Author: sohil.shah(a)jboss.com
Date: 2009-05-16 12:03:40 -0400 (Sat, 16 May 2009)
New Revision: 13380
Added:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
Removed:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
Log:
refactoring
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -88,5 +88,5 @@
*
* @return XACML markup to represent this Policy
*/
- public abstract String generateXACMLPolicy() throws PolicyException;
+ public abstract String generateSystemPolicy() throws PolicyException;
}
Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -47,7 +47,7 @@
Policy policy = new MockPolicy("testGetURLTargetNoParameters",
httpResource.getPolicyMetaData());
log.info("------------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
public void testGetURLTargetWithParameters() throws Exception
@@ -61,7 +61,7 @@
Policy policy = new MockPolicy("testGetURLTargetWithParameters",
httpResource.getPolicyMetaData());
log.info("------------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
public void testRoleRules() throws Exception
@@ -76,7 +76,7 @@
Policy policy = new MockPolicy("testRoleRules",
httpResource.getPolicyMetaData());
log.info("------------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
public void testIPRules() throws Exception
@@ -91,7 +91,7 @@
Policy policy = new MockPolicy("testIPRules",
httpResource.getPolicyMetaData());
log.info("------------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
public void testURLPattern() throws Exception
@@ -106,6 +106,6 @@
Policy policy = new MockPolicy("testURLPattern",
httpResource.getPolicyMetaData());
log.info("------------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
}
Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -58,7 +58,7 @@
Policy policy = new MockPolicy("testGetAllowIdentityRule", metadata);
log.info("----------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
public void testDeny() throws Exception
@@ -78,7 +78,7 @@
Policy policy = new MockPolicy("testGetDenyIdentityRule", metadata);
log.info("----------------------------------------------------------------");
- log.info(policy.generateXACMLPolicy());
+ log.info(policy.generateSystemPolicy());
}
public void testGetSubject() throws Exception
Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -80,7 +80,7 @@
@Override
- public String generateXACMLPolicy() throws PolicyException
+ public String generateSystemPolicy() throws PolicyException
{
ByteArrayOutputStream bos = null;
try
Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -41,7 +41,7 @@
import org.jboss.security.authz.components.resource.HttpResource;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
+import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
import org.jboss.security.authz.components.action.http.Get;
@@ -95,7 +95,7 @@
//Parse role constraints
this.parseRoles(policyResource,
securityConstraint.getElementsByTagName("roles"));
- cour.add(new HierarchialPolicy(GeneralTool.generateUniqueId(),
policyResource.getPolicyMetaData()));
+ cour.add(new XACMLPolicy(GeneralTool.generateUniqueId(),
policyResource.getPolicyMetaData()));
}
}
}
Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -106,7 +106,7 @@
log.debug("----------------------------------------------------------");
for(Policy policy: policies)
{
- log.debug(policy.generateXACMLPolicy());
+ log.debug(policy.generateSystemPolicy());
this.policyServer.newPolicy(policy.getMetaData());
}
log.debug("----------------------------------------------------------");
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -68,7 +68,7 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
//SetUp a Contextual HttpResource component representing an incoming request that needs
authorization
//where access should be granted
@@ -120,7 +120,7 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
//SetUp a Contextual HttpResource component representing an incoming request that needs
authorization
//where access should not be granted
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -66,7 +66,7 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/devspace/wiki.html"));
@@ -94,7 +94,7 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/devspace/wiki.html"));
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -89,7 +89,7 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
//Access Granted
this.enforce(this.createRequest("/prefix/url"), true);
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -75,7 +75,7 @@
for(int i=0; i<policies.length; i++)
{
- String xacmlPolicy = policies[i].generateXACMLPolicy();
+ String xacmlPolicy = policies[i].generateSystemPolicy();
this.policyServer.newPolicy(policies[i].getMetaData());
log.info("------------------------------------------------------");
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -33,7 +33,7 @@
import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint;
import org.jboss.security.authz.policy.server.spi.PolicyStore;
-import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
+import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
@@ -151,7 +151,7 @@
{
try
{
- Policy policy = new HierarchialPolicy(GeneralTool.generateUniqueId(),
policyMetaData);
+ Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(), policyMetaData);
//Save the policy in the Policy Store
this.policyStore.savePolicy(policy);
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -64,6 +64,7 @@
private PDP policyDecisionPoint;
private ConfigurationStore store;
+ private boolean debug;
public PolicyDecisionPoint()
{
@@ -129,6 +130,17 @@
this.policyDecisionPoint = null;
this.store = null;
}
+
+
+ public boolean isDebug()
+ {
+ return debug;
+ }
+
+ public void setDebug(boolean debug)
+ {
+ this.debug = debug;
+ }
//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
* Makes an Authorization Decision
@@ -250,8 +262,11 @@
//Check for explicit access control
RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
- requestContext.setRequest(xacmlRequest);
- requestContext.marshall(System.out);
+ requestContext.setRequest(xacmlRequest);
+ if(this.debug)
+ {
+ requestContext.marshall(System.out);
+ }
RequestCtx xacmlRequestCtx =
(RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX);
ResponseCtx xacmlResponseCtx = this.policyDecisionPoint.evaluate(xacmlRequestCtx);
@@ -259,7 +274,10 @@
ResponseContext responseContext =
RequestResponseContextFactory.createResponseContext();
responseContext.set(XACMLConstants.RESPONSE_CTX, xacmlResponseCtx);
- responseContext.marshall(System.out);
+ if(this.debug)
+ {
+ responseContext.marshall(System.out);
+ }
if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
{
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -69,7 +69,7 @@
ByteArrayInputStream bos = null;
try
{
- String xacmlPolicyStr = policy.generateXACMLPolicy();
+ String xacmlPolicyStr = policy.generateSystemPolicy();
bos = new ByteArrayInputStream(xacmlPolicyStr.getBytes());
Deleted:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -1,291 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.plugin;
-
-import java.util.List;
-import java.util.Set;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-
-import javax.xml.bind.JAXBElement;
-
-import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
-import org.jboss.security.authz.xacml.PolicyUtil;
-import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.DroolsRuleExpression;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Expression;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.xacml.core.model.policy.ActionMatchType;
-import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
-import org.jboss.security.xacml.core.model.policy.ApplyType;
-import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
-import org.jboss.security.xacml.core.model.policy.EffectType;
-import org.jboss.security.xacml.core.model.policy.PolicyType;
-import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
-import org.jboss.security.xacml.core.model.policy.ResourcesType;
-import org.jboss.security.xacml.core.model.policy.ResourceType;
-import org.jboss.security.xacml.core.model.policy.ActionsType;
-import org.jboss.security.xacml.core.model.policy.ActionType;
-import org.jboss.security.xacml.core.model.policy.SubjectsType;
-import org.jboss.security.xacml.core.model.policy.SubjectType;
-import org.jboss.security.xacml.core.model.policy.RuleType;
-import org.jboss.security.xacml.core.model.policy.TargetType;
-import org.jboss.security.xacml.core.model.policy.ConditionType;
-import org.jboss.security.xacml.core.model.policy.ObjectFactory;
-import org.jboss.security.xacml.core.model.policy.AttributeValueType;
-import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
-import org.jboss.security.xacml.factories.PolicyAttributeFactory;
-
-/**
- * TODO: Implement Hierarchial propagation feature.....such as Policy Inheritance, Policy
Overriding
- *
- * Usecases: A resource /blah/blah2/index, should inherit Overriden Policy from
/blah/blah2 (if found), or from /blah (if found)
- * /blah/blah2/index can also explicitly specify its own Policy which will
override any inherited policies from its parent
- */
-
-/**
- * Used for specifying policies for Resources represented by unique URIs, sometimes
forming a tree like relationship with other Resources in the system
- *
- * An example of such resources would be tree of resources/nodes in a Content Management
System
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class HierarchialPolicy extends Policy
-{
- public HierarchialPolicy(String policyUri, PolicyMetaData metaData) throws
PolicyException
- {
- super(policyUri, metaData);
- }
-
-
- @Override
- public String generateXACMLPolicy() throws PolicyException
- {
- ByteArrayOutputStream bos = null;
- try
- {
- String xacmlXml = null;
-
- //SetUp the Policy Header
- ObjectFactory objectFactory = new ObjectFactory();
- PolicyType policyType = new PolicyType();
- policyType.setPolicyId(this.policyUri);
- policyType.setVersion("2.0");
- policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
-
- TargetType targetType = new TargetType();
- policyType.setTarget(targetType);
-
- //Process Resource Matches as Targets for the Policy
- List<AttributeExpression> resourceMatches =
this.metaData.getTarget().getResourceMatches();
- if(resourceMatches != null && !resourceMatches.isEmpty())
- {
- ResourcesType resourcesType = new ResourcesType();
- targetType.setResources(resourcesType);
- ResourceType resourceType = new ResourceType();
-
- for(AttributeExpression resourceMatch: resourceMatches)
- {
- ResourceMatchType rmt = new ResourceMatchType();
-
- rmt.setMatchId(resourceMatch.getFunctionId());
-
-
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.
- designatorMustBePresent()));
-
- rmt.setAttributeValue(PolicyAttributeFactory
- .createStringAttributeType(resourceMatch.getAttribute().getValue()));
-
- resourceType.getResourceMatch().add(rmt);
- }
-
- resourcesType.getResource().add(resourceType);
- }
-
- //Process Action Matches as Targets for the Policy
- List<AttributeExpression> targetActionMatches =
this.metaData.getTarget().getActionMatches();
- if(targetActionMatches != null && !targetActionMatches.isEmpty())
- {
- ActionsType actionsType = this.generateRuleActions(targetActionMatches);
- targetType.setActions(actionsType);
- }
-
-
- //Process the Policy Rules
- Set<Rule> rules = this.metaData.getRules();
- if(rules != null && !rules.isEmpty())
- {
- for(Rule rule: rules)
- {
- RuleType ruleType = new RuleType();
- ruleType.setRuleId(rule.getRuleId());
- if(rule.getEffect() == Effect.PERMIT)
- {
- ruleType.setEffect(EffectType.PERMIT);
- }
- else
- {
- ruleType.setEffect(EffectType.DENY);
- }
-
- //Process the Rule Target
- if(rule.getTarget() != null)
- {
- List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
- List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
- TargetType ruleTarget = new TargetType();
-
- if(actionMatches != null && !actionMatches.isEmpty())
- {
- ruleTarget.setActions(this.generateRuleActions(actionMatches));
- }
-
- if(subjectMatches != null && !subjectMatches.isEmpty())
- {
- ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
- }
-
- ruleType.setTarget(ruleTarget);
- }
-
- //Process the Rule Expression/Condition
- if(rule.getExpression() != null)
- {
- ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
- ruleType.setCondition(condition);
- }
-
-
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
- }
- }
-
- bos = new ByteArrayOutputStream();
- PolicyUtil.marshall(bos, policyType);
- xacmlXml = new String(bos.toByteArray());
-
- return xacmlXml;
- }
- catch(Exception e)
- {
- throw new PolicyException(e);
- }
- finally
- {
- if(bos != null)
- {
- try{bos.close();}catch(IOException ioe){}
- }
- }
- }
-
- private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
- {
- ActionsType actions = new ActionsType();
-
- for(AttributeExpression action: actionMatches)
- {
- ActionType actionType = new ActionType();
- ActionMatchType amct = new ActionMatchType();
- amct.setMatchId(action.getFunctionId());
-
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
-
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
true));
- actionType.getActionMatch().add(amct);
- actions.getAction().add(actionType);
- }
-
- return actions;
- }
-
- private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
- {
- SubjectsType subjects = new SubjectsType();
-
- for(AttributeExpression subject: subjectMatches)
- {
- SubjectType subjectType = new SubjectType();
- SubjectMatchType match = new SubjectMatchType();
- match.setMatchId(subject.getFunctionId());
-
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
-
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
true));
- subjectType.getSubjectMatch().add(match);
- subjects.getSubject().add(subjectType);
- }
-
- return subjects;
- }
-
- /**
- *
- * @param expression
- * @return
- */
- private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
- {
- ConditionType condition = new ConditionType();
-
- if(expression instanceof AttributeExpression)
- {
- AttributeExpression attributeExpression = (AttributeExpression)expression;
-
- //Function to be applied
- ApplyType apply = new ApplyType();
- apply.setFunctionId(attributeExpression.getFunctionId());
-
- //Value to check against
- AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
- JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
- apply.getExpression().add(jaxbAttrValue);
-
- //Place within the Context where this Value should exist during an Authorization
Request
-
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
true));
-
-
- condition.setExpression(objectFactory.createApply(apply));
- }
- else if(expression instanceof DroolsRuleExpression)
- {
- DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
-
- //Function to be applied
- ApplyType apply = new ApplyType();
- apply.setFunctionId(ruleExpression.getFunctionId());
-
-
- VariableReferenceType ruleReference = new VariableReferenceType();
- ruleReference.setVariableId(ruleExpression.getRuleReference());
- JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
- apply.getExpression().add(jaxbRuleReference);
-
-
- condition.setExpression(objectFactory.createApply(apply));
- }
-
- return condition;
- }
-}
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
(from rev 13379,
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -0,0 +1,285 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.List;
+import java.util.Set;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+import org.jboss.security.authz.xacml.PolicyUtil;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.SubjectsType;
+import org.jboss.security.xacml.core.model.policy.SubjectType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+
+
+/**
+ * Used for mapping the Policy domain model to the system level Policy representation.
This particular instance maps the Policy domain model to
+ * XACML representation
+ *
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class XACMLPolicy extends Policy
+{
+ public XACMLPolicy(String policyUri, PolicyMetaData metaData) throws PolicyException
+ {
+ super(policyUri, metaData);
+ }
+
+
+ @Override
+ public String generateSystemPolicy() throws PolicyException
+ {
+ ByteArrayOutputStream bos = null;
+ try
+ {
+ String xacmlXml = null;
+
+ //SetUp the Policy Header
+ ObjectFactory objectFactory = new ObjectFactory();
+ PolicyType policyType = new PolicyType();
+ policyType.setPolicyId(this.policyUri);
+ policyType.setVersion("2.0");
+ policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
+
+ TargetType targetType = new TargetType();
+ policyType.setTarget(targetType);
+
+ //Process Resource Matches as Targets for the Policy
+ List<AttributeExpression> resourceMatches =
this.metaData.getTarget().getResourceMatches();
+ if(resourceMatches != null && !resourceMatches.isEmpty())
+ {
+ ResourcesType resourcesType = new ResourcesType();
+ targetType.setResources(resourcesType);
+ ResourceType resourceType = new ResourceType();
+
+ for(AttributeExpression resourceMatch: resourceMatches)
+ {
+ ResourceMatchType rmt = new ResourceMatchType();
+
+ rmt.setMatchId(resourceMatch.getFunctionId());
+
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.
+ designatorMustBePresent()));
+
+ rmt.setAttributeValue(PolicyAttributeFactory
+ .createStringAttributeType(resourceMatch.getAttribute().getValue()));
+
+ resourceType.getResourceMatch().add(rmt);
+ }
+
+ resourcesType.getResource().add(resourceType);
+ }
+
+ //Process Action Matches as Targets for the Policy
+ List<AttributeExpression> targetActionMatches =
this.metaData.getTarget().getActionMatches();
+ if(targetActionMatches != null && !targetActionMatches.isEmpty())
+ {
+ ActionsType actionsType = this.generateRuleActions(targetActionMatches);
+ targetType.setActions(actionsType);
+ }
+
+
+ //Process the Policy Rules
+ Set<Rule> rules = this.metaData.getRules();
+ if(rules != null && !rules.isEmpty())
+ {
+ for(Rule rule: rules)
+ {
+ RuleType ruleType = new RuleType();
+ ruleType.setRuleId(rule.getRuleId());
+ if(rule.getEffect() == Effect.PERMIT)
+ {
+ ruleType.setEffect(EffectType.PERMIT);
+ }
+ else
+ {
+ ruleType.setEffect(EffectType.DENY);
+ }
+
+ //Process the Rule Target
+ if(rule.getTarget() != null)
+ {
+ List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
+ List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
+ TargetType ruleTarget = new TargetType();
+
+ if(actionMatches != null && !actionMatches.isEmpty())
+ {
+ ruleTarget.setActions(this.generateRuleActions(actionMatches));
+ }
+
+ if(subjectMatches != null && !subjectMatches.isEmpty())
+ {
+ ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
+ }
+
+ ruleType.setTarget(ruleTarget);
+ }
+
+ //Process the Rule Expression/Condition
+ if(rule.getExpression() != null)
+ {
+ ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
+ ruleType.setCondition(condition);
+ }
+
+
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
+ }
+ }
+
+ bos = new ByteArrayOutputStream();
+ PolicyUtil.marshall(bos, policyType);
+ xacmlXml = new String(bos.toByteArray());
+
+ return xacmlXml;
+ }
+ catch(Exception e)
+ {
+ throw new PolicyException(e);
+ }
+ finally
+ {
+ if(bos != null)
+ {
+ try{bos.close();}catch(IOException ioe){}
+ }
+ }
+ }
+
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
+ {
+ ActionsType actions = new ActionsType();
+
+ for(AttributeExpression action: actionMatches)
+ {
+ ActionType actionType = new ActionType();
+ ActionMatchType amct = new ActionMatchType();
+ amct.setMatchId(action.getFunctionId());
+
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
true));
+ actionType.getActionMatch().add(amct);
+ actions.getAction().add(actionType);
+ }
+
+ return actions;
+ }
+
+ private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
+ {
+ SubjectsType subjects = new SubjectsType();
+
+ for(AttributeExpression subject: subjectMatches)
+ {
+ SubjectType subjectType = new SubjectType();
+ SubjectMatchType match = new SubjectMatchType();
+ match.setMatchId(subject.getFunctionId());
+
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
true));
+ subjectType.getSubjectMatch().add(match);
+ subjects.getSubject().add(subjectType);
+ }
+
+ return subjects;
+ }
+
+ /**
+ *
+ * @param expression
+ * @return
+ */
+ private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
+ {
+ ConditionType condition = new ConditionType();
+
+ if(expression instanceof AttributeExpression)
+ {
+ AttributeExpression attributeExpression = (AttributeExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(attributeExpression.getFunctionId());
+
+ //Value to check against
+ AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
+ JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
+ apply.getExpression().add(jaxbAttrValue);
+
+ //Place within the Context where this Value should exist during an Authorization
Request
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
true));
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+ else if(expression instanceof DroolsRuleExpression)
+ {
+ DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(ruleExpression.getFunctionId());
+
+
+ VariableReferenceType ruleReference = new VariableReferenceType();
+ ruleReference.setVariableId(ruleExpression.getRuleReference());
+ JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
+ apply.getExpression().add(jaxbRuleReference);
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+
+ return condition;
+ }
+}
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -246,6 +246,6 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
}
}
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -160,6 +160,6 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
}
}
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -224,6 +224,6 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
}
}
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -61,6 +61,6 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
}
}
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java 2009-05-16
16:03:40 UTC (rev 13380)
@@ -77,7 +77,7 @@
assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateXACMLPolicy());
+ log.info(policies[0].generateSystemPolicy());
//Send an Enforcement request that should be allowed
this.enforce(this.createRequest(httpResource, true), true);