JBoss Portal SVN: r12785 - in modules/authorization/trunk: common/src/main/java/org/jboss/security/authz/xacml and 5 other directories.
12:16 a.m.
Author: sohil.shah(a)jboss.com
Date: 2009-02-06 01:16:06 -0500 (Fri, 06 Feb 2009)
New Revision: 12785
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java
Removed:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
modules/authorization/trunk/core-components/pom.xml
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
modules/authorization/trunk/policy-server/pom.xml
Log:
some refactoring
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AbstractContextObject.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -0,0 +1,74 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+import java.util.HashSet;
+
+/**
+ * Represents the parent object to all objects that can be included within the Context of
an Authorization Request being issued to the Policy Server
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public abstract class AbstractContextObject extends BaseObject
+{
+ /**
+ * Attributes associated with this object
+ */
+ protected Set<Attribute> attributes;
+
+ public AbstractContextObject()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set<Attribute> getAttributes()
+ {
+ if(this.attributes == null)
+ {
+ this.attributes = new HashSet<Attribute>();
+ }
+ return this.attributes;
+ }
+
+ /**
+ *
+ * @param attributes
+ */
+ public void setAttributes(Set<Attribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+
+ /**
+ *
+ * @param attribute
+ */
+ public void addAttribute(Attribute attribute)
+ {
+ this.getAttributes().add(attribute);
+ }
+}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -22,51 +22,20 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
-
/**
* Represents a protected Action within a system
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Action extends BaseObject
-{
+public class Action extends AbstractContextObject
+{
/**
- * Attributes associated with the Action
- */
- private Set<Attribute> attributes = null;
-
- /**
*
*
*/
public Action()
{
- this.attributes = new HashSet<Attribute>();
- }
-
- /**
- *
- * @return
- */
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
+ super();
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -28,7 +28,7 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class BaseObject implements Serializable
+public abstract class BaseObject implements Serializable
{
/**
* unique storage/database identifier
Deleted:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -1,50 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.model;
-
-/**
- * Represents the Logic applied to data within the Authorization Context. The Expression
can contain Drools rules, Bean Shell script etc
- * that could be applied to data
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class BusinessLogicExpression extends Expression
-{
- private String logic = null;
-
- public BusinessLogicExpression()
- {
-
- }
-
- public String getLogic()
- {
- return logic;
- }
-
- public void setLogic(String logic)
- {
- this.logic = logic;
- }
-}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -22,8 +22,6 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
/**
* Represents Environment information in the context of an Authroization Request
@@ -31,42 +29,13 @@
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Environment extends BaseObject
+public class Environment extends AbstractContextObject
{
/**
- * Attributes associated with the Environment
- */
- private Set<Attribute> attributes = null;
-
- /**
*
- *
*/
public Environment()
{
- this.attributes = new HashSet<Attribute>();
+ super();
}
-
- /**
- *
- * @return
- */
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
}
Deleted:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -1,212 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.model;
-
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
-
-/**
- * ExpressionBuilder provides easy to use operations for generating commonly used
Expressions that must be represented within a Policy
- *
- * The purpose of this class is to provide a user friendly API for Developers to create
these commonly used Expressions without having to deal with
- * low-level XACML related concepts/API
- *
- * This API will grow as more and more different types of Expressions are added to the
System as part of the core API
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class ExpressionBuilder
-{
- private static ExpressionBuilder singleton = null;
-
- private ExpressionBuilder()
- {
-
- }
-
- public static ExpressionBuilder getInstance()
- {
- if(ExpressionBuilder.singleton == null)
- {
- ExpressionBuilder.singleton = new ExpressionBuilder();
- }
- return ExpressionBuilder.singleton;
- }
- //--------Resource
expressions-----------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates an expression for matching a unique Resource via its unique Id
- *
- * @param resourceId Unique Id of a Resource in the system that a policy should be
applied to
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createResourceIdExpression(String resourceId)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
- XMLSchemaConstants.DATATYPE_STRING, resourceId);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates an expression for matching a Resource Location
- *
- * @param resourceLocation the Location of a Resource in the system that a policy
should be applied to
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createResourceLocationExpression(String resourceLocation)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_LOCATION,
- XMLSchemaConstants.DATATYPE_STRING, resourceLocation);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates an expression for matching a File stored on the machine
- *
- * @param fileName Name of the file
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createFileNameExpression(String fileName)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SIMPLE_FILE_NAME,
- XMLSchemaConstants.DATATYPE_STRING, fileName);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates a custom expression corresponding to the specified Attribute id and value
- *
- * @param attributeId
- * @param attributeValue
- * @return
- */
- public AttributeExpression createCustomResourceExpression(String attributeId, String
attributeValue)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(attributeId,
- XMLSchemaConstants.DATATYPE_STRING, attributeValue);
- expression.setAttribute(attribute);
-
- return expression;
- }
- //---------Action
Expressions---------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates an expression for matching an Action
- *
- * @param action signifies the Action that is to be protected on the resoource in
question
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createActionExpression(String action)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
- XMLSchemaConstants.DATATYPE_STRING, action);
- expression.setAttribute(actionAttribute);
-
- return expression;
- }
- //---------Subject
Expressions----------------------------------------------------------------------------------------------------------------------------------
- /**
- * Creates an expression for matching an the Identity of the Authenticated User
- *
- * @param subjectId Identity of the Authenticated User
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createIdentityExpression(String identity)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
- XMLSchemaConstants.DATATYPE_STRING, identity);
- expression.setAttribute(attribute);
-
- return expression;
- }
-
- /**
- * Creates an expression for matching the Role of the Authenticated User
- *
- * @param role Role of the Authenticated User
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createBelongsToRoleExpression(String role)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
-
- Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
- XMLSchemaConstants.DATATYPE_STRING, role);
- expression.setAttribute(attribute);
-
- return expression;
- }
- //---------Environment
Expressions------------------------------------------------------------------------------------------------------------------------------
- //---------Custom
Expressions-----------------------------------------------------------------------------------------------------------------------------------
- /**
- * A generic method used to produce an Expression related to the type of Attribute
designated by the Attribute Uri specified
- * The function used within the Expression is a String equals
- *
- * @param attributeUri designates the type of Attribute in question
- * @param attributeValue the Value of the Attribute for matching
- * @return an expression that will be used within the Policy Definition
- */
- public AttributeExpression createCustomExpression(String attributeUri, String
attributeValue)
- {
- AttributeExpression expression = new AttributeExpression();
-
- expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- Attribute attribute = new Attribute(attributeUri,
- XMLSchemaConstants.DATATYPE_STRING, attributeValue);
- expression.setAttribute(attribute);
-
- return expression;
- }
-}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyMetaData.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -21,15 +21,15 @@
*/
package org.jboss.security.authz.model;
-import java.io.Serializable;
import java.util.Set;
+import java.util.HashSet;
/**
* Represents the Policy Information that is required to generate an instance of a
Policy
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
-public class PolicyMetaData implements Serializable
+public class PolicyMetaData extends BaseObject
{
private Target target;
private Set<Rule> rules;
@@ -50,11 +50,20 @@
public Set<Rule> getRules()
{
+ if(this.rules == null)
+ {
+ this.rules = new HashSet<Rule>();
+ }
return rules;
}
public void setRules(Set<Rule> rules)
{
this.rules = rules;
- }
+ }
+
+ public void addRule(Rule rule)
+ {
+ this.getRules().add(rule);
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -22,53 +22,22 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
-
/**
* Represents the protected Resource of the system upon which various Actions can be
performed
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Resource extends BaseObject
-{
+public class Resource extends AbstractContextObject
+{
/**
- * Attributes associated with the Resource
- */
- private Set<Attribute> attributes = null;
-
- /**
*
*
*/
public Resource()
{
- this.attributes = new HashSet<Attribute>();
- }
-
- /**
- *
- * @return
- */
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
+ super();
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -22,23 +22,15 @@
******************************************************************************/
package org.jboss.security.authz.model;
-import java.util.Set;
-import java.util.HashSet;
-
/**
* Represents the Identity of the user, machine, etc trying to execute a protected Action
on a protected Resource
*
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
-public class Subject extends BaseObject
-{
+public class Subject extends AbstractContextObject
+{
/**
- * Attributes associated with the Subject
- */
- private Set<Attribute> attributes = null;
-
- /**
* Category of Subject such as a user Identity, a Machine Identity, etc
*/
private String category = null;
@@ -49,31 +41,13 @@
*/
public Subject()
{
- this.attributes = new HashSet<Attribute>();
+ super();
}
/**
*
* @return
*/
- public Set<Attribute> getAttributes()
- {
- return attributes;
- }
-
- /**
- *
- * @param attributes
- */
- public void setAttributes(Set<Attribute> attributes)
- {
- this.attributes = attributes;
- }
-
- /**
- *
- * @return
- */
public String getCategory()
{
return category;
@@ -86,14 +60,5 @@
public void setCategory(String category)
{
this.category = category;
- }
-
- /**
- *
- * @param attribute
- */
- public void addAttribute(Attribute attribute)
- {
- this.attributes.add(attribute);
- }
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -26,96 +26,95 @@
import java.util.ArrayList;
/**
+ * Specifies logical expressions to match with the data supplied within the incoming
Authorization Request
+ * This object is used by the Policy Engine to detect if the specified Policy should be
applicable for this request or not
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public class Target extends BaseObject
{
- private List<AttributeExpression> resourceMatches = null;
- private List<AttributeExpression> actionMatches = null;
- private List<AttributeExpression> subjectMatches = null;
- private List<AttributeExpression> environmentMatches = null;
+ private List<AttributeExpression> resourceMatches;
+ private List<AttributeExpression> actionMatches;
+ private List<AttributeExpression> subjectMatches;
+ private List<AttributeExpression> environmentMatches;
public Target()
{
- this.resourceMatches = new ArrayList<AttributeExpression>();
- this.actionMatches = new ArrayList<AttributeExpression>();
- this.subjectMatches = new ArrayList<AttributeExpression>();
- this.environmentMatches = new ArrayList<AttributeExpression>();
}
public List<AttributeExpression> getActionMatches()
{
+ if(this.actionMatches == null)
+ {
+ this.actionMatches = new ArrayList<AttributeExpression>();
+ }
return actionMatches;
}
public void setActionMatches(List<AttributeExpression> actionMatches)
- {
- if(actionMatches == null)
- {
- actionMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.actionMatches = actionMatches;
}
public List<AttributeExpression> getEnvironmentMatches()
{
+ if(this.environmentMatches == null)
+ {
+ this.environmentMatches = new ArrayList<AttributeExpression>();
+ }
return environmentMatches;
}
public void setEnvironmentMatches(List<AttributeExpression> environmentMatches)
- {
- if(environmentMatches == null)
- {
- environmentMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.environmentMatches = environmentMatches;
}
public List<AttributeExpression> getResourceMatches()
{
+ if(this.resourceMatches == null)
+ {
+ this.resourceMatches = new ArrayList<AttributeExpression>();
+ }
return resourceMatches;
}
public void setResourceMatches(List<AttributeExpression> resourceMatches)
- {
- if(resourceMatches == null)
- {
- resourceMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.resourceMatches = resourceMatches;
}
public List<AttributeExpression> getSubjectMatches()
{
+ if(this.subjectMatches == null)
+ {
+ this.subjectMatches = new ArrayList<AttributeExpression>();
+ }
return subjectMatches;
}
public void setSubjectMatches(List<AttributeExpression> subjectMatches)
- {
- if(subjectMatches == null)
- {
- subjectMatches = new ArrayList<AttributeExpression>();
- }
+ {
this.subjectMatches = subjectMatches;
}
//--------------------------------------------------------------------------------------------------------------------------------------------------------
public void addResourceMatch(AttributeExpression resourceMatch)
{
- this.resourceMatches.add(resourceMatch);
+ this.getResourceMatches().add(resourceMatch);
}
public void addActionMatch(AttributeExpression actionMatch)
{
- this.actionMatches.add(actionMatch);
+ this.getActionMatches().add(actionMatch);
}
public void addSubjectMatch(AttributeExpression subjectMatch)
{
- this.subjectMatches.add(subjectMatch);
+ this.getSubjectMatches().add(subjectMatch);
}
public void addEnvironmentMatch(AttributeExpression envMatch)
{
- this.environmentMatches.add(envMatch);
+ this.getEnvironmentMatches().add(envMatch);
}
}
Copied:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java
(from rev 12784,
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/ExpressionBuilder.java)
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -0,0 +1,214 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.xacml;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * ExpressionBuilder provides easy to use operations for generating commonly used
Expressions that must be represented within a Policy
+ *
+ * The purpose of this class is to provide a user friendly API for Developers to create
these commonly used Expressions without having to deal with
+ * low-level XACML related concepts/API
+ *
+ * This API will grow as more and more different types of Expressions are added to the
System as part of the core API
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class ExpressionBuilder
+{
+ private static ExpressionBuilder singleton = null;
+
+ private ExpressionBuilder()
+ {
+
+ }
+
+ public static ExpressionBuilder getInstance()
+ {
+ if(ExpressionBuilder.singleton == null)
+ {
+ ExpressionBuilder.singleton = new ExpressionBuilder();
+ }
+ return ExpressionBuilder.singleton;
+ }
+ //--------Resource
expressions-----------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates an expression for matching a unique Resource via its unique Id
+ *
+ * @param resourceId Unique Id of a Resource in the system that a policy should be
applied to
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createResourceIdExpression(String resourceId)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING, resourceId);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates an expression for matching a Resource Location
+ *
+ * @param resourceLocation the Location of a Resource in the system that a policy
should be applied to
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createResourceLocationExpression(String resourceLocation)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_LOCATION,
+ XMLSchemaConstants.DATATYPE_STRING, resourceLocation);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates an expression for matching a File stored on the machine
+ *
+ * @param fileName Name of the file
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createFileNameExpression(String fileName)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SIMPLE_FILE_NAME,
+ XMLSchemaConstants.DATATYPE_STRING, fileName);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates a custom expression corresponding to the specified Attribute id and value
+ *
+ * @param attributeId
+ * @param attributeValue
+ * @return
+ */
+ public AttributeExpression createCustomResourceExpression(String attributeId, String
attributeValue)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(attributeId,
+ XMLSchemaConstants.DATATYPE_STRING, attributeValue);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+ //---------Action
Expressions---------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates an expression for matching an Action
+ *
+ * @param action signifies the Action that is to be protected on the resoource in
question
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createActionExpression(String action)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, action);
+ expression.setAttribute(actionAttribute);
+
+ return expression;
+ }
+ //---------Subject
Expressions----------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Creates an expression for matching an the Identity of the Authenticated User
+ *
+ * @param subjectId Identity of the Authenticated User
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createIdentityExpression(String identity)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
+ XMLSchemaConstants.DATATYPE_STRING, identity);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+
+ /**
+ * Creates an expression for matching the Role of the Authenticated User
+ *
+ * @param role Role of the Authenticated User
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createBelongsToRoleExpression(String role)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
+
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
+ XMLSchemaConstants.DATATYPE_STRING, role);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+ //---------Environment
Expressions------------------------------------------------------------------------------------------------------------------------------
+ //---------Custom
Expressions-----------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * A generic method used to produce an Expression related to the type of Attribute
designated by the Attribute Uri specified
+ * The function used within the Expression is a String equals
+ *
+ * @param attributeUri designates the type of Attribute in question
+ * @param attributeValue the Value of the Attribute for matching
+ * @return an expression that will be used within the Policy Definition
+ */
+ public AttributeExpression createCustomExpression(String attributeUri, String
attributeValue)
+ {
+ AttributeExpression expression = new AttributeExpression();
+
+ expression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ Attribute attribute = new Attribute(attributeUri,
+ XMLSchemaConstants.DATATYPE_STRING, attributeValue);
+ expression.setAttribute(attribute);
+
+ return expression;
+ }
+}
Property changes on:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/ExpressionBuilder.java
___________________________________________________________________
Name: svn:mergeinfo
+
Modified: modules/authorization/trunk/core-components/pom.xml
===================================================================
--- modules/authorization/trunk/core-components/pom.xml 2009-02-06 02:22:21 UTC (rev
12784)
+++ modules/authorization/trunk/core-components/pom.xml 2009-02-06 06:16:06 UTC (rev
12785)
@@ -44,8 +44,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestHttpResourceRules.java</include>
+ <includes>
</includes>
</configuration>
</plugin>
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java
===================================================================
---
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/http/HttpResource.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -30,7 +30,6 @@
import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Attribute;
@@ -38,6 +37,7 @@
import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.xacml.ExpressionBuilder;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
Modified:
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java
===================================================================
---
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/core-components/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -25,11 +25,11 @@
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Subject;
import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.xacml.ExpressionBuilder;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
Modified:
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java
===================================================================
---
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-02-06
02:22:21 UTC (rev 12784)
+++
modules/authorization/trunk/core-components/src/test/java/org/jboss/security/authz/components/subject/TestIdentity.java 2009-02-06
06:16:06 UTC (rev 12785)
@@ -31,8 +31,8 @@
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.Rule;
-import org.jboss.security.authz.model.ExpressionBuilder;
import org.jboss.security.authz.test.MockPolicy;
+import org.jboss.security.authz.xacml.ExpressionBuilder;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
Modified: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml 2009-02-06 02:22:21 UTC (rev 12784)
+++ modules/authorization/trunk/policy-server/pom.xml 2009-02-06 06:16:06 UTC (rev 12785)
@@ -65,8 +65,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestEnterprisePolicyFinderModule.java</include>
+ <includes>
</includes>
</configuration>
</plugin>
6293
days inactive
6293
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org