Author: sohil.shah(a)jboss.com
Date: 2009-02-05 21:22:21 -0500 (Thu, 05 Feb 2009)
New Revision: 12784
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
Log:
cleanup
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-06
01:22:36 UTC (rev 12783)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-06
02:22:21 UTC (rev 12784)
@@ -29,9 +29,15 @@
import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServerException;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.sunxacml.ConfigurationStore;
import org.jboss.security.xacml.sunxacml.PDP;
import org.jboss.security.xacml.sunxacml.PDPConfig;
+import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
+import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
/**
* This component processes all incoming Authorization requests and responds with a
response
@@ -89,10 +95,39 @@
* @param request Authorization Request
* @return response which contains the Authorization Decision
*/
- public Response evaluate(Request request)
+ public Response evaluate(Request request) throws PolicyServerException
{
- Response response = new Response();
- return response;
+ try
+ {
+ Response response = new Response();
+
+ RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
+ requestContext.setRequest(request.encode());
+
+ RequestCtx xacmlRequestCtx =
(RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX);
+ ResponseCtx xacmlResponseCtx = this.policyDecisionPoint.evaluate(xacmlRequestCtx);
+
+ ResponseContext responseContext =
RequestResponseContextFactory.createResponseContext();
+ responseContext.set(XACMLConstants.RESPONSE_CTX, xacmlResponseCtx);
+
+ if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
+ {
+ response.setAccessGranted(true);
+ response.setMessage("ACCESS_GRANTED");
+ }
+ else
+ {
+ response.setAccessGranted(false);
+ response.setMessage("ACCESS_DENIED");
+ }
+
+ return response;
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new PolicyServerException(e);
+ }
}
/**
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-06
01:22:36 UTC (rev 12783)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-02-06
02:22:21 UTC (rev 12784)
@@ -32,20 +32,13 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.components.http.HttpResource;
import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
import org.jboss.security.authz.policy.server.PolicyServer;
import org.jboss.security.authz.policy.server.Server;
-
-import org.jboss.security.xacml.factories.RequestResponseContextFactory;
-import org.jboss.security.xacml.interfaces.RequestContext;
-import org.jboss.security.xacml.interfaces.ResponseContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-import org.jboss.security.xacml.sunxacml.PDP;
-import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
-import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -85,46 +78,36 @@
log.info(policies[0].generateXACMLPolicy());
//Send an Enforcement request that should be allowed
- this.enforce(this.createRequestContext(httpResource, true), true);
+ this.enforce(this.createRequest(httpResource, true), true);
//Send an Enforcement request that should be denied
- this.enforce(this.createRequestContext(httpResource, false), false);
+ this.enforce(this.createRequest(httpResource, false), false);
}
//----------------------------------------------------------------------------------------------------------------------------------------------------------
- private void enforce(RequestContext request, boolean mustBePermitted) throws Exception
+ private void enforce(Request request, boolean mustBePermitted) throws Exception
{
- log.info("-----------------------------------");
- request.marshall(System.out);
- PDP pdp = this.policyServer.getPolicyDecisionPoint().getPDP();
+ Response response = this.policyServer.evaluate(request);
- ResponseCtx response =
pdp.evaluate((RequestCtx)request.get(XACMLConstants.REQUEST_CTX));
- assertNotNull(response);
-
- log.info("-----------------------------------");
- response.encode(System.out);
-
- ResponseContext responseContext =
RequestResponseContextFactory.createResponseContext();
- responseContext.set(XACMLConstants.RESPONSE_CTX, response);
- assertNotNull(responseContext);
+ assertNotNull(response);
if(mustBePermitted)
{
- assertEquals(responseContext.getDecision(), XACMLConstants.DECISION_PERMIT);
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
}
else
{
- assertEquals(responseContext.getDecision(), XACMLConstants.DECISION_DENY);
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
}
log.info("-----------------------------------");
- log.info("Decision="+responseContext.getDecision());
+ log.info("Decision="+response.getMessage());
}
- private RequestContext createRequestContext(HttpResource httpResource, boolean
mustBePermitted) throws Exception
+
+ private Request createRequest(HttpResource httpResource, boolean mustBePermitted) throws
Exception
{
//Create a RequestType
Request request = new Request();
-
-
+
//Create Subjects
Subject subject = new Subject();
Attribute subjectAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
@@ -139,14 +122,10 @@
//Create Action
Action action = new Action();
Attribute actionAttr = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
- XMLSchemaConstants.DATATYPE_STRING, "GET");
+ XMLSchemaConstants.DATATYPE_STRING, "GET");
action.addAttribute(actionAttr);
request.setAction(action);
-
- //Create RequestContext
- RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
- requestContext.setRequest(request.encode());
-
- return requestContext;
+
+ return request;
}
}
Show replies by date