- }
-
- this.drls.remove(ruleReference);
- this.reloadActiveRuleBase();
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- //-----------------------------------------------------------------------------------------------------------------------------------------------------------
- private synchronized void reloadActiveRuleBase() throws Exception
- {
- StringBuilder buffer = new StringBuilder();
-
- buffer.append(DroolsRuleManager.rulePkg+"\n");
-
- for(String drl: this.drls.values())
- {
- buffer.append(drl+"\n");
- }
-
- Reader source = new InputStreamReader(new ByteArrayInputStream(buffer.toString().getBytes()));
- try
- {
- PackageBuilder packageBuilder = new PackageBuilder();
- packageBuilder.addPackageFromDrl(source);
-
- if(this.activeRuleBase == null)
- {
- this.activeRuleBase = RuleBaseFactory.newRuleBase();
- }
-
- //Perform the reloading of the RuleBase with the updated Rules
- this.activeRuleBase.lock();
- this.activeRuleBase.addPackage(packageBuilder.getPackage());
- this.activeRuleBase.unlock();
- }
- finally
- {
- source.close();
- }
- }
+ private static Logger log = Logger.getLogger(DroolsRuleManager.class);
+
+ private static String rulePkg = "package security\n"
+ + "import org.jboss.security.authz.model.*;\n"
+ + "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
+
+ private RuleBase activeRuleBase = null;
+ private Map<String, String> drls = null;
+ private HibernateService hibernateService;
+
+ public DroolsRuleManager()
+ {
+ }
+
+ public void start()
+ {
+ try
+ {
+ this.drls = new HashMap<String, String>();
+ this.bootup();
+
+ this.reloadActiveRuleBase();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void stop()
+ {
+ this.activeRuleBase = null;
+ this.drls = null;
+ }
+
+ public HibernateService getHibernateService()
+ {
+ return hibernateService;
+ }
+
+ public void setHibernateService(HibernateService hibernateService)
+ {
+ this.hibernateService = hibernateService;
+ }
+ // ---------------------------------------------------------------------------------------------------------------------------------------------------------
+ RuleBase getActiveRuleBase()
+ {
+ return this.activeRuleBase;
+ }
+
+ public void addRule(DroolsRuleExpression rule)
+ {
+ try
+ {
+ if (rule.getRuleReference() == null
+ || rule.getRuleReference().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+ if (rule.getRule() == null || rule.getRule().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("LHS value is missing");
+ }
+
+ this.drls.put(rule.getRuleReference(), rule.getRule());
+ this.reloadActiveRuleBase();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public DroolsRuleExpression readRule(String ruleReference)
+ {
+ try
+ {
+ if (ruleReference == null || ruleReference.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+
+ DroolsRuleExpression rule = null;
+
+ String when = this.drls.get(ruleReference);
+
+ rule = new DroolsRuleExpression();
+ rule.setRuleReference(ruleReference);
+ rule.setRule(when);
+
+ return rule;
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void updateRule(DroolsRuleExpression rule)
+ {
+ try
+ {
+ if (rule.getRuleReference() == null
+ || rule.getRuleReference().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+ if (rule.getRule() == null || rule.getRule().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("LHS value is missing");
+ }
+
+ this.drls.put(rule.getRuleReference(), rule.getRule());
+ this.reloadActiveRuleBase();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void removeRule(String ruleReference)
+ {
+ try
+ {
+ if (ruleReference == null || ruleReference.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+
+ this.drls.remove(ruleReference);
+ this.reloadActiveRuleBase();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ // -----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private synchronized void reloadActiveRuleBase() throws Exception
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(DroolsRuleManager.rulePkg + "\n");
+
+ for (String drl : this.drls.values())
+ {
+ buffer.append(drl + "\n");
+ }
+
+ Reader source = new InputStreamReader(new ByteArrayInputStream(buffer
+ .toString().getBytes()));
+ try
+ {
+ PackageBuilder packageBuilder = new PackageBuilder();
+ packageBuilder.addPackageFromDrl(source);
+
+ if (this.activeRuleBase == null)
+ {
+ this.activeRuleBase = RuleBaseFactory.newRuleBase();
+ }
+
+ // Perform the reloading of the RuleBase with the updated Rules
+ this.activeRuleBase.lock();
+ this.activeRuleBase.addPackage(packageBuilder.getPackage());
+ this.activeRuleBase.unlock();
+ }
+ finally
+ {
+ source.close();
+ }
+ }
+
+ private void bootup() throws Exception
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ List allDroolsRuleExpressions = session.createQuery("from DroolsRuleExpression").list();
+
+ if(allDroolsRuleExpressions != null)
+ {
+ for(Object local: allDroolsRuleExpressions)
+ {
+ DroolsRuleExpression drlExpr = (DroolsRuleExpression)local;
+ this.drls.put(drlExpr.getRuleReference(), drlExpr.getRule());
+ }
+ }
+
+ tx.commit();
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
+ }
}
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -28,6 +28,7 @@
import org.apache.log4j.Logger;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.policy.server.spi.PolicyStore;
import org.jboss.security.authz.policy.server.PolicyServerException;
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
@@ -58,12 +59,38 @@
private PolicyReader reader;
private PolicyCollection policies;
+ private PolicyStore policyStore;
public EnterprisePolicyFinderModule()
{
this.policies = new PolicyCollection();
}
+ public void bootup() throws PolicyServerException
+ {
+ try
+ {
+ //Load the persisted Policies into the Finder's memory
+ log.info("------------------------------------------------------------------");
+ log.info("Booting Up the Policy Rule Engine.................................");
+ Policy[] allPolicies = this.policyStore.readAllPolicies();
+ if(allPolicies != null)
+ {
+ for(Policy policy: allPolicies)
+ {
+ this.addPolicy(policy);
+ }
+ log.info("Rule Engine successfully started with ["+allPolicies.length+"] stored Policies");
+ }
+ log.info("------------------------------------------------------------------");
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ throw new PolicyServerException(t);
+ }
+ }
+
public void addPolicy(Policy policy) throws PolicyServerException
{
ByteArrayInputStream bos = null;
@@ -92,6 +119,16 @@
}
}
}
+
+ public PolicyStore getPolicyStore()
+ {
+ return policyStore;
+ }
+
+ public void setPolicyStore(PolicyStore policyStore)
+ {
+ this.policyStore = policyStore;
+ }
//-----------PolicyFinderModule Implementation------------------------------------------------------------------------------------------------------------
/**
* Initializes this module for use by the given finder. Typically this
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -22,18 +22,22 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.provisioning;
-import java.util.Map;
-import java.util.HashMap;
+import java.util.List;
+import java.util.Set;
+import java.util.HashSet;
import org.apache.log4j.Logger;
-import org.hibernate.SessionFactory;
-import org.hibernate.cfg.Configuration;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.Attribute;
+
import org.jboss.security.authz.policy.server.spi.PolicyStore;
+import org.jboss.security.authz.policy.server.tools.HibernateService;
/**
* This Policy Store stores the system Policies into a Relational Database
@@ -44,40 +48,31 @@
public class RelationalDBPolicyStore implements PolicyStore
{
private static Logger log = Logger.getLogger(RelationalDBPolicyStore.class);
+
+ private HibernateService hibernateService;
- private Map<String, Policy> policies;
-
- SessionFactory sessionFactory;
-
public RelationalDBPolicyStore()
{
- this.policies = new HashMap<String, Policy>();
}
public void start()
- {
- try
- {
- Configuration configuration = new Configuration();
- this.sessionFactory = configuration.configure().buildSessionFactory();
- log
- .info("-----------------------------------------------------------------------");
- log
- .info("In-Memory Policy Store successfully started............................");
- log
- .info("-----------------------------------------------------------------------");
- }
- catch(Throwable t)
- {
- log.error(this, t);
- throw new RuntimeException(t);
- }
+ {
}
public void stop()
+ {
+ }
+
+
+ public HibernateService getHibernateService()
{
- this.sessionFactory.close();
- }
+ return hibernateService;
+ }
+
+ public void setHibernateService(HibernateService hibernateService)
+ {
+ this.hibernateService = hibernateService;
+ }
// -----------------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Read a stored Policy identified by the unique policyUri
@@ -87,7 +82,7 @@
*/
public Policy readPolicy(String policyUri) throws PolicyException
{
- return this.policies.get(policyUri);
+ return null;
}
/**
@@ -97,7 +92,39 @@
*/
public Policy[] readAllPolicies() throws PolicyException
{
- return this.policies.values().toArray(new Policy[0]);
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ List allPolicies = session.createQuery("from XACMLPolicy").list();
+
+ Policy[] policies = null;
+ if(allPolicies != null && !allPolicies.isEmpty())
+ {
+ policies = (Policy[])allPolicies.toArray(new Policy[allPolicies.size()]);
+ }
+
+ tx.commit();
+
+ return policies;
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
}
/**
@@ -108,8 +135,32 @@
* Policy to be saved into storage
*/
public void savePolicy(Policy policy) throws PolicyException
- {
- this.policies.put(policy.getPolicyUri(), policy);
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ session.saveOrUpdate(policy);
+
+ tx.commit();
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
}
/**
@@ -120,6 +171,37 @@
*/
public void deletePolicy(String policyUri) throws PolicyException
{
- this.policies.remove(policyUri);
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = hibernateService.getCurrentSession();
+ tx = session.beginTransaction();
+
+ session.createQuery("delete from XACMLPolicy policy where policy.policyUri=?").setString(0, policyUri).
+ executeUpdate();
+
+ tx.commit();
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
}
+ //------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public Set<Policy> find(Set<Attribute> attributes) throws PolicyException
+ {
+ Set<Policy> policyPage = new HashSet<Policy>();
+ return policyPage;
+ }
}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -0,0 +1,56 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.spi;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Cursor
+{
+ private int currentPosition;
+ private int capacity;
+
+ public Cursor()
+ {
+
+ }
+
+ public int getCurrentPosition()
+ {
+ return currentPosition;
+ }
+
+ public void setCurrentPosition(int currentPosition)
+ {
+ this.currentPosition = currentPosition;
+ }
+
+ public int getCapacity()
+ {
+ return capacity;
+ }
+
+ public void setCapacity(int capacity)
+ {
+ this.capacity = capacity;
+ }
+}
Added: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java
===================================================================
--- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java (rev 0)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/tools/HibernateService.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -0,0 +1,67 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.policy.server.tools;
+
+import org.apache.log4j.Logger;
+
+import org.hibernate.SessionFactory;
+import org.hibernate.Session;
+import org.hibernate.cfg.Configuration;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class HibernateService
+{
+ private static Logger log = Logger.getLogger(HibernateService.class);
+
+ private SessionFactory sessionFactory;
+
+ public HibernateService()
+ {
+
+ }
+
+ public void start()
+ {
+ try
+ {
+ Configuration configuration = new Configuration();
+ this.sessionFactory = configuration.configure().buildSessionFactory();
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ throw new RuntimeException(t);
+ }
+ }
+
+ public void stop()
+ {
+ this.sessionFactory.close();
+ }
+ //--------------------------------------------------------------------------------------------------------------------------------------
+ public Session getCurrentSession()
+ {
+ return this.sessionFactory.getCurrentSession();
+ }
+}
Modified: modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-07 18:02:40 UTC (rev 13700)
@@ -23,8 +23,17 @@
</bean>
<bean name="/policy-server/PolicyStore" class="org.jboss.security.authz.policy.server.provisioning.RelationalDBPolicyStore">
+ <property name="hibernateService">
+ <inject bean="/policy-server/HibernateService"/>
+ </property>
</bean>
<bean name="/policy-server/DroolsRuleManager" class="org.jboss.security.authz.policy.server.plugin.DroolsRuleManager">
+ <property name="hibernateService">
+ <inject bean="/policy-server/HibernateService"/>
+ </property>
+ </bean>
+
+ <bean name="/policy-server/HibernateService" class="org.jboss.security.authz.policy.server.tools.HibernateService">
</bean>
</deployment>
\ No newline at end of file
Modified: modules/authorization/trunk/policy-server/src/main/resources/policy.hbm.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/policy.hbm.xml 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/main/resources/policy.hbm.xml 2009-08-07 18:02:40 UTC (rev 13700)
@@ -33,6 +33,7 @@
</id>
<property name="policyUri"
not-null="true"
+ unique="true"
/>
<!-- one-to-one unidirectional relationship with the PolicyMetaData object -->
<many-to-one name="metaData"
@@ -105,6 +106,7 @@
</id>
<property name="ruleId"
not-null="true"
+ unique="true"
/>
<property name="effect"
not-null="true"
@@ -148,7 +150,7 @@
/>
</subclass>
<subclass name="org.jboss.security.authz.model.DroolsRuleExpression" discriminator-value="DROOLS_EXPR">
- <property name="ruleReference"/>
+ <property name="ruleReference" unique="true"/>
<property name="rule"/>
</subclass>
</class>
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -22,7 +22,6 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.plugin;
-
import junit.framework.TestCase;
import org.drools.WorkingMemory;
@@ -32,104 +31,104 @@
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
import org.jboss.security.authz.model.*;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
+import org.jboss.security.authz.bootstrap.ServiceContainer;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public class TestDroolsRuleManager extends TestCase
{
- private static final String rule1 =
- "rule \"Rule1\"\n"+
- "when\n"+
- "$subject: Subject()\n"+
- "String(toString == \"Rule1\")\n"+
- "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
- "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"+
- "then\n"+
- "System.out.println(\"Rule1 successfully fired\");\n"+
- "end\n";
-
- private static final String rule2 =
- "rule \"Rule2\"\n"+
- "when\n"+
- "$subject: Subject()\n"+
- "String(toString == \"Rule2\")\n"+
- "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
- "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"+
- "then\n"+
- "System.out.println(\"Rule2 successfully fired\");\n"+
- "end\n";
-
-
- private DroolsRuleManager ruleManager = null;
-
-
- @Override
- protected void setUp() throws Exception
- {
- this.ruleManager = new DroolsRuleManager();
- this.ruleManager.start();
- }
+ private static final String rule1 = "rule \"Rule1\"\n"
+ + "when\n"
+ + "$subject: Subject()\n"
+ + "String(toString == \"Rule1\")\n"
+ + "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"
+ + "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"
+ + "then\n" + "System.out.println(\"Rule1 successfully fired\");\n"
+ + "end\n";
- @Override
- protected void tearDown() throws Exception
- {
- this.ruleManager = null;
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testAddRule() throws Exception
- {
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference("Rule2");
- expression.setRule(TestDroolsRuleManager.rule2);
- this.ruleManager.addRule(expression);
-
- WorkingMemory workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
- workingMemory.insert("Rule2");
- workingMemory.insert(this.getSubject());
-
- //Fire
- System.out.println("Firing Rule2........");
- workingMemory.fireAllRules();
- ((StatefulSession)workingMemory).dispose();
-
- expression.setRuleReference("Rule1");
- expression.setRule(TestDroolsRuleManager.rule1);
- this.ruleManager.addRule(expression);
-
- workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
- workingMemory.insert("Rule1");
- workingMemory.insert(this.getSubject());
-
- //Fire
- System.out.println("Firing Rule1........");
- workingMemory.fireAllRules();
- ((StatefulSession)workingMemory).dispose();
-
- workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
- workingMemory.insert("Rule2");
- workingMemory.insert(this.getSubject());
-
- //Fire
- System.out.println("Firing Rule2........");
- workingMemory.fireAllRules();
- ((StatefulSession)workingMemory).dispose();
- }
- //-----------------------------------------------------------------------------------------------------------------------------------------------------------
- private Subject getSubject()
- {
- Subject subject = new Subject();
-
- subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
-
- //Create a Role Attribute
- Attribute attribute = new Attribute();
- attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
- attribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
- attribute.setValue("developer");
- subject.addAttribute(attribute);
-
- return subject;
- }
+ private static final String rule2 = "rule \"Rule2\"\n"
+ + "when\n"
+ + "$subject: Subject()\n"
+ + "String(toString == \"Rule2\")\n"
+ + "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"
+ + "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"
+ + "then\n" + "System.out.println(\"Rule2 successfully fired\");\n"
+ + "end\n";
+
+ private DroolsRuleManager ruleManager = null;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+
+ this.ruleManager = (DroolsRuleManager) ServiceContainer
+ .lookup("/policy-server/DroolsRuleManager");
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.ruleManager = null;
+ }
+
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAddRule() throws Exception
+ {
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference("Rule2");
+ expression.setRule(TestDroolsRuleManager.rule2);
+ this.ruleManager.addRule(expression);
+
+ WorkingMemory workingMemory = ruleManager.getActiveRuleBase()
+ .newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ // Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession) workingMemory).dispose();
+
+ expression.setRuleReference("Rule1");
+ expression.setRule(TestDroolsRuleManager.rule1);
+ this.ruleManager.addRule(expression);
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule1");
+ workingMemory.insert(this.getSubject());
+
+ // Fire
+ System.out.println("Firing Rule1........");
+ workingMemory.fireAllRules();
+ ((StatefulSession) workingMemory).dispose();
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ // Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession) workingMemory).dispose();
+ }
+
+ // -----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ // Create a Role Attribute
+ Attribute attribute = new Attribute();
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
+ attribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ attribute.setValue("developer");
+ subject.addAttribute(attribute);
+
+ return subject;
+ }
}
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -22,7 +22,6 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.plugin;
-
import junit.framework.TestCase;
import org.drools.WorkingMemory;
@@ -30,105 +29,106 @@
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.authz.bootstrap.ServiceContainer;
import org.jboss.security.authz.model.*;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public class TestDroolsRules extends TestCase
{
- private static final String rule2 =
- "rule \"Rule2\"\n"+
- "when\n"+
- "$subject: Subject()\n"+
- "String(toString == \"Rule2\")\n"+
- "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
- "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"+
- "then\n"+
- "System.out.println(\"Rule2 successfully fired\");\n"+
- "end\n";
-
- private static final String rule1 =
- "rule \"Rule1\"\n"+
- "when\n"+
- "$subject: Subject()\n"+
- "String(toString == \"Rule1\")\n"+
- "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
- "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"+
- "then\n"+
- "System.out.println(\"Rule1 successfully fired\");\n"+
- "end\n";
-
- private DroolsRuleManager ruleManager = null;
-
-
- @Override
- protected void setUp() throws Exception
- {
- this.ruleManager = new DroolsRuleManager();
- this.ruleManager.start();
- }
+ private static final String rule2 = "rule \"Rule2\"\n"
+ + "when\n"
+ + "$subject: Subject()\n"
+ + "String(toString == \"Rule2\")\n"
+ + "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"
+ + "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"
+ + "then\n" + "System.out.println(\"Rule2 successfully fired\");\n"
+ + "end\n";
- @Override
- protected void tearDown() throws Exception
- {
- this.ruleManager = null;
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testAddRule() throws Exception
- {
- DroolsRuleExpression expression = new DroolsRuleExpression();
- expression.setRuleReference("Rule2");
- expression.setRule(TestDroolsRules.rule2);
- this.ruleManager.addRule(expression);
-
- WorkingMemory workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
- workingMemory.insert("Rule2");
- workingMemory.insert(this.getSubject());
-
- //Fire
- System.out.println("Firing Rule2........");
- workingMemory.fireAllRules();
- ((StatefulSession)workingMemory).dispose();
-
- expression.setRuleReference("Rule1");
- expression.setRule(TestDroolsRules.rule1);
- this.ruleManager.addRule(expression);
-
- workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
- workingMemory.insert("Rule1");
- workingMemory.insert(this.getSubject());
-
- //Fire
- System.out.println("Firing Rule1........");
- workingMemory.fireAllRules();
- ((StatefulSession)workingMemory).dispose();
-
- workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
- workingMemory.insert("Rule2");
- workingMemory.insert(this.getSubject());
-
- //Fire
- System.out.println("Firing Rule2........");
- workingMemory.fireAllRules();
- ((StatefulSession)workingMemory).dispose();
- }
- //-----------------------------------------------------------------------------------------------------------------------------------------------------------
- private Subject getSubject()
- {
- Subject subject = new Subject();
-
- subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
-
- //Create a Role Attribute
- Attribute attribute = new Attribute();
- attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
- attribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
- attribute.setValue("developer");
- subject.addAttribute(attribute);
-
- return subject;
- }
+ private static final String rule1 = "rule \"Rule1\"\n"
+ + "when\n"
+ + "$subject: Subject()\n"
+ + "String(toString == \"Rule1\")\n"
+ + "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"
+ + "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value == \"developer\") from $subject.attributes\n"
+ + "then\n" + "System.out.println(\"Rule1 successfully fired\");\n"
+ + "end\n";
+
+ private DroolsRuleManager ruleManager = null;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+
+ this.ruleManager = (DroolsRuleManager) ServiceContainer
+ .lookup("/policy-server/DroolsRuleManager");
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.ruleManager = null;
+ }
+
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAddRule() throws Exception
+ {
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference("Rule2");
+ expression.setRule(TestDroolsRules.rule2);
+ this.ruleManager.addRule(expression);
+
+ WorkingMemory workingMemory = ruleManager.getActiveRuleBase()
+ .newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ // Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession) workingMemory).dispose();
+
+ expression.setRuleReference("Rule1");
+ expression.setRule(TestDroolsRules.rule1);
+ this.ruleManager.addRule(expression);
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule1");
+ workingMemory.insert(this.getSubject());
+
+ // Fire
+ System.out.println("Firing Rule1........");
+ workingMemory.fireAllRules();
+ ((StatefulSession) workingMemory).dispose();
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ // Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession) workingMemory).dispose();
+ }
+
+ // -----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ // Create a Role Attribute
+ Attribute attribute = new Attribute();
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
+ attribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ attribute.setValue("developer");
+ subject.addAttribute(attribute);
+
+ return subject;
+ }
}
Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/provisioning/TestRelationalDBPolicyStore.java
===================================================================
--- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/provisioning/TestRelationalDBPolicyStore.java 2009-08-06 19:57:11 UTC (rev 13699)
+++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/provisioning/TestRelationalDBPolicyStore.java 2009-08-07 18:02:40 UTC (rev 13700)
@@ -23,13 +23,13 @@
import java.io.Serializable;
import java.util.Set;
+import java.util.List;
import java.util.HashSet;
import junit.framework.TestCase;
import org.apache.log4j.Logger;
-import org.hibernate.SessionFactory;
import org.hibernate.Session;
import org.hibernate.Transaction;
@@ -45,6 +45,7 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.Expression;
import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
+import org.jboss.security.authz.tools.GeneralTool;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -121,6 +122,34 @@
storedMetaData = this.readPolicyMetaData(stored.getMetaData().getId());
assertNull("MetData must be deleted!!", storedMetaData);
}
+
+ public void testFindPolicy() throws Exception
+ {
+ for(int i=0; i<5; i++)
+ {
+ String policyUri = i+"://blahPolicy";
+
+ //Create and Save a new policy
+ Policy policy = new XACMLPolicy(policyUri, this.getMockPolicyMetaData());
+ Serializable id = this.save(policy);
+ assertNotNull("Id Should Not be Null!!", id);
+ log.info("New Policy Id="+id);
+ }
+
+ Attribute attribute = new Attribute();
+ attribute.setUri("uri://resourcematch");
+ attribute.setDataType("dataType://resourcematch");
+ attribute.setValue("Value://resourcematch");
+ Set<Policy> storedPolicies = this.findPolicy(attribute);
+ for(Policy stored: storedPolicies)
+ {
+ assertNotNull("Policy Must Not be Null!!", stored);
+ assertNotNull("PolicyMetaData Must Not be Null!!", stored.getMetaData());
+ log.info("------------------------------------------------------------");
+ log.info("Policy Id="+stored.getId());
+ log.info("Policy Uri="+stored.getPolicyUri());
+ }
+ }
//---------------------------------------------------------------------------------------------------------------------------------------------
private PolicyMetaData getMockPolicyMetaData()
{
@@ -136,14 +165,14 @@
{
Rule rule = new Rule();
- rule.setRuleId("rule://"+i);
+ rule.setRuleId("rule://"+GeneralTool.generateUniqueId());
if(i%2==0)
{
rule.setEffect(Effect.PERMIT);
DroolsRuleExpression expression = new DroolsRuleExpression();
expression.setRule("drools://rule/"+i);
- expression.setRuleReference("drools://rulereference/"+i);
+ expression.setRuleReference("drools://rulereference/"+GeneralTool.generateUniqueId());
rule.setExpression(expression);
Target ruleTarget = this.getMockTarget();
@@ -270,13 +299,12 @@
//-----Hibernate Data Access code-----------------------------------------------------------------------------------------------------------------------------------
private Serializable save(Policy policy) throws Exception
{
- SessionFactory sessionFactory = this.policyStore.sessionFactory;
Session session = null;
Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
- session = sessionFactory.getCurrentSession();
+ session = this.policyStore.getHibernateService().getCurrentSession();
tx = session.beginTransaction();
Serializable id = session.save(policy);
@@ -301,14 +329,13 @@
}
private Policy readPolicy(String policyUri) throws Exception
- {
- SessionFactory sessionFactory = this.policyStore.sessionFactory;
+ {
Session session = null;
Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
- session = sessionFactory.getCurrentSession();
+ session = this.policyStore.getHibernateService().getCurrentSession();
tx = session.beginTransaction();
Policy policy = (Policy)session.createQuery("from XACMLPolicy where policyUri=?").
@@ -333,15 +360,61 @@
}
}
+ private Set<Policy> findPolicy(Attribute attribute) throws Exception
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ //Join or Create a New Session/Transaction
+ session = this.policyStore.getHibernateService().getCurrentSession();
+ tx = session.beginTransaction();
+
+ List result = session.createQuery("from XACMLPolicy policy " +
+ "join policy.metaData.target.resourceMatches match " +
+ "where match.attribute.uri=? and match.attribute.value=?").
+ setString(0, attribute.getUri()).setString(1, attribute.getValue()).list();
+
+ Set<Policy> policies = new HashSet<Policy>();
+ for(Object record: result)
+ {
+ Object[] recordData = (Object[])record;
+ for(Object local: recordData)
+ {
+ if(local instanceof Policy)
+ {
+ policies.add((Policy)local);
+ }
+ }
+ }
+
+ tx.commit();
+
+ return policies;
+ }
+ catch(Throwable t)
+ {
+ log.error(this, t);
+ tx.rollback();
+ throw new RuntimeException(t);
+ }
+ finally
+ {
+ if(session.isOpen())
+ {
+ session.close();
+ }
+ }
+ }
+
private PolicyMetaData readPolicyMetaData(Serializable databaseId) throws Exception
- {
- SessionFactory sessionFactory = this.policyStore.sessionFactory;
+ {
Session session = null;
Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
- session = sessionFactory.getCurrentSession();
+ session = this.policyStore.getHibernateService().getCurrentSession();
tx = session.beginTransaction();
PolicyMetaData policyMetaData = (PolicyMetaData)session.get(PolicyMetaData.class, databaseId);
@@ -366,14 +439,13 @@
}
private void deletePolicy(Policy policy) throws Exception
- {
- SessionFactory sessionFactory = this.policyStore.sessionFactory;
+ {
Session session = null;
Transaction tx = null;
try
{
//Join or Create a New Session/Transaction
- session = sessionFactory.getCurrentSession();
+ session = this.policyStore.getHibernateService().getCurrentSession();
tx = session.beginTransaction();
session.delete(policy);
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13699 - in docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02: Tuning_Guide/en-US and 1 other directory.
by portal-commits@lists.jboss.org
Author: prabhat.jha(a)jboss.com
Date: 2009-08-06 15:57:11 -0400 (Thu, 06 Aug 2009)
New Revision: 13699
Added:
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Reference_Guide.ent
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Tuning_Guide.ent
Log:
some common attributes
Added: docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Reference_Guide.ent
===================================================================
--- docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Reference_Guide.ent (rev 0)
+++ docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Reference_Guide.ent 2009-08-06 19:57:11 UTC (rev 13699)
@@ -0,0 +1,8 @@
+<!ENTITY JBEAP "JBoss Enterprise Application Platform">
+<!ENTITY JBEPP "JBoss Enterprise Portal Platform">
+<!ENTITY JBEPPVERS "4.3">
+<!ENTITY JBEAPVERS "4.3">
+<!ENTITY HOLDER "Red Hat, Inc">
+<!ENTITY YEAR "2009">
+<!ENTITY PRODUCT "JBoss Enterprise Portal Platform">
+<!ENTITY BOOKID "JBEPP">
Added: docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Tuning_Guide.ent
===================================================================
--- docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Tuning_Guide.ent (rev 0)
+++ docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Tuning_Guide.ent 2009-08-06 19:57:11 UTC (rev 13699)
@@ -0,0 +1,6 @@
+<!ENTITY JBEAP "JBoss Enterprise Application Platform">
+<!ENTITY JBEPP "JBoss Enterprise Portal Platform">
+<!ENTITY JBEPPVERS "4.3">
+<!ENTITY JBEAPVERS "4.3">
+<!ENTITY HOLDER "Red Hat, Inc">
+<!ENTITY YEAR "2009">
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13698 - in docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02: Reference_Guide/en-US and 1 other directories.
by portal-commits@lists.jboss.org
Author: prabhat.jha(a)jboss.com
Date: 2009-08-06 15:50:18 -0400 (Thu, 06 Aug 2009)
New Revision: 13698
Modified:
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Installation_Guide/en-US/Installation_Guide.ent
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Book_Info.xml
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Book_Info.xml
Log:
fix some version
Modified: docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Installation_Guide/en-US/Installation_Guide.ent
===================================================================
--- docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Installation_Guide/en-US/Installation_Guide.ent 2009-08-06 17:01:59 UTC (rev 13697)
+++ docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Installation_Guide/en-US/Installation_Guide.ent 2009-08-06 19:50:18 UTC (rev 13698)
@@ -3,4 +3,4 @@
<!ENTITY JBEPPVERS "4.3">
<!ENTITY JBEAPVERS "4.3">
<!ENTITY HOLDER "Red Hat, Inc">
-<!ENTITY YEAR "2008">
+<!ENTITY YEAR "2009">
Modified: docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Book_Info.xml
===================================================================
--- docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Book_Info.xml 2009-08-06 17:01:59 UTC (rev 13697)
+++ docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Book_Info.xml 2009-08-06 19:50:18 UTC (rev 13698)
@@ -7,8 +7,8 @@
<edition>1.0</edition>
<pubsnumber>2</pubsnumber>
<productname>JBoss Enterprise Portal Platform</productname>
- <productnumber>4.3</productnumber>
- <pubdate>Jan, 2009</pubdate>
+ <productnumber>4.3 CP02</productnumber>
+ <pubdate>Aug, 2009</pubdate>
<isbn>N/A</isbn>
<issuenum>1</issuenum>
Modified: docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Book_Info.xml
===================================================================
--- docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Book_Info.xml 2009-08-06 17:01:59 UTC (rev 13697)
+++ docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Tuning_Guide/en-US/Book_Info.xml 2009-08-06 19:50:18 UTC (rev 13698)
@@ -7,8 +7,8 @@
<edition>1.0</edition>
<pubsnumber>4</pubsnumber>
<productname>JBoss Enterprise Portal Platform</productname>
- <productnumber>4.3</productnumber>
- <pubdate>Jan, 2009</pubdate>
+ <productnumber>4.3 CP02</productnumber>
+ <pubdate>Aug, 2009</pubdate>
<isbn>N/A</isbn>
<abstract><para>This Installation Guide documents tuning of JBoss Enterprise Portal Platform</para>
</abstract>
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13697 - docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-08-06 13:01:59 -0400 (Thu, 06 Aug 2009)
New Revision: 13697
Modified:
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Migration.xml
Log:
JBEPP-105: Explain schema changes
Modified: docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Migration.xml
===================================================================
--- docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Migration.xml 2009-08-06 16:55:09 UTC (rev 13696)
+++ docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/Reference_Guide/en-US/Migration.xml 2009-08-06 17:01:59 UTC (rev 13697)
@@ -13,9 +13,167 @@
</para>
<para>
Enterprise Portal Platform 4.3 compatibility with JBoss Portal 2.6 is very high. The main differences are the use of JSR-286 features to replace
- JBoss Portal specific features. The database schema hasn't changed.
+ JBoss Portal specific features. The database schema has slightly changed though.
</para>
-
+
+ <section>
+ <title>Schema update</title>
+ <note><para>If you haven't used any workflow mechanism in JBoss Portal 2.6 and if the database user has the rights to alter/create tables in the
+ running database, all the following changes will be automatically be done.</para></note>
+ <para>The columns SER_STATE of the table JBP_INSTANCE and SER_STATE of the table JBP_INSTANCE_PER_USER have changed from a length of 50000000 to 16384.
+ You can either alter the tables or modify the hibernate mapping file <literal>portal-core-sar/conf/hibernate/instance/domain.hbm.xml
+ </literal> to set back the length to 50000000 if your database allows it.</para>
+ <para>The major changes on the schema are related to JBpm as stated in the JBpm 3.2 release note. JBoss Portal 2.6 was using JBpm 3.1 while
+ the Enterprise Portal Platform 4.3 is using JBpm 3.2. Here is the relevant part from the JBpm release note:</para>
+ <section>
+ <title>JBpm 3.2 release note extract</title>
+ <para>jPDL Database Schema Updates from 3.1.x to 3.2.x
+<programlisting><![CDATA[
+create table JBPM_JOB (
+ ID_ bigint generated by default as identity (start with 1),
+ CLASS_ char(1) not null,
+ VERSION_ integer not null,
+ DUEDATE_ timestamp,
+ PROCESSINSTANCE_ bigint,
+ TOKEN_ bigint,
+ TASKINSTANCE_ bigint,
+ ISSUSPENDED_ bit,
+ ISEXCLUSIVE_ bit,
+ LOCKOWNER_ varchar(255),
+ LOCKTIME_ timestamp,
+ EXCEPTION_ varchar(4000),
+ RETRIES_ integer,
+ NAME_ varchar(255),
+ REPEAT_ varchar(255),
+ TRANSITIONNAME_ varchar(255),
+ ACTION_ bigint,
+ GRAPHELEMENTTYPE_ varchar(255),
+ GRAPHELEMENT_ bigint,
+ NODE_ bigint,
+ primary key (ID_)
+)
+
+alter table JBPM_MODULEINSTANCE add column VERSION_ integer
+alter table JBPM_NODE add column DESCRIPTION_ varchar(4000)
+alter table JBPM_NODE add column ISASYNCEXCL_ bit
+alter table JBPM_NODE add column SUBPROCNAME_ varchar(255)
+alter table JBPM_NODE add column SCRIPT_ bigint
+alter table JBPM_POOLEDACTOR add column VERSION_ integer
+alter table JBPM_PROCESSDEFINITION add column CLASS_ char(1)
+alter table JBPM_PROCESSDEFINITION add column DESCRIPTION_ varchar(4000)
+alter table JBPM_PROCESSINSTANCE add column KEY_ varchar(255)
+alter table JBPM_SWIMLANEINSTANCE add column VERSION_ integer
+alter table JBPM_TASK add column CONDITION_ varchar(255)
+alter table JBPM_TASK add column PRIORITY_ integer
+alter table JBPM_TASKINSTANCE add column VERSION_ integer
+alter table JBPM_TASKINSTANCE add column PROCINST_ bigint
+alter table JBPM_TOKEN add column LOCK_ varchar(255)
+alter table JBPM_TOKENVARIABLEMAP add column VERSION_ integer
+alter table JBPM_TRANSITION add column DESCRIPTION_ varchar(4000)
+alter table JBPM_TRANSITION add column CONDITION_ varchar(255)
+alter table JBPM_VARIABLEINSTANCE add column VERSION_ integer
+alter table JBPM_JOB add constraint FK_JOB_TOKEN foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_JOB add constraint FK_JOB_NODE foreign key (NODE_) references JBPM_NODE
+alter table JBPM_JOB add constraint FK_JOB_PRINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_JOB add constraint FK_JOB_ACTION foreign key (ACTION_) references JBPM_ACTION
+alter table JBPM_JOB add constraint FK_JOB_TSKINST foreign key (TASKINSTANCE_) references JBPM_TASKINSTANCE
+alter table JBPM_NODE add constraint FK_NODE_SCRIPT foreign key (SCRIPT_) references JBPM_ACTION
+alter table JBPM_PROCESSINSTANCE add constraint FK_PROCIN_SPROCTKN foreign key (SUPERPROCESSTOKEN_) references JBPM_TOKEN
+alter table JBPM_RUNTIMEACTION add constraint FK_RTACTN_PROCINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_RUNTIMEACTION add constraint FK_RTACTN_ACTION foreign key (ACTION_) references JBPM_ACTION
+alter table JBPM_SWIMLANE add constraint FK_SWL_ASSDEL foreign key (ASSIGNMENTDELEGATION_) references JBPM_DELEGATION
+alter table JBPM_SWIMLANE add constraint FK_SWL_TSKMGMTDEF foreign key (TASKMGMTDEFINITION_) references JBPM_MODULEDEFINITION
+alter table JBPM_SWIMLANEINSTANCE add constraint FK_SWIMLANEINST_TM foreign key (TASKMGMTINSTANCE_) references JBPM_MODULEINSTANCE
+alter table JBPM_SWIMLANEINSTANCE add constraint FK_SWIMLANEINST_SL foreign key (SWIMLANE_) references JBPM_SWIMLANE
+alter table JBPM_TASK add constraint FK_TSK_TSKCTRL foreign key (TASKCONTROLLER_) references JBPM_TASKCONTROLLER
+alter table JBPM_TASK add constraint FK_TASK_ASSDEL foreign key (ASSIGNMENTDELEGATION_) references JBPM_DELEGATION
+alter table JBPM_TASK add constraint FK_TASK_TASKNODE foreign key (TASKNODE_) references JBPM_NODE
+alter table JBPM_TASK add constraint FK_TASK_PROCDEF foreign key (PROCESSDEFINITION_) references JBPM_PROCESSDEFINITION
+alter table JBPM_TASK add constraint FK_TASK_STARTST foreign key (STARTSTATE_) references JBPM_NODE
+alter table JBPM_TASK add constraint FK_TASK_TASKMGTDEF foreign key (TASKMGMTDEFINITION_) references JBPM_MODULEDEFINITION
+alter table JBPM_TASK add constraint FK_TASK_SWIMLANE foreign key (SWIMLANE_) references JBPM_SWIMLANE
+alter table JBPM_TASKACTORPOOL add constraint FK_TSKACTPOL_PLACT foreign key (POOLEDACTOR_) references JBPM_POOLEDACTOR
+alter table JBPM_TASKACTORPOOL add constraint FK_TASKACTPL_TSKI foreign key (TASKINSTANCE_) references JBPM_TASKINSTANCE
+alter table JBPM_TASKCONTROLLER add constraint FK_TSKCTRL_DELEG foreign key (TASKCONTROLLERDELEGATION_) references JBPM_DELEGATION
+alter table JBPM_TASKINSTANCE add constraint FK_TSKINS_PRCINS foreign key (PROCINST_) references JBPM_PROCESSINSTANCE
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_TMINST foreign key (TASKMGMTINSTANCE_) references JBPM_MODULEINSTANCE
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_TOKEN foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_SLINST foreign key (SWIMLANINSTANCE_) references JBPM_SWIMLANEINSTANCE
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_TASK foreign key (TASK_) references JBPM_TASK
+alter table JBPM_TOKEN add constraint FK_TOKEN_PARENT foreign key (PARENT_) references JBPM_TOKEN
+alter table JBPM_TOKEN add constraint FK_TOKEN_NODE foreign key (NODE_) references JBPM_NODE
+alter table JBPM_TOKEN add constraint FK_TOKEN_PROCINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_TOKEN add constraint FK_TOKEN_SUBPI foreign key (SUBPROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_TOKENVARIABLEMAP add constraint FK_TKVARMAP_CTXT foreign key (CONTEXTINSTANCE_) references JBPM_MODULEINSTANCE
+alter table JBPM_TOKENVARIABLEMAP add constraint FK_TKVARMAP_TOKEN foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_TRANSITION add constraint FK_TRANSITION_TO foreign key (TO_) references JBPM_NODE
+alter table JBPM_TRANSITION add constraint FK_TRANS_PROCDEF foreign key (PROCESSDEFINITION_) references JBPM_PROCESSDEFINITION
+alter table JBPM_TRANSITION add constraint FK_TRANSITION_FROM foreign key (FROM_) references JBPM_NODE
+alter table JBPM_VARIABLEACCESS add constraint FK_VARACC_TSKCTRL foreign key (TASKCONTROLLER_) references JBPM_TASKCONTROLLER
+alter table JBPM_VARIABLEACCESS add constraint FK_VARACC_SCRIPT foreign key (SCRIPT_) references JBPM_ACTION
+alter table JBPM_VARIABLEACCESS add constraint FK_VARACC_PROCST foreign key (PROCESSSTATE_) references JBPM_NODE
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VARINST_TK foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VARINST_TKVARMP foreign key (TOKENVARIABLEMAP_) references JBPM_TOKENVARIABLEMAP
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VARINST_PRCINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VAR_TSKINST foreign key (TASKINSTANCE_) references JBPM_TASKINSTANCE
+alter table JBPM_VARIABLEINSTANCE add constraint FK_BYTEINST_ARRAY foreign key (BYTEARRAYVALUE_) references JBPM_BYTEARRAY
+
+insert into JBPM_JOB
+ (ID_,
+ CLASS_,
+ VERSION_,
+ DUEDATE_,
+ PROCESSINSTANCE_,
+ TOKEN_,
+ TASKINSTANCE_,
+ ISSUSPENDED_,
+ ISEXCLUSIVE_,
+ LOCKOWNER_,
+ LOCKTIME_,
+ EXCEPTION_,
+ RETRIES_,
+ NAME_,
+ REPEAT_,
+ TRANSITIONNAME_,
+ ACTION_,
+ GRAPHELEMENTTYPE_,
+ GRAPHELEMENT_)
+select
+ ID_,
+ 'T',
+ 0,
+ DUEDATE_,
+ PROCESSINSTANCE_,
+ TOKEN_,
+ TASKINSTANCE_,
+ ISSUSPENDED_,
+ 0,
+ NULL,
+ NULL,
+ EXCEPTION_,
+ 0,
+ NAME_,
+ REPEAT_,
+ TRANSITIONNAME_,
+ ACTION_,
+ GRAPHELEMENTTYPE_,
+ GRAPHELEMENT_
+from JBPM_TIMER;
+
+drop table JBPM_MESSAGE
+]]></programlisting>
+
+Since, 3.2, the table JBPM_DECISIONCONDITION is not used any more. But it is still
+in the default generated schema because of backwards compatibility reasons. Newly
+deployed processes (even if they have decision conditions) will not use that table
+any more. So if your old processes don't have decision conditions or if you only
+deploy new processes to your db, you can safely drop the JBPM_DECISIONCONDITION table.
+If you do that, don't forget to remove the line that refers to the decision condition
+class in your hibernate.cfg.xml and also remove the decisionConditions list entry in
+the org/jbpm/graph/node/Decision.hbm.xml file.
+ </para>
+ </section>
+ </section>
<section id="manual_migration">
<title>Usage of JBossActionRequest</title>
<para>Usage of JBossActionRequest is not available directly anymore. From now on it is only accessible if the
16 years, 9 months
- 1
- 0
JBoss Portal SVN: r13696 - docs/enterprise/trunk/Reference_Guide/en-US.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-08-06 12:55:09 -0400 (Thu, 06 Aug 2009)
New Revision: 13696
Modified:
docs/enterprise/trunk/Reference_Guide/en-US/Migration.xml
Log:
JBEPP-105: Explain schema changes
Modified: docs/enterprise/trunk/Reference_Guide/en-US/Migration.xml
===================================================================
--- docs/enterprise/trunk/Reference_Guide/en-US/Migration.xml 2009-08-06 16:08:12 UTC (rev 13695)
+++ docs/enterprise/trunk/Reference_Guide/en-US/Migration.xml 2009-08-06 16:55:09 UTC (rev 13696)
@@ -13,9 +13,167 @@
</para>
<para>
Enterprise Portal Platform 4.3 compatibility with JBoss Portal 2.6 is very high. The main differences are the use of JSR-286 features to replace
- JBoss Portal specific features. The database schema hasn't changed.
+ JBoss Portal specific features. The database schema has slightly changed though.
</para>
-
+
+ <section>
+ <title>Schema update</title>
+ <note><para>If you haven't used any workflow mechanism in JBoss Portal 2.6 and if the database user has the rights to alter/create tables in the
+ running database, all the following changes will be automatically be done.</para></note>
+ <para>The columns SER_STATE of the table JBP_INSTANCE and SER_STATE of the table JBP_INSTANCE_PER_USER have changed from a length of 50000000 to 16384.
+ You can either alter the tables or modify the hibernate mapping file <literal>portal-core-sar/conf/hibernate/instance/domain.hbm.xml
+ </literal> to set back the length to 50000000 if your database allows it.</para>
+ <para>The major changes on the schema are related to JBpm as stated in the JBpm 3.2 release note. JBoss Portal 2.6 was using JBpm 3.1 while
+ the Enterprise Portal Platform 4.3 is using JBpm 3.2. Here is the relevant part from the JBpm release note:</para>
+ <section>
+ <title>JBpm 3.2 release note extract</title>
+ <para>jPDL Database Schema Updates from 3.1.x to 3.2.x
+<programlisting><![CDATA[
+create table JBPM_JOB (
+ ID_ bigint generated by default as identity (start with 1),
+ CLASS_ char(1) not null,
+ VERSION_ integer not null,
+ DUEDATE_ timestamp,
+ PROCESSINSTANCE_ bigint,
+ TOKEN_ bigint,
+ TASKINSTANCE_ bigint,
+ ISSUSPENDED_ bit,
+ ISEXCLUSIVE_ bit,
+ LOCKOWNER_ varchar(255),
+ LOCKTIME_ timestamp,
+ EXCEPTION_ varchar(4000),
+ RETRIES_ integer,
+ NAME_ varchar(255),
+ REPEAT_ varchar(255),
+ TRANSITIONNAME_ varchar(255),
+ ACTION_ bigint,
+ GRAPHELEMENTTYPE_ varchar(255),
+ GRAPHELEMENT_ bigint,
+ NODE_ bigint,
+ primary key (ID_)
+)
+
+alter table JBPM_MODULEINSTANCE add column VERSION_ integer
+alter table JBPM_NODE add column DESCRIPTION_ varchar(4000)
+alter table JBPM_NODE add column ISASYNCEXCL_ bit
+alter table JBPM_NODE add column SUBPROCNAME_ varchar(255)
+alter table JBPM_NODE add column SCRIPT_ bigint
+alter table JBPM_POOLEDACTOR add column VERSION_ integer
+alter table JBPM_PROCESSDEFINITION add column CLASS_ char(1)
+alter table JBPM_PROCESSDEFINITION add column DESCRIPTION_ varchar(4000)
+alter table JBPM_PROCESSINSTANCE add column KEY_ varchar(255)
+alter table JBPM_SWIMLANEINSTANCE add column VERSION_ integer
+alter table JBPM_TASK add column CONDITION_ varchar(255)
+alter table JBPM_TASK add column PRIORITY_ integer
+alter table JBPM_TASKINSTANCE add column VERSION_ integer
+alter table JBPM_TASKINSTANCE add column PROCINST_ bigint
+alter table JBPM_TOKEN add column LOCK_ varchar(255)
+alter table JBPM_TOKENVARIABLEMAP add column VERSION_ integer
+alter table JBPM_TRANSITION add column DESCRIPTION_ varchar(4000)
+alter table JBPM_TRANSITION add column CONDITION_ varchar(255)
+alter table JBPM_VARIABLEINSTANCE add column VERSION_ integer
+alter table JBPM_JOB add constraint FK_JOB_TOKEN foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_JOB add constraint FK_JOB_NODE foreign key (NODE_) references JBPM_NODE
+alter table JBPM_JOB add constraint FK_JOB_PRINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_JOB add constraint FK_JOB_ACTION foreign key (ACTION_) references JBPM_ACTION
+alter table JBPM_JOB add constraint FK_JOB_TSKINST foreign key (TASKINSTANCE_) references JBPM_TASKINSTANCE
+alter table JBPM_NODE add constraint FK_NODE_SCRIPT foreign key (SCRIPT_) references JBPM_ACTION
+alter table JBPM_PROCESSINSTANCE add constraint FK_PROCIN_SPROCTKN foreign key (SUPERPROCESSTOKEN_) references JBPM_TOKEN
+alter table JBPM_RUNTIMEACTION add constraint FK_RTACTN_PROCINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_RUNTIMEACTION add constraint FK_RTACTN_ACTION foreign key (ACTION_) references JBPM_ACTION
+alter table JBPM_SWIMLANE add constraint FK_SWL_ASSDEL foreign key (ASSIGNMENTDELEGATION_) references JBPM_DELEGATION
+alter table JBPM_SWIMLANE add constraint FK_SWL_TSKMGMTDEF foreign key (TASKMGMTDEFINITION_) references JBPM_MODULEDEFINITION
+alter table JBPM_SWIMLANEINSTANCE add constraint FK_SWIMLANEINST_TM foreign key (TASKMGMTINSTANCE_) references JBPM_MODULEINSTANCE
+alter table JBPM_SWIMLANEINSTANCE add constraint FK_SWIMLANEINST_SL foreign key (SWIMLANE_) references JBPM_SWIMLANE
+alter table JBPM_TASK add constraint FK_TSK_TSKCTRL foreign key (TASKCONTROLLER_) references JBPM_TASKCONTROLLER
+alter table JBPM_TASK add constraint FK_TASK_ASSDEL foreign key (ASSIGNMENTDELEGATION_) references JBPM_DELEGATION
+alter table JBPM_TASK add constraint FK_TASK_TASKNODE foreign key (TASKNODE_) references JBPM_NODE
+alter table JBPM_TASK add constraint FK_TASK_PROCDEF foreign key (PROCESSDEFINITION_) references JBPM_PROCESSDEFINITION
+alter table JBPM_TASK add constraint FK_TASK_STARTST foreign key (STARTSTATE_) references JBPM_NODE
+alter table JBPM_TASK add constraint FK_TASK_TASKMGTDEF foreign key (TASKMGMTDEFINITION_) references JBPM_MODULEDEFINITION
+alter table JBPM_TASK add constraint FK_TASK_SWIMLANE foreign key (SWIMLANE_) references JBPM_SWIMLANE
+alter table JBPM_TASKACTORPOOL add constraint FK_TSKACTPOL_PLACT foreign key (POOLEDACTOR_) references JBPM_POOLEDACTOR
+alter table JBPM_TASKACTORPOOL add constraint FK_TASKACTPL_TSKI foreign key (TASKINSTANCE_) references JBPM_TASKINSTANCE
+alter table JBPM_TASKCONTROLLER add constraint FK_TSKCTRL_DELEG foreign key (TASKCONTROLLERDELEGATION_) references JBPM_DELEGATION
+alter table JBPM_TASKINSTANCE add constraint FK_TSKINS_PRCINS foreign key (PROCINST_) references JBPM_PROCESSINSTANCE
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_TMINST foreign key (TASKMGMTINSTANCE_) references JBPM_MODULEINSTANCE
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_TOKEN foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_SLINST foreign key (SWIMLANINSTANCE_) references JBPM_SWIMLANEINSTANCE
+alter table JBPM_TASKINSTANCE add constraint FK_TASKINST_TASK foreign key (TASK_) references JBPM_TASK
+alter table JBPM_TOKEN add constraint FK_TOKEN_PARENT foreign key (PARENT_) references JBPM_TOKEN
+alter table JBPM_TOKEN add constraint FK_TOKEN_NODE foreign key (NODE_) references JBPM_NODE
+alter table JBPM_TOKEN add constraint FK_TOKEN_PROCINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_TOKEN add constraint FK_TOKEN_SUBPI foreign key (SUBPROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_TOKENVARIABLEMAP add constraint FK_TKVARMAP_CTXT foreign key (CONTEXTINSTANCE_) references JBPM_MODULEINSTANCE
+alter table JBPM_TOKENVARIABLEMAP add constraint FK_TKVARMAP_TOKEN foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_TRANSITION add constraint FK_TRANSITION_TO foreign key (TO_) references JBPM_NODE
+alter table JBPM_TRANSITION add constraint FK_TRANS_PROCDEF foreign key (PROCESSDEFINITION_) references JBPM_PROCESSDEFINITION
+alter table JBPM_TRANSITION add constraint FK_TRANSITION_FROM foreign key (FROM_) references JBPM_NODE
+alter table JBPM_VARIABLEACCESS add constraint FK_VARACC_TSKCTRL foreign key (TASKCONTROLLER_) references JBPM_TASKCONTROLLER
+alter table JBPM_VARIABLEACCESS add constraint FK_VARACC_SCRIPT foreign key (SCRIPT_) references JBPM_ACTION
+alter table JBPM_VARIABLEACCESS add constraint FK_VARACC_PROCST foreign key (PROCESSSTATE_) references JBPM_NODE
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VARINST_TK foreign key (TOKEN_) references JBPM_TOKEN
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VARINST_TKVARMP foreign key (TOKENVARIABLEMAP_) references JBPM_TOKENVARIABLEMAP
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VARINST_PRCINST foreign key (PROCESSINSTANCE_) references JBPM_PROCESSINSTANCE
+alter table JBPM_VARIABLEINSTANCE add constraint FK_VAR_TSKINST foreign key (TASKINSTANCE_) references JBPM_TASKINSTANCE
+alter table JBPM_VARIABLEINSTANCE add constraint FK_BYTEINST_ARRAY foreign key (BYTEARRAYVALUE_) references JBPM_BYTEARRAY
+
+insert into JBPM_JOB
+ (ID_,
+ CLASS_,
+ VERSION_,
+ DUEDATE_,
+ PROCESSINSTANCE_,
+ TOKEN_,
+ TASKINSTANCE_,
+ ISSUSPENDED_,
+ ISEXCLUSIVE_,
+ LOCKOWNER_,
+ LOCKTIME_,
+ EXCEPTION_,
+ RETRIES_,
+ NAME_,
+ REPEAT_,
+ TRANSITIONNAME_,
+ ACTION_,
+ GRAPHELEMENTTYPE_,
+ GRAPHELEMENT_)
+select
+ ID_,
+ 'T',
+ 0,
+ DUEDATE_,
+ PROCESSINSTANCE_,
+ TOKEN_,
+ TASKINSTANCE_,
+ ISSUSPENDED_,
+ 0,
+ NULL,
+ NULL,
+ EXCEPTION_,
+ 0,
+ NAME_,
+ REPEAT_,
+ TRANSITIONNAME_,
+ ACTION_,
+ GRAPHELEMENTTYPE_,
+ GRAPHELEMENT_
+from JBPM_TIMER;
+
+drop table JBPM_MESSAGE
+]]></programlisting>
+
+Since, 3.2, the table JBPM_DECISIONCONDITION is not used any more. But it is still
+in the default generated schema because of backwards compatibility reasons. Newly
+deployed processes (even if they have decision conditions) will not use that table
+any more. So if your old processes don't have decision conditions or if you only
+deploy new processes to your db, you can safely drop the JBPM_DECISIONCONDITION table.
+If you do that, don't forget to remove the line that refers to the decision condition
+class in your hibernate.cfg.xml and also remove the decisionConditions list entry in
+the org/jbpm/graph/node/Decision.hbm.xml file.
+ </para>
+ </section>
+ </section>
<section id="manual_migration">
<title>Usage of JBossActionRequest</title>
<para>Usage of JBossActionRequest is not available directly anymore. From now on it is only accessible if the
16 years, 9 months
- 1
- 0