Author: sohil.shah(a)jboss.com
Date: 2009-06-16 07:32:25 -0400 (Tue, 16 Jun 2009)
New Revision: 13459
Added:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/RuleComposition.java
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/TargetComposition.java
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/repository/TestPolicyComposition.java
Log:
backing up code. establishing a stable baseline before starting some refactoring
Added:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java
(rev 0)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/ImpliedActions.java 2009-06-16
11:32:25 UTC (rev 13459)
@@ -0,0 +1,37 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.security.authz.component;
+
+import java.lang.annotation.Target;
+import java.lang.annotation.Retention;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.RetentionPolicy;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+(a)Target(ElementType.TYPE)
+(a)Retention(RetentionPolicy.RUNTIME)
+public @interface ImpliedActions
+{
+ String[] value();
+}
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/RuleComposition.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/RuleComposition.java 2009-06-15
21:56:01 UTC (rev 13458)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/RuleComposition.java 2009-06-16
11:32:25 UTC (rev 13459)
@@ -23,12 +23,15 @@
import java.lang.reflect.Method;
import java.lang.annotation.Annotation;
+import java.util.Set;
+import java.util.HashSet;
import org.apache.log4j.Logger;
import org.jboss.security.authz.model.Rule;
import org.jboss.security.authz.model.Expression;
import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Target;
import org.jboss.security.authz.model.DroolsRuleExpression;
import org.jboss.security.authz.tools.GeneralTool;
@@ -89,7 +92,7 @@
this.expressionName = expressionName;
}
//----------------------------------------------------------------------------------------------------------------------------------------------------------------
- public Rule compose()
+ public Set<Rule> compose()
{
if(this.effect == null)
{
@@ -106,17 +109,26 @@
try
{
+ Set<Rule> rules = new HashSet<Rule>();
+
Rule rule = new Rule();
rule.setRuleId(GeneralTool.generateUniqueId());
rule.setEffect(this.effect);
//Generate the Target for this rule
+ Set<Target> impliedActions = new HashSet<Target>();
if(this.targetComponent != null)
{
TargetComposition targetComposition = new TargetComposition();
targetComposition.setTargetComponent(this.targetComponent);
rule.setTarget(targetComposition.compose());
+
+ Set<Target> cour = targetComposition.composeImpliedTargets();
+ if(cour != null && !cour.isEmpty())
+ {
+ impliedActions.addAll(cour);
+ }
}
//Generate the Logic Expression of this rule
@@ -125,7 +137,25 @@
rule.setExpression(this.generateExpression());
}
- return rule;
+ rules.add(rule);
+
+ //Add any implied actions
+ if(impliedActions != null && !impliedActions.isEmpty())
+ {
+ for(Target impliedAction: impliedActions)
+ {
+ Rule impliedRule = new Rule();
+
+ impliedRule.setRuleId(GeneralTool.generateUniqueId());
+ impliedRule.setEffect(rule.getEffect());
+ impliedRule.setExpression(rule.getExpression());
+ impliedRule.setTarget(impliedAction);
+
+ rules.add(impliedRule);
+ }
+ }
+
+ return rules;
}
catch(Exception e)
{
@@ -169,6 +199,11 @@
}
}
+ if(targetClass.getSuperclass() != null)
+ {
+ return this.findExpression(targetClass.getSuperclass(), expressionName);
+ }
+
return null;
}
}
Modified:
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/TargetComposition.java
===================================================================
---
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/TargetComposition.java 2009-06-15
21:56:01 UTC (rev 13458)
+++
modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/TargetComposition.java 2009-06-16
11:32:25 UTC (rev 13459)
@@ -23,6 +23,8 @@
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
+import java.util.Set;
+import java.util.HashSet;
import org.apache.log4j.Logger;
@@ -65,7 +67,8 @@
try
{
- return this.generateTarget();
+ Target mainTarget = this.generateTarget();
+ return mainTarget;
}
catch(Exception e)
{
@@ -74,8 +77,46 @@
throw new RuntimeException(e);
}
}
- //----------------------------------------------------------------------------------------------------------------------------------------------------------------
- //TODO: Add TargetUri annotation inheritance
+
+ public Set<Target> composeImpliedTargets()
+ {
+ try
+ {
+ Set<Target> impliedTargets = new HashSet<Target>();
+
+ String[] impliedActions = this.findImpliedActions(this.targetComponent.getClass());
+ if(impliedActions != null)
+ {
+ for(String impliedAction: impliedActions)
+ {
+ //TODO: Find the Action Component from the repository
+ Object impliedActionComponent = null;
+ if(impliedAction.equals("read"))
+ {
+ impliedActionComponent =
Thread.currentThread().getContextClassLoader().loadClass("org.jboss.security.authz.components.action.Read").newInstance();
+ }
+ else if(impliedAction.equals("write"))
+ {
+ impliedActionComponent =
Thread.currentThread().getContextClassLoader().loadClass("org.jboss.security.authz.components.action.Write").newInstance();
+ }
+
+ //Compose this action target
+ TargetComposition comp = new TargetComposition();
+ comp.setTargetComponent(impliedActionComponent);
+ impliedTargets.add(comp.compose());
+ }
+ }
+
+ return impliedTargets;
+ }
+ catch(Exception e)
+ {
+ //TODO: handle this properly
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------------------------------------
private Target generateTarget() throws Exception
{
Target target = new Target();
@@ -140,6 +181,17 @@
return null;
}
+ private String[] findImpliedActions(Class targetClass)
+ {
+ Annotation impliedActions = targetClass.getAnnotation(ImpliedActions.class);
+ if(impliedActions != null)
+ {
+ return ((ImpliedActions)impliedActions).value();
+ }
+
+ return null;
+ }
+
private Field findTargetField(Class targetClass)
{
Field[] declaredFields = targetClass.getDeclaredFields();
@@ -155,6 +207,12 @@
}
}
+ //If I get here, query the super class
+ if(targetClass.getSuperclass() != null)
+ {
+ return this.findTargetField(targetClass.getSuperclass());
+ }
+
return null;
}
}
Modified:
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java 2009-06-15
21:56:01 UTC (rev 13458)
+++
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Manage.java 2009-06-16
11:32:25 UTC (rev 13459)
@@ -27,6 +27,7 @@
import org.jboss.security.authz.component.Component;
import org.jboss.security.authz.component.ComponentType;
import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ImpliedActions;
import org.jboss.security.authz.model.Target;
@@ -42,6 +43,7 @@
type=ComponentType.TARGET,
category=ComponentCategory.ACTION
)
+@ImpliedActions({"read", "write"})
public class Manage extends Operation
{
public Manage()
Modified:
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java 2009-06-15
21:56:01 UTC (rev 13458)
+++
modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Write.java 2009-06-16
11:32:25 UTC (rev 13459)
@@ -27,6 +27,7 @@
import org.jboss.security.authz.component.Component;
import org.jboss.security.authz.component.ComponentType;
import org.jboss.security.authz.component.ComponentCategory;
+import org.jboss.security.authz.component.ImpliedActions;
import org.jboss.security.authz.model.Target;
@@ -42,6 +43,7 @@
type=ComponentType.TARGET,
category=ComponentCategory.ACTION
)
+@ImpliedActions({"read"})
public class Write extends Operation
{
public Write()
Modified:
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/repository/TestPolicyComposition.java
===================================================================
---
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/repository/TestPolicyComposition.java 2009-06-15
21:56:01 UTC (rev 13458)
+++
modules/authorization/trunk/core-components-api/src/test/java/org/jboss/security/authz/components/repository/TestPolicyComposition.java 2009-06-16
11:32:25 UTC (rev 13459)
@@ -38,6 +38,7 @@
import org.jboss.security.authz.components.subject.Identity;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.Manage;
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.component.RuleComposition;
import org.jboss.security.authz.component.TargetComposition;
@@ -72,7 +73,7 @@
Target policyTarget = targetComposition.compose();
- Rule policyRule = ruleComposition.compose();
+ Set<Rule> policyRule = ruleComposition.compose();
//Assert the State
assertNotNull("Target must not be null!!", policyTarget);
@@ -80,7 +81,7 @@
PolicyMetaData metadata = new PolicyMetaData();
metadata.setTarget(policyTarget);
- metadata.addRule(policyRule);
+ metadata.setRules(policyRule);
Policy policy = new MockPolicy("testComposePermitIdentity", metadata);
log.info("----------------------------------------------------------------");
@@ -109,7 +110,7 @@
Target policyTarget = targetComposition.compose();
- Rule policyRule = ruleComposition.compose();
+ Set<Rule> policyRule = ruleComposition.compose();
//Assert the State
assertNotNull("Target must not be null!!", policyTarget);
@@ -117,10 +118,47 @@
PolicyMetaData metadata = new PolicyMetaData();
metadata.setTarget(policyTarget);
- metadata.addRule(policyRule);
+ metadata.setRules(policyRule);
Policy policy = new MockPolicy("testComposePermitRole", metadata);
log.info("----------------------------------------------------------------");
log.info(policy.generateSystemPolicy());
}
+
+ public void testImpliedTarget() throws Exception
+ {
+ Roles roles = new Roles();
+ Set<String> names = new HashSet<String>();
+ names.add("admin");
+ names.add("user");
+ roles.setNames(names);
+
+ URIResource uriResource = new URIResource();
+ uriResource.setUri(new URI("/portal/admin-tool/modifyLayout"));
+
+ TargetComposition targetComposition = new TargetComposition();
+ targetComposition.setTargetComponent(uriResource);
+
+ RuleComposition ruleComposition = new RuleComposition();
+ ruleComposition.setEffect(Effect.PERMIT);
+ ruleComposition.setLogicComponent(roles);
+ ruleComposition.setExpressionName("allowExpression");
+ ruleComposition.setTargetComponent(new Manage());
+
+
+ Target policyTarget = targetComposition.compose();
+ Set<Rule> policyRule = ruleComposition.compose();
+
+ //Assert the State
+ assertNotNull("Target must not be null!!", policyTarget);
+ assertNotNull("Rule must not be null!!", policyRule);
+
+ PolicyMetaData metadata = new PolicyMetaData();
+ metadata.setTarget(policyTarget);
+ metadata.setRules(policyRule);
+ Policy policy = new MockPolicy("testComposePermitRole", metadata);
+
+ log.info("----------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
+ }
}