JBoss Portal SVN: r12355 - in modules/authorization/trunk: PAP/src/test/java/org/jboss/security/authz/pap/hierarchial and 1 other directories.
4:02 p.m.
Author: sohil.shah(a)jboss.com
Date: 2008-12-05 17:02:03 -0500 (Fri, 05 Dec 2008)
New Revision: 12355
Modified:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java
Log:
code backup
Modified:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java 2008-12-05
20:51:00 UTC (rev 12354)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java 2008-12-05
22:02:03 UTC (rev 12355)
@@ -29,6 +29,7 @@
import javax.xml.bind.JAXBElement;
+import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
@@ -42,6 +43,7 @@
import org.jboss.security.authz.xacml.PolicyUtil;
import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
import org.jboss.security.xacml.core.model.policy.ApplyType;
import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
import org.jboss.security.xacml.core.model.policy.EffectType;
@@ -51,11 +53,14 @@
import org.jboss.security.xacml.core.model.policy.ResourceType;
import org.jboss.security.xacml.core.model.policy.ActionsType;
import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.SubjectsType;
+import org.jboss.security.xacml.core.model.policy.SubjectType;
import org.jboss.security.xacml.core.model.policy.RuleType;
import org.jboss.security.xacml.core.model.policy.TargetType;
import org.jboss.security.xacml.core.model.policy.ConditionType;
import org.jboss.security.xacml.core.model.policy.ObjectFactory;
import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
import org.jboss.security.xacml.factories.PolicyAttributeFactory;
/**
@@ -68,6 +73,15 @@
*/
public class HierarchialPolicy extends Policy
{
+ /**
+ *
+ * @param policyUri
+ */
+ public HierarchialPolicy(String policyUri)
+ {
+ super(policyUri);
+ }
+
public HierarchialPolicy(String policyUri, Target target, Set<Rule> rules)
throws PolicyException
{
super(policyUri, target, rules);
@@ -140,11 +154,20 @@
if(rule.getTarget() != null)
{
List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
+ List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
+ TargetType ruleTarget = new TargetType();
+
if(actionMatches != null && !actionMatches.isEmpty())
+ {
+ ruleTarget.setActions(this.generateRuleActions(actionMatches));
+ }
+
+ if(subjectMatches != null && !subjectMatches.isEmpty())
{
- TargetType ruleTarget = this.generateRuleActions(actionMatches);
- ruleType.setTarget(ruleTarget);
+ ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
}
+
+ ruleType.setTarget(ruleTarget);
}
//Process the Rule Expression/Condition
@@ -174,11 +197,10 @@
}
}
- private TargetType generateRuleActions(List<AttributeExpression> actionMatches)
+ private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
{
- TargetType target = new TargetType();
+ ActionsType actions = new ActionsType();
- ActionsType actions = new ActionsType();
for(AttributeExpression action: actionMatches)
{
ActionType actionType = new ActionType();
@@ -190,10 +212,27 @@
actions.getAction().add(actionType);
}
- target.setActions(actions);
- return target;
+ return actions;
}
+ private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
+ {
+ SubjectsType subjects = new SubjectsType();
+
+ for(AttributeExpression subject: subjectMatches)
+ {
+ SubjectType subjectType = new SubjectType();
+ SubjectMatchType match = new SubjectMatchType();
+ match.setMatchId(subject.getFunctionId());
+
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute()));
+ subjectType.getSubjectMatch().add(match);
+ subjects.getSubject().add(subjectType);
+ }
+
+ return subjects;
+ }
+
/**
*
* @param expression
@@ -242,4 +281,76 @@
return condition;
}
+ //---------More Developer Friendly
API-------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Specifies that this Hierarchial Policy should be applied the specified unique
Resource Uri
+ *
+ * @param resourceUri Unique identifier for the Resource being protected by this
Hierarchial Policy
+ */
+ public void setResourceCriteria(String resourceUri)
+ {
+ if(resourceUri == null || resourceUri.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Resource Criteria cannot be
Empty");
+ }
+
+ Target target = new Target();
+
target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdExpression(resourceUri));
+ this.target = target;
+ }
+
+ /**
+ * Specifies a Policy Rule that must be applied to the specified "action"
such that the specified "role" should be allowed
+ * to execute this "action" on the Resource protected by this Policy
instance
+ *
+ * @param action Action for which this Rule applies
+ * @param role the Role that is permitted to execute this Action
+ */
+ public void setPermitCriteria(String action, String role)
+ {
+ Rule permitRule = new Rule();
+ Target ruleTarget = new Target();
+
+ permitRule.setRuleId(action);
+ permitRule.setEffect(Effect.PERMIT);
+ permitRule.setTarget(ruleTarget);
+
+ //Create an Action Match Function
+
ruleTarget.addActionMatch(ExpressionBuilder.getInstance().createActionExpression(action));
+
+ //Create a Subject Match Function
+
ruleTarget.addSubjectMatch(ExpressionBuilder.getInstance().createBelongsToRoleExpression(role));
+
+ //Add the Rule to the Policy
+ this.rules.add(permitRule);
+ }
+
+ /**
+ * Specifies a Policy Rule that must be applied to the specified "action"
such that the Authenticated User will be permitted to
+ * execute it if he/she belongs to any of the specified "roles"
+ *
+ * @param action Action for which this Rule applies
+ * @param roles a list of permitted roles for this Action
+ */
+ public void setPermitCriteria(String action, String[] roles)
+ {
+ Rule permitRule = new Rule();
+ Target ruleTarget = new Target();
+
+ permitRule.setRuleId(action);
+ permitRule.setEffect(Effect.PERMIT);
+ permitRule.setTarget(ruleTarget);
+
+ //Create an Action Match Function
+
ruleTarget.addActionMatch(ExpressionBuilder.getInstance().createActionExpression(action));
+
+ //Create a Subject Match Function
+ for(int i=0; i<roles.length; i++)
+ {
+
ruleTarget.addSubjectMatch(ExpressionBuilder.getInstance().createBelongsToRoleExpression(roles[i]));
+ }
+
+ //Add the Rule to the Policy
+ this.rules.add(permitRule);
+ }
}
Modified:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java 2008-12-05
20:51:00 UTC (rev 12354)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java 2008-12-05
22:02:03 UTC (rev 12355)
@@ -52,40 +52,30 @@
*
*/
public void testSimplePolicy() throws Exception
- {
- //SetUp the Policy Target
- Target target = new Target();
- for(int i=0; i<1; i++)
- {
-
target.addResourceMatch(ExpressionBuilder.getInstance().createResourceIdE...;
- }
-
- //SetUp the Policy Rules
- Set<Rule> rules = new HashSet<Rule>();
- Rule writeRule = new Rule();
+ {
+ //Populate the HierarchialPolicy
+ HierarchialPolicy policy = new
HierarchialPolicy("simpleHierarchialPolicy");
+
policy.setResourceCriteria("http://www.redhat.com/protected/index.ht...;
+ policy.setPermitCriteria("Write", "developer");
- writeRule.setRuleId("write");
- writeRule.setEffect(Effect.PERMIT);
+ String xacmlPolicy = policy.generateXACMLPolicy();
- Target ruleTarget = new Target();
-
- for(int i=0; i<5; i++)
- {
-
ruleTarget.addActionMatch(ExpressionBuilder.getInstance().createActionExpression("WRITE:/"+i));
- }
- writeRule.setTarget(ruleTarget);
-
-
writeRule.setExpression(ExpressionBuilder.getInstance().createRoleExpression("developer"));
-
- rules.add(writeRule);
-
+
log.info("--------------------------------------------------------------------");
+ log.info(xacmlPolicy);
+
log.info("--------------------------------------------------------------------");
+ }
+
+ public void testMultiRolePolicy() throws Exception
+ {
//Populate the HierarchialPolicy
- HierarchialPolicy policy = new
HierarchialPolicy("simpleHierarchialPolicy", target, rules);
+ HierarchialPolicy policy = new
HierarchialPolicy("simpleHierarchialPolicy");
+
policy.setResourceCriteria("http://www.redhat.com/protected/index.ht...;
+ policy.setPermitCriteria("Write", new String[]{"developer",
"designer", "sysadmin"});
String xacmlPolicy = policy.generateXACMLPolicy();
log.info("--------------------------------------------------------------------");
log.info(xacmlPolicy);
-
log.info("--------------------------------------------------------------------");
+
log.info("--------------------------------------------------------------------");
}
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2008-12-05
20:51:00 UTC (rev 12354)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2008-12-05
22:02:03 UTC (rev 12355)
@@ -155,18 +155,18 @@
* @param role Role of the Authenticated User
* @return an expression that will be used within the Policy Definition
*/
- public AttributeExpression createRoleExpression(String role)
+ public AttributeExpression createBelongsToRoleExpression(String role)
{
AttributeExpression expression = new AttributeExpression();
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
XMLSchemaConstants.DATATYPE_STRING, role);
expression.setAttribute(attribute);
return expression;
- }
+ }
//---------Environment
Expressions------------------------------------------------------------------------------------------------------------------------------
//---------Custom
Expressions-----------------------------------------------------------------------------------------------------------------------------------
/**
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java 2008-12-05
20:51:00 UTC (rev 12354)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java 2008-12-05
22:02:03 UTC (rev 12355)
@@ -23,6 +23,7 @@
package org.jboss.security.authz.model;
import java.util.Set;
+import java.util.HashSet;
/**
@@ -37,7 +38,22 @@
protected Target target = null;
protected Set<Rule> rules = null;
+ /**
+ *
+ * @param policyUri
+ */
+ public Policy(String policyUri)
+ {
+ if(policyUri == null)
+ {
+ throw new IllegalArgumentException("PolicyUri cannot be Null");
+ }
+
+ this.policyUri = policyUri;
+ this.rules = new HashSet<Rule>();
+ }
+
/**
*
*
@@ -90,6 +106,10 @@
public void setRules(Set<Rule> rules)
{
+ if(rules == null)
+ {
+ rules = new HashSet<Rule>();
+ }
this.rules = rules;
}
6361
days inactive
6361
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org