Author: sohil.shah(a)jboss.com
Date: 2008-11-18 23:12:38 -0500 (Tue, 18 Nov 2008)
New Revision: 12300
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/NoPermitMeansDeniedAlg.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/RuleCombiningAlgImplies.java
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java
modules/authorization/trunk/PAP/src/test/resources/pdp-config.xml
modules/authorization/trunk/PEP/src/test/resources/pdp-config.xml
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/PolicyUtil.java
Modified:
modules/authorization/trunk/PAP/pom.xml
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
modules/authorization/trunk/PEP/pom.xml
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPolicyBuilder.java
Log:
backup
Modified: modules/authorization/trunk/PAP/pom.xml
===================================================================
--- modules/authorization/trunk/PAP/pom.xml 2008-11-17 17:42:10 UTC (rev 12299)
+++ modules/authorization/trunk/PAP/pom.xml 2008-11-19 04:12:38 UTC (rev 12300)
@@ -57,9 +57,9 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
- <configuration>
+ <configuration>
<includes>
- <include>**/TestPortalObjectPolicyManager.java</include>
+ <include>**/TestDroolsFunction.java</include>
</includes>
</configuration>
</plugin>
Modified:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java 2008-11-17
17:42:10 UTC (rev 12299)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -35,12 +35,15 @@
import org.jboss.security.authz.model.Effect;
import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.model.Expression;
import org.jboss.security.authz.xacml.NoPermitMeansDeniedAlg;
import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+import org.jboss.security.authz.xacml.PolicyUtil;
import org.jboss.security.xacml.core.model.policy.ActionMatchType;
import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.VariableReferenceType;
import org.jboss.security.xacml.core.model.policy.EffectType;
import org.jboss.security.xacml.core.model.policy.PolicyType;
import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
@@ -147,7 +150,7 @@
}
bos = new ByteArrayOutputStream();
- policyType.marshall(bos);
+ PolicyUtil.marshall(bos, policyType);
xacmlXml = new String(bos.toByteArray());
return xacmlXml;
@@ -213,6 +216,23 @@
condition.setExpression(objectFactory.createApply(apply));
}
+ else if(expression instanceof DroolsRuleExpression)
+ {
+ DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(ruleExpression.getFunctionId());
+
+
+ VariableReferenceType ruleReference = new VariableReferenceType();
+ ruleReference.setVariableId(ruleExpression.getRuleReference());
+ JAXBElement<VariableReferenceType> jaxbRuleReference =
objectFactory.createVariableReference(ruleReference);
+ apply.getExpression().add(jaxbRuleReference);
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
return condition;
}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,92 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.plugin;
+
+import java.util.List;
+
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.cond.EvaluationResult;
+import org.jboss.security.xacml.sunxacml.cond.FunctionBase;
+import org.jboss.security.xacml.sunxacml.attr.BooleanAttribute;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class DroolsFunction extends FunctionBase
+{
+ public static final String NAME = FUNCTION_NS + "drools:rule";
+
+ /**
+ *
+ * @param functionName
+ * @param functionId
+ * @param paramType
+ * @param paramIsBag
+ * @param numParams
+ * @param minParams
+ * @param returnType
+ * @param returnsBag
+ */
+ public DroolsFunction()
+ {
+ super(NAME,
+ 0, //FunctionId
+ BooleanAttribute.identifier, //returnType
+ false //returns a Bag of values
+ );
+ }
+
+
+ @Override
+ public void checkInputs(List inputs) throws IllegalArgumentException
+ {
+ if(inputs != null && inputs.size() != 1)
+ {
+ throw new IllegalArgumentException(NAME+ " function expects on a single
parameter which is a reference to a Drools Rule");
+ }
+ }
+
+
+
+ @Override
+ public void checkInputsNoBag(List inputs) throws IllegalArgumentException
+ {
+ if(inputs != null && inputs.size() != 1)
+ {
+ throw new IllegalArgumentException(NAME+ " function expects on a single
parameter which is a reference to a Drools Rule");
+ }
+ }
+
+
+ /**
+ *
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context)
+ {
+ /**
+ * TODO: start a Drools context and evaluate the specified Rule against the data
presented in the EvaluationContext
+ */
+ return EvaluationResult.getTrueInstance();
+ }
+}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,35 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.plugin;
+
+import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
+
+/**
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public abstract class EnterprisePolicyFinder extends PolicyFinderModule
+{
+
+}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/NoPermitMeansDeniedAlg.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/NoPermitMeansDeniedAlg.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/NoPermitMeansDeniedAlg.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,83 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.plugin;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public NoPermitMeansDeniedAlg() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:nopermit-means-denied"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Result result = new Result(Result.DECISION_PERMIT);
+
+ Iterator rules = ruleElements.iterator();
+ boolean permitFound = false;
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ Result currentResult = rule.evaluate(context);
+
+ if(currentResult.getDecision() == Result.DECISION_PERMIT)
+ {
+ permitFound = true;
+ break;
+ }
+ }
+
+ if(!permitFound)
+ {
+ result = new Result(Result.DECISION_DENY);
+ }
+
+ return result;
+ }
+}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/RuleCombiningAlgImplies.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/RuleCombiningAlgImplies.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/RuleCombiningAlgImplies.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,69 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.plugin;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class RuleCombiningAlgImplies extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public RuleCombiningAlgImplies() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:cms-implies"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Iterator rules = ruleElements.iterator();
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ }
+
+ // if nothing returned Permit, then the alg returns Deny
+ return new Result(Result.DECISION_DENY);
+ }
+}
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsFunction.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,220 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.plugin;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.util.Set;
+import java.util.HashSet;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.AttributeValueType;
+import org.jboss.security.xacml.core.model.context.ObjectFactory;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.xacml.sunxacml.PDP;
+import org.jboss.security.xacml.sunxacml.ConfigurationStore;
+import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
+import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
+
+import org.jboss.security.authz.model.*;
+import org.jboss.security.authz.pap.hierarchial.HierarchialPolicy;
+import org.jboss.security.authz.pap.plugin.DroolsFunction;
+
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestDroolsFunction extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestDroolsFunction.class);
+
+ private ConfigurationStore store = null;
+
+ protected void setUp() throws Exception
+ {
+ this.store = new ConfigurationStore(new
File("target/test-classes/pdp-config.xml"));
+ this.store.useDefaultFactories();
+
+ //Populate the HierarchialPolicy
+ Policy policy = this.getSimplePolicy();
+
+ String xacmlPolicy = policy.generateXACMLPolicy();
+
+
log.info("--------------------------------------------------------------------");
+ log.info(xacmlPolicy);
+
log.info("--------------------------------------------------------------------");
+
+ //Store this policy on the File System to use the File based Policy Module of the
PDP
+ FileOutputStream fos = null;
+ try
+ {
+ fos = new FileOutputStream(new File("simple-policy.xml"));
+ fos.write(xacmlPolicy.getBytes());
+ fos.flush();
+ }
+ finally
+ {
+ if(fos != null)
+ {
+ fos.close();
+ }
+ }
+ }
+
+ protected void tearDown() throws Exception
+ {
+ File file = new File("simple-policy.xml");
+ file.delete();
+ }
+
+
+ public void testSimplePolicy() throws Exception
+ {
+ //SetUp the PDP
+ PDP pdp = new PDP(this.store.getDefaultPDPConfig());
+
+ //SetUp the Authorization Request
+ RequestContext requestContext = this.createPermitRequestContext();
+ log.info("-----------------------------------");
+ requestContext.marshall(System.out);
+
+ //Process the Authorization Request
+ ResponseCtx response =
pdp.evaluate((RequestCtx)requestContext.get(XACMLConstants.REQUEST_CTX));
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ response.encode(System.out);
+
+ //Process the Authorization Response
+ ResponseContext responseContext =
RequestResponseContextFactory.createResponseContext();
+ responseContext.set(XACMLConstants.RESPONSE_CTX, response);
+ assertNotNull(responseContext);
+ assertEquals(responseContext.getDecision(), XACMLConstants.DECISION_PERMIT);
+ log.info("-----------------------------------");
+ log.info("Decision="+responseContext.getDecision());
+ }
+
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private RequestContext createPermitRequestContext() throws Exception
+ {
+ //Create ObjectFactory
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ //Create Subjects
+ SubjectType subject = objectFactory.createSubjectType();
+ AttributeType subjectAttribute = objectFactory.createAttributeType();
+ subjectAttribute.setAttributeId(XACMLConstants.ATTRIBUTEID_ROLE);
+ subjectAttribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ AttributeValueType subjectId = objectFactory.createAttributeValueType();
+ subjectId.getContent().add("developer");
+ subjectAttribute.getAttributeValue().add(subjectId);
+ subject.getAttribute().add(subjectAttribute);
+
+ //Create Resource
+ ResourceType resource = objectFactory.createResourceType();
+ AttributeType resourceAttribute = objectFactory.createAttributeType();
+ resourceAttribute.setAttributeId(XACMLConstants.ATTRIBUTEID_RESOURCE_ID);
+ resourceAttribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ AttributeValueType resourceId = objectFactory.createAttributeValueType();
+
resourceId.getContent().add("http://www.redhat.com/protected/index.h...;
+ resourceAttribute.getAttributeValue().add(resourceId);
+ resource.getAttribute().add(resourceAttribute);
+
+ //Create Action
+ ActionType action = objectFactory.createActionType();
+ AttributeType actionAttribute = objectFactory.createAttributeType();
+ actionAttribute.setAttributeId(XACMLConstants.ATTRIBUTEID_ACTION_ID);
+ actionAttribute.setDataType(XMLSchemaConstants.DATATYPE_STRING);
+ AttributeValueType actionId = objectFactory.createAttributeValueType();
+ actionId.getContent().add("WRITE");
+ actionAttribute.getAttributeValue().add(actionId);
+ action.getAttribute().add(actionAttribute);
+
+ //Create RequestContext
+ RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a RequestType
+ RequestType requestType = objectFactory.createRequestType();
+ requestType.getSubject().add(subject);
+ requestType.setAction(action);
+ requestType.getResource().add(resource);
+
+ //Spit out RequestContext
+ requestContext.setRequest(requestType);
+
+ return requestContext;
+ }
+
+ private Policy getSimplePolicy()
+ {
+ //SetUp the Policy Target
+ Target target = new Target();
+ AttributeExpression resourceMatch = new AttributeExpression();
+ resourceMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
"http://www.redhat.com/protected/index.html");
+ resourceMatch.setAttribute(attribute);
+ target.addResourceMatch(resourceMatch);
+
+ //SetUp the Policy Rules
+ Set<Rule> rules = new HashSet<Rule>();
+ Rule writeRule = new Rule();
+
+ writeRule.setRuleId("write");
+ writeRule.setEffect(Effect.PERMIT);
+
+ Target ruleTarget = new Target();
+
+ AttributeExpression actionMatch = new AttributeExpression();
+ actionMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, "WRITE");
+ actionMatch.setAttribute(actionAttribute);
+ ruleTarget.addActionMatch(actionMatch);
+
+ writeRule.setTarget(ruleTarget);
+
+ DroolsRuleExpression ruleExpression = new DroolsRuleExpression();
+ ruleExpression.setFunctionId(DroolsFunction.NAME);
+ ruleExpression.setRuleReference("WriteRuleReference");
+ writeRule.setExpression(ruleExpression);
+
+ rules.add(writeRule);
+
+ //Populate the HierarchialPolicy
+ HierarchialPolicy policy = new
HierarchialPolicy("simpleHierarchialPolicy", target, rules);
+
+ return policy;
+ }
+}
Added: modules/authorization/trunk/PAP/src/test/resources/pdp-config.xml
===================================================================
--- modules/authorization/trunk/PAP/src/test/resources/pdp-config.xml
(rev 0)
+++ modules/authorization/trunk/PAP/src/test/resources/pdp-config.xml 2008-11-19 04:12:38
UTC (rev 12300)
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<config
xmlns="http://sunxacml.sourceforge.net/schema/config-0.3"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ defaultPDP="pdp" defaultAttributeFactory="attr"
+ defaultCombiningAlgFactory="comb"
defaultFunctionFactory="func">
+
+ <pdp name="pdp">
+ <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule"/>
+ <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule"/>
+ <policyFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.FilePolicyModule">
+ <list>
+ <string>simple-policy.xml</string>
+ </list>
+ </policyFinderModule>
+ </pdp>
+
+ <attributeFactory name="attr" useStandardDatatypes="true"/>
+
+ <combiningAlgFactory name="comb"
useStandardAlgorithms="true">
+ <algorithm
class="org.jboss.security.authz.pap.plugin.NoPermitMeansDeniedAlg"/>
+ </combiningAlgFactory>
+
+ <functionFactory name="func" useStandardFunctions="true">
+ <condition>
+ <function
class="org.jboss.security.authz.pap.plugin.DroolsFunction"/>
+ </condition>
+ </functionFactory>
+</config>
Modified: modules/authorization/trunk/PEP/pom.xml
===================================================================
--- modules/authorization/trunk/PEP/pom.xml 2008-11-17 17:42:10 UTC (rev 12299)
+++ modules/authorization/trunk/PEP/pom.xml 2008-11-19 04:12:38 UTC (rev 12300)
@@ -14,6 +14,12 @@
<description>A Generic PEP (Policy Enforcement Point)
component</description>
<dependencies>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
<!-- jboss xacml -->
<dependency>
<groupId>org.jboss.security</groupId>
Modified:
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java
===================================================================
---
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java 2008-11-17
17:42:10 UTC (rev 12299)
+++
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -64,6 +64,7 @@
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.xacml.sunxacml.ConfigurationStore;
import org.jboss.security.xacml.sunxacml.PDP;
import org.jboss.security.xacml.sunxacml.PDPConfig;
import org.jboss.security.xacml.sunxacml.finder.AttributeFinder;
@@ -75,6 +76,8 @@
import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
import org.jboss.security.xacml.sunxacml.combine.CombiningAlgFactory;
+import org.jboss.security.authz.xacml.PolicyUtil;
+
import junit.framework.TestCase;
/**
@@ -85,31 +88,18 @@
{
private static Logger log = Logger.getLogger(TestPDP.class);
+ private ConfigurationStore store = null;
+
/**
*
*/
public void setUp() throws Exception
{
- //Setup custom combining algorithms
- boolean register = true;
- String naIsDeniedURI = new NoPermitMeansDeniedAlg().getIdentifier().toString();
- CombiningAlgFactory factory = CombiningAlgFactory.getInstance();
- Set supportedAlgorithms = factory.getSupportedAlgorithms();
- String[] algorithms = (String[])supportedAlgorithms.toArray(new
String[supportedAlgorithms.size()]);
- for(String supportedAlgorithm: algorithms)
- {
- if(supportedAlgorithm.equals(naIsDeniedURI))
- {
- register = false;
- }
- }
- if(register)
- {
- factory.addAlgorithm(new NoPermitMeansDeniedAlg());
- }
+ this.store = new ConfigurationStore(new
File("target/test-classes/pdp-config.xml"));
+ this.store.useDefaultFactories();
+
this.generateSimplePolicy();
- //this.generateMultiTierPolicy();
}
/**
@@ -117,16 +107,14 @@
*/
public void tearDown() throws Exception
{
- //this.deleteSimplePolicy();
- //this.deleteMultiTierPolicy();
+ this.deleteSimplePolicy();
}
public void testSimplePermit() throws Exception
{
//PDP Setup
- String[] policyFiles = new String[]{"simple-policy.xml"};
- PDP pdp = new PDP(new PDPConfig(this.getAttributeFinder(),
this.getPolicyFinder(policyFiles), null));
+ PDP pdp = new PDP(this.store.getDefaultPDPConfig());
assertNotNull(pdp);
//Request Setup
@@ -156,8 +144,7 @@
public void testSimpleDeny() throws Exception
{
//PDP Setup
- String[] policyFiles = new String[]{"simple-policy.xml"};
- PDP pdp = new PDP(new PDPConfig(this.getAttributeFinder(),
this.getPolicyFinder(policyFiles), null));
+ PDP pdp = new PDP(this.store.getDefaultPDPConfig());
assertNotNull(pdp);
//Request Setup
@@ -280,37 +267,7 @@
log.info("-----------------------------------");
log.info("Decision="+responseContext.getDecision());
- }*/
-
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
- private AttributeFinder getAttributeFinder()
- {
- //Prefill the attribute finder with the Sun's impl of
- //environment attribute module and the selector attribute module
- AttributeFinder attributeFinder = new AttributeFinder();
- List attributeModules = new ArrayList();
- attributeModules.add(new CurrentEnvModule());
- attributeModules.add(new SelectorModule());
- attributeFinder.setModules(attributeModules);
- return attributeFinder;
- }
-
- private PolicyFinder getPolicyFinder(String[] policyFiles) throws Exception
- {
- //Create a PolicyFinderModule and initialize it...in this case,
- // we're using the sample FilePolicyModule that is pre-configured
- // with a set of policies from the filesystem
- FilePolicyModule filePolicyModule = new FilePolicyModule();
- for (int i = 0; i < policyFiles.length; i++)
- filePolicyModule.addPolicy(policyFiles[i]);
-
- // next, setup the PolicyFinder that this PDP will use
- PolicyFinder policyFinder = new PolicyFinder();
- Set policyModules = new HashSet();
- policyModules.add(filePolicyModule);
- policyFinder.setModules(policyModules);
-
- return policyFinder;
- }
+ }*/
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
private RequestContext createPermitRequestContext() throws Exception
{
@@ -674,9 +631,9 @@
try
{
fos = new FileOutputStream(new File("simple-policy.xml"));
- policyType.marshall(fos);
+ PolicyUtil.marshall(fos, policyType);
log.info("-------------------------------------------------------------------");
- policyType.marshall(System.out);
+ PolicyUtil.marshall(System.out, policyType);
log.info("-------------------------------------------------------------------");
}
finally
@@ -802,11 +759,11 @@
fos.close();
}
}
- }*/
+ }
private void deleteMultiTierPolicy() throws Exception
{
File file = new File("multitier-policy.xml");
file.delete();
- }
+ }*/
}
Modified:
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPolicyBuilder.java
===================================================================
---
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPolicyBuilder.java 2008-11-17
17:42:10 UTC (rev 12299)
+++
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPolicyBuilder.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -47,6 +47,8 @@
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.authz.xacml.PolicyUtil;
+
import junit.framework.TestCase;
/**
@@ -134,6 +136,6 @@
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(denyRule);
//marshal it into xml format
- policyType.marshall(System.out);
+ PolicyUtil.marshall(System.out, policyType);
}
}
Added: modules/authorization/trunk/PEP/src/test/resources/pdp-config.xml
===================================================================
--- modules/authorization/trunk/PEP/src/test/resources/pdp-config.xml
(rev 0)
+++ modules/authorization/trunk/PEP/src/test/resources/pdp-config.xml 2008-11-19 04:12:38
UTC (rev 12300)
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<config
xmlns="http://sunxacml.sourceforge.net/schema/config-0.3"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ defaultPDP="pdp" defaultAttributeFactory="attr"
+ defaultCombiningAlgFactory="comb"
defaultFunctionFactory="func">
+
+ <pdp name="pdp">
+ <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule"/>
+ <attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule"/>
+ <policyFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.FilePolicyModule">
+ <list>
+ <string>simple-policy.xml</string>
+ </list>
+ </policyFinderModule>
+ </pdp>
+
+ <attributeFactory name="attr" useStandardDatatypes="true"/>
+
+ <combiningAlgFactory name="comb"
useStandardAlgorithms="true">
+ <algorithm
class="org.jboss.security.authz.test.pep.NoPermitMeansDeniedAlg"/>
+ <algorithm
class="org.jboss.security.authz.test.pep.RuleCombiningAlgImplies"/>
+ </combiningAlgFactory>
+
+ <functionFactory name="func" useStandardFunctions="true"/>
+</config>
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,60 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * Represents an logic expression applied such that the specified Function is evaluated
by evaluating the Rule specified
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class DroolsRuleExpression extends Expression
+{
+ private String functionId = null;
+ private String ruleReference = null;
+
+ public DroolsRuleExpression()
+ {
+
+ }
+
+ public String getFunctionId()
+ {
+ return functionId;
+ }
+
+ public void setFunctionId(String functionId)
+ {
+ this.functionId = functionId;
+ }
+
+ public String getRuleReference()
+ {
+ return ruleReference;
+ }
+
+ public void setRuleReference(String ruleReference)
+ {
+ this.ruleReference = ruleReference;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/PolicyUtil.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/PolicyUtil.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/PolicyUtil.java 2008-11-19
04:12:38 UTC (rev 12300)
@@ -0,0 +1,50 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.xacml;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXB;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class PolicyUtil
+{
+ /**
+ * Marshall the PolicyType onto an Output Stream
+ * @param os OutputStream (System.out, ByteArrayOutputStream etc)
+ * @throws IOException
+ */
+ public static void marshall(OutputStream os, PolicyType policy) throws IOException
+ {
+ JAXBElement<PolicyType> jaxbPolicy = new
ObjectFactory().createPolicy(policy);
+ JAXB.marshal(jaxbPolicy, os);
+ }
+}