Author: sohil.shah(a)jboss.com
Date: 2009-07-26 13:23:41 -0400 (Sun, 26 Jul 2009)
New Revision: 13604
Added:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/CompositionUtil.java
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestPolicyComposition.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ComponentCategory.java
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
modules/authorization/trunk/pom.xml
Log:
core engine changes inspired by the exo integration task. lots more to come
Added:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/CompositionUtil.java
===================================================================
---
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/CompositionUtil.java
(rev 0)
+++
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/CompositionUtil.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -0,0 +1,182 @@
+/**
+ *
+ */
+package org.jboss.security.authz.agent.services;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Array;
+import java.util.Collection;
+import java.util.Set;
+import java.util.List;
+import java.util.Map;
+import java.util.ArrayList;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+/**
+ * @author soshah
+ *
+ */
+class CompositionUtil
+{
+ static ComponentCategory findComponentCategory(Class targetClass)
+ {
+ Annotation component = targetClass.getAnnotation(Component.class);
+ if(component != null)
+ {
+ return ((Component)component).category();
+ }
+
+ return null;
+ }
+
+ static AttributeExpression generateConditionExpression(String conditionContext, String
attributeCategory)
+ {
+ AttributeExpression expression = new AttributeExpression();
+ setConditionAttribute(expression, attributeCategory, conditionContext.toString());
+
+ return expression;
+ }
+
+ static List<AttributeExpression> generateAttributeExpression(Object[]
securityContextState, String attributeCategory)
+ {
+ List<AttributeExpression> expressions = new
ArrayList<AttributeExpression>();
+
+ for(Object input: securityContextState)
+ {
+ if(Collection.class.isAssignableFrom(input.getClass()) || input.getClass().isArray())
+ {
+ Set<String> uris = null;
+ if(input.getClass().isArray())
+ {
+ List<Object> local = new ArrayList<Object>();
+ int arrayLength = Array.getLength(input);
+ for(int i=0; i<arrayLength; i++)
+ {
+ local.add(Array.get(input, i));
+ }
+ uris = SecurityContextDataProcessor.processEnforcementState(local);
+ }
+ else
+ {
+ uris = SecurityContextDataProcessor.processEnforcementState((Collection)input);
+ }
+
+ for(String uri: uris)
+ {
+ AttributeExpression expression = new AttributeExpression();
+ setAttribute(expression, attributeCategory, uri);
+ expressions.add(expression);
+ }
+ }
+ else if(Map.class.isAssignableFrom(input.getClass()))
+ {
+ Map<String, String> mappedUris =
SecurityContextDataProcessor.processEnforcementState((Map)input);
+ Set<String> customCategories = mappedUris.keySet();
+ for(String customCategory: customCategories)
+ {
+ AttributeExpression expression = new AttributeExpression();
+ setAttribute(expression, customCategory, mappedUris.get(customCategory));
+ expressions.add(expression);
+ }
+ }
+ else
+ {
+ AttributeExpression expression = new AttributeExpression();
+ setAttribute(expression, attributeCategory, input.toString());
+ expressions.add(expression);
+ }
+ }
+
+ return expressions;
+ }
+
+ static void setAttribute(AttributeExpression urlExpression, String attributeCategory,
String uriStr)
+ {
+ Attribute attribute = null;
+
+ if (uriStr.charAt(0) == '/' && uriStr.endsWith("/*"))
+ {
+ // If URL starts with '/' and ends with "/*", use a regular
+ // expression to match it (In consistency with the servlet spec)
+ urlExpression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_STRING_MATCH);
+
+ String uriexp = uriStr.substring(1, uriStr.length() - 2);
+ StringBuilder buffer = new StringBuilder();
+ buffer.append("^/" + uriexp + "$|");
+ buffer.append("^" + uriexp + "$|");
+ buffer.append("^/" + uriexp + "/.*|");
+ buffer.append("^" + uriexp + "/.*");
+
+ attribute = new Attribute(
+ attributeCategory,
+ XMLSchemaConstants.DATATYPE_STRING, buffer.toString());
+ }
+ else
+ {
+ // use an exact match
+ urlExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+
+ attribute = new Attribute(
+ attributeCategory,
+ XMLSchemaConstants.DATATYPE_STRING, uriStr);
+ }
+
+ if(attributeCategory.endsWith("resource-id") ||
+ attributeCategory.endsWith("subject-id") ||
+ attributeCategory.endsWith("action-id")
+ )
+ {
+ urlExpression.setDesignatorMustBePresent(true);
+ }
+
+ urlExpression.setAttribute(attribute);
+ }
+
+ static void setConditionAttribute(AttributeExpression urlExpression, String
attributeCategory, String uriStr)
+ {
+ Attribute attribute = null;
+
+ if (uriStr.charAt(0) == '/' && uriStr.endsWith("/*"))
+ {
+ // If URL starts with '/' and ends with "/*", use a regular
+ // expression to match it (In consistency with the servlet spec)
+ urlExpression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_STRING_MATCH);
+
+ String uriexp = uriStr.substring(1, uriStr.length() - 2);
+ StringBuilder buffer = new StringBuilder();
+ buffer.append("^/" + uriexp + "$|");
+ buffer.append("^" + uriexp + "$|");
+ buffer.append("^/" + uriexp + "/.*|");
+ buffer.append("^" + uriexp + "/.*");
+
+ attribute = new Attribute(
+ attributeCategory,
+ XMLSchemaConstants.DATATYPE_STRING, buffer.toString());
+ }
+ else
+ {
+ // use an exact match
+ urlExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
+
+ attribute = new Attribute(
+ attributeCategory,
+ XMLSchemaConstants.DATATYPE_STRING, uriStr);
+ }
+
+ if(attributeCategory.endsWith("resource-id") ||
+ attributeCategory.endsWith("subject-id") ||
+ attributeCategory.endsWith("action-id")
+ )
+ {
+ urlExpression.setDesignatorMustBePresent(true);
+ }
+
+ urlExpression.setAttribute(attribute);
+ }
+}
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java
===================================================================
---
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.util.Set;
+import java.util.List;
import java.util.HashSet;
import org.apache.log4j.Logger;
@@ -34,6 +35,9 @@
import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.tools.GeneralTool;
+import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.model.AttributeExpression;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -115,7 +119,7 @@
{
throw new IllegalStateException("Logic Component is missing!!");
}
- }
+ }
try
{
@@ -146,6 +150,25 @@
{
rule.setExpression(this.generateExpression());
}
+ else if(this.logicComponent != null)
+ {
+ //Generate a native XACML Conditional Expression
+ ComponentCategory category =
CompositionUtil.findComponentCategory(this.logicComponent.getClass());
+ String attributeCategory = category.getAttributeCategory();
+
+ //Read the SecurityContext State of the Component being provisioned
+ Object[] securityContextData =
AnnotationProcessor.extractSecurityContextData(this.logicComponent);
+ if(securityContextData == null || securityContextData.length != 1)
+ {
+ throw new IllegalStateException("State of the Logic Component
"+this.logicComponent+" is invalid!!");
+ }
+
+ //Get the Attribute expression based on the Security Context State
+ String conditionContext = securityContextData[0].toString();
+ AttributeExpression conditionExpression =
CompositionUtil.generateConditionExpression(conditionContext, attributeCategory);
+
+ rule.setExpression(conditionExpression);
+ }
rules.add(rule);
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java
===================================================================
---
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -22,24 +22,16 @@
package org.jboss.security.authz.agent.services;
import java.lang.annotation.Annotation;
-import java.lang.reflect.Array;
-import java.util.ArrayList;
-import java.util.Collection;
import java.util.List;
-import java.util.Map;
import java.util.Set;
import java.util.HashSet;
import org.apache.log4j.Logger;
-import org.jboss.security.authz.component.Component;
import org.jboss.security.authz.component.ComponentCategory;
import org.jboss.security.authz.component.ImpliedActions;
import org.jboss.security.authz.model.Target;
-import org.jboss.security.authz.model.Attribute;
import org.jboss.security.authz.model.AttributeExpression;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
-import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -129,14 +121,14 @@
Target target = new Target();
//use the proper category for the data
- ComponentCategory category =
this.findComponentCategory(this.targetComponent.getClass());
+ ComponentCategory category =
CompositionUtil.findComponentCategory(this.targetComponent.getClass());
String attributeCategory = category.getAttributeCategory();
//Read the SecurityContext State of the Component being provisioned
Object[] securityContextData =
AnnotationProcessor.extractSecurityContextData(this.targetComponent);
//Get the Attribute expression based on the Security Context State
- List<AttributeExpression> urlExpressions =
this.generateAttributeExpression(securityContextData, attributeCategory);
+ List<AttributeExpression> urlExpressions =
CompositionUtil.generateAttributeExpression(securityContextData, attributeCategory);
//Depending up the data category add the appropriate match expression
for(AttributeExpression urlExpression: urlExpressions)
@@ -146,18 +138,7 @@
return target;
}
-
- private ComponentCategory findComponentCategory(Class targetClass)
- {
- Annotation component = targetClass.getAnnotation(Component.class);
- if(component != null)
- {
- return ((Component)component).category();
- }
- return null;
- }
-
private String[] findImpliedActions(Class targetClass)
{
Annotation impliedActions = targetClass.getAnnotation(ImpliedActions.class);
@@ -167,100 +148,5 @@
}
return null;
- }
-
- private List<AttributeExpression> generateAttributeExpression(Object[]
securityContextState, String attributeCategory)
- {
- List<AttributeExpression> expressions = new
ArrayList<AttributeExpression>();
-
- for(Object input: securityContextState)
- {
- if(Collection.class.isAssignableFrom(input.getClass()) || input.getClass().isArray())
- {
- Set<String> uris = null;
- if(input.getClass().isArray())
- {
- List<Object> local = new ArrayList<Object>();
- int arrayLength = Array.getLength(input);
- for(int i=0; i<arrayLength; i++)
- {
- local.add(Array.get(input, i));
- }
- uris = SecurityContextDataProcessor.processEnforcementState(local);
- }
- else
- {
- uris = SecurityContextDataProcessor.processEnforcementState((Collection)input);
- }
-
- for(String uri: uris)
- {
- AttributeExpression expression = new AttributeExpression();
- this.setAttribute(expression, attributeCategory, uri);
- expressions.add(expression);
- }
- }
- else if(Map.class.isAssignableFrom(input.getClass()))
- {
- Map<String, String> mappedUris =
SecurityContextDataProcessor.processEnforcementState((Map)input);
- Set<String> customCategories = mappedUris.keySet();
- for(String customCategory: customCategories)
- {
- AttributeExpression expression = new AttributeExpression();
- this.setAttribute(expression, customCategory, mappedUris.get(customCategory));
- expressions.add(expression);
- }
- }
- else
- {
- AttributeExpression expression = new AttributeExpression();
- this.setAttribute(expression, attributeCategory, input.toString());
- expressions.add(expression);
- }
- }
-
- return expressions;
- }
-
- private void setAttribute(AttributeExpression urlExpression, String attributeCategory,
String uriStr)
- {
- Attribute attribute = null;
-
- if (uriStr.charAt(0) == '/' && uriStr.endsWith("/*"))
- {
- // If URL starts with '/' and ends with "/*", use a regular
- // expression to match it (In consistency with the servlet spec)
- urlExpression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_STRING_MATCH);
-
- String uriexp = uriStr.substring(1, uriStr.length() - 2);
- StringBuilder buffer = new StringBuilder();
- buffer.append("^/" + uriexp + "$|");
- buffer.append("^" + uriexp + "$|");
- buffer.append("^/" + uriexp + "/.*|");
- buffer.append("^" + uriexp + "/.*");
-
- attribute = new Attribute(
- attributeCategory,
- XMLSchemaConstants.DATATYPE_STRING, buffer.toString());
- }
- else
- {
- // use an exact match
- urlExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
-
- attribute = new Attribute(
- attributeCategory,
- XMLSchemaConstants.DATATYPE_STRING, uriStr);
- }
-
- if(attributeCategory.endsWith("resource-id") ||
- attributeCategory.endsWith("subject-id") ||
- attributeCategory.endsWith("action-id")
- )
- {
- urlExpression.setDesignatorMustBePresent(true);
- }
-
- urlExpression.setAttribute(attribute);
- }
+ }
}
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -29,6 +29,7 @@
import org.jboss.security.authz.bootstrap.ServiceContainer;
import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Read;
@@ -260,6 +261,36 @@
//Perform enforcement
this.enforce(this.createEnforcementContext(contextResource, action), false);
}
+
+ public void testExplicitPermitByIdentity() throws Exception
+ {
+ //SetUp Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI("/root/level1/level2/index.html"));
+
+ Read action = new Read();
+
+ Identity identity = new Identity();
+ identity.setName("blah(a)blah.com");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.PERMIT, action, identity, null);
+
+ //Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ this.provisioner.newPolicy(policyMetaData);
+
+ this.assertServerState();
+
+ //Go ahead and produce a RequestContext for a "Permit" Enforcement
+ URIResource contextResource = new URIResource();
+ contextResource.setUri(new URI("/root/level1/level2/index.html"));
+
+ //Perform enforcement
+ this.enforce(this.createEnforcementContext(contextResource, action), true);
+ }
//------------------------------------------------------------------------------------------------------------------------------------------------------
private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
{
@@ -294,6 +325,9 @@
Roles roles = new Roles();
roles.addName("user");
context.setAttribute("roles", roles);
+ Identity identity = new Identity();
+ identity.setName("blah(a)blah.com");
+ context.setAttribute("identity", identity);
// Create Action
context.setAttribute("action", action);
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestPolicyComposition.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestPolicyComposition.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestPolicyComposition.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -136,4 +136,30 @@
log.info("----------------------------------------------------------------");
log.info(policy.generateSystemPolicy());
}
+
+ public void testComposePermitIdentityAsCondition() throws Exception
+ {
+ //Setup the state of Components to be used for Policy Composition
+ URIResource uriResource = new URIResource();
+ uriResource.setUri(new URI("/portal/admin-tool/modifyLayout"));
+
+ Read read = new Read();
+
+ Identity identity = new Identity();
+ identity.setName("blahUser(a)blah.com");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(uriResource);
+ context.addPolicyRule(Effect.PERMIT, read, identity, null);
+
+ PolicyMetaData metadata = this.policyComposer.compose(context);
+ assertNotNull("Target must not be null!!", metadata.getTarget());
+ assertNotNull("Rule must not be null!!", metadata.getRules());
+
+ Policy policy = new MockPolicy("testComposePermitIdentityAsCondition",
metadata);
+
+ log.info("----------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
}
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/MockPolicy.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -110,7 +110,7 @@
ResourceMatchType rmt = new ResourceMatchType();
rmt.setMatchId(resourceMatch.getFunctionId());
-
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.designatorMustBePresent()));
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch));
rmt.setAttributeValue(PolicyAttributeFactory
.createStringAttributeType(resourceMatch.getAttribute().getValue()));
@@ -194,7 +194,7 @@
ActionMatchType amct = new ActionMatchType();
amct.setMatchId(action.getFunctionId());
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
-
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
action.designatorMustBePresent()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action));
actionType.getActionMatch().add(amct);
actions.getAction().add(actionType);
}
@@ -212,7 +212,7 @@
SubjectMatchType match = new SubjectMatchType();
match.setMatchId(subject.getFunctionId());
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
-
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
subject.designatorMustBePresent()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject));
subjectType.getSubjectMatch().add(match);
subjects.getSubject().add(subjectType);
}
@@ -243,8 +243,7 @@
apply.getExpression().add(jaxbAttrValue);
//Place within the Context where this Value should exist during an Authorization
Request
-
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
- attributeExpression.designatorMustBePresent()));
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression));
condition.setExpression(objectFactory.createApply(apply));
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ComponentCategory.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ComponentCategory.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ComponentCategory.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -23,6 +23,7 @@
import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
import org.jboss.security.xacml.interfaces.XACMLConstants;
/**
@@ -69,6 +70,19 @@
{
target.addActionMatch(expression);
}
+ },
+
+ CUSTOM_SUBJECT_ATTRIBUTE
+ {
+ public String getAttributeCategory()
+ {
+ return AttributeDesignatorUtil.ATTRIBUTEID_CUSTOM_SUBJECT_ATTRIBUTE;
+ }
+
+ public void setExpression(Target target, AttributeExpression expression)
+ {
+ target.addSubjectMatch(expression);
+ }
};
//Define the enum behavior
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -29,6 +29,7 @@
import org.jboss.security.xacml.factories.PolicyAttributeFactory;
import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+import org.jboss.security.authz.model.AttributeExpression;
import org.jboss.security.authz.model.Attribute;
import org.jboss.security.xacml.interfaces.XACMLConstants;
@@ -38,22 +39,42 @@
*/
public class AttributeDesignatorUtil
{
+ public static final String ATTRIBUTEID_CUSTOM_RESOURCE_ATTRIBUTE =
"custom-resource-attribute";
+ public static final String ATTRIBUTEID_CUSTOM_SUBJECT_ATTRIBUTE =
"custom-subject-attribute";
+ public static final String ATTRIBUTEID_CUSTOM_ACTION_ATTRIBUTE =
"custom-action-attribute";
+ public static final String ATTRIBUTEID_CUSTOM_ENVIRONMENT_ATTRIBUTE =
"custom-environment-attribute";
+
/**
*
* @param attribute
* @return
*/
- public static AttributeDesignatorType getAttributeDesignator(Attribute attribute,
boolean mustBePresent)
+ public static AttributeDesignatorType getAttributeDesignator(AttributeExpression
attributeExpression)
{
AttributeDesignatorType attributeDesignator = null;
+ Attribute attribute = attributeExpression.getAttribute();
+ boolean mustBePresent = attributeExpression.designatorMustBePresent();
String uri = attribute.getUri();
- //TODO: add all the conditions to detect a Subject Attribute
- if(uri.equals(XACMLConstants.ATTRIBUTEID_ROLE) ||
+ //All the conditions to detect a Subject Attribute
+ if(uri.equals(XACMLConstants.ATTRIBUTEID_SUBJECT_ID) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_ROLE) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_DNS_NAME) ||
uri.equals(XACMLConstants.ATTRIBUTEID_IP_ADDRESS) ||
uri.equals(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_METHOD) ||
- uri.equals(XACMLConstants.ATTRIBUTEID_SUBJECT_ID)
+ uri.equals(XACMLConstants.ATTRIBUTEID_AUTHENTICATION_TIME) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_KEY_INFO) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_REQUEST_TIME) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_NAME_FORMAT) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_SESSION_START_TIME) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_SUBJECT_ID_QUALIFIER) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_CODEBASE) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_INTERMEDIARY_SUBJECT) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_RECIPIENT_SUBJECT) ||
+ uri.equals(XACMLConstants.ATTRIBUTEID_REQUESTING_MACHINE) ||
+ uri.equals(ATTRIBUTEID_CUSTOM_SUBJECT_ATTRIBUTE)
)
{
attributeDesignator =
PolicyAttributeFactory.createSubjectAttributeDesignatorType(attribute.getUri(),
@@ -72,12 +93,12 @@
* @param attribute
* @return
*/
- public static JAXBElement<? extends AttributeDesignatorType>
getAttributeDesignatorXml(Attribute attribute, boolean mustBePresent)
+ public static JAXBElement<? extends AttributeDesignatorType>
getAttributeDesignatorXml(AttributeExpression attributeExpression)
{
JAXBElement<? extends AttributeDesignatorType> xmlRep = null;
ObjectFactory objectFactory = new ObjectFactory();
- AttributeDesignatorType attributeDesignator =
AttributeDesignatorUtil.getAttributeDesignator(attribute, mustBePresent);
+ AttributeDesignatorType attributeDesignator =
AttributeDesignatorUtil.getAttributeDesignator(attributeExpression);
if(attributeDesignator instanceof SubjectAttributeDesignatorType)
{
@@ -87,12 +108,25 @@
{
String uri = attributeDesignator.getAttributeId();
- //TODO: finish this implementation to include all Attribute Types like Resource,
Action, and Environment
- if(uri.equals(XACMLConstants.ATTRIBUTEID_ACTION_ID)
+ //TODO: Include all Attribute Types like Resource, Action, and Environment
+ if(uri.equals(XACMLConstants.ATTRIBUTEID_ACTION_ID) ||
+ uri.equals(ATTRIBUTEID_CUSTOM_SUBJECT_ATTRIBUTE)
)
{
xmlRep = objectFactory.createActionAttributeDesignator(attributeDesignator);
}
+ else if(uri.equals(ATTRIBUTEID_CUSTOM_RESOURCE_ATTRIBUTE)
+
+ )
+ {
+ xmlRep = objectFactory.createResourceAttributeDesignator(attributeDesignator);
+ }
+ else if(uri.equals(ATTRIBUTEID_CUSTOM_ENVIRONMENT_ATTRIBUTE)
+
+ )
+ {
+ xmlRep =
objectFactory.createEnvironmentAttributeDesignator(attributeDesignator);
+ }
}
return xmlRep;
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -110,8 +110,7 @@
ResourceMatchType rmt = new ResourceMatchType();
rmt.setMatchId(resourceMatch.getFunctionId());
-
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.
- designatorMustBePresent()));
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch));
rmt.setAttributeValue(PolicyAttributeFactory
.createStringAttributeType(resourceMatch.getAttribute().getValue()));
@@ -195,8 +194,7 @@
ActionMatchType amct = new ActionMatchType();
amct.setMatchId(action.getFunctionId());
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
-
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
- action.designatorMustBePresent()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action));
actionType.getActionMatch().add(amct);
actions.getAction().add(actionType);
}
@@ -214,8 +212,7 @@
SubjectMatchType match = new SubjectMatchType();
match.setMatchId(subject.getFunctionId());
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
-
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
- subject.designatorMustBePresent()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject));
subjectType.getSubjectMatch().add(match);
subjects.getSubject().add(subjectType);
}
@@ -246,7 +243,7 @@
apply.getExpression().add(jaxbAttrValue);
//Place within the Context where this Value should exist during an Authorization
Request
-
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
attributeExpression.designatorMustBePresent()));
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression));
condition.setExpression(objectFactory.createApply(apply));
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java 2009-07-24
18:08:22 UTC (rev 13603)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/XACMLPolicy.java 2009-07-26
17:23:41 UTC (rev 13604)
@@ -110,8 +110,7 @@
rmt.setMatchId(resourceMatch.getFunctionId());
-
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(),
resourceMatch.
- designatorMustBePresent()));
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch));
rmt.setAttributeValue(PolicyAttributeFactory
.createStringAttributeType(resourceMatch.getAttribute().getValue()));
@@ -208,7 +207,7 @@
ActionMatchType amct = new ActionMatchType();
amct.setMatchId(action.getFunctionId());
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
-
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(),
action.designatorMustBePresent()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action));
actionType.getActionMatch().add(amct);
actions.getAction().add(actionType);
}
@@ -226,8 +225,7 @@
SubjectMatchType match = new SubjectMatchType();
match.setMatchId(subject.getFunctionId());
match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue()));
-
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(),
- subject.designatorMustBePresent()));
+
match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject));
subjectType.getSubjectMatch().add(match);
subjects.getSubject().add(subjectType);
}
@@ -258,8 +256,7 @@
apply.getExpression().add(jaxbAttrValue);
//Place within the Context where this Value should exist during an Authorization
Request
-
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(),
- attributeExpression.designatorMustBePresent()));
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression));
condition.setExpression(objectFactory.createApply(apply));
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2009-07-24 18:08:22 UTC (rev 13603)
+++ modules/authorization/trunk/pom.xml 2009-07-26 17:23:41 UTC (rev 13604)
@@ -36,18 +36,22 @@
-->
<version.junit>3.8.2</version.junit>
+ <version.apache.log4j>1.2.14</version.apache.log4j>
+
<version.sun.jaxb>2.1.4</version.sun.jaxb>
<version.sun.jaf>1.1</version.sun.jaf>
<version.jboss.xacml>2.0.3-SNAPSHOT</version.jboss.xacml>
- <version.apache.log4j>1.2.14</version.apache.log4j>
+
<version.org.drools>4.0.7</version.org.drools>
<version.org.mvel.mvel>1.3.1-java1.4</version.org.mvel.mvel>
<version.org.antlr>3.0</version.org.antlr>
-
<version.javax.servlet.servlet-api>2.4</version.javax.servlet.servlet-api>
+
<version.org.jboss.microcontainer>2.0.2.GA</version.org.jboss.microcontainer>
<version.org.jboss.jboss-reflect>2.0.2.GA</version.org.jboss.jboss-reflect>
<version.org.jboss.jboss-common-core>2.2.9.GA</version.org.jboss.jboss-common-core>
<version.org.jboss.jboss-mdr>2.0.1.GA</version.org.jboss.jboss-mdr>
+
+ <version.javax.servlet.servlet-api>2.4</version.javax.servlet.servlet-api>
<version.commons-httpclient>3.1</version.commons-httpclient>
</properties>
@@ -321,6 +325,22 @@
<version>2.3.1</version>
<configuration>
</configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <inherited>true</inherited>
+ <configuration>
+ <attach>true</attach>
+ </configuration>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
</plugin>
</plugins>
</build>