Author: sohil.shah(a)jboss.com
Date: 2009-01-31 18:57:18 -0500 (Sat, 31 Jan 2009)
New Revision: 12759
Added:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/NoPermitMeansDeniedAlg.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/RuleCombiningAlgImplies.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml
modules/authorization/trunk/policy-server/src/test/java/org/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsFunction.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java
modules/authorization/trunk/policy-server/src/test/resources/log4j.properties
modules/authorization/trunk/policy-server/src/test/resources/pdp-config.xml
modules/authorization/trunk/policy-server/src/test/resources/rules/
modules/authorization/trunk/policy-server/src/test/resources/rules/add-security.drl
modules/authorization/trunk/policy-server/src/test/resources/rules/test-security.drl
Removed:
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/plugin/
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/policy/HierarchialPolicy.java
modules/authorization/trunk/provisioning/src/test/java/org/jboss/security/authz/pap/
modules/authorization/trunk/provisioning/src/test/java/org/jboss/security/authz/provisioning/plugin/
modules/authorization/trunk/provisioning/src/test/resources/pdp-config.xml
modules/authorization/trunk/provisioning/src/test/resources/rules/
Modified:
modules/authorization/trunk/common/pom.xml
modules/authorization/trunk/core-components/pom.xml
modules/authorization/trunk/decision-point/pom.xml
modules/authorization/trunk/enforcement/pom.xml
modules/authorization/trunk/http-profile/pom.xml
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/provisioning/HttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java
modules/authorization/trunk/http-profile/src/test/resources/META-INF/jboss-beans.xml
modules/authorization/trunk/policy-server/pom.xml
modules/authorization/trunk/pom.xml
modules/authorization/trunk/provisioning/pom.xml
Log:
refactoring
Modified: modules/authorization/trunk/common/pom.xml
===================================================================
--- modules/authorization/trunk/common/pom.xml 2009-01-31 21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/common/pom.xml 2009-01-31 23:57:18 UTC (rev 12759)
@@ -18,17 +18,7 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-sunxacml</artifactId>
- </dependency>
-
- <!-- junit -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
+ </dependency>
</dependencies>
<build>
Modified: modules/authorization/trunk/core-components/pom.xml
===================================================================
--- modules/authorization/trunk/core-components/pom.xml 2009-01-31 21:46:59 UTC (rev
12758)
+++ modules/authorization/trunk/core-components/pom.xml 2009-01-31 23:57:18 UTC (rev
12759)
@@ -24,19 +24,7 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
- </dependency>
-
- <!-- junit -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.jboss.microcontainer</groupId>
- <artifactId>jboss-kernel</artifactId>
- <scope>test</scope>
- </dependency>
+ </dependency>
</dependencies>
<build>
Modified: modules/authorization/trunk/decision-point/pom.xml
===================================================================
--- modules/authorization/trunk/decision-point/pom.xml 2009-01-31 21:46:59 UTC (rev
12758)
+++ modules/authorization/trunk/decision-point/pom.xml 2009-01-31 23:57:18 UTC (rev
12759)
@@ -23,37 +23,7 @@
<groupId>org.jboss.security.authz</groupId>
<artifactId>jboss-authz-enforcement</artifactId>
<version>${project.version}</version>
- </dependency>
-
- <!-- jboss xacml -->
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-xacml</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-sunxacml</artifactId>
- </dependency>
-
- <!-- sun jaxb -->
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-xjc</artifactId>
- </dependency>
-
- <!-- junit -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
+ </dependency>
</dependencies>
<build>
Modified: modules/authorization/trunk/enforcement/pom.xml
===================================================================
--- modules/authorization/trunk/enforcement/pom.xml 2009-01-31 21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/enforcement/pom.xml 2009-01-31 23:57:18 UTC (rev 12759)
@@ -20,35 +20,13 @@
<version>${project.version}</version>
</dependency>
+ <!-- test dependencies -->
<!-- jboss xacml -->
<dependency>
<groupId>org.jboss.security</groupId>
- <artifactId>jboss-xacml</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-sunxacml</artifactId>
- </dependency>
-
- <!-- sun jaxb -->
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-xjc</artifactId>
- </dependency>
-
- <!-- junit -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
+ <artifactId>jboss-xacml</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
@@ -58,10 +36,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <!--
- <include>**/TestPDP.java</include>
- -->
+ <includes>
</includes>
</configuration>
</plugin>
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-01-31 21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-01-31 23:57:18 UTC (rev 12759)
@@ -29,31 +29,25 @@
<artifactId>jboss-authz-provisioning</artifactId>
<version>${project.version}</version>
</dependency>
-
- <!-- jboss xacml -->
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-policy-server</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
<dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-xacml</artifactId>
- </dependency>
-
- <!-- junit -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
-
- <dependency>
<groupId>org.jboss.microcontainer</groupId>
<artifactId>jboss-kernel</artifactId>
<scope>test</scope>
</dependency>
+ <!-- test dependencies -->
+ <!-- jboss xacml -->
<dependency>
- <groupId>org.jboss.security.authz</groupId>
- <artifactId>jboss-authz-policy-server</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/provisioning/HttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/provisioning/HttpPolicyConfig.java 2009-01-31
21:46:59 UTC (rev 12758)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/provisioning/HttpPolicyConfig.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -43,7 +43,7 @@
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
-import org.jboss.security.authz.provisioning.policy.HierarchialPolicy;
+import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
import org.jboss.security.authz.provisioning.spi.PolicyConfig;
/**
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java 2009-01-31
21:46:59 UTC (rev 12758)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -46,11 +46,12 @@
public void testPolicyDeploy() throws Exception
{
- PolicyDeployer httpPolicyDeployer =
(PolicyDeployer)Server.lookup("http://PolicyDeployer");
+ PolicyDeployer policyDeployer =
(PolicyDeployer)Server.lookup("/http-profile/PolicyDeployer");
-
httpPolicyDeployer.deploy(Thread.currentThread().getContextClassLoader().getResource("http-policy.xml"));
+
policyDeployer.deploy(Thread.currentThread().getContextClassLoader().getResource("http-policy.xml"));
- Policy[] policies = httpPolicyDeployer.getStore().readAllPolicies();
+ Policy[] policies = policyDeployer.getStore().readAllPolicies();
+ this.assertTrue("Should not be empty", policies != null &&
policies.length>0);
for(int i=0; i<policies.length; i++)
{
log.info("-------------------------------------------------------------");
Modified:
modules/authorization/trunk/http-profile/src/test/resources/META-INF/jboss-beans.xml
===================================================================
---
modules/authorization/trunk/http-profile/src/test/resources/META-INF/jboss-beans.xml 2009-01-31
21:46:59 UTC (rev 12758)
+++
modules/authorization/trunk/http-profile/src/test/resources/META-INF/jboss-beans.xml 2009-01-31
23:57:18 UTC (rev 12759)
@@ -2,13 +2,12 @@
<deployment
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:jboss:bean-deployer:2.0
bean-deployer_2_0.xsd"
- xmlns="urn:jboss:bean-deployer:2.0">
-
- <bean name="http://PolicyDeployer"
class="org.jboss.security.authz.provisioning.policy.PolicyDeployer">
- <property name="configuration"><inject
bean="http://PolicyConfig"/></property>
- <property name="store"><inject
bean="http://PolicyStore"/></property>
- </bean>
+ xmlns="urn:jboss:bean-deployer:2.0">
+ <bean name="/http-profile/PolicyConfig"
class="org.jboss.security.authz.http.provisioning.HttpPolicyConfig"/>
+ <bean name="/http-profile/PolicyStore"
class="org.jboss.security.authz.http.provisioning.HttpPolicyStore"/>
- <bean name="http://PolicyConfig"
class="org.jboss.security.authz.http.provisioning.HttpPolicyConfig"/>
- <bean name="http://PolicyStore"
class="org.jboss.security.authz.http.provisioning.HttpPolicyStore"/>
+ <bean name="/http-profile/PolicyDeployer"
class="org.jboss.security.authz.provisioning.policy.PolicyDeployer">
+ <property name="configuration"><inject
bean="/http-profile/PolicyConfig"/></property>
+ <property name="store"><inject
bean="/http-profile/PolicyStore"/></property>
+ </bean>
</deployment>
\ No newline at end of file
Modified: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml 2009-01-31 21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/policy-server/pom.xml 2009-01-31 23:57:18 UTC (rev 12759)
@@ -18,53 +18,29 @@
<groupId>org.jboss.security.authz</groupId>
<artifactId>jboss-authz-common</artifactId>
<version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.security.authz</groupId>
- <artifactId>jboss-authz-provisioning</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.security.authz</groupId>
- <artifactId>jboss-authz-decision-point</artifactId>
- <version>${project.version}</version>
- </dependency>
+ </dependency>
<!-- jboss xacml -->
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-xacml</artifactId>
</dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-sunxacml</artifactId>
- </dependency>
-
- <!-- sun jaxb -->
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-xjc</artifactId>
- </dependency>
-
+
<!-- jboss microcontainer -->
<dependency>
<groupId>org.jboss.microcontainer</groupId>
<artifactId>jboss-kernel</artifactId>
</dependency>
- <!-- junit -->
+ <!-- Drools -->
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-compiler</artifactId>
+ </dependency>
</dependencies>
<build>
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/plugin/DroolsFunction.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,113 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.List;
+import java.util.ArrayList;
+
+import org.drools.RuleBase;
+import org.drools.WorkingMemory;
+
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.cond.EvaluationResult;
+import org.jboss.security.xacml.sunxacml.cond.FunctionBase;
+import org.jboss.security.xacml.sunxacml.ctx.Status;
+import org.jboss.security.xacml.sunxacml.attr.BooleanAttribute;
+
+/**
+ * A custom XACML Function which is used to evaluate an XACML Condition based on the
Evaluation Results of a specified Business Rule based on the
+ * Drools/JBoss Rules product
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class DroolsFunction extends FunctionBase
+{
+ public static final String NAME = FUNCTION_NS + "drools:rule";
+
+ /**
+ *
+ * @param functionName
+ * @param functionId
+ * @param paramType
+ * @param paramIsBag
+ * @param numParams
+ * @param minParams
+ * @param returnType
+ * @param returnsBag
+ */
+ public DroolsFunction()
+ {
+ super(NAME,
+ 0, //FunctionId
+ BooleanAttribute.identifier, //returnType
+ false //returns a Bag of values
+ );
+ }
+
+
+ @Override
+ public void checkInputs(List inputs) throws IllegalArgumentException
+ {
+ if(inputs != null && inputs.size() != 1)
+ {
+ throw new IllegalArgumentException(NAME+ " function expects on a single
parameter which is a reference to a Drools Rule");
+ }
+ }
+
+
+
+ @Override
+ public void checkInputsNoBag(List inputs) throws IllegalArgumentException
+ {
+ if(inputs != null && inputs.size() != 1)
+ {
+ throw new IllegalArgumentException(NAME+ " function expects on a single
parameter which is a reference to a Drools Rule");
+ }
+ }
+
+
+ /**
+ *
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context)
+ {
+ EvaluationResult result = null;
+ try
+ {
+
+ /**
+ * TODO: start a Drools context and evaluate the specified Rule against the data
presented in the EvaluationContext
+ */
+ result = EvaluationResult.getTrueInstance();
+ }
+ catch(Exception e)
+ {
+ List code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, e.toString()+": "+e.getMessage());
+ result = new EvaluationResult(status);
+ }
+ return result;
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsFunction.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/plugin/DroolsRuleManager.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,203 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.io.ByteArrayInputStream;
+import java.util.Map;
+import java.util.HashMap;
+
+import org.drools.RuleBase;
+import org.drools.RuleBaseFactory;
+import org.drools.compiler.PackageBuilder;
+
+import org.jboss.security.authz.model.DroolsRuleExpression;
+
+/**
+ * This service provides management for Drools based authorization Rules/Logic used by
the Drools Function extension of the XACML Engine
+ *
+ * TODO: Add Database Persistence to the State of this Manager
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public final class DroolsRuleManager
+{
+ private static String rulePkg =
+ "package security\n"+
+ "import org.jboss.security.authz.model.*;\n"+
+ "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
+
+ private RuleBase activeRuleBase = null;
+ private Map<String, String> drls = null;
+
+ public DroolsRuleManager()
+ {
+ }
+
+ public void start()
+ {
+ try
+ {
+ this.drls = new HashMap<String, String>();
+ this.reloadActiveRuleBase();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void stop()
+ {
+ this.activeRuleBase = null;
+ this.drls = null;
+ }
+
//---------------------------------------------------------------------------------------------------------------------------------------------------------
+ RuleBase getActiveRuleBase()
+ {
+ return this.activeRuleBase;
+ }
+
+ void addRule(DroolsRuleExpression rule)
+ {
+ try
+ {
+ if(rule.getRuleReference() == null || rule.getRuleReference().trim().length() ==
0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+ if(rule.getWhen() == null || rule.getWhen().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("LHS value is missing");
+ }
+
+
+ this.drls.put(rule.getRuleReference(), rule.getWhen());
+ this.reloadActiveRuleBase();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ DroolsRuleExpression readRule(String ruleReference)
+ {
+ try
+ {
+ if(ruleReference == null || ruleReference.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+
+ DroolsRuleExpression rule = null;
+
+ String when = this.drls.get(ruleReference);
+
+ rule = new DroolsRuleExpression();
+ rule.setRuleReference(ruleReference);
+ rule.setWhen(when);
+
+ return rule;
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ void updateRule(DroolsRuleExpression rule)
+ {
+ try
+ {
+ if(rule.getRuleReference() == null || rule.getRuleReference().trim().length() ==
0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+ if(rule.getWhen() == null || rule.getWhen().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("LHS value is missing");
+ }
+
+ this.drls.put(rule.getRuleReference(), rule.getWhen());
+ this.reloadActiveRuleBase();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ void removeRule(String ruleReference)
+ {
+ try
+ {
+ if(ruleReference == null || ruleReference.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+
+ this.drls.remove(ruleReference);
+ this.reloadActiveRuleBase();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private synchronized void reloadActiveRuleBase() throws Exception
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(DroolsRuleManager.rulePkg+"\n");
+
+ for(String drl: this.drls.values())
+ {
+ buffer.append(drl+"\n");
+ }
+
+ Reader source = new InputStreamReader(new
ByteArrayInputStream(buffer.toString().getBytes()));
+ try
+ {
+ PackageBuilder packageBuilder = new PackageBuilder();
+ packageBuilder.addPackageFromDrl(source);
+
+ if(this.activeRuleBase == null)
+ {
+ this.activeRuleBase = RuleBaseFactory.newRuleBase();
+ }
+
+ //Perform the reloading of the RuleBase with the updated Rules
+ this.activeRuleBase.lock();
+ this.activeRuleBase.addPackage(packageBuilder.getPackage());
+ this.activeRuleBase.unlock();
+ }
+ finally
+ {
+ source.close();
+ }
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/DroolsRuleManager.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/plugin/EnterprisePolicyFinder.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,43 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
+
+/**
+ * A production ready Enterprise Policy Finder that would be used by the Policy
Server/PDP component.
+ *
+ * It is designed for being production ready from a performance/scalability/clustering
standpoint
+ *
+ * This particular version will provide performance enhancement by the use of a clustered
cache based on JBoss Cache
+ * The actual storage of the policies will be done within a relational database
+ *
+ * This also allows for runtime modification of Security Policies without requiring any
restart/refresh of the Applications
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public abstract class EnterprisePolicyFinder extends PolicyFinderModule
+{
+
+}
\ No newline at end of file
Property changes on:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/policy/HierarchialPolicy.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,283 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.List;
+import java.util.Set;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.UUID;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+import org.jboss.security.authz.xacml.PolicyUtil;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Target;
+
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.SubjectsType;
+import org.jboss.security.xacml.core.model.policy.SubjectType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+
+/**
+ * Used for specifying policies for Resources represented by unique URIs, sometimes
forming a tree like relationship with other Resources in the system
+ *
+ * An example of such resources would be tree of resources/nodes in a Content Management
System
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class HierarchialPolicy extends Policy
+{
+ /**
+ *
+ * @param policyUri
+ */
+ public HierarchialPolicy(String policyUri)
+ {
+ super(policyUri);
+ }
+
+ public HierarchialPolicy(String policyUri, Target target, Set<Rule> rules)
throws PolicyException
+ {
+ super(policyUri, target, rules);
+ }
+
+
+ @Override
+ public String generateXACMLPolicy() throws PolicyException
+ {
+ ByteArrayOutputStream bos = null;
+ try
+ {
+ String xacmlXml = null;
+
+ //SetUp the Policy Header
+ ObjectFactory objectFactory = new ObjectFactory();
+ PolicyType policyType = new PolicyType();
+ policyType.setPolicyId(this.policyUri);
+ policyType.setVersion("2.0");
+ policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
+
+ TargetType targetType = new TargetType();
+ policyType.setTarget(targetType);
+
+ //Process Resource Matches as Targets for the Policy
+ List<AttributeExpression> resourceMatches =
this.target.getResourceMatches();
+ if(resourceMatches != null && !resourceMatches.isEmpty())
+ {
+ ResourcesType resourcesType = new ResourcesType();
+ targetType.setResources(resourcesType);
+ ResourceType resourceType = new ResourceType();
+
+ for(AttributeExpression resourceMatch: resourceMatches)
+ {
+ ResourceMatchType rmt = new ResourceMatchType();
+
+ rmt.setMatchId(resourceMatch.getFunctionId());
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute()));
+ rmt.setAttributeValue(PolicyAttributeFactory
+ .createStringAttributeType(resourceMatch.getAttribute().getValue()));
+
+ resourceType.getResourceMatch().add(rmt);
+ }
+
+ resourcesType.getResource().add(resourceType);
+ }
+
+ //Process the Policy Rules
+ if(this.rules != null && !this.rules.isEmpty())
+ {
+ for(Rule rule: this.rules)
+ {
+ RuleType ruleType = new RuleType();
+ ruleType.setRuleId(rule.getRuleId());
+ if(rule.getEffect() == Effect.PERMIT)
+ {
+ ruleType.setEffect(EffectType.PERMIT);
+ }
+ else
+ {
+ ruleType.setEffect(EffectType.DENY);
+ }
+
+ //Process the Rule Target
+ if(rule.getTarget() != null)
+ {
+ List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
+ List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
+ TargetType ruleTarget = new TargetType();
+
+ if(actionMatches != null && !actionMatches.isEmpty())
+ {
+ ruleTarget.setActions(this.generateRuleActions(actionMatches));
+ }
+
+ if(subjectMatches != null && !subjectMatches.isEmpty())
+ {
+ ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
+ }
+
+ ruleType.setTarget(ruleTarget);
+ }
+
+ //Process the Rule Expression/Condition
+ ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
+ ruleType.setCondition(condition);
+
+
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
+ }
+ }
+
+ bos = new ByteArrayOutputStream();
+ PolicyUtil.marshall(bos, policyType);
+ xacmlXml = new String(bos.toByteArray());
+
+ return xacmlXml;
+ }
+ catch(Exception e)
+ {
+ throw new PolicyException(e);
+ }
+ finally
+ {
+ if(bos != null)
+ {
+ try{bos.close();}catch(IOException ioe){}
+ }
+ }
+ }
+
+ private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
+ {
+ ActionsType actions = new ActionsType();
+
+ for(AttributeExpression action: actionMatches)
+ {
+ ActionType actionType = new ActionType();
+ ActionMatchType amct = new ActionMatchType();
+ amct.setMatchId(action.getFunctionId());
+
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute()));
+ actionType.getActionMatch().add(amct);
+ actions.getAction().add(actionType);
+ }
+
+ return actions;
+ }
+
+ private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
+ {
+ SubjectsType subjects = new SubjectsType();
+
+ for(AttributeExpression subject: subjectMatches)
+ {
+ SubjectType subjectType = new SubjectType();
+ SubjectMatchType match = new SubjectMatchType();
+ match.setMatchId(subject.getFunctionId());
+
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute()));
+ subjectType.getSubjectMatch().add(match);
+ subjects.getSubject().add(subjectType);
+ }
+
+ return subjects;
+ }
+
+ /**
+ *
+ * @param expression
+ * @return
+ */
+ private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
+ {
+ ConditionType condition = new ConditionType();
+
+ if(expression instanceof AttributeExpression)
+ {
+ AttributeExpression attributeExpression = (AttributeExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(attributeExpression.getFunctionId());
+
+ //Value to check against
+ AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
+ JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
+ apply.getExpression().add(jaxbAttrValue);
+
+ //Place within the Context where this Value should exist during an Authorization
Request
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute()));
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+ else if(expression instanceof DroolsRuleExpression)
+ {
+ DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(ruleExpression.getFunctionId());
+
+
+ VariableReferenceType ruleReference = new VariableReferenceType();
+ ruleReference.setVariableId(ruleExpression.getRuleReference());
+ JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
+ apply.getExpression().add(jaxbRuleReference);
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+
+ return condition;
+ }
+
+ private String generateUniqueId()
+ {
+ return UUID.randomUUID().toString();
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/NoPermitMeansDeniedAlg.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/plugin/NoPermitMeansDeniedAlg.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/NoPermitMeansDeniedAlg.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/NoPermitMeansDeniedAlg.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,83 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public NoPermitMeansDeniedAlg() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:nopermit-means-denied"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Result result = new Result(Result.DECISION_PERMIT);
+
+ Iterator rules = ruleElements.iterator();
+ boolean permitFound = false;
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ Result currentResult = rule.evaluate(context);
+
+ if(currentResult.getDecision() == Result.DECISION_PERMIT)
+ {
+ permitFound = true;
+ break;
+ }
+ }
+
+ if(!permitFound)
+ {
+ result = new Result(Result.DECISION_DENY);
+ }
+
+ return result;
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/NoPermitMeansDeniedAlg.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/RuleCombiningAlgImplies.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/plugin/RuleCombiningAlgImplies.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/RuleCombiningAlgImplies.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/RuleCombiningAlgImplies.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,69 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class RuleCombiningAlgImplies extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public RuleCombiningAlgImplies() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:cms-implies"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Iterator rules = ruleElements.iterator();
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ }
+
+ // if nothing returned Permit, then the alg returns Deny
+ return new Result(Result.DECISION_DENY);
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/RuleCombiningAlgImplies.java
___________________________________________________________________
Name: svn:mergeinfo
+
Added:
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:bean-deployer:2.0
bean-deployer_2_0.xsd"
+ xmlns="urn:jboss:bean-deployer:2.0">
+</deployment>
\ No newline at end of file
Copied:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsFunction.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/test/java/org/jboss/security/authz/provisioning/plugin/TestDroolsFunction.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsFunction.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsFunction.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,219 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.util.Set;
+import java.util.HashSet;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.AttributeValueType;
+import org.jboss.security.xacml.core.model.context.ObjectFactory;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.xacml.sunxacml.PDP;
+import org.jboss.security.xacml.sunxacml.ConfigurationStore;
+import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
+import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
+
+import org.jboss.security.authz.model.*;
+import org.jboss.security.authz.policy.server.plugin.DroolsFunction;
+
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestDroolsFunction extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestDroolsFunction.class);
+
+ private ConfigurationStore store = null;
+
+ protected void setUp() throws Exception
+ {
+ this.store = new ConfigurationStore(new
File("target/test-classes/pdp-config.xml"));
+ this.store.useDefaultFactories();
+
+ //Populate the HierarchialPolicy
+ Policy policy = this.getSimplePolicy();
+
+ String xacmlPolicy = policy.generateXACMLPolicy();
+
+
log.info("--------------------------------------------------------------------");
+ log.info(xacmlPolicy);
+
log.info("--------------------------------------------------------------------");
+
+ //Store this policy on the File System to use the File based Policy Module of the
PDP
+ FileOutputStream fos = null;
+ try
+ {
+ fos = new FileOutputStream(new File("simple-policy.xml"));
+ fos.write(xacmlPolicy.getBytes());
+ fos.flush();
+ }
+ finally
+ {
+ if(fos != null)
+ {
+ fos.close();
+ }
+ }
+ }
+
+ protected void tearDown() throws Exception
+ {
+ File file = new File("simple-policy.xml");
+ file.delete();
+ }
+
+
+ public void testSimplePolicy() throws Exception
+ {
+ //SetUp the PDP
+ PDP pdp = new PDP(this.store.getDefaultPDPConfig());
+
+ //SetUp the Authorization Request
+ RequestContext requestContext = this.createPermitRequestContext();
+ log.info("-----------------------------------");
+ requestContext.marshall(System.out);
+
+ //Process the Authorization Request
+ ResponseCtx response =
pdp.evaluate((RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX));
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ response.encode(System.out);
+
+ //Process the Authorization Response
+ ResponseContext responseContext =
RequestResponseContextFactory.createResponseContext();
+ responseContext.set(XACMLConstants.RESPONSE_CTX, response);
+ assertNotNull(responseContext);
+ assertEquals(responseContext.getDecision(), XACMLConstants.DECISION_PERMIT);
+ log.info("-----------------------------------");
+ log.info("Decision="+responseContext.getDecision());
+ }
+
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private RequestContext createPermitRequestContext() throws Exception
+ {
+ //Create ObjectFactory
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ //Create Subjects
+ SubjectType subject = objectFactory.createSubjectType();
+ AttributeType subjectAttribute = objectFactory.createAttributeType();
+ subjectAttribute.setAttributeId(XACMLConstants.ATTRIBUTEID_ROLE);
+ subjectAttribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ AttributeValueType subjectId = objectFactory.createAttributeValueType();
+ subjectId.getContent().add("developer");
+ subjectAttribute.getAttributeValue().add(subjectId);
+ subject.getAttribute().add(subjectAttribute);
+
+ //Create Resource
+ ResourceType resource = objectFactory.createResourceType();
+ AttributeType resourceAttribute = objectFactory.createAttributeType();
+ resourceAttribute.setAttributeId(XACMLConstants.ATTRIBUTEID_RESOURCE_ID);
+ resourceAttribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ AttributeValueType resourceId = objectFactory.createAttributeValueType();
+
resourceId.getContent().add("http://www.redhat.com/protected/index.h...;
+ resourceAttribute.getAttributeValue().add(resourceId);
+ resource.getAttribute().add(resourceAttribute);
+
+ //Create Action
+ ActionType action = objectFactory.createActionType();
+ AttributeType actionAttribute = objectFactory.createAttributeType();
+ actionAttribute.setAttributeId(XACMLConstants.ATTRIBUTEID_ACTION_ID);
+ actionAttribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ AttributeValueType actionId = objectFactory.createAttributeValueType();
+ actionId.getContent().add("WRITE");
+ actionAttribute.getAttributeValue().add(actionId);
+ action.getAttribute().add(actionAttribute);
+
+ //Create RequestContext
+ RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a RequestType
+ RequestType requestType = objectFactory.createRequestType();
+ requestType.getSubject().add(subject);
+ requestType.setAction(action);
+ requestType.getResource().add(resource);
+
+ //Spit out RequestContext
+ requestContext.setRequest(requestType);
+
+ return requestContext;
+ }
+
+ private Policy getSimplePolicy() throws Exception
+ {
+ //SetUp the Policy Target
+ Target target = new Target();
+ AttributeExpression resourceMatch = new AttributeExpression();
+ resourceMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
"http://www.redhat.com/protected/index.html");
+ resourceMatch.setAttribute(attribute);
+ target.addResourceMatch(resourceMatch);
+
+ //SetUp the Policy Rules
+ Set<Rule> rules = new HashSet<Rule>();
+ Rule writeRule = new Rule();
+
+ writeRule.setRuleId("write");
+ writeRule.setEffect(Effect.PERMIT);
+
+ Target ruleTarget = new Target();
+
+ AttributeExpression actionMatch = new AttributeExpression();
+ actionMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, "WRITE");
+ actionMatch.setAttribute(actionAttribute);
+ ruleTarget.addActionMatch(actionMatch);
+
+ writeRule.setTarget(ruleTarget);
+
+ DroolsRuleExpression ruleExpression = new DroolsRuleExpression();
+ ruleExpression.setFunctionId(DroolsFunction.NAME);
+ ruleExpression.setRuleReference("WriteRuleReference");
+ writeRule.setExpression(ruleExpression);
+
+ rules.add(writeRule);
+
+ //Populate the HierarchialPolicy
+ HierarchialPolicy policy = new
HierarchialPolicy("simpleHierarchialPolicy", target, rules);
+
+ return policy;
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsFunction.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/test/java/org/jboss/security/authz/provisioning/plugin/TestDroolsRuleManager.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,135 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+
+import junit.framework.TestCase;
+
+import org.drools.WorkingMemory;
+import org.drools.StatefulSession;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestDroolsRuleManager extends TestCase
+{
+ private static final String rule1 =
+ "rule \"Rule1\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule1\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule1 successfully fired\");\n"+
+ "end\n";
+
+ private static final String rule2 =
+ "rule \"Rule2\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule2\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule2 successfully fired\");\n"+
+ "end\n";
+
+
+ private DroolsRuleManager ruleManager = null;
+
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ this.ruleManager = new DroolsRuleManager();
+ this.ruleManager.start();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.ruleManager = null;
+ }
+
//------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAddRule() throws Exception
+ {
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference("Rule2");
+ expression.setWhen(TestDroolsRuleManager.rule2);
+ this.ruleManager.addRule(expression);
+
+ WorkingMemory workingMemory =
ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ expression.setRuleReference("Rule1");
+ expression.setWhen(TestDroolsRuleManager.rule1);
+ this.ruleManager.addRule(expression);
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule1");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule1........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ //Create a Role Attribute
+ Attribute attribute = new Attribute();
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
+ attribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING);
+ attribute.setValue("developer");
+ subject.addAttribute(attribute);
+
+ return subject;
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRuleManager.java
___________________________________________________________________
Name: svn:mergeinfo
+
Copied:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java
(from rev 12740,
modules/authorization/trunk/provisioning/src/test/java/org/jboss/security/authz/provisioning/plugin/TestDroolsRules.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,134 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+
+import junit.framework.TestCase;
+
+import org.drools.WorkingMemory;
+import org.drools.StatefulSession;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestDroolsRules extends TestCase
+{
+ private static final String rule2 =
+ "rule \"Rule2\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule2\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule2 successfully fired\");\n"+
+ "end\n";
+
+ private static final String rule1 =
+ "rule \"Rule1\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule1\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule1 successfully fired\");\n"+
+ "end\n";
+
+ private DroolsRuleManager ruleManager = null;
+
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ this.ruleManager = new DroolsRuleManager();
+ this.ruleManager.start();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.ruleManager = null;
+ }
+
//------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAddRule() throws Exception
+ {
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference("Rule2");
+ expression.setWhen(TestDroolsRules.rule2);
+ this.ruleManager.addRule(expression);
+
+ WorkingMemory workingMemory =
ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ expression.setRuleReference("Rule1");
+ expression.setWhen(TestDroolsRules.rule1);
+ this.ruleManager.addRule(expression);
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule1");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule1........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ //Create a Role Attribute
+ Attribute attribute = new Attribute();
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
+ attribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING);
+ attribute.setValue("developer");
+ subject.addAttribute(attribute);
+
+ return subject;
+ }
+}
Property changes on:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestDroolsRules.java
___________________________________________________________________
Name: svn:mergeinfo
+
Added: modules/authorization/trunk/policy-server/src/test/resources/log4j.properties
===================================================================
--- modules/authorization/trunk/policy-server/src/test/resources/log4j.properties
(rev 0)
+++
modules/authorization/trunk/policy-server/src/test/resources/log4j.properties 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,8 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=INFO, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
Added: modules/authorization/trunk/policy-server/src/test/resources/pdp-config.xml
===================================================================
--- modules/authorization/trunk/policy-server/src/test/resources/pdp-config.xml
(rev 0)
+++ modules/authorization/trunk/policy-server/src/test/resources/pdp-config.xml 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<config
xmlns="http://sunxacml.sourceforge.net/schema/config-0.3"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ defaultPDP="pdp" defaultAttributeFactory="attr"
+ defaultCombiningAlgFactory="comb"
defaultFunctionFactory="func">
+
+ <pdp name="pdp">
+ <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule"/>
+ <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule"/>
+ <policyFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.FilePolicyModule">
+ <list>
+ <string>simple-policy.xml</string>
+ </list>
+ </policyFinderModule>
+ </pdp>
+
+ <attributeFactory name="attr" useStandardDatatypes="true"/>
+
+ <combiningAlgFactory name="comb"
useStandardAlgorithms="true">
+ <algorithm
class="org.jboss.security.authz.policy.server.plugin.NoPermitMeansDeniedAlg"/>
+ </combiningAlgFactory>
+
+ <functionFactory name="func" useStandardFunctions="true">
+ <condition>
+ <function
class="org.jboss.security.authz.policy.server.plugin.DroolsFunction"/>
+ </condition>
+ </functionFactory>
+</config>
Added:
modules/authorization/trunk/policy-server/src/test/resources/rules/add-security.drl
===================================================================
--- modules/authorization/trunk/policy-server/src/test/resources/rules/add-security.drl
(rev 0)
+++
modules/authorization/trunk/policy-server/src/test/resources/rules/add-security.drl 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,26 @@
+package test.security
+
+import java.lang.*;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+
+rule "Rule1"
+ when
+ $subject: Subject()
+ String(toString == "Rule1")
+ Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)
+ Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
"developer") from $subject.attributes
+ then
+ System.out.println("Rule1 (Updated)....");
+end
+
+rule "Rule2"
+ when
+ $subject: Subject()
+ String(toString == "Rule2")
+ Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)
+ Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
"developer") from $subject.attributes
+ then
+ System.out.println("Rule2....");
+end
\ No newline at end of file
Added:
modules/authorization/trunk/policy-server/src/test/resources/rules/test-security.drl
===================================================================
--- modules/authorization/trunk/policy-server/src/test/resources/rules/test-security.drl
(rev 0)
+++
modules/authorization/trunk/policy-server/src/test/resources/rules/test-security.drl 2009-01-31
23:57:18 UTC (rev 12759)
@@ -0,0 +1,16 @@
+package test.security
+
+import java.lang.*;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+
+rule "Rule1"
+ when
+ $subject: Subject()
+ String(toString == "Rule1")
+ Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)
+ Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
"developer") from $subject.attributes
+ then
+ System.out.println("Rule1....");
+end
\ No newline at end of file
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2009-01-31 21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/pom.xml 2009-01-31 23:57:18 UTC (rev 12759)
@@ -227,6 +227,13 @@
<artifactId>activation</artifactId>
<scope>test</scope>
</dependency>
+
+ <!-- junit -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
Modified: modules/authorization/trunk/provisioning/pom.xml
===================================================================
--- modules/authorization/trunk/provisioning/pom.xml 2009-01-31 21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/provisioning/pom.xml 2009-01-31 23:57:18 UTC (rev 12759)
@@ -18,53 +18,7 @@
<groupId>org.jboss.security.authz</groupId>
<artifactId>jboss-authz-common</artifactId>
<version>${project.version}</version>
- </dependency>
-
- <!-- jboss xacml -->
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-xacml</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-sunxacml</artifactId>
- </dependency>
-
- <!-- sun jaxb -->
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-xjc</artifactId>
- </dependency>
-
- <!-- Drools -->
- <dependency>
- <groupId>org.drools</groupId>
- <artifactId>drools-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.drools</groupId>
- <artifactId>drools-compiler</artifactId>
- </dependency>
-
- <!-- JBoss Microcontainer -->
- <dependency>
- <groupId>org.jboss.microcontainer</groupId>
- <artifactId>jboss-kernel</artifactId>
- </dependency>
-
- <!-- junit -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
+ </dependency>
</dependencies>
<build>
@@ -74,8 +28,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestIdentity.java</include>
+ <includes>
</includes>
</configuration>
</plugin>
Deleted:
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/policy/HierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/policy/HierarchialPolicy.java 2009-01-31
21:46:59 UTC (rev 12758)
+++
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/policy/HierarchialPolicy.java 2009-01-31
23:57:18 UTC (rev 12759)
@@ -1,284 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.provisioning.policy;
-
-import java.util.List;
-import java.util.Set;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.UUID;
-
-import javax.xml.bind.JAXBElement;
-
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.Target;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.DroolsRuleExpression;
-import org.jboss.security.authz.model.Expression;
-import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
-import org.jboss.security.authz.xacml.PolicyUtil;
-import org.jboss.security.authz.provisioning.plugin.NoPermitMeansDeniedAlg;
-
-import org.jboss.security.xacml.core.model.policy.ActionMatchType;
-import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
-import org.jboss.security.xacml.core.model.policy.ApplyType;
-import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
-import org.jboss.security.xacml.core.model.policy.EffectType;
-import org.jboss.security.xacml.core.model.policy.PolicyType;
-import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
-import org.jboss.security.xacml.core.model.policy.ResourcesType;
-import org.jboss.security.xacml.core.model.policy.ResourceType;
-import org.jboss.security.xacml.core.model.policy.ActionsType;
-import org.jboss.security.xacml.core.model.policy.ActionType;
-import org.jboss.security.xacml.core.model.policy.SubjectsType;
-import org.jboss.security.xacml.core.model.policy.SubjectType;
-import org.jboss.security.xacml.core.model.policy.RuleType;
-import org.jboss.security.xacml.core.model.policy.TargetType;
-import org.jboss.security.xacml.core.model.policy.ConditionType;
-import org.jboss.security.xacml.core.model.policy.ObjectFactory;
-import org.jboss.security.xacml.core.model.policy.AttributeValueType;
-import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
-import org.jboss.security.xacml.factories.PolicyAttributeFactory;
-
-/**
- * Used for specifying policies for Resources represented by unique URIs, sometimes
forming a tree like relationship with other Resources in the system
- *
- * An example of such resources would be tree of resources/nodes in a Content Management
System
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class HierarchialPolicy extends Policy
-{
- /**
- *
- * @param policyUri
- */
- public HierarchialPolicy(String policyUri)
- {
- super(policyUri);
- }
-
- public HierarchialPolicy(String policyUri, Target target, Set<Rule> rules)
throws PolicyException
- {
- super(policyUri, target, rules);
- }
-
-
- @Override
- public String generateXACMLPolicy() throws PolicyException
- {
- ByteArrayOutputStream bos = null;
- try
- {
- String xacmlXml = null;
-
- //SetUp the Policy Header
- ObjectFactory objectFactory = new ObjectFactory();
- PolicyType policyType = new PolicyType();
- policyType.setPolicyId(this.policyUri);
- policyType.setVersion("2.0");
- policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
-
- TargetType targetType = new TargetType();
- policyType.setTarget(targetType);
-
- //Process Resource Matches as Targets for the Policy
- List<AttributeExpression> resourceMatches =
this.target.getResourceMatches();
- if(resourceMatches != null && !resourceMatches.isEmpty())
- {
- ResourcesType resourcesType = new ResourcesType();
- targetType.setResources(resourcesType);
- ResourceType resourceType = new ResourceType();
-
- for(AttributeExpression resourceMatch: resourceMatches)
- {
- ResourceMatchType rmt = new ResourceMatchType();
-
- rmt.setMatchId(resourceMatch.getFunctionId());
-
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute()));
- rmt.setAttributeValue(PolicyAttributeFactory
- .createStringAttributeType(resourceMatch.getAttribute().getValue()));
-
- resourceType.getResourceMatch().add(rmt);
- }
-
- resourcesType.getResource().add(resourceType);
- }
-
- //Process the Policy Rules
- if(this.rules != null && !this.rules.isEmpty())
- {
- for(Rule rule: this.rules)
- {
- RuleType ruleType = new RuleType();
- ruleType.setRuleId(rule.getRuleId());
- if(rule.getEffect() == Effect.PERMIT)
- {
- ruleType.setEffect(EffectType.PERMIT);
- }
- else
- {
- ruleType.setEffect(EffectType.DENY);
- }
-
- //Process the Rule Target
- if(rule.getTarget() != null)
- {
- List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
- List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
- TargetType ruleTarget = new TargetType();
-
- if(actionMatches != null && !actionMatches.isEmpty())
- {
- ruleTarget.setActions(this.generateRuleActions(actionMatches));
- }
-
- if(subjectMatches != null && !subjectMatches.isEmpty())
- {
- ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
- }
-
- ruleType.setTarget(ruleTarget);
- }
-
- //Process the Rule Expression/Condition
- ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
- ruleType.setCondition(condition);
-
-
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
- }
- }
-
- bos = new ByteArrayOutputStream();
- PolicyUtil.marshall(bos, policyType);
- xacmlXml = new String(bos.toByteArray());
-
- return xacmlXml;
- }
- catch(Exception e)
- {
- throw new PolicyException(e);
- }
- finally
- {
- if(bos != null)
- {
- try{bos.close();}catch(IOException ioe){}
- }
- }
- }
-
- private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
- {
- ActionsType actions = new ActionsType();
-
- for(AttributeExpression action: actionMatches)
- {
- ActionType actionType = new ActionType();
- ActionMatchType amct = new ActionMatchType();
- amct.setMatchId(action.getFunctionId());
-
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
-
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute()));
- actionType.getActionMatch().add(amct);
- actions.getAction().add(actionType);
- }
-
- return actions;
- }
-
- private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
- {
- SubjectsType subjects = new SubjectsType();
-
- for(AttributeExpression subject: subjectMatches)
- {
- SubjectType subjectType = new SubjectType();
- SubjectMatchType match = new SubjectMatchType();
- match.setMatchId(subject.getFunctionId());
-
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
-
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute()));
- subjectType.getSubjectMatch().add(match);
- subjects.getSubject().add(subjectType);
- }
-
- return subjects;
- }
-
- /**
- *
- * @param expression
- * @return
- */
- private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
- {
- ConditionType condition = new ConditionType();
-
- if(expression instanceof AttributeExpression)
- {
- AttributeExpression attributeExpression = (AttributeExpression)expression;
-
- //Function to be applied
- ApplyType apply = new ApplyType();
- apply.setFunctionId(attributeExpression.getFunctionId());
-
- //Value to check against
- AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
- JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
- apply.getExpression().add(jaxbAttrValue);
-
- //Place within the Context where this Value should exist during an Authorization
Request
-
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute()));
-
-
- condition.setExpression(objectFactory.createApply(apply));
- }
- else if(expression instanceof DroolsRuleExpression)
- {
- DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
-
- //Function to be applied
- ApplyType apply = new ApplyType();
- apply.setFunctionId(ruleExpression.getFunctionId());
-
-
- VariableReferenceType ruleReference = new VariableReferenceType();
- ruleReference.setVariableId(ruleExpression.getRuleReference());
- JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
- apply.getExpression().add(jaxbRuleReference);
-
-
- condition.setExpression(objectFactory.createApply(apply));
- }
-
- return condition;
- }
-
- private String generateUniqueId()
- {
- return UUID.randomUUID().toString();
- }
-}
Deleted: modules/authorization/trunk/provisioning/src/test/resources/pdp-config.xml
===================================================================
--- modules/authorization/trunk/provisioning/src/test/resources/pdp-config.xml 2009-01-31
21:46:59 UTC (rev 12758)
+++ modules/authorization/trunk/provisioning/src/test/resources/pdp-config.xml 2009-01-31
23:57:18 UTC (rev 12759)
@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<config
xmlns="http://sunxacml.sourceforge.net/schema/config-0.3"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- defaultPDP="pdp" defaultAttributeFactory="attr"
- defaultCombiningAlgFactory="comb"
defaultFunctionFactory="func">
-
- <pdp name="pdp">
- <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule"/>
- <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule"/>
- <policyFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.FilePolicyModule">
- <list>
- <string>simple-policy.xml</string>
- </list>
- </policyFinderModule>
- </pdp>
-
- <attributeFactory name="attr" useStandardDatatypes="true"/>
-
- <combiningAlgFactory name="comb"
useStandardAlgorithms="true">
- <algorithm
class="org.jboss.security.authz.pap.plugin.NoPermitMeansDeniedAlg"/>
- </combiningAlgFactory>
-
- <functionFactory name="func" useStandardFunctions="true">
- <condition>
- <function
class="org.jboss.security.authz.pap.plugin.DroolsFunction"/>
- </condition>
- </functionFactory>
-</config>