Author: sohil.shah(a)jboss.com
Date: 2008-12-03 02:10:07 -0500 (Wed, 03 Dec 2008)
New Revision: 12334
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/DroolsRuleManager.java
modules/authorization/trunk/PAP/src/main/resources/rules/
modules/authorization/trunk/PAP/src/main/resources/rules/security.drl
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsRules.java
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestDroolsRuleManager.java
modules/authorization/trunk/PAP/src/test/resources/rules/
modules/authorization/trunk/PAP/src/test/resources/rules/add-security.drl
modules/authorization/trunk/PAP/src/test/resources/rules/test-security.drl
Removed:
modules/authorization/trunk/PEP/multitier-policy.xml
modules/authorization/trunk/PEP/simple-policy.xml
Modified:
modules/authorization/trunk/.classpath
modules/authorization/trunk/PAP/pom.xml
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java
modules/authorization/trunk/PEP/pom.xml
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
modules/authorization/trunk/pom.xml
Log:
code backup
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2008-12-03 06:35:00 UTC (rev 12333)
+++ modules/authorization/trunk/.classpath 2008-12-03 07:10:07 UTC (rev 12334)
@@ -42,4 +42,6 @@
<classpathentry kind="var"
path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT.jar"
sourcepath="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.3-SNAPSHOT/jboss-sunxacml-2.0.3-SNAPSHOT-sources.jar"/>
<classpathentry kind="var"
path="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT.jar"
sourcepath="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT-sources.jar"/>
<classpathentry kind="var"
path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/drools/drools-core/4.0.7/drools-core-4.0.7.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/drools/drools-compiler/4.0.7/drools-compiler-4.0.7.jar"/>
</classpath>
Modified: modules/authorization/trunk/PAP/pom.xml
===================================================================
--- modules/authorization/trunk/PAP/pom.xml 2008-12-03 06:35:00 UTC (rev 12333)
+++ modules/authorization/trunk/PAP/pom.xml 2008-12-03 07:10:07 UTC (rev 12334)
@@ -44,6 +44,17 @@
<artifactId>jaxb-xjc</artifactId>
</dependency>
+ <!-- Drools -->
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-compiler</artifactId>
+ </dependency>
+
+
<!-- junit -->
<dependency>
<groupId>junit</groupId>
@@ -58,8 +69,8 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestDroolsFunction.java</include>
+ <includes>
+ <include>**/TestDroolsRuleManager.java</include>
</includes>
</configuration>
</plugin>
Modified:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java 2008-12-03
06:35:00 UTC (rev 12333)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/DroolsFunction.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -22,14 +22,27 @@
******************************************************************************/
package org.jboss.security.authz.pap.plugin;
+import java.io.InputStreamReader;
+import java.io.Reader;
import java.util.List;
+import java.util.ArrayList;
+import org.drools.RuleBase;
+import org.drools.RuleBaseFactory;
+import org.drools.WorkingMemory;
+import org.drools.rule.Package;
+import org.drools.compiler.PackageBuilder;
+
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
import org.jboss.security.xacml.sunxacml.cond.EvaluationResult;
import org.jboss.security.xacml.sunxacml.cond.FunctionBase;
+import org.jboss.security.xacml.sunxacml.ctx.Status;
import org.jboss.security.xacml.sunxacml.attr.BooleanAttribute;
/**
+ * A custom XACML Function which is used to evaluate an XACML Condition based on the
Evaluation Results of a specified Business Rule based on the
+ * Drools/JBoss Rules product
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
@@ -37,6 +50,8 @@
{
public static final String NAME = FUNCTION_NS + "drools:rule";
+ private RuleBase rules = null;
+
/**
*
* @param functionName
@@ -51,10 +66,19 @@
public DroolsFunction()
{
super(NAME,
- 0, //FunctionId
- BooleanAttribute.identifier, //returnType
- false //returns a Bag of values
- );
+ 0, //FunctionId
+ BooleanAttribute.identifier, //returnType
+ false //returns a Bag of values
+ );
+
+ try
+ {
+ this.rules = this.readStaticRules();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
}
@@ -83,10 +107,64 @@
*
*/
public EvaluationResult evaluate(List inputs, EvaluationCtx context)
- {
- /**
- * TODO: start a Drools context and evaluate the specified Rule against the data
presented in the EvaluationContext
- */
- return EvaluationResult.getTrueInstance();
+ {
+ EvaluationResult result = null;
+ try
+ {
+ //Mock Code
+ WorkingMemory workingMemory = this.rules.newStatefulSession();
+
+ //Insert Security related Facts into the Rule Engine
+
+ workingMemory.fireAllRules();
+
+
+ /**
+ * TODO: start a Drools context and evaluate the specified Rule against the data
presented in the EvaluationContext
+ */
+ result = EvaluationResult.getTrueInstance();
+ }
+ catch(Exception e)
+ {
+ List code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, e.toString()+": "+e.getMessage());
+ result = new EvaluationResult(status);
+ }
+ return result;
+ }
+
//--------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Used when using Rule Deployment in a static manner from the classpath
+ *
+ * With this approach, the Policy Condition Rules are supplied during server startup.
Rule Modifications require a server re-start
+ */
+ private RuleBase readStaticRules() throws Exception
+ {
+ //read in the source
+ Reader source = new
InputStreamReader(this.getClass().getResourceAsStream("/rules/security.drl"));
+
+ //optionally read in the DSL (if you are using it).
+ //Reader dsl = new InputStreamReader( DroolsTest.class.getResourceAsStream(
"/mylang.dsl" ) );
+
+ //Use package builder to build up a rule package.
+ //An alternative lower level class called "DrlParser" can also be
used...
+
+ PackageBuilder builder = new PackageBuilder();
+
+ //this wil parse and compile in one step
+ //NOTE: There are 2 methods here, the one argument one is for normal DRL.
+ builder.addPackageFromDrl(source);
+
+ //Use the following instead of above if you are using a DSL:
+ //builder.addPackageFromDrl( source, dsl );
+
+ //get the compiled package (which is serializable)
+ Package pkg = builder.getPackage();
+
+ //add the package to a rulebase (deploy the rule package).
+ RuleBase ruleBase = RuleBaseFactory.newRuleBase();
+ ruleBase.addPackage(pkg);
+ return ruleBase;
}
}
Modified:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java 2008-12-03
06:35:00 UTC (rev 12333)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/plugin/EnterprisePolicyFinder.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -25,11 +25,19 @@
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
/**
+ * A production ready Enterprise Policy Finder that would be used by the Policy
Server/PDP component.
*
+ * It is designed for being production ready from a performance/scalability/clustering
standpoint
+ *
+ * This particular version will provide performance enhancement by the use of a clustered
cache based on JBoss Cache
+ * The actual storage of the policies will be done within a relational database
+ *
+ * This also allows for runtime modification of Security Policies without requiring any
restart/refresh of the Applications
+ *
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*
*/
public abstract class EnterprisePolicyFinder extends PolicyFinderModule
{
-}
+}
\ No newline at end of file
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/DroolsRuleManager.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/DroolsRuleManager.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/DroolsRuleManager.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -0,0 +1,178 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.service;
+
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.io.ByteArrayInputStream;
+import java.util.Map;
+import java.util.HashMap;
+
+import org.drools.RuleBase;
+import org.drools.RuleBaseFactory;
+import org.drools.compiler.PackageBuilder;
+
+import org.jboss.security.authz.model.DroolsRuleExpression;
+
+/**
+ * This service provides management for Drools based authorization Rules/Logic used by
the Drools Function extension of the XACML Engine
+ *
+ * TODO: Add Database Persistence to the State of this Manager
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class DroolsRuleManager
+{
+ private static String rulePkg =
+ "package security\n"+
+ "import org.jboss.security.authz.model.*;\n"+
+ "import org.jboss.security.xacml.interfaces.XACMLConstants;\n";
+
+ private RuleBase activeRuleBase = null;
+ private Map<String, String> drls = null;
+
+ public DroolsRuleManager()
+ {
+ }
+
+ public void start()
+ {
+ try
+ {
+ this.drls = new HashMap<String, String>();
+ this.reloadActiveRuleBase();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void stop()
+ {
+ this.activeRuleBase = null;
+ this.drls = null;
+ }
+
//---------------------------------------------------------------------------------------------------------------------------------------------------------
+ public RuleBase getActiveRuleBase()
+ {
+ return this.activeRuleBase;
+ }
+
+ public void addRule(DroolsRuleExpression rule) throws Exception
+ {
+ if(rule.getRuleReference() == null || rule.getRuleReference().trim().length() ==
0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+ if(rule.getWhen() == null || rule.getWhen().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("LHS value is missing");
+ }
+
+
+ this.drls.put(rule.getRuleReference(), rule.getWhen());
+ this.reloadActiveRuleBase();
+ }
+
+ public DroolsRuleExpression readRule(String ruleReference) throws Exception
+ {
+ if(ruleReference == null || ruleReference.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+
+ DroolsRuleExpression rule = null;
+
+ String when = this.drls.get(ruleReference);
+
+ rule = new DroolsRuleExpression();
+ rule.setRuleReference(ruleReference);
+ rule.setWhen(when);
+
+ return rule;
+ }
+
+ public void updateRule(DroolsRuleExpression rule) throws Exception
+ {
+ if(rule.getRuleReference() == null || rule.getRuleReference().trim().length() ==
0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+ if(rule.getWhen() == null || rule.getWhen().trim().length() == 0)
+ {
+ throw new IllegalArgumentException("LHS value is missing");
+ }
+
+ this.drls.put(rule.getRuleReference(), rule.getWhen());
+ this.reloadActiveRuleBase();
+ }
+
+ public void removeRule(String ruleReference) throws Exception
+ {
+ if(ruleReference == null || ruleReference.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("Rule Reference is missing");
+ }
+
+ this.drls.remove(ruleReference);
+ this.reloadActiveRuleBase();
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private synchronized void reloadActiveRuleBase() throws Exception
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(DroolsRuleManager.rulePkg+"\n");
+
+ for(String drl: this.drls.values())
+ {
+ buffer.append(drl+"\n");
+ }
+
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(buffer.toString().getBytes());
+ try
+ {
+ Reader source = new InputStreamReader(bis);
+
+ PackageBuilder packageBuilder = new PackageBuilder();
+ packageBuilder.addPackageFromDrl(source);
+
+ if(this.activeRuleBase == null)
+ {
+ this.activeRuleBase = RuleBaseFactory.newRuleBase();
+ }
+
+ //Perform the reloading of the RuleBase with the updated Rules
+ this.activeRuleBase.lock();
+ this.activeRuleBase.addPackage(packageBuilder.getPackage());
+ this.activeRuleBase.unlock();
+ }
+ finally
+ {
+ bis.close();
+ }
+ }
+}
Added: modules/authorization/trunk/PAP/src/main/resources/rules/security.drl
===================================================================
--- modules/authorization/trunk/PAP/src/main/resources/rules/security.drl
(rev 0)
+++ modules/authorization/trunk/PAP/src/main/resources/rules/security.drl 2008-12-03
07:10:07 UTC (rev 12334)
@@ -0,0 +1,8 @@
+package org.jboss.security.authz.pap.plugin
+
+
+rule "WriteRule"
+ when
+ then
+ System.out.println("WriteRule successfully invoked........");
+end
\ No newline at end of file
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsRules.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsRules.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/plugin/TestDroolsRules.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -0,0 +1,134 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.plugin;
+
+
+import junit.framework.TestCase;
+
+import org.drools.WorkingMemory;
+import org.drools.StatefulSession;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.authz.pap.service.DroolsRuleManager;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestDroolsRules extends TestCase
+{
+ private static final String rule2 =
+ "rule \"Rule2\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule2\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule2 successfully fired\");\n"+
+ "end\n";
+
+ private static final String rule1 =
+ "rule \"Rule1\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule1\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule1 successfully fired\");\n"+
+ "end\n";
+
+ private DroolsRuleManager ruleManager = null;
+
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ this.ruleManager = new DroolsRuleManager();
+ this.ruleManager.start();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.ruleManager = null;
+ }
+
//------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAddRule() throws Exception
+ {
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference("Rule2");
+ expression.setWhen(TestDroolsRules.rule2);
+ this.ruleManager.addRule(expression);
+
+ WorkingMemory workingMemory =
ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ expression.setRuleReference("Rule1");
+ expression.setWhen(TestDroolsRules.rule1);
+ this.ruleManager.addRule(expression);
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule1");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule1........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ //Create a Role Attribute
+ Attribute attribute = new Attribute();
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
+ attribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING);
+ attribute.setValue("developer");
+ subject.addAttribute(attribute);
+
+ return subject;
+ }
+}
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestDroolsRuleManager.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestDroolsRuleManager.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestDroolsRuleManager.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -0,0 +1,134 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.service;
+
+
+import junit.framework.TestCase;
+
+import org.drools.WorkingMemory;
+import org.drools.StatefulSession;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.authz.pap.service.DroolsRuleManager;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestDroolsRuleManager extends TestCase
+{
+ private static final String rule2 =
+ "rule \"Rule2\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule2\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule2 successfully fired\");\n"+
+ "end\n";
+
+ private static final String rule1 =
+ "rule \"Rule1\"\n"+
+ "when\n"+
+ "$subject: Subject()\n"+
+ "String(toString == \"Rule1\")\n"+
+ "Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)\n"+
+ "Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
\"developer\") from $subject.attributes\n"+
+ "then\n"+
+ "System.out.println(\"Rule1 successfully fired\");\n"+
+ "end\n";
+
+ private DroolsRuleManager ruleManager = null;
+
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ this.ruleManager = new DroolsRuleManager();
+ this.ruleManager.start();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ this.ruleManager = null;
+ }
+
//------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void testAddRule() throws Exception
+ {
+ DroolsRuleExpression expression = new DroolsRuleExpression();
+ expression.setRuleReference("Rule2");
+ expression.setWhen(TestDroolsRuleManager.rule2);
+ this.ruleManager.addRule(expression);
+
+ WorkingMemory workingMemory =
ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ expression.setRuleReference("Rule1");
+ expression.setWhen(TestDroolsRuleManager.rule1);
+ this.ruleManager.addRule(expression);
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule1");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule1........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+
+ workingMemory = ruleManager.getActiveRuleBase().newStatefulSession();
+ workingMemory.insert("Rule2");
+ workingMemory.insert(this.getSubject());
+
+ //Fire
+ System.out.println("Firing Rule2........");
+ workingMemory.fireAllRules();
+ ((StatefulSession)workingMemory).dispose();
+ }
+
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
+ private Subject getSubject()
+ {
+ Subject subject = new Subject();
+
+ subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT);
+
+ //Create a Role Attribute
+ Attribute attribute = new Attribute();
+ attribute.setUri(XACMLConstants.ATTRIBUTEID_ROLE);
+ attribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING);
+ attribute.setValue("developer");
+ subject.addAttribute(attribute);
+
+ return subject;
+ }
+}
Added: modules/authorization/trunk/PAP/src/test/resources/rules/add-security.drl
===================================================================
--- modules/authorization/trunk/PAP/src/test/resources/rules/add-security.drl
(rev 0)
+++ modules/authorization/trunk/PAP/src/test/resources/rules/add-security.drl 2008-12-03
07:10:07 UTC (rev 12334)
@@ -0,0 +1,26 @@
+package test.security
+
+import java.lang.*;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+
+rule "Rule1"
+ when
+ $subject: Subject()
+ String(toString == "Rule1")
+ Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)
+ Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
"developer") from $subject.attributes
+ then
+ System.out.println("Rule1 (Updated)....");
+end
+
+rule "Rule2"
+ when
+ $subject: Subject()
+ String(toString == "Rule2")
+ Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)
+ Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
"developer") from $subject.attributes
+ then
+ System.out.println("Rule2....");
+end
\ No newline at end of file
Added: modules/authorization/trunk/PAP/src/test/resources/rules/test-security.drl
===================================================================
--- modules/authorization/trunk/PAP/src/test/resources/rules/test-security.drl
(rev 0)
+++ modules/authorization/trunk/PAP/src/test/resources/rules/test-security.drl 2008-12-03
07:10:07 UTC (rev 12334)
@@ -0,0 +1,16 @@
+package test.security
+
+import java.lang.*;
+import org.jboss.security.authz.model.*;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+
+rule "Rule1"
+ when
+ $subject: Subject()
+ String(toString == "Rule1")
+ Subject(category == XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT)
+ Attribute(uri == XACMLConstants.ATTRIBUTEID_ROLE && value ==
"developer") from $subject.attributes
+ then
+ System.out.println("Rule1....");
+end
\ No newline at end of file
Deleted: modules/authorization/trunk/PEP/multitier-policy.xml
===================================================================
--- modules/authorization/trunk/PEP/multitier-policy.xml 2008-12-03 06:35:00 UTC (rev
12333)
+++ modules/authorization/trunk/PEP/multitier-policy.xml 2008-12-03 07:10:07 UTC (rev
12334)
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
-<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
RuleCombiningAlgId="rule-combining-alg:nopermit-means-denied"
Version="2.0" PolicyId="MultiTierPolicy">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://ww...
- <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">org.jboss...
- <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
- </ResourceMatch>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://ww...
- <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:2.0:custom:attribute:param0"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule Effect="Permit" RuleId="WriteRule">
- <Target>
- <Actions>
- <Action>
- <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">write<...
- <ActionAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- <Condition>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">developer...
- <SubjectAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
- </Apply>
- </Condition>
- </Rule>
-</Policy>
Modified: modules/authorization/trunk/PEP/pom.xml
===================================================================
--- modules/authorization/trunk/PEP/pom.xml 2008-12-03 06:35:00 UTC (rev 12333)
+++ modules/authorization/trunk/PEP/pom.xml 2008-12-03 07:10:07 UTC (rev 12334)
@@ -58,11 +58,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestPDP.java</include>
- <!--
- <include>**/TestPolicyBuilder.java</include>
- -->
+ <includes>
</includes>
</configuration>
</plugin>
Deleted: modules/authorization/trunk/PEP/simple-policy.xml
===================================================================
--- modules/authorization/trunk/PEP/simple-policy.xml 2008-12-03 06:35:00 UTC (rev 12333)
+++ modules/authorization/trunk/PEP/simple-policy.xml 2008-12-03 07:10:07 UTC (rev 12334)
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
-<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
RuleCombiningAlgId="rule-combining-alg:nopermit-means-denied"
Version="2.0" PolicyId="SimplePolicy">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://ww...
- <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule Effect="Permit" RuleId="WriteRule">
- <Target>
- <Actions>
- <Action>
- <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">write<...
- <ActionAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- <Condition>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">developer...
- <SubjectAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
- </Apply>
- </Condition>
- </Rule>
-</Policy>
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java 2008-12-03
06:35:00 UTC (rev 12333)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/DroolsRuleExpression.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -32,6 +32,7 @@
{
private String functionId = null;
private String ruleReference = null;
+ private String when = null;
public DroolsRuleExpression()
{
@@ -57,4 +58,14 @@
{
this.ruleReference = ruleReference;
}
+
+ public String getWhen()
+ {
+ return this.when;
+ }
+
+ public void setWhen(String when)
+ {
+ this.when = when;
+ }
}
Modified:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2008-12-03
06:35:00 UTC (rev 12333)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2008-12-03
07:10:07 UTC (rev 12334)
@@ -23,6 +23,7 @@
package org.jboss.security.authz.model;
import java.util.Set;
+import java.util.HashSet;
/**
* Represents the Identity of the user, machine, etc trying to execute a protected Action
on a protected Resource
@@ -38,6 +39,11 @@
private Set<Attribute> attributes = null;
/**
+ * Category of Subject such as a user Identity, a Machine Identity, etc
+ */
+ private String category = null;
+
+ /**
*
*
*/
@@ -62,5 +68,39 @@
public void setAttributes(Set<Attribute> attributes)
{
this.attributes = attributes;
- }
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getCategory()
+ {
+ return category;
+ }
+
+ /**
+ *
+ * @param category
+ */
+ public void setCategory(String category)
+ {
+ this.category = category;
+ }
+
+ /**
+ *
+ * @param attribute
+ */
+ public void addAttribute(Attribute attribute)
+ {
+ if(this.attributes == null)
+ {
+ this.attributes = new HashSet<Attribute>();
+ }
+
+ this.attributes.add(attribute);
+ }
+
+
}
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2008-12-03 06:35:00 UTC (rev 12333)
+++ modules/authorization/trunk/pom.xml 2008-12-03 07:10:07 UTC (rev 12334)
@@ -11,7 +11,9 @@
<modules>
<module>common</module>
+ <!--
<module>security-console</module>
+ -->
<module>PEP</module>
<module>PAP</module>
</modules>
@@ -29,8 +31,10 @@
<version.commons-digester>1.6</version.commons-digester>
<version.junit>3.8.2</version.junit>
<version.sun.jaxb>2.1.4</version.sun.jaxb>
+ <version.sun.jaf>1.1</version.sun.jaf>
<version.jboss.xacml>2.0.3-SNAPSHOT</version.jboss.xacml>
<version.apache.log4j>1.2.14</version.apache.log4j>
+ <version.org.drools>4.0.7</version.org.drools>
<!-- local environment properties -->
<jboss.home>/home/soshah/appServers/jboss-4.2.2.GA</jboss.home>
@@ -132,6 +136,13 @@
<scope>provided</scope>
</dependency>
+ <!-- sun jaf -->
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>${version.sun.jaf}</version>
+ </dependency>
+
<!-- jboss xacml -->
<dependency>
<groupId>org.jboss.security</groupId>
@@ -160,6 +171,20 @@
<artifactId>log4j</artifactId>
<version>${version.apache.log4j}</version>
<scope>provided</scope>
+ </dependency>
+
+ <!-- Drools -->
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-core</artifactId>
+ <version>${version.org.drools}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.drools</groupId>
+ <artifactId>drools-compiler</artifactId>
+ <version>${version.org.drools}</version>
+ <scope>provided</scope>
</dependency>
</dependencies>
</dependencyManagement>
@@ -171,6 +196,12 @@
<groupId>apache-log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>