Author: sohil.shah(a)jboss.com Date: 2009-07-11 14:00:13 -0400 (Sat, 11 Jul 2009) New Revision: 13543 Removed: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/EnforcementException.java modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/LocalEnforcementPoint.java modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/PolicyEnforcementPoint.java modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/provisioning/ Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/Agent.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/PolicyComposer.java modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml Log: refactoring clear separation between an application agent and the policy server Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/Agent.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/Agent.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/Agent.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -23,6 +23,7 @@ package org.jboss.security.authz.agent; import java.net.URL; +import java.util.Enumeration; import org.apache.log4j.Logger; @@ -52,10 +53,14 @@ EmbeddedBootstrap bootstrap = new EmbeddedBootstrap(); bootstrap.run(); - URL url = Thread.currentThread().getContextClassLoader().getResource("META-INF/jboss-beans.xml"); + ClassLoader cl = Thread.currentThread().getContextClassLoader(); + Enumeration e = cl.getResources("META-INF/jboss-beans.xml"); + while(e.hasMoreElements()) + { + URL url = (URL)e.nextElement(); + bootstrap.deploy(url); + } - bootstrap.deploy(url); - kernel = bootstrap.getKernel(); } catch(Exception e) Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -22,6 +22,7 @@ package org.jboss.security.authz.agent.enforcement; import java.io.Serializable; +import java.util.Set; import java.util.Map; import java.util.HashMap; @@ -47,6 +48,16 @@ this.attributes.put(name, attribute); } + public Set<String> getNames() + { + return this.attributes.keySet(); + } + + public Object[] getValues() + { + return this.attributes.values().toArray(); + } + public void clear(String name) { this.attributes.remove(name); Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -23,6 +23,13 @@ import org.apache.log4j.Logger; +import org.jboss.security.authz.model.AbstractContextObject; +import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.model.Subject; +import org.jboss.security.authz.model.Action; +import org.jboss.security.authz.model.Environment; +import org.jboss.security.authz.agent.services.EnforcementStateGenerator; + import org.jboss.security.authz.policy.client.enforcement.Request; import org.jboss.security.authz.policy.client.enforcement.Response; import org.jboss.security.authz.policy.server.PolicyServer; @@ -39,20 +46,13 @@ private static Logger log = Logger.getLogger(LocalEnforcementPoint.class); private PolicyServer policyServer; + private EnforcementStateGenerator stateGenerator; public LocalEnforcementPoint() { } - - public void start() - { - } - - public void stop() - { - } - + public PolicyServer getPolicyServer() { return policyServer; @@ -62,13 +62,33 @@ { this.policyServer = policyServer; } + + public EnforcementStateGenerator getStateGenerator() + { + return stateGenerator; + } + + public void setStateGenerator(EnforcementStateGenerator stateGenerator) + { + this.stateGenerator = stateGenerator; + } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------ public EnforcementResponse checkAccess(EnforcementContext enforcementContext) throws EnforcementException { - /*try + /*if(enforcementContext == null) { + throw new IllegalArgumentException("Enforcement Context is Null"); + } + try + { - return this.policyServer.evaluate(request); + Response response = this.policyServer.evaluate(this.generateEnforcementRequest(enforcementContext)); + + EnforcementResponse enforcementResponse = new EnforcementResponse(); + enforcementResponse.setAccessGranted(response.isAccessGranted()); + enforcementResponse.setMessage(response.getMessage()); + + return enforcementResponse; } catch(PolicyServerException pe) { @@ -77,4 +97,44 @@ }*/ return null; } + //----------------------------------------------------------------------------------------------------------------------------------------------------------------------- + /*private Request generateEnforcementRequest(EnforcementContext enforcementContext) + { + Request request = new Request(); + + Object[] components = enforcementContext.getValues(); + for(Object component: components) + { + AbstractContextObject[] securityContextObjects = this.stateGenerator.generate(component); + for(AbstractContextObject securityContextObject: securityContextObjects) + { + if(securityContextObject instanceof Resource) + { + request.addResource((Resource)securityContextObject); + } + else if(securityContextObject instanceof Subject) + { + request.addSubject((Subject)securityContextObject); + } + else if(securityContextObject instanceof Action) + { + if(request.getAction() != null) + { + throw new IllegalArgumentException("Invalid Enforcement Context. Only a single instance of an Action component is allowed."); + } + request.setAction((Action)securityContextObject); + } + else if(securityContextObject instanceof Environment) + { + if(request.getEnvironment() != null) + { + throw new IllegalArgumentException("Invalid Enforcement Context. Only a single instance of an Environment component is allowed."); + } + request.setEnvironment((Environment)securityContextObject); + } + } + } + + return request; + }*/ } Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -42,17 +42,7 @@ public LocalPolicyProvisioner() { } - - public void start() - { - } - - public void stop() - { - - } - public PolicyServer getPolicyServer() { return policyServer; Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -46,12 +46,17 @@ /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> */ -class EnforcementStateGenerator +public class EnforcementStateGenerator { private static Logger log = Logger.getLogger(EnforcementStateGenerator.class); - AbstractContextObject[] generate(Object component) + public EnforcementStateGenerator() { + + } + //---------------------------------------------------------------------------------------------------------------------------------------------------------------------- + public AbstractContextObject[] generate(Object component) + { try { AbstractContextObject[] enforcementState = null; Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/PolicyComposer.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/PolicyComposer.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/PolicyComposer.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -24,6 +24,8 @@ import java.util.Set; import java.util.HashSet; +import org.apache.log4j.Logger; + import org.jboss.security.authz.model.Target; import org.jboss.security.authz.model.Rule; import org.jboss.security.authz.model.PolicyMetaData; @@ -33,11 +35,13 @@ */ public class PolicyComposer { + private static Logger log = Logger.getLogger(PolicyComposer.class); + public PolicyComposer() { - } - + } + //----------------------------------------------------------------------------------------------------------------------------------------------------------------------- public PolicyMetaData compose(CompositionContext context) { PolicyMetaData policyMetaData = null; @@ -50,10 +54,10 @@ throw new IllegalStateException("Policy Target is missing!!"); } - if(policyRules == null || policyRules.isEmpty()) + /*if(policyRules == null || policyRules.isEmpty()) { throw new IllegalStateException("Policy Rule(s) are missing!!"); - } + }*/ Target target = policyTarget.compose(); Set<Rule> rules = new HashSet<Rule>(); Modified: modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml =================================================================== --- modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml 2009-07-11 18:00:13 UTC (rev 13543) @@ -6,6 +6,22 @@ <bean name="/agent/PolicyComposer" class="org.jboss.security.authz.agent.services.PolicyComposer"> </bean> - <bean name="/agent/PolicyEnforcementPoint" class="org.jboss.security.authz.agent.services.PolicyEnforcementPoint"> + <bean name="/agent/EnforcementStateGenerator" class="org.jboss.security.authz.agent.services.EnforcementStateGenerator"> + </bean> + + <bean name="/agent/LocalEnforcementPoint" class="org.jboss.security.authz.agent.enforcement.LocalEnforcementPoint"> + <property name="policyServer"> + <inject bean="/policy-server/PolicyServer"/> + </property> + + <property name="stateGenerator"> + <inject bean="/agent/EnforcementStateGenerator"/> + </property> + </bean> + + <bean name="/agent/LocalPolicyProvisioner" class="org.jboss.security.authz.agent.provisioning.LocalPolicyProvisioner"> + <property name="policyServer"> + <inject bean="/policy-server/PolicyServer"/> + </property> </bean> </deployment> \ No newline at end of file Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -24,18 +24,22 @@ import java.net.URI; import org.apache.log4j.Logger; -import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; -import org.jboss.security.authz.components.action.Read; + +import junit.framework.TestCase; + +import org.jboss.security.authz.http.component.action.Get; +import org.jboss.security.authz.http.component.resource.HttpResource; import org.jboss.security.authz.components.subject.Roles; -import org.jboss.security.authz.http.component.resource.HttpResource; +import org.jboss.security.authz.model.Effect; import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.server.Server; +import org.jboss.security.authz.model.PolicyMetaData; -import junit.framework.TestCase; +import org.jboss.security.authz.agent.Agent; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; +import org.jboss.security.authz.agent.services.PolicyComposer; +import org.jboss.security.authz.agent.services.CompositionContext; /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> @@ -44,29 +48,40 @@ { private static Logger log = Logger.getLogger(TestParameterMatching.class); + private PolicyComposer policyComposer; private PolicyEnforcementPoint enforcer; - private PolicyProvisioner provisioner; + private PolicyProvisioner provisioner; public void setUp() throws Exception { - Server.bootstrap(); - this.enforcer = (PolicyEnforcementPoint)Server.lookup("/enforcement/localEnforcementPoint"); - this.provisioner = (PolicyProvisioner)Server.lookup("/provisioning/localProvisioner"); + Agent.bootstrap(); + + this.policyComposer = (PolicyComposer)Agent.lookup("/agent/PolicyComposer"); + this.enforcer = (PolicyEnforcementPoint)Agent.lookup("/agent/LocalEnforcementPoint"); + this.provisioner = (PolicyProvisioner)Agent.lookup("/agent/LocalPolicyProvisioner"); } //TODO: migrate to the new developer framework - /*public void testMatchContextSuperset() throws Exception + public void testMatchContextSuperset() throws Exception { //SetUp HttpResource component to generate/store a policy HttpResource policyResource = new HttpResource(); - policyResource.setUri(new URI("/prefix/url/*")); - policyResource.addAllowed("Admin"); + policyResource.setUri(new URI("/prefix/url/*")); policyResource.addParameter("p1", "p1Val"); policyResource.addParameter("p2", "p2Val"); + + Roles allowedRoles = new Roles(); + allowedRoles.addName("Admin"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(policyResource); + //context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression"); //Store the policy into the Policy Server - this.provisioner.newPolicy(policyResource.getPolicyMetaData()); + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + this.provisioner.newPolicy(policyMetaData); //Assert Policy State of the Server Policy[] policies = this.provisioner.readAllPolicies(); @@ -77,7 +92,7 @@ //SetUp a Contextual HttpResource component representing an incoming request that needs authorization //where access should be granted - HttpResource permit = new HttpResource(); + /*HttpResource permit = new HttpResource(); permit.setUri(new URI("/prefix/url/index.html")); for(int i=0; i<5; i++) { @@ -101,10 +116,10 @@ this.enforce(this.createRequest(permit), true); //Access Denied Enforcement - this.enforce(this.createRequest(deny), false); + this.enforce(this.createRequest(deny), false);*/ } - public void testMatchContextSubset() throws Exception + /*public void testMatchContextSubset() throws Exception { //SetUp HttpResource component to generate/store a policy HttpResource policyResource = new HttpResource(); Deleted: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/EnforcementException.java =================================================================== --- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/EnforcementException.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/EnforcementException.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -1,50 +0,0 @@ -/****************************************************************************** - * JBoss, a division of Red Hat * - * Copyright 2006, Red Hat Middleware, LLC, and individual * - * contributors as indicated by the @authors tag. See the * - * copyright.txt in the distribution for a full listing of * - * individual contributors. * - * * - * This is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as * - * published by the Free Software Foundation; either version 2.1 of * - * the License, or (at your option) any later version. * - * * - * This software is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * - * Lesser General Public License for more details. * - * * - * You should have received a copy of the GNU Lesser General Public * - * License along with this software; if not, write to the Free * - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * - ******************************************************************************/ -package org.jboss.security.authz.policy.client.enforcement; - -/** - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - * - */ -public class EnforcementException extends Exception -{ - public EnforcementException() - { - super(); - } - - public EnforcementException(String message, Throwable cause) - { - super(message, cause); - } - - public EnforcementException(String message) - { - super(message); - } - - public EnforcementException(Throwable cause) - { - super(cause); - } -} Deleted: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/LocalEnforcementPoint.java =================================================================== --- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/LocalEnforcementPoint.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/LocalEnforcementPoint.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -1,77 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ -package org.jboss.security.authz.policy.client.enforcement; - -import org.apache.log4j.Logger; - -import org.jboss.security.authz.policy.server.PolicyServer; -import org.jboss.security.authz.policy.server.PolicyServerException; - -/** - * This Enforcement point integrates with the Policy Server inside the same VM. This provides the fastest enforcement option - * - * - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - */ -public class LocalEnforcementPoint implements PolicyEnforcementPoint -{ - private static Logger log = Logger.getLogger(LocalEnforcementPoint.class); - - private PolicyServer policyServer; - - public LocalEnforcementPoint() - { - - } - - public void start() - { - } - - public void stop() - { - } - - public PolicyServer getPolicyServer() - { - return policyServer; - } - - public void setPolicyServer(PolicyServer policyServer) - { - this.policyServer = policyServer; - } - //------------------------------------------------------------------------------------------------------------------------------------------------------------------------ - public Response checkAccess(Request request) throws EnforcementException - { - try - { - - return this.policyServer.evaluate(request); - } - catch(PolicyServerException pe) - { - log.error(this, pe); - throw new EnforcementException(pe); - } - } -} Deleted: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/PolicyEnforcementPoint.java =================================================================== --- modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/PolicyEnforcementPoint.java 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/client/enforcement/PolicyEnforcementPoint.java 2009-07-11 18:00:13 UTC (rev 13543) @@ -1,43 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ -package org.jboss.security.authz.policy.client.enforcement; - -/** - * This component typically integrates natively with the application layer to receive Authorization Requests - * It then processes the native request and routes it to the Policy Decision Point component of the Policy Server to get a decision whether the - * Authorization should be granted or not or to do something else - * - * Sometimes, this component can just be a native stub that routes all requests over the network to the Policy Server, and sometimes this component can be co-located with the Policy Server - * - * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> - */ -public interface PolicyEnforcementPoint -{ - /** - * Checks if Access should be granted for this particular Authorization Request - * - * @param request - * @return - * @throws EnforcementException - */ - public Response checkAccess(Request request) throws EnforcementException; -} Modified: modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml =================================================================== --- modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml 2009-07-10 21:14:33 UTC (rev 13542) +++ modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml 2009-07-11 18:00:13 UTC (rev 13543) @@ -25,19 +25,5 @@ </bean> <bean name="/policy-server/DroolsRuleManager" class="org.jboss.security.authz.policy.server.plugin.DroolsRuleManager"> - </bean> - - <!-- Local Policy Enforcement client --> - <bean name="/enforcement/localEnforcementPoint" class="org.jboss.security.authz.policy.client.enforcement.LocalEnforcementPoint"> - <property name="policyServer"> - <inject bean="/policy-server/PolicyServer"/> - </property> - </bean> - - <!-- Local Policy Provisioning client --> - <bean name="/provisioning/localProvisioner" class="org.jboss.security.authz.policy.client.provisioning.LocalPolicyProvisioner"> - <property name="policyServer"> - <inject bean="/policy-server/PolicyServer"/> - </property> - </bean> + </bean> </deployment> \ No newline at end of file