JBoss Portal SVN: r13701 - in modules/authorization/trunk: agent/src/test/java/org/jboss/security/authz/agent/features and 11 other directories.
5:23 p.m.
Author: sohil.shah(a)jboss.com
Date: 2009-08-07 18:23:24 -0400 (Fri, 07 Aug 2009)
New Revision: 13701
Added:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java
Removed:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
Log:
Better Provisioning Phase related services
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java
===================================================================
---
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.authz.agent.provisioning;
+import java.util.Set;
+
import org.apache.log4j.Logger;
import org.jboss.security.authz.agent.services.CompositionContext;
@@ -57,7 +59,6 @@
this.policyServer = policyServer;
}
-
public PolicyComposer getPolicyComposer()
{
return policyComposer;
@@ -67,27 +68,36 @@
{
this.policyComposer = policyComposer;
}
+
// --------PolicyProvisioner
//
implementation-----------------------------------------------------------------------------------------------------------------------------------------------------------
- public void newPolicy(PolicyMetaData policyMetaData)
+ /**
+ * Composes a Policy based on the "Security Components" inside the
composition
+ * context and *hot deploys* it to the Policy Server
+ *
+ * @param compositionContext
+ * @throws ProvisioningException
+ */
+ public void deploy(CompositionContext compositionContext)
throws ProvisioningException
{
- try
- {
- this.policyServer.newPolicy(policyMetaData);
- }
- catch (PolicyServerException pe)
- {
- log.error(this, pe);
- throw new ProvisioningException(pe);
- }
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(compositionContext);
+ this.deploy(policyMetaData);
}
- public Policy[] readAllPolicies() throws ProvisioningException
+ /**
+ * *Hot Deploys* the Policy into the Policy Server
+ *
+ * @param policyMetaData
+ * @throws ProvisioningException
+ */
+ public void deploy(PolicyMetaData policyMetaData)
+ throws ProvisioningException
{
try
{
- return this.policyServer.readAllPolicies();
+ this.policyServer.deploy(policyMetaData);
}
catch (PolicyServerException pe)
{
@@ -96,11 +106,16 @@
}
}
- public Policy readPolicy(String policyUri) throws ProvisioningException
+ /**
+ * Returns all the stored Policies for the system
+ *
+ * @return all the stored Policies
+ */
+ public Set<Policy> readAllPolicies() throws ProvisioningException
{
try
{
- return this.policyServer.readPolicy(policyUri);
+ return this.policyServer.readAllPolicies();
}
catch (PolicyServerException pe)
{
@@ -109,33 +124,32 @@
}
}
- public void deletePolicy(String policyUri) throws ProvisioningException
+ /**
+ * Finds a set Policies based on Matching Criteria provided in the
+ * Provisioning Context
+ *
+ * @param provisioningContext
+ * - Information to find Policies that match
+ * @return
+ * @throws ProvisioningException
+ */
+ public Set<Policy> find(ProvisioningContext provisioningContext)
+ throws ProvisioningException
{
- try
- {
- this.policyServer.deletePolicy(policyUri);
- }
- catch (PolicyServerException pe)
- {
- log.error(this, pe);
- throw new ProvisioningException(pe);
- }
+ return null;
}
/**
- * Composes a Policy based on the "Security Components" inside the
composition
- * context and deploys it to the Policy Server
+ * Deletes the specified Policy from storage
*
- * @param compositionContext
- * @throws ProvisioningException
+ * @param policyUri
+ * unique identifier for the Policy
*/
- public void composeAndDeploy(CompositionContext compositionContext)
- throws ProvisioningException
+ public void deletePolicy(String policyUri) throws ProvisioningException
{
try
{
- PolicyMetaData policyMetaData = this.policyComposer.compose(compositionContext);
- this.policyServer.newPolicy(policyMetaData);
+ this.policyServer.deletePolicy(policyUri);
}
catch (PolicyServerException pe)
{
Modified:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java
===================================================================
---
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -21,9 +21,10 @@
*/
package org.jboss.security.authz.agent.provisioning;
+import java.util.Set;
+
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-
import org.jboss.security.authz.agent.services.CompositionContext;
/**
@@ -32,45 +33,45 @@
public interface PolicyProvisioner
{
/**
- * Generates a new Policy instance based on the supplied MetaData and stores
- * it into the Policy Store
+ * Composes a Policy based on the "Security Components" inside the
composition
+ * context and *hot deploys* it to the Policy Server
*
- * @param policyMetaData
- * meta data for the policy to be created
+ * @param compositionContext
+ * @throws ProvisioningException
*/
- public void newPolicy(PolicyMetaData policyMetaData)
+ public void deploy(CompositionContext compositionContext)
throws ProvisioningException;
-
+
/**
- * Read a stored Policy identified by the unique policyUri
+ * *Hot Deploys* the Policy into the Policy Server
*
- * @param policyUri
- * @return a stored Policy
+ * @param policyMetaData
+ * @throws ProvisioningException
*/
- public Policy readPolicy(String policyUri) throws ProvisioningException;
-
+ public void deploy(PolicyMetaData policyMetaData) throws ProvisioningException;
+
/**
* Returns all the stored Policies for the system
*
* @return all the stored Policies
*/
- public Policy[] readAllPolicies() throws ProvisioningException;
-
+ public Set<Policy> readAllPolicies() throws ProvisioningException;
+
/**
+ * Finds a set Policies based on Matching Criteria provided in the Provisioning Context
+ *
+ * @param provisioningContext - Information to find Policies that match
+ * @return
+ * @throws ProvisioningException
+ */
+ public Set<Policy> find(ProvisioningContext provisioningContext) throws
ProvisioningException;
+
+
+ /**
* Deletes the specified Policy from storage
*
* @param policyUri
* unique identifier for the Policy
*/
public void deletePolicy(String policyUri) throws ProvisioningException;
-
- /**
- * Composes a Policy based on the "Security Components" inside the
composition
- * context and deploys it to the Policy Server
- *
- * @param compositionContext
- * @throws ProvisioningException
- */
- public void composeAndDeploy(CompositionContext compositionContext)
- throws ProvisioningException;
}
Added:
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java
===================================================================
---
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java
(rev 0)
+++
modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningContext.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -0,0 +1,70 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authz.agent.provisioning;
+
+import java.io.Serializable;
+import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class ProvisioningContext implements Serializable
+{
+ private Map<String, Object> attributes;
+
+ public ProvisioningContext()
+ {
+ this.attributes = new HashMap<String, Object>();
+ }
+
+ public Object getAttribute(String name)
+ {
+ return this.attributes.get(name);
+ }
+
+ public void setAttribute(String name, Object attribute)
+ {
+ this.attributes.put(name, attribute);
+ }
+
+ public Set<String> getNames()
+ {
+ return this.attributes.keySet();
+ }
+
+ public Object[] getValues()
+ {
+ return this.attributes.values().toArray();
+ }
+
+ public void clear(String name)
+ {
+ this.attributes.remove(name);
+ }
+
+ public void clearAll()
+ {
+ this.attributes.clear();
+ }
+}
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/AbstractFeatureTest.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.authz.agent.features;
+import java.util.Set;
+
import junit.framework.TestCase;
import org.apache.log4j.Logger;
@@ -68,9 +70,9 @@
protected void assertServerState() throws Exception
{
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length > 0));
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
!policies.isEmpty()));
for(Policy policy: policies)
{
log.info("------------------------------------------------------------------------------");
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/Blah.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -41,6 +41,16 @@
import org.jboss.security.authz.agent.services.PolicyComposer;
/**
+ * TODO: fix this test and called TestBootUp. This tests loading the RuleEngine with
Policies persisted in a database on Policy Server bootup
+ * This has issues with the testsuite that runs with <property
name="hbm2ddl.auto">create</property> property
+ *
+ * This test needs it to be update
+ *
+ * Need a creative way to hack around the HibernateService in the Policy Server.
+ *
+ * No time to think of this right now, since need to move on
+ *
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public class Blah extends AbstractFeatureTest
@@ -125,10 +135,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.PERMIT, action,
allowedRoles,"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
-
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
}
finally
{
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestAgentCache.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -58,9 +58,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestHierarchialPropagation.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -58,9 +58,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -88,9 +87,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -119,9 +117,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -149,9 +146,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -180,9 +176,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Setup denied policy
resource = new URIResource();
@@ -196,9 +191,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.DENY, action, deniedRoles, "denyExpression");
- // Store the policy into the Policy Server
- policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
@@ -227,7 +221,7 @@
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(context);
// Go ahead and produce a RequestContext for a "Permit" Enforcement
URIResource contextResource = new URIResource();
@@ -253,9 +247,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.PERMIT, action, identity, null);
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliedActions.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -58,9 +58,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -85,9 +84,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -112,9 +110,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/features/TestImpliesHierarchialPropagation.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -57,9 +57,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -89,9 +88,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Servers
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -121,9 +119,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -153,9 +150,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
this.assertServerState();
@@ -185,9 +181,8 @@
context.addPolicyRule(Effect.PERMIT, action, allowedRoles,
"allowExpression");
- // Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Setup denied policy....User can only read level2
resource = new URIResource();
@@ -200,9 +195,8 @@
context.setPolicyTarget(resource);
context.addPolicyRule(Effect.PERMIT, read, allowedRoles, "allowExpression");
- // Store the policy into the Policy Server
- policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ // Store the policy into the Policy Server
+ this.provisioner.deploy(context);
// Go ahead and produce a RequestContext for a "Permit" Enforcement
// Trying to "Write" to level2 should be Denied
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/AbstractTest.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -4,6 +4,7 @@
package org.jboss.security.authz.agent.test;
import java.net.URI;
+import java.util.Set;
import junit.framework.TestCase;
import org.apache.log4j.Logger;
@@ -69,9 +70,9 @@
protected void assertServerState() throws Exception
{
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length >0));
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
!policies.isEmpty()));
log.info("------------------------------------------------------------------------------");
for(Policy policy: policies)
{
Modified:
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java
===================================================================
---
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/test/TestMultiPolicyStore.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -67,9 +67,8 @@
context.addPolicyRule(Effect.PERMIT, action, sysadmin, "allowExpression");
context.addPolicyRule(Effect.PERMIT, action, identity);
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
}
}
Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -28,6 +28,8 @@
import java.io.InputStream;
import java.util.List;
import java.util.ArrayList;
+import java.util.Set;
+import java.util.HashSet;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -39,10 +41,7 @@
import org.w3c.dom.NodeList;
import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.policy.server.plugin.XACMLPolicy;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
import org.jboss.security.authz.http.component.resource.HttpResource;
@@ -58,225 +57,242 @@
import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.agent.services.PolicyComposer;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public class HttpPolicyConfig implements PolicyConfig
{
- private static Logger log = Logger.getLogger(HttpPolicyConfig.class);
-
- private PolicyComposer policyComposer;
-
-
- public PolicyComposer getPolicyComposer()
- {
- return policyComposer;
- }
-
- public void setPolicyComposer(PolicyComposer policyComposer)
- {
- this.policyComposer = policyComposer;
- }
-
- /**
- * Configures the Policy instances that can be represented in system level XACML
format. The easyDomainXml is a user friendly XML configuration that is within the context
- * of the application tier being protected. For instance, to apply Access Control at
the web tier, the XML configuration would consist of Resources and
- * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest
parameters, HTTP actions like GET, POST, PUT, etc
- *
- * @param easyDomainXml User Friendly XML configuration within the context of the
Application being protected
- * @return a fully configured Policy instance
- */
- public Policy[] configure(String easyDomainXml)
- {
- InputStream xmlStream = null;
- try
- {
- Policy[] policies = null;
-
- List<Policy> cour = new ArrayList<Policy>();
- xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
- DocumentBuilder builder =
DocumentBuilderFactory.newInstance().newDocumentBuilder();
- Document document = builder.parse(xmlStream);
-
- NodeList securityConstraints =
document.getElementsByTagName("security-constraint");
- for(int i=0, length=securityConstraints.getLength(); i< length; i++)
- {
- Element securityConstraint = (Element)securityConstraints.item(i);
-
- //Parse out information related to access control based on user roles
- NodeList roleNodes =
securityConstraint.getElementsByTagName("roles");
- Roles allowRoles = new Roles();
- Roles denyRoles = new Roles();
- if(roleNodes != null)
- {
- for(int j=0; j<roleNodes.getLength(); j++)
- {
- boolean allow = true;
- Element roles = (Element)roleNodes.item(j);
-
- allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
-
- NodeList roleNames = roles.getElementsByTagName("role-name");
- if(roleNames != null)
- {
- for(int k=0; k<roleNames.getLength(); k++)
- {
- Element roleName = (Element)roleNames.item(k);
- String role = roleName.getTextContent().trim();
-
- if(allow)
- {
- allowRoles.addName(role);
- }
- else
- {
- denyRoles.addName(role);
- }
- }
- }
- }
- }
-
- //Parse out the resources and actions upon which the Policies must be created
- Element webResourceCollection =
(Element)securityConstraint.getElementsByTagName("web-resource-collection").item(0);
- NodeList resources =
webResourceCollection.getElementsByTagName("web-resource");
- if (resources != null)
- {
- for (int j = 0; j < resources.getLength(); j++)
+ private static Logger log = Logger.getLogger(HttpPolicyConfig.class);
+
+ private PolicyComposer policyComposer;
+
+ public PolicyComposer getPolicyComposer()
+ {
+ return policyComposer;
+ }
+
+ public void setPolicyComposer(PolicyComposer policyComposer)
+ {
+ this.policyComposer = policyComposer;
+ }
+
+ /**
+ * Configures the Policy instances that can be represented in system level
+ * XACML format. The easyDomainXml is a user friendly XML configuration that
+ * is within the context of the application tier being protected. For
+ * instance, to apply Access Control at the web tier, the XML configuration
+ * would consist of Resources and Actions in the context of the Web Tier such
+ * as HTTP Uris, HttpServletRequest parameters, HTTP actions like GET, POST,
+ * PUT, etc
+ *
+ * @param easyDomainXml
+ * User Friendly XML configuration within the context of the
+ * Application being protected
+ * @return a fully configured Policy instance
+ */
+ public Set<PolicyMetaData> configure(String easyDomainXml)
+ {
+ InputStream xmlStream = null;
+ try
+ {
+ Set<PolicyMetaData> policies = new HashSet<PolicyMetaData>();
+
+ xmlStream = new ByteArrayInputStream(easyDomainXml.getBytes());
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder();
+ Document document = builder.parse(xmlStream);
+
+ NodeList securityConstraints = document
+ .getElementsByTagName("security-constraint");
+ for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
+ {
+ Element securityConstraint = (Element) securityConstraints.item(i);
+
+ // Parse out information related to access control based on user roles
+ NodeList roleNodes = securityConstraint.getElementsByTagName("roles");
+ Roles allowRoles = new Roles();
+ Roles denyRoles = new Roles();
+ if (roleNodes != null)
{
- //SetUp the Http Resource
- HttpResource policyResource = new HttpResource();
- Element webResource = (Element) resources.item(j);
- Element urlPattern = (Element) webResource
- .getElementsByTagName("url-pattern").item(0);
+ for (int j = 0; j < roleNodes.getLength(); j++)
+ {
+ boolean allow = true;
+ Element roles = (Element) roleNodes.item(j);
- policyResource.setUri(new URI(urlPattern
- .getTextContent().trim()));
- this.parseParameters(policyResource, webResource);
+ allow = Boolean.parseBoolean(roles.getAttribute("allow").trim());
- //Setup the Action Targets to be secured on this resource
- List<Operation> secureActions = this.parseSecureWebActions(webResource);
-
- if(secureActions != null)
- {
- //SetUp Policy Composition Context
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(policyResource);
- for(Operation secureAction: secureActions)
+ NodeList roleNames = roles.getElementsByTagName("role-name");
+ if (roleNames != null)
{
- if(!allowRoles.isEmpty())
+ for (int k = 0; k < roleNames.getLength(); k++)
{
- context.addPolicyRule(Effect.PERMIT, secureAction, allowRoles,
"allowExpression");
+ Element roleName = (Element) roleNames.item(k);
+ String role = roleName.getTextContent().trim();
+
+ if (allow)
+ {
+ allowRoles.addName(role);
+ }
+ else
+ {
+ denyRoles.addName(role);
+ }
}
-
- if(!denyRoles.isEmpty())
+ }
+ }
+ }
+
+ // Parse out the resources and actions upon which the Policies must be
+ // created
+ Element webResourceCollection = (Element) securityConstraint
+ .getElementsByTagName("web-resource-collection").item(0);
+ NodeList resources = webResourceCollection
+ .getElementsByTagName("web-resource");
+ if (resources != null)
+ {
+ for (int j = 0; j < resources.getLength(); j++)
+ {
+ // SetUp the Http Resource
+ HttpResource policyResource = new HttpResource();
+ Element webResource = (Element) resources.item(j);
+ Element urlPattern = (Element) webResource.getElementsByTagName(
+ "url-pattern").item(0);
+
+ policyResource.setUri(new URI(urlPattern.getTextContent().trim()));
+ this.parseParameters(policyResource, webResource);
+
+ // Setup the Action Targets to be secured on this resource
+ List<Operation> secureActions = this
+ .parseSecureWebActions(webResource);
+
+ if (secureActions != null)
+ {
+ // SetUp Policy Composition Context
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ for (Operation secureAction : secureActions)
{
- context.addPolicyRule(Effect.DENY, secureAction, denyRoles,
"denyExpression");
+ if (!allowRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, secureAction,
+ allowRoles, "allowExpression");
+ }
+
+ if (!denyRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.DENY, secureAction, denyRoles,
+ "denyExpression");
+ }
}
+
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
}
-
- //Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- cour.add(new XACMLPolicy(GeneralTool.generateUniqueId(), policyMetaData));
}
}
- }
- }
-
- policies = cour.toArray(new Policy[0]);
-
- return policies;
- }
- catch(Exception e)
- {
- log.error(this, e);
- throw new RuntimeException(e);
- }
- finally
- {
- try
- {
- if(xmlStream != null)
- {
- xmlStream.close();
- }
- }catch(IOException ioe){log.warn(this, ioe);}
- }
- }
- //XML Configuration
Parsing----------------------------------------------------------------------------------------------------------------------------------------------------
- private void parseParameters(HttpResource policyResource, Element webResource) throws
Exception
- {
- //Process Parameters
- Element parameters =
(Element)webResource.getElementsByTagName("parameters").item(0);
- if(parameters != null)
- {
- NodeList params = parameters.getElementsByTagName("parameter");
- if(params != null)
- {
- for(int i=0, length=params.getLength(); i<length; i++)
- {
- Element parameter = (Element)params.item(i);
-
- String name = parameter.getAttribute("name").trim();
- String value = parameter.getTextContent().trim();
-
- policyResource.addParameter(name, value);
- }
- }
- }
- }
-
- private List<Operation> parseSecureWebActions(Element webResource) throws
Exception
- {
- List<Operation> secureWebActions = new ArrayList<Operation>();
-
- NodeList httpMethods = webResource.getElementsByTagName("http-method");
- if(httpMethods != null)
- {
- for(int i=0; i<httpMethods.getLength(); i++)
- {
- Element httpMethodElem = (Element)httpMethods.item(i);
-
- String httpMethod = httpMethodElem.getTextContent();
-
- if(httpMethod.equalsIgnoreCase("get"))
- {
- secureWebActions.add(new Get());
- }
- else if(httpMethod.equalsIgnoreCase("post"))
- {
- secureWebActions.add(new Post());
- }
- else if(httpMethod.equalsIgnoreCase("put"))
- {
- secureWebActions.add(new Put());
- }
- else if(httpMethod.equalsIgnoreCase("delete"))
- {
- secureWebActions.add(new Delete());
- }
- else if(httpMethod.equalsIgnoreCase("head"))
- {
- secureWebActions.add(new Head());
- }
- else if(httpMethod.equalsIgnoreCase("options"))
- {
- secureWebActions.add(new Options());
- }
- else if(httpMethod.equalsIgnoreCase("trace"))
- {
- secureWebActions.add(new Trace());
- }
- }
- }
-
- if(secureWebActions.isEmpty())
- {
- secureWebActions.add(new Get());
- }
-
- return secureWebActions;
- }
+ }
+ return policies;
+ }
+ catch (Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ try
+ {
+ if (xmlStream != null)
+ {
+ xmlStream.close();
+ }
+ }
+ catch (IOException ioe)
+ {
+ log.warn(this, ioe);
+ }
+ }
+ }
+
+ // XML Configuration
+ //
Parsing----------------------------------------------------------------------------------------------------------------------------------------------------
+ private void parseParameters(HttpResource policyResource, Element webResource)
+ throws Exception
+ {
+ // Process Parameters
+ Element parameters = (Element) webResource.getElementsByTagName(
+ "parameters").item(0);
+ if (parameters != null)
+ {
+ NodeList params = parameters.getElementsByTagName("parameter");
+ if (params != null)
+ {
+ for (int i = 0, length = params.getLength(); i < length; i++)
+ {
+ Element parameter = (Element) params.item(i);
+
+ String name = parameter.getAttribute("name").trim();
+ String value = parameter.getTextContent().trim();
+
+ policyResource.addParameter(name, value);
+ }
+ }
+ }
+ }
+
+ private List<Operation> parseSecureWebActions(Element webResource)
+ throws Exception
+ {
+ List<Operation> secureWebActions = new ArrayList<Operation>();
+
+ NodeList httpMethods = webResource.getElementsByTagName("http-method");
+ if (httpMethods != null)
+ {
+ for (int i = 0; i < httpMethods.getLength(); i++)
+ {
+ Element httpMethodElem = (Element) httpMethods.item(i);
+
+ String httpMethod = httpMethodElem.getTextContent();
+
+ if (httpMethod.equalsIgnoreCase("get"))
+ {
+ secureWebActions.add(new Get());
+ }
+ else if (httpMethod.equalsIgnoreCase("post"))
+ {
+ secureWebActions.add(new Post());
+ }
+ else if (httpMethod.equalsIgnoreCase("put"))
+ {
+ secureWebActions.add(new Put());
+ }
+ else if (httpMethod.equalsIgnoreCase("delete"))
+ {
+ secureWebActions.add(new Delete());
+ }
+ else if (httpMethod.equalsIgnoreCase("head"))
+ {
+ secureWebActions.add(new Head());
+ }
+ else if (httpMethod.equalsIgnoreCase("options"))
+ {
+ secureWebActions.add(new Options());
+ }
+ else if (httpMethod.equalsIgnoreCase("trace"))
+ {
+ secureWebActions.add(new Trace());
+ }
+ }
+ }
+
+ if (secureWebActions.isEmpty())
+ {
+ secureWebActions.add(new Get());
+ }
+
+ return secureWebActions;
+ }
}
Modified:
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java
===================================================================
---
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -26,6 +26,7 @@
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.net.URI;
+import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -55,7 +56,7 @@
import org.jboss.security.authz.http.component.resource.HttpResource;
import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.tools.GeneralTool;
-import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.bootstrap.ServiceContainer;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
@@ -107,13 +108,12 @@
is =
config.getServletContext().getResourceAsStream("/WEB-INF/http-policy.xml");
String httpPolicy = GeneralTool.readStream(is);
- Policy[] policies = policyConfig.configure(httpPolicy);
+ Set<PolicyMetaData> policies = policyConfig.configure(httpPolicy);
log.debug("----------------------------------------------------------");
- for(Policy policy: policies)
- {
- log.debug(policy.generateSystemPolicy());
- this.provisioner.newPolicy(policy.getMetaData());
+ for(PolicyMetaData policyMetaData: policies)
+ {
+ this.provisioner.deploy(policyMetaData);
}
log.debug("----------------------------------------------------------");
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.http.components;
import java.net.URI;
+import java.util.Set;
import org.apache.log4j.Logger;
@@ -80,16 +81,18 @@
context.setPolicyTarget(policyResource);
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles,
"allowExpression");
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
!policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
//SetUp a Contextual HttpResource component representing an incoming request that needs
authorization
//where access should be granted
@@ -140,16 +143,18 @@
context.setPolicyTarget(policyResource);
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles,
"allowExpression");
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
!policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
//SetUp a Contextual HttpResource component representing an incoming request that needs
authorization
//where access should not be granted
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.http.components;
import java.net.URI;
+import java.util.Set;
import org.apache.log4j.Logger;
@@ -79,16 +80,18 @@
context.setPolicyTarget(policyResource);
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles,
"allowExpression");
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ //Store the policy into the Policy Server
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
!policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/devspace/wiki.html"));
@@ -117,15 +120,17 @@
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles,
"allowExpression");
//Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(context);
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
!policies.isEmpty()));
+ for(Policy policy: policies)
+ {
+ log.info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
HttpResource incoming = new HttpResource();
incoming.setUri(new URI("/private/devspace/wiki.html"));
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
package org.jboss.security.authz.http.components;
import java.net.URI;
+import java.util.Set;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;
@@ -94,7 +95,7 @@
//this.provision("/prefix/url/index.html");
//Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
assertTrue("Policy Store must not be empty!!", (policies != null));
log.info("------------------------------------------------------------------------------");
@@ -173,7 +174,6 @@
context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles,
"allowExpression");
//Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
+ this.provisioner.deploy(context);
}
}
Modified:
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java
===================================================================
---
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
******************************************************************************/
package org.jboss.security.authz.http.provisioning;
+import java.util.Set;
import java.io.InputStream;
import java.net.URI;
@@ -41,6 +42,7 @@
import org.jboss.security.authz.http.component.action.Post;
import org.jboss.security.authz.http.component.resource.HttpResource;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.http.configuration.HttpPolicyConfig;
import org.jboss.security.authz.tools.GeneralTool;
@@ -72,21 +74,21 @@
InputStream is =
Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml");
- Policy[] policies = config.configure(GeneralTool.readStream(is));
+ Set<PolicyMetaData> metadata =
config.configure(GeneralTool.readStream(is));
- assertNotNull(policies);
+ assertNotNull(metadata);
- for(Policy policy: policies)
+ for(PolicyMetaData policyMetaData: metadata)
{
- this.provisioner.newPolicy(policy.getMetaData());
+ this.provisioner.deploy(policyMetaData);
}
is.close();
//Assert Policy State of the Server
- policies = this.provisioner.readAllPolicies();
+ Set<Policy> policies = this.provisioner.readAllPolicies();
- assertTrue("Policy Store must not be empty!!", policies != null &&
policies.length > 0);
+ assertTrue("Policy Store must not be empty!!", policies != null &&
!policies.isEmpty());
for(Policy policy: policies)
{
log.info("------------------------------------------------------------------------------");
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -159,7 +159,7 @@
* @param policyMetaData
* meta data for the policy to be created
*/
- public void newPolicy(PolicyMetaData policyMetaData)
+ public void deploy(PolicyMetaData policyMetaData)
throws PolicyServerException
{
try
@@ -190,31 +190,13 @@
throw new PolicyServerException(pe);
}
}
-
+
/**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyServerException
- {
- try
- {
- return this.policyStore.readPolicy(policyUri);
- }
- catch (PolicyException pe)
- {
- throw new PolicyServerException(pe);
- }
- }
-
- /**
* Returns all the stored Policies for the system
*
* @return all the stored Policies
*/
- public Policy[] readAllPolicies() throws PolicyServerException
+ public Set<Policy> readAllPolicies() throws PolicyServerException
{
try
{
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,6 +22,7 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.plugin;
+import java.util.Set;
import java.io.IOException;
import java.io.ByteArrayInputStream;
@@ -73,14 +74,14 @@
//Load the persisted Policies into the Finder's memory
log.info("------------------------------------------------------------------");
log.info("Booting Up the Policy Rule
Engine.................................");
- Policy[] allPolicies = this.policyStore.readAllPolicies();
+ Set<Policy> allPolicies = this.policyStore.readAllPolicies();
if(allPolicies != null)
{
for(Policy policy: allPolicies)
{
this.addPolicy(policy);
}
- log.info("Rule Engine successfully started with
["+allPolicies.length+"] stored Policies");
+ log.info("Rule Engine successfully started with
["+allPolicies.size()+"] stored Policies");
}
log.info("------------------------------------------------------------------");
}
Deleted:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/MemoryPolicyStore.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -1,102 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.provisioning;
-
-import java.util.Map;
-import java.util.HashMap;
-
-import org.apache.log4j.Logger;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.policy.server.spi.PolicyStore;
-
-/**
- * this method of Policy Storage is only for testing. In an Enterprise setup this would
be replaced by a Database Policy Store
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class MemoryPolicyStore implements PolicyStore
-{
- private static Logger log = Logger.getLogger(MemoryPolicyStore.class);
-
- private Map<String, Policy> policies;
-
- public MemoryPolicyStore()
- {
- this.policies = new HashMap<String, Policy>();
- }
-
- public void start()
- {
-
log.info("-----------------------------------------------------------------------");
- log.info("In-Memory Policy Store successfully
started............................");
-
log.info("-----------------------------------------------------------------------");
- }
-
- public void stop()
- {
-
- }
-
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyException
- {
- return this.policies.get(policyUri);
- }
-
- /**
- * Returns all the stored Policies for the system
- *
- * @return all the stored Policies
- */
- public Policy[] readAllPolicies() throws PolicyException
- {
- return this.policies.values().toArray(new Policy[0]);
- }
-
- /**
- * Saves a Policy into storage. If this policy already exists in storage, then it
updates it
- *
- * @param policy Policy to be saved into storage
- */
- public void savePolicy(Policy policy) throws PolicyException
- {
- this.policies.put(policy.getPolicyUri(), policy);
- }
-
- /**
- * Deletes the specified Policy from storage
- *
- * @param policyUri unique identifier for the Policy
- */
- public void deletePolicy(String policyUri) throws PolicyException
- {
- this.policies.remove(policyUri);
- }
-}
Deleted:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/PolicyDeployer.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -1,128 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.provisioning;
-
-import java.io.BufferedInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.net.URL;
-
-import org.apache.log4j.Logger;
-
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyException;
-import org.jboss.security.authz.policy.server.spi.PolicyConfig;
-import org.jboss.security.authz.policy.server.spi.PolicyStore;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class PolicyDeployer
-{
- private static Logger log = Logger.getLogger(PolicyDeployer.class);
-
- private PolicyConfig configuration = null;
- private PolicyStore store = null;
-
- public PolicyDeployer()
- {
-
- }
-
- public PolicyConfig getConfiguration()
- {
- return configuration;
- }
-
- public void setConfiguration(PolicyConfig configuration)
- {
- this.configuration = configuration;
- }
-
- public PolicyStore getStore()
- {
- return store;
- }
-
- public void setStore(PolicyStore store)
- {
- this.store = store;
- }
-
- public void deploy(URL url) throws PolicyException
- {
- BufferedInputStream is = null;
- ByteArrayOutputStream bos = null;
- try
- {
- is = new BufferedInputStream(url.openStream());
- bos = new ByteArrayOutputStream();
-
- byte[] buffer = new byte[1024]; //using a 1K buffer
- int bytesRead = -1;
- while((bytesRead=is.read(buffer)) != -1)
- {
- bos.write(buffer, 0, bytesRead);
- }
-
- String deploymentXml = new String(bos.toByteArray());
-
- //Get Policy instances
- Policy[] policies = this.configuration.configure(deploymentXml);
-
- //Persist Policy instances into the Policy Store
- if(policies != null)
- {
- for(int i=0; i<policies.length; i++)
- {
- this.store.savePolicy(policies[i]);
- }
- }
- }
- catch(IOException ioe)
- {
- log.error(this, ioe);
- throw new PolicyException(ioe);
- }
- finally
- {
- try
- {
- if(is != null)
- {
- is.close();
- }
-
- if(bos != null)
- {
- bos.close();
- }
- }
- catch(IOException ioe)
- {
- log.warn(this, ioe);
- }
- }
- }
-}
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/provisioning/RelationalDBPolicyStore.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -32,6 +32,7 @@
import org.hibernate.Transaction;
+import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
import org.jboss.security.authz.model.Attribute;
@@ -75,22 +76,11 @@
}
//
-----------------------------------------------------------------------------------------------------------------------------------------------------------
/**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyException
- {
- return null;
- }
-
- /**
* Returns all the stored Policies for the system
*
* @return all the stored Policies
*/
- public Policy[] readAllPolicies() throws PolicyException
+ public Set<Policy> readAllPolicies() throws PolicyException
{
Session session = null;
Transaction tx = null;
@@ -102,10 +92,10 @@
List allPolicies = session.createQuery("from XACMLPolicy").list();
- Policy[] policies = null;
+ Set<Policy> policies = new HashSet<Policy>();
if(allPolicies != null && !allPolicies.isEmpty())
{
- policies = (Policy[])allPolicies.toArray(new Policy[allPolicies.size()]);
+ policies.addAll(allPolicies);
}
tx.commit();
@@ -199,9 +189,15 @@
}
}
//------------------------------------------------------------------------------------------------------------------------------------------------------------
- public Set<Policy> find(Set<Attribute> attributes) throws PolicyException
+ /**
+ * Finds the Policy associated with the specified URIResource
+ *
+ * @param uriResource
+ * @return
+ * @throws PolicyException
+ */
+ public Policy find(URIResource uriResource) throws PolicyException
{
- Set<Policy> policyPage = new HashSet<Policy>();
- return policyPage;
+ return null;
}
}
Deleted:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/Cursor.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -1,56 +0,0 @@
-/*
-* JBoss, a division of Red Hat
-* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authz.policy.server.spi;
-
-/**
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- */
-public class Cursor
-{
- private int currentPosition;
- private int capacity;
-
- public Cursor()
- {
-
- }
-
- public int getCurrentPosition()
- {
- return currentPosition;
- }
-
- public void setCurrentPosition(int currentPosition)
- {
- this.currentPosition = currentPosition;
- }
-
- public int getCapacity()
- {
- return capacity;
- }
-
- public void setCapacity(int capacity)
- {
- this.capacity = capacity;
- }
-}
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyConfig.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,7 +22,8 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.spi;
-import org.jboss.security.authz.model.Policy;
+import java.util.Set;
+import org.jboss.security.authz.model.PolicyMetaData;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -38,5 +39,5 @@
* @param easyDomainXml User Friendly XML configuration within the context of the
Application being protected
* @return a fully configured Policy instance
*/
- public Policy[] configure(String easyDomainXml);
+ public Set<PolicyMetaData> configure(String easyDomainXml);
}
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -22,41 +22,49 @@
******************************************************************************/
package org.jboss.security.authz.policy.server.spi;
+import java.util.Set;
+
import org.jboss.security.authz.model.Policy;
import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.components.resource.URIResource;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
+ *
*/
public interface PolicyStore
-{
- /**
- * Read a stored Policy identified by the unique policyUri
- *
- * @param policyUri
- * @return a stored Policy
- */
- public Policy readPolicy(String policyUri) throws PolicyException;
-
- /**
- * Returns all the stored Policies for the system
- *
- * @return all the stored Policies
- */
- public Policy[] readAllPolicies() throws PolicyException;
-
- /**
- * Saves a Policy into storage. If this policy already exists in storage, then it
updates it
- *
- * @param policy Policy to be saved into storage
- */
- public void savePolicy(Policy policy) throws PolicyException;
-
- /**
- * Deletes the specified Policy from storage
- *
- * @param policyUri unique identifier for the Policy
- */
- public void deletePolicy(String policyUri) throws PolicyException;
+{
+ /**
+ * Finds the Policy associated with the specified URIResource
+ *
+ * @param uriResource
+ * @return
+ * @throws PolicyException
+ */
+ public Policy find(URIResource uriResource) throws PolicyException;
+
+ /**
+ * Returns all the stored Policies for the system
+ *
+ * @return all the stored Policies
+ */
+ public Set<Policy> readAllPolicies() throws PolicyException;
+
+ /**
+ * Saves a Policy into storage. If this policy already exists in storage, then
+ * it updates it
+ *
+ * @param policy
+ * Policy to be saved into storage
+ */
+ public void savePolicy(Policy policy) throws PolicyException;
+
+ /**
+ * Deletes the specified Policy from storage
+ *
+ * @param policyUri
+ * unique identifier for the Policy
+ */
+ public void deletePolicy(String policyUri) throws PolicyException;
}
Modified:
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml
===================================================================
---
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/policy-server/src/main/resources/META-INF/authz-config.xml 2009-08-07
22:23:24 UTC (rev 13701)
@@ -18,10 +18,7 @@
<bean name="/policy-server/PolicyDecisionPoint"
class="org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint">
<property name="debug">true</property>
</bean>
-
- <bean name="/policy-server/PolicyDeployer"
class="org.jboss.security.authz.policy.server.provisioning.PolicyDeployer">
- </bean>
-
+
<bean name="/policy-server/PolicyStore"
class="org.jboss.security.authz.policy.server.provisioning.RelationalDBPolicyStore">
<property name="hibernateService">
<inject bean="/policy-server/HibernateService"/>
Modified:
modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
---
modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2009-08-07
18:02:40 UTC (rev 13700)
+++
modules/authorization/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2009-08-07
22:23:24 UTC (rev 13701)
@@ -21,7 +21,9 @@
*/
package org.jboss.security.authz.portal.configuration;
-import org.jboss.security.authz.model.Policy;
+import java.util.Set;
+
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.policy.server.spi.PolicyConfig;
/**
@@ -36,7 +38,7 @@
}
//-----PolicyConfig
Implementation--------------------------------------------------------------------------------------------------------------------------
- public Policy[] configure(String easyDomainXml)
+ public Set<PolicyMetaData> configure(String easyDomainXml)
{
return null;
}
6124
days inactive
6124
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org