JBoss Portal SVN: r13380 - in modules/authorization/trunk: core-components-api/src/test/java/org/jboss/security/authz/components/http and 11 other directories. - portal-commits

Saturday, 16 May 2009


Author: sohil.shah(a)jboss.com
Date: 2009-05-16 12:03:40 -0400 (Sat, 16 May 2009)
New Revision: 13380

Added:
  
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
Removed:
  
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
Modified:
  
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java
  
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
  
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
  
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java
  
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
  
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
  
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
  
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
  
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
  
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
  
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
  
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
  
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
  
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java
  
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java
  
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java
  
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java
  
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
Log:
refactoring

Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/model/Policy.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -88,5 +88,5 @@
     * 
     * @return XACML markup to represent this Policy
     */
-   public abstract String generateXACMLPolicy() throws PolicyException;      
+   public abstract String generateSystemPolicy() throws PolicyException;      
 }

Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/http/TestHttpResource.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -47,7 +47,7 @@
 		Policy policy = new MockPolicy("testGetURLTargetNoParameters",
httpResource.getPolicyMetaData());
 		

		log.info("------------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());		
+		log.info(policy.generateSystemPolicy());		
 	}
 	
 	public void testGetURLTargetWithParameters() throws Exception
@@ -61,7 +61,7 @@
 		Policy policy = new MockPolicy("testGetURLTargetWithParameters",
httpResource.getPolicyMetaData());
 		

		log.info("------------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());		
+		log.info(policy.generateSystemPolicy());		
 	}
 	
 	public void testRoleRules() throws Exception
@@ -76,7 +76,7 @@
 		Policy policy = new MockPolicy("testRoleRules",
httpResource.getPolicyMetaData());
 		

		log.info("------------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());		
+		log.info(policy.generateSystemPolicy());		
 	}
 	
 	public void testIPRules() throws Exception
@@ -91,7 +91,7 @@
 		Policy policy = new MockPolicy("testIPRules",
httpResource.getPolicyMetaData());
 		

		log.info("------------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());		
+		log.info(policy.generateSystemPolicy());		
 	}
 	
 	public void testURLPattern() throws Exception
@@ -106,6 +106,6 @@
 		Policy policy = new MockPolicy("testURLPattern",
httpResource.getPolicyMetaData());
 		

		log.info("------------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());		
+		log.info(policy.generateSystemPolicy());		
 	}
 }

Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -58,7 +58,7 @@
 		Policy policy = new MockPolicy("testGetAllowIdentityRule", metadata);
 		

		log.info("----------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());
+		log.info(policy.generateSystemPolicy());
 	}
 	
 	public void testDeny() throws Exception
@@ -78,7 +78,7 @@
 		Policy policy = new MockPolicy("testGetDenyIdentityRule", metadata);
 		

		log.info("----------------------------------------------------------------");
-		log.info(policy.generateXACMLPolicy());
+		log.info(policy.generateSystemPolicy());
 	}
 	
 	public void testGetSubject() throws Exception

Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/test/MockPolicy.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -80,7 +80,7 @@
       
    
    @Override
-   public String generateXACMLPolicy() throws PolicyException
+   public String generateSystemPolicy() throws PolicyException
    {
       ByteArrayOutputStream bos = null;
       try

Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -41,7 +41,7 @@
 import org.jboss.security.authz.components.resource.HttpResource;
 import org.jboss.security.authz.model.Policy;
 import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
+import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
 import org.jboss.security.authz.policy.server.spi.PolicyConfig;
 
 import org.jboss.security.authz.components.action.http.Get;
@@ -95,7 +95,7 @@
             		//Parse role constraints
             		this.parseRoles(policyResource,
securityConstraint.getElementsByTagName("roles"));
             		
-            		cour.add(new HierarchialPolicy(GeneralTool.generateUniqueId(),
policyResource.getPolicyMetaData()));
+            		cour.add(new XACMLPolicy(GeneralTool.generateUniqueId(),
policyResource.getPolicyMetaData()));
             	}
             }
          }

Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -106,7 +106,7 @@
 	       
log.debug("----------------------------------------------------------");
 	        for(Policy policy: policies)
 	        {
-	        	log.debug(policy.generateXACMLPolicy());
+	        	log.debug(policy.generateSystemPolicy());
 	        	this.policyServer.newPolicy(policy.getMetaData());
 	        }
 	       
log.debug("----------------------------------------------------------");

Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -68,7 +68,7 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 		
 		//SetUp a Contextual HttpResource component representing an incoming request that needs
authorization
 		//where access should be granted
@@ -120,7 +120,7 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 				
 		//SetUp a Contextual HttpResource component representing an incoming request that needs
authorization
 		//where access should not be granted

Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -66,7 +66,7 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 		
 		HttpResource incoming = new HttpResource();
 		incoming.setUri(new URI("/private/devspace/wiki.html"));
@@ -94,7 +94,7 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 		
 		HttpResource incoming = new HttpResource();
 		incoming.setUri(new URI("/private/devspace/wiki.html"));

Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -89,7 +89,7 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 		
 		//Access Granted				
 		this.enforce(this.createRequest("/prefix/url"), true);

Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -75,7 +75,7 @@
       
        for(int i=0; i<policies.length; i++)
        {
-    	 String xacmlPolicy = policies[i].generateXACMLPolicy();
+    	 String xacmlPolicy = policies[i].generateSystemPolicy();
     	 this.policyServer.newPolicy(policies[i].getMetaData());
     	 
          log.info("------------------------------------------------------");

Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -33,7 +33,7 @@
 import org.jboss.security.authz.tools.GeneralTool;
 import org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint;
 import org.jboss.security.authz.policy.server.spi.PolicyStore;
-import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
+import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
 import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
 import org.jboss.security.authz.policy.server.plugin.DroolsRuleManager;
 
@@ -151,7 +151,7 @@
    {
 	 try
 	 {
-		 Policy policy = new HierarchialPolicy(GeneralTool.generateUniqueId(),
policyMetaData);
+		 Policy policy = new XACMLPolicy(GeneralTool.generateUniqueId(), policyMetaData);
 		 
 		 //Save the policy in the Policy Store
 		 this.policyStore.savePolicy(policy); 

Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -64,6 +64,7 @@
 	
 	private PDP policyDecisionPoint;
 	private ConfigurationStore store;
+	private boolean debug;
 	
 	public PolicyDecisionPoint()
 	{
@@ -129,6 +130,17 @@
 		this.policyDecisionPoint = null;
 		this.store = null;
 	}
+	
+	
+	public boolean isDebug() 
+	{
+		return debug;
+	}
+
+	public void setDebug(boolean debug) 
+	{
+		this.debug = debug;
+	}

	//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 	/**
 	 * Makes an Authorization Decision
@@ -250,8 +262,11 @@
 		
 		//Check for explicit access control
 		RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();			
-	    requestContext.setRequest(xacmlRequest);	    
-	    requestContext.marshall(System.out);
+	    requestContext.setRequest(xacmlRequest);
+	    if(this.debug)
+	    {
+	    	requestContext.marshall(System.out);
+	    }
 	    
 	    RequestCtx xacmlRequestCtx =
(RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX);
 	    ResponseCtx xacmlResponseCtx = this.policyDecisionPoint.evaluate(xacmlRequestCtx);
@@ -259,7 +274,10 @@
 	    ResponseContext responseContext =
RequestResponseContextFactory.createResponseContext();
     	responseContext.set(XACMLConstants.RESPONSE_CTX, xacmlResponseCtx);
     	
-    	responseContext.marshall(System.out);
+    	if(this.debug)
+    	{
+    		responseContext.marshall(System.out);
+    	}
     	
     	if(responseContext.getDecision() == XACMLConstants.DECISION_PERMIT)
     	{

Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -69,7 +69,7 @@
 		ByteArrayInputStream bos = null;
 		try
 		{
-			String xacmlPolicyStr = policy.generateXACMLPolicy();
+			String xacmlPolicyStr = policy.generateSystemPolicy();
 			bos = new ByteArrayInputStream(xacmlPolicyStr.getBytes());
 			
 			

Deleted:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -1,291 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat                                               *
- * Copyright 2006, Red Hat Middleware, LLC, and individual                    *
- * contributors as indicated by the @authors tag. See the                     *
- * copyright.txt in the distribution for a full listing of                    *
- * individual contributors.                                                   *
- *                                                                            *
- * This is free software; you can redistribute it and/or modify it            *
- * under the terms of the GNU Lesser General Public License as                *
- * published by the Free Software Foundation; either version 2.1 of           *
- * the License, or (at your option) any later version.                        *
- *                                                                            *
- * This software is distributed in the hope that it will be useful,           *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU           *
- * Lesser General Public License for more details.                            *
- *                                                                            *
- * You should have received a copy of the GNU Lesser General Public           *
- * License along with this software; if not, write to the Free                *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA         *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.                   *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.plugin;
-
-import java.util.List;
-import java.util.Set;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-
-import javax.xml.bind.JAXBElement;
-
-import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
-import org.jboss.security.authz.xacml.PolicyUtil;
-import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.authz.model.DroolsRuleExpression;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Expression;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.xacml.core.model.policy.ActionMatchType;
-import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
-import org.jboss.security.xacml.core.model.policy.ApplyType;
-import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
-import org.jboss.security.xacml.core.model.policy.EffectType;
-import org.jboss.security.xacml.core.model.policy.PolicyType;
-import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
-import org.jboss.security.xacml.core.model.policy.ResourcesType;
-import org.jboss.security.xacml.core.model.policy.ResourceType;
-import org.jboss.security.xacml.core.model.policy.ActionsType;
-import org.jboss.security.xacml.core.model.policy.ActionType;
-import org.jboss.security.xacml.core.model.policy.SubjectsType;
-import org.jboss.security.xacml.core.model.policy.SubjectType;
-import org.jboss.security.xacml.core.model.policy.RuleType;
-import org.jboss.security.xacml.core.model.policy.TargetType;
-import org.jboss.security.xacml.core.model.policy.ConditionType;
-import org.jboss.security.xacml.core.model.policy.ObjectFactory;
-import org.jboss.security.xacml.core.model.policy.AttributeValueType;
-import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
-import org.jboss.security.xacml.factories.PolicyAttributeFactory;
-
-/**
- * TODO: Implement Hierarchial propagation feature.....such as Policy Inheritance, Policy
Overriding
- * 
- * Usecases: A resource /blah/blah2/index, should inherit Overriden Policy from
/blah/blah2 (if found), or from /blah (if found)
- *           /blah/blah2/index can also explicitly specify its own Policy which will
override any inherited policies from its parent
- */
-
-/**
- * Used for specifying policies for Resources represented by unique URIs, sometimes
forming a tree like relationship with other Resources in the system
- * 
- * An example of such resources would be tree of resources/nodes in a Content Management
System
- * 
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class HierarchialPolicy extends Policy
-{      
-   public HierarchialPolicy(String policyUri, PolicyMetaData metaData) throws
PolicyException
-   {
-      super(policyUri, metaData);               
-   }
-      
-   
-   @Override
-   public String generateXACMLPolicy() throws PolicyException
-   {
-      ByteArrayOutputStream bos = null;
-      try
-      {
-         String xacmlXml = null;
-         
-         //SetUp the Policy Header
-         ObjectFactory objectFactory = new ObjectFactory();
-         PolicyType policyType = new PolicyType();
-         policyType.setPolicyId(this.policyUri);
-         policyType.setVersion("2.0");
-         policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
-         
-         TargetType targetType = new TargetType();
-         policyType.setTarget(targetType);
-         
-         //Process Resource Matches as Targets for the Policy
-         List<AttributeExpression> resourceMatches =
this.metaData.getTarget().getResourceMatches();
-         if(resourceMatches != null && !resourceMatches.isEmpty())
-         {
-            ResourcesType resourcesType = new ResourcesType();
-            targetType.setResources(resourcesType);            
-            ResourceType resourceType = new ResourceType();
-            
-            for(AttributeExpression resourceMatch: resourceMatches)
-            {               
-               ResourceMatchType rmt = new ResourceMatchType();
-               
-               rmt.setMatchId(resourceMatch.getFunctionId());      
-               
-              
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.
-               designatorMustBePresent()));
-               
-               rmt.setAttributeValue(PolicyAttributeFactory
-               .createStringAttributeType(resourceMatch.getAttribute().getValue()));
-               
-               resourceType.getResourceMatch().add(rmt);
-            }
-            
-            resourcesType.getResource().add(resourceType);
-         }
-         
-         //Process Action Matches as Targets for the Policy
-         List<AttributeExpression> targetActionMatches =
this.metaData.getTarget().getActionMatches();
-         if(targetActionMatches != null && !targetActionMatches.isEmpty())
-         {
-        	 ActionsType actionsType = this.generateRuleActions(targetActionMatches);
-             targetType.setActions(actionsType);
-         }
-         
-         
-         //Process the Policy Rules
-         Set<Rule> rules = this.metaData.getRules();
-         if(rules != null && !rules.isEmpty())
-         {
-            for(Rule rule: rules)
-            {
-               RuleType ruleType = new RuleType();
-               ruleType.setRuleId(rule.getRuleId());
-               if(rule.getEffect() == Effect.PERMIT)
-               {
-                  ruleType.setEffect(EffectType.PERMIT);
-               }
-               else
-               {
-                  ruleType.setEffect(EffectType.DENY);
-               }
-               
-               //Process the Rule Target
-               if(rule.getTarget() != null)
-               {
-                  List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
-                  List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
-                  TargetType ruleTarget = new TargetType();
-                  
-                  if(actionMatches != null && !actionMatches.isEmpty())
-                  {                      
-                     ruleTarget.setActions(this.generateRuleActions(actionMatches));     
               
-                  }
-                  
-                  if(subjectMatches != null && !subjectMatches.isEmpty())
-                  {
-                     ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
-                  }
-                  
-                  ruleType.setTarget(ruleTarget);
-               }
-               
-               //Process the Rule Expression/Condition
-               if(rule.getExpression() != null)
-               {
-            	   ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
-            	   ruleType.setCondition(condition);
-               }
-               
-              
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
-            }
-         }
-         
-         bos = new ByteArrayOutputStream();
-         PolicyUtil.marshall(bos, policyType);
-         xacmlXml = new String(bos.toByteArray());
-         
-         return xacmlXml;
-      }
-      catch(Exception e)
-      {
-         throw new PolicyException(e);
-      }
-      finally
-      {
-         if(bos != null)
-         {
-            try{bos.close();}catch(IOException ioe){}
-         }
-      }      
-   }
-   
-   private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
-   {
-      ActionsType actions = new ActionsType();
-      
-      for(AttributeExpression action: actionMatches)
-      {
-         ActionType actionType = new ActionType();
-         ActionMatchType amct = new ActionMatchType();
-         amct.setMatchId(action.getFunctionId());
-        
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
-        
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
true));
-         actionType.getActionMatch().add(amct);
-         actions.getAction().add(actionType);
-      }
-      
-      return actions;
-   }
-   
-   private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
-   {
-      SubjectsType subjects = new SubjectsType();
-      
-      for(AttributeExpression subject: subjectMatches)
-      {
-         SubjectType subjectType = new SubjectType();
-         SubjectMatchType match = new SubjectMatchType();
-         match.setMatchId(subject.getFunctionId());
-        
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
-        
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
true));
-         subjectType.getSubjectMatch().add(match);
-         subjects.getSubject().add(subjectType);
-      }
-      
-      return subjects;
-   }
-   
-   /**
-    * 
-    * @param expression
-    * @return
-    */
-   private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
-   {
-      ConditionType condition = new ConditionType();
-      
-      if(expression instanceof AttributeExpression)
-      {
-         AttributeExpression attributeExpression = (AttributeExpression)expression;
-         
-         //Function to be applied
-         ApplyType apply = new ApplyType();
-         apply.setFunctionId(attributeExpression.getFunctionId());
-         
-         //Value to check against
-         AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
-         JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
-         apply.getExpression().add(jaxbAttrValue);
-         
-         //Place within the Context where this Value should exist during an Authorization
Request         
-        
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
true));         
-         
-         
-         condition.setExpression(objectFactory.createApply(apply));
-      }
-      else if(expression instanceof DroolsRuleExpression)
-      {
-         DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
-         
-         //Function to be applied
-         ApplyType apply = new ApplyType();
-         apply.setFunctionId(ruleExpression.getFunctionId());
-           
-         
-         VariableReferenceType ruleReference = new VariableReferenceType();
-         ruleReference.setVariableId(ruleExpression.getRuleReference());
-         JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
-         apply.getExpression().add(jaxbRuleReference);
-         
-         
-         condition.setExpression(objectFactory.createApply(apply));
-      }
-      
-      return condition;
-   }       
-}

Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
(from rev 13379,
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/HierarchialPolicy.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java	
                       (rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -0,0 +1,285 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat                                               *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual                    *
+ * contributors as indicated by the @authors tag. See the                     *
+ * copyright.txt in the distribution for a full listing of                    *
+ * individual contributors.                                                   *
+ *                                                                            *
+ * This is free software; you can redistribute it and/or modify it            *
+ * under the terms of the GNU Lesser General Public License as                *
+ * published by the Free Software Foundation; either version 2.1 of           *
+ * the License, or (at your option) any later version.                        *
+ *                                                                            *
+ * This software is distributed in the hope that it will be useful,           *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU           *
+ * Lesser General Public License for more details.                            *
+ *                                                                            *
+ * You should have received a copy of the GNU Lesser General Public           *
+ * License along with this software; if not, write to the Free                *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA         *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.                   *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.util.List;
+import java.util.Set;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+import org.jboss.security.authz.xacml.PolicyUtil;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.SubjectMatchType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.SubjectsType;
+import org.jboss.security.xacml.core.model.policy.SubjectType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+
+
+/**
+ * Used for mapping the Policy domain model to the system level Policy representation.
This particular instance maps the Policy domain model to
+ * XACML representation
+ * 
+ * 
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class XACMLPolicy extends Policy
+{      
+   public XACMLPolicy(String policyUri, PolicyMetaData metaData) throws PolicyException
+   {
+      super(policyUri, metaData);               
+   }
+      
+   
+   @Override
+   public String generateSystemPolicy() throws PolicyException
+   {
+      ByteArrayOutputStream bos = null;
+      try
+      {
+         String xacmlXml = null;
+         
+         //SetUp the Policy Header
+         ObjectFactory objectFactory = new ObjectFactory();
+         PolicyType policyType = new PolicyType();
+         policyType.setPolicyId(this.policyUri);
+         policyType.setVersion("2.0");
+         policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
+         
+         TargetType targetType = new TargetType();
+         policyType.setTarget(targetType);
+         
+         //Process Resource Matches as Targets for the Policy
+         List<AttributeExpression> resourceMatches =
this.metaData.getTarget().getResourceMatches();
+         if(resourceMatches != null && !resourceMatches.isEmpty())
+         {
+            ResourcesType resourcesType = new ResourcesType();
+            targetType.setResources(resourcesType);            
+            ResourceType resourceType = new ResourceType();
+            
+            for(AttributeExpression resourceMatch: resourceMatches)
+            {               
+               ResourceMatchType rmt = new ResourceMatchType();
+               
+               rmt.setMatchId(resourceMatch.getFunctionId());      
+               
+              
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.
+               designatorMustBePresent()));
+               
+               rmt.setAttributeValue(PolicyAttributeFactory
+               .createStringAttributeType(resourceMatch.getAttribute().getValue()));
+               
+               resourceType.getResourceMatch().add(rmt);
+            }
+            
+            resourcesType.getResource().add(resourceType);
+         }
+         
+         //Process Action Matches as Targets for the Policy
+         List<AttributeExpression> targetActionMatches =
this.metaData.getTarget().getActionMatches();
+         if(targetActionMatches != null && !targetActionMatches.isEmpty())
+         {
+        	 ActionsType actionsType = this.generateRuleActions(targetActionMatches);
+             targetType.setActions(actionsType);
+         }
+         
+         
+         //Process the Policy Rules
+         Set<Rule> rules = this.metaData.getRules();
+         if(rules != null && !rules.isEmpty())
+         {
+            for(Rule rule: rules)
+            {
+               RuleType ruleType = new RuleType();
+               ruleType.setRuleId(rule.getRuleId());
+               if(rule.getEffect() == Effect.PERMIT)
+               {
+                  ruleType.setEffect(EffectType.PERMIT);
+               }
+               else
+               {
+                  ruleType.setEffect(EffectType.DENY);
+               }
+               
+               //Process the Rule Target
+               if(rule.getTarget() != null)
+               {
+                  List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
+                  List<AttributeExpression> subjectMatches =
rule.getTarget().getSubjectMatches();
+                  TargetType ruleTarget = new TargetType();
+                  
+                  if(actionMatches != null && !actionMatches.isEmpty())
+                  {                      
+                     ruleTarget.setActions(this.generateRuleActions(actionMatches));     
               
+                  }
+                  
+                  if(subjectMatches != null && !subjectMatches.isEmpty())
+                  {
+                     ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches));
+                  }
+                  
+                  ruleType.setTarget(ruleTarget);
+               }
+               
+               //Process the Rule Expression/Condition
+               if(rule.getExpression() != null)
+               {
+            	   ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
+            	   ruleType.setCondition(condition);
+               }
+               
+              
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
+            }
+         }
+         
+         bos = new ByteArrayOutputStream();
+         PolicyUtil.marshall(bos, policyType);
+         xacmlXml = new String(bos.toByteArray());
+         
+         return xacmlXml;
+      }
+      catch(Exception e)
+      {
+         throw new PolicyException(e);
+      }
+      finally
+      {
+         if(bos != null)
+         {
+            try{bos.close();}catch(IOException ioe){}
+         }
+      }      
+   }
+  
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+   private ActionsType generateRuleActions(List<AttributeExpression>
actionMatches)
+   {
+      ActionsType actions = new ActionsType();
+      
+      for(AttributeExpression action: actionMatches)
+      {
+         ActionType actionType = new ActionType();
+         ActionMatchType amct = new ActionMatchType();
+         amct.setMatchId(action.getFunctionId());
+        
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
+        
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
true));
+         actionType.getActionMatch().add(amct);
+         actions.getAction().add(actionType);
+      }
+      
+      return actions;
+   }
+   
+   private SubjectsType generateRuleSubjects(List<AttributeExpression>
subjectMatches)
+   {
+      SubjectsType subjects = new SubjectsType();
+      
+      for(AttributeExpression subject: subjectMatches)
+      {
+         SubjectType subjectType = new SubjectType();
+         SubjectMatchType match = new SubjectMatchType();
+         match.setMatchId(subject.getFunctionId());
+        
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
+        
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
true));
+         subjectType.getSubjectMatch().add(match);
+         subjects.getSubject().add(subjectType);
+      }
+      
+      return subjects;
+   }
+   
+   /**
+    * 
+    * @param expression
+    * @return
+    */
+   private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
+   {
+      ConditionType condition = new ConditionType();
+      
+      if(expression instanceof AttributeExpression)
+      {
+         AttributeExpression attributeExpression = (AttributeExpression)expression;
+         
+         //Function to be applied
+         ApplyType apply = new ApplyType();
+         apply.setFunctionId(attributeExpression.getFunctionId());
+         
+         //Value to check against
+         AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
+         JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
+         apply.getExpression().add(jaxbAttrValue);
+         
+         //Place within the Context where this Value should exist during an Authorization
Request         
+        
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
true));         
+         
+         
+         condition.setExpression(objectFactory.createApply(apply));
+      }
+      else if(expression instanceof DroolsRuleExpression)
+      {
+         DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
+         
+         //Function to be applied
+         ApplyType apply = new ApplyType();
+         apply.setFunctionId(ruleExpression.getFunctionId());
+           
+         
+         VariableReferenceType ruleReference = new VariableReferenceType();
+         ruleReference.setVariableId(ruleExpression.getRuleReference());
+         JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
+         apply.getExpression().add(jaxbRuleReference);
+         
+         
+         condition.setExpression(objectFactory.createApply(apply));
+      }
+      
+      return condition;
+   }       
+}

Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -246,6 +246,6 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());		
+		log.info(policies[0].generateSystemPolicy());		
 	}
 }

Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -160,6 +160,6 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());		
+		log.info(policies[0].generateSystemPolicy());		
 	}
 }

Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -224,6 +224,6 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());		
+		log.info(policies[0].generateSystemPolicy());		
 	}
 }

Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -61,6 +61,6 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 	}
 }

Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java	2009-05-15
20:37:32 UTC (rev 13379)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/plugin/TestEnterprisePolicyFinderModule.java	2009-05-16
16:03:40 UTC (rev 13380)
@@ -77,7 +77,7 @@
 		
 		assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));

		log.info("------------------------------------------------------------------------------");
-		log.info(policies[0].generateXACMLPolicy());
+		log.info(policies[0].generateSystemPolicy());
 		
 		//Send an Enforcement request that should be allowed
 		this.enforce(this.createRequest(httpResource, true), true);


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBoss Portal SVN: r13380 - in modules/authorization/trunk: core-components-api/src/test/java/org/jboss/security/authz/components/http and 11 other directories.