Author: sohil.shah(a)jboss.com
Date: 2009-05-28 12:26:13 -0400 (Thu, 28 May 2009)
New Revision: 13420
Added:
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.bat
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.sh
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyContext.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyService.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyServiceImpl.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/META-INF/
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/META-INF/jboss-service.xml
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/build/build.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/core-cms/build.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/core-samples/build.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/core/build.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/impl/model/content/InternalContentProvider.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/instance/InstanceSecurityInterceptor.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/render/RenderPageCommand.java
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/security/build.xml
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManagerFactory.java
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java
branches/JBoss_Portal_Branch_2_7_Security_POC/tools/etc/buildfragments/modules.ent
Log:
first successful pass at integrating the core-authz module
Modified: branches/JBoss_Portal_Branch_2_7_Security_POC/build/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/build/build.xml 2009-05-28 15:27:04 UTC
(rev 13419)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/build/build.xml 2009-05-28 16:26:13 UTC
(rev 13420)
@@ -152,16 +152,17 @@
<module name="registration"/>
<module name="workflow"/>
<module name="widget"/>
+ <module name="core-authz"/>
<!-- Module groups -->
<group name="portal">
<include
- modules="api, jems, server, security, search, portlet-server, faces,
theme, workflow, registration, core, wsrp, core-admin, core-identity, core-cms,
core-samples, widget"/>
+ modules="api, jems, server, core-authz, security, search,
portlet-server, faces, theme, workflow, registration, core, wsrp, core-admin,
core-identity, core-cms, core-samples, widget"/>
</group>
<group name="security">
- <include modules="jems, security"/>
+ <include modules="jems, core-authz, security"/>
</group>
<group name="default">
@@ -169,7 +170,7 @@
</group>
<group name="core">
- <include modules="api, jems, server, security, portlet-server, theme,
registration, core"/>
+ <include modules="api, jems, server, core-authz, security,
portlet-server, theme, registration, core"/>
</group>
</moduleconfig>
Modified: branches/JBoss_Portal_Branch_2_7_Security_POC/core/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/core/build.xml 2009-05-28 15:27:04 UTC
(rev 13419)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/core/build.xml 2009-05-28 16:26:13 UTC
(rev 13420)
@@ -135,6 +135,7 @@
<path refid="jboss.portal-api.classpath"/>
<path refid="jboss.portal-theme.classpath"/>
<path refid="jboss.portal-security.classpath"/>
+ <path refid="jboss.portal-core-authz.classpath"/>
</path>
<!--+=======================================+-->
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/impl/model/content/InternalContentProvider.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/impl/model/content/InternalContentProvider.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/impl/model/content/InternalContentProvider.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -63,6 +63,7 @@
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
import org.jboss.portal.theme.impl.render.dynamic.DynaRenderOptions;
+import org.jboss.portal.core.authz.PolicyContext;
import org.w3c.dom.Element;
import javax.portlet.MimeResponse;
@@ -280,10 +281,15 @@
supportedModes.remove(Mode.EDIT);
}
- //
+ //TODO: remove this security code eventually
InstancePermission perm = new InstancePermission(instance.getId(),
InstancePermission.ADMIN_ACTION);
PortalAuthorizationManager pam = pamf.getManager();
boolean authorized = pam.checkPermission(perm);
+
+ //TODO: populate the PolicyContext with contextual data upon which security
rules can be applied by the security engine
+ //boolean authorized = this.pamf.getManager().checkPermission(new
PolicyContext());
+
+
if (!authorized)
{
// Remove the modes that we know only admin are authorized to use
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/instance/InstanceSecurityInterceptor.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/instance/InstanceSecurityInterceptor.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/instance/InstanceSecurityInterceptor.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -34,6 +34,8 @@
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
+import org.jboss.portal.core.authz.PolicyContext;
+
/**
* @author <a href="mailto:julien@jboss.org">Julien Viet</a>
* @version $Revision$
@@ -49,7 +51,8 @@
/** . */
private PortalAuthorizationManagerFactory pamf;
-
+
+
public PortalAuthorizationManagerFactory getPortalAuthorizationManagerFactory()
{
return pamf;
@@ -59,27 +62,30 @@
{
this.pamf = portalAuthorizationManagerFactory;
}
-
+
+
public PortletInvocationResponse invoke(PortletInvocation invocation) throws
IllegalArgumentException, PortletInvokerException
{
try
- {
- // Compute the security mask
+ {
+ //TODO: remove this security code eventually
+ // Compute the security mask
int mask = InstancePermission.VIEW_MASK;
Mode mode = invocation.getMode();
if (Mode.ADMIN.equals(mode))
{
mask |= InstancePermission.ADMIN_MASK;
}
-
- //
String instanceid =
(String)invocation.getAttribute(Instance.INSTANCE_ID_ATTRIBUTE);
PortalAuthorizationManager pam = pamf.getManager();
InstancePermission perm = new InstancePermission(instanceid, mask);
boolean authorized = pam.checkPermission(perm);
+
+ //TODO: populate this PolicyContext with contextual data upon which the security
rules will be applied
+ //by the security engine
+ //String instanceid =
(String)invocation.getAttribute(Instance.INSTANCE_ID_ATTRIBUTE);
+ //boolean authorized = pamf.getManager().checkPermission(new PolicyContext());
- //
- //
if (trace)
{
log.trace("Access granted=" + authorized + " for instance
" + instanceid);
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -30,6 +30,7 @@
import org.jboss.portal.core.model.portal.PortalObjectId;
import org.jboss.portal.core.model.portal.PortalObjectPermission;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
+import org.jboss.portal.core.authz.PolicyContext;
/**
* @author <a href="mailto:julien@jboss.org">Julien Viet</a>
@@ -83,6 +84,7 @@
*/
public void enforceSecurity(PortalAuthorizationManager pam) throws SecurityException
{
+ //TODO: remove this security code eventually
PortalObject target = getTarget();
PortalObjectId id = target.getId();
PortalObjectPermission perm = new PortalObjectPermission(id,
PortalObjectPermission.VIEW_MASK);
@@ -90,6 +92,9 @@
{
throw new AccessDeniedException(id.toString(), "View permission not
granted");
}
+
+ //TODO: populate the PolicyContext with contextual data upon which security rules can
be applied by the security engine
+ //boolean authorized = pam.checkPermission(new PolicyContext());
}
/**
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/render/RenderPageCommand.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/render/RenderPageCommand.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/main/org/jboss/portal/core/model/portal/command/render/RenderPageCommand.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -43,6 +43,7 @@
import org.jboss.portal.core.theme.PageRendition;
import org.jboss.portal.core.theme.WindowContextFactory;
import org.jboss.portal.core.aspects.server.UserInterceptor;
+import org.jboss.portal.core.authz.PolicyContext;
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.UserProfileModule;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
@@ -123,9 +124,13 @@
//
super.enforceSecurity(pam);
+ //TODO: remove this security code eventually
// Check if the user can personalize the page
PortalObjectPermission perm = new PortalObjectPermission(page.getId(),
PortalObjectPermission.PERSONALIZE_MASK);
- personalizable = pam.checkPermission(perm);
+ personalizable = pam.checkPermission(perm);
+
+ //TODO: populate the PolicyContext with contextual data upon which security rules
can be applied by the security engine
+ //boolean authorized = pam.checkPermission(new PolicyContext());
}
/**
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2009-05-28
16:26:13 UTC (rev 13420)
@@ -64,6 +64,9 @@
<depends optional-attribute-name="AuthorizationDomainRegistry"
proxy-type="attribute">
portal:service=AuthorizationDomainRegistry
</depends>
+ <depends optional-attribute-name="PolicyService"
proxy-type="attribute">
+ portal.authorization:service=Policy
+ </depends>
</mbean>
<mbean
code="org.jboss.portal.portlet.impl.security.JBossPortletSecurityService"
name="portal:service=PortletSecurityService" xmbean-dd=""
Added: branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.bat
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.bat
(rev 0)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.bat 2009-05-28 16:26:13
UTC (rev 13420)
@@ -0,0 +1,54 @@
+@echo off
+rem
+rem Invokes a script of the same name in the 'tools' module.
+rem
+rem The 'tools' module is expected to be a peer directory of the directory
+rem in which this script lives.
+rem
+rem @author Jason Dillon <jason(a)planet57.com>
+rem
+
+rem $Id: build.bat 8784 2007-10-27 23:01:46Z chris.laprun(a)jboss.com $
+
+setlocal
+
+set PROGNAME=%~nx0
+set DIRNAME=%~dp0
+
+rem Legacy shell support
+if x%PROGNAME%==x set PROGNAME=build.bat
+if x%DIRNAME%==x set DIRNAME=.\
+
+set MODULE_ROOT=%DIRNAME%
+if x%TOOLS_ROOT%==x set TOOLS_ROOT=%DIRNAME%..\tools
+set TARGET=%TOOLS_ROOT%\bin\build.bat
+set ARGS=%*
+
+rem Start'er up yo
+goto main
+
+:debug
+if not x%DEBUG%==x echo %PROGNAME%: %*
+goto :EOF
+
+:main
+call :debug PROGNAME=%PROGNAME%
+call :debug DIRNAME=%DIRNAME%
+call :debug TOOLS_ROOT=%TOOLS_ROOT%
+call :debug TARGET=%TARGET%
+
+if exist %TARGET% call :call-script & goto :EOF
+rem else fail, we can not go on
+
+echo %PROGNAME%: *ERROR* The target executable does not exist:
+echo %PROGNAME%:
+echo %PROGNAME%: %TARGET%
+echo %PROGNAME%:
+echo %PROGNAME%: Please make sure you have checked out the 'tools' module
+echo %PROGNAME%: and make sure it is up to date.
+goto :EOF
+
+:call-script
+call :debug Executing %TARGET% %ARGS%
+call %TARGET% %ARGS%
+goto :EOF
Property changes on: branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.bat
___________________________________________________________________
Name: svn:executable
+ *
Added: branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.sh
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.sh
(rev 0)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.sh 2009-05-28 16:26:13
UTC (rev 13420)
@@ -0,0 +1,49 @@
+#!/bin/sh
+##
+## Invokes a script of the same name in the 'tools' module.
+##
+## The 'tools' module is expected to be a peer directory of the directory
+## in which this script lives.
+##
+## @author Jason Dillon <jason(a)planet57.com>
+##
+
+# $Id: build.sh 8784 2007-10-27 23:01:46Z chris.laprun(a)jboss.com $
+
+PROGNAME=`basename $0`
+DIRNAME=`dirname $0`
+
+# Buss it yo
+main() {
+ if [ "x$TOOLS_ROOT" = "x" ]; then
+ TOOLS_ROOT=`cd $DIRNAME/../tools && pwd`
+ fi
+
+ MODULE_ROOT=`cd $DIRNAME; pwd`
+ export TOOLS_ROOT MODULE_ROOT DEBUG TRACE
+
+ # Where is the target script?
+ target="$TOOLS_ROOT/bin/$PROGNAME"
+ if [ ! -f "$target" ]; then
+ echo "${PROGNAME}: *ERROR* The target executable does not exist:"
+ echo "${PROGNAME}:"
+ echo "${PROGNAME}: $target"
+ echo "${PROGNAME}:"
+ echo "${PROGNAME}: Please make sure you have checked out the 'tools'
module"
+ echo "${PROGNAME}: and make sure it is up to date."
+ exit 2
+ fi
+
+ # Get busy yo!
+ if [ "x$DEBUG" != "x" ]; then
+ echo "${PROGNAME}: Executing: /bin/sh $target $@"
+ fi
+ if [ "x$TRACE" = "x" ]; then
+ exec /bin/sh $target "$@"
+ else
+ exec /bin/sh -x $target "$@"
+ fi
+}
+
+# Lets get ready to rumble!
+main "$@"
Property changes on: branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.sh
___________________________________________________________________
Name: svn:executable
+ *
Added: branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.xml
(rev 0)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.xml 2009-05-28 16:26:13
UTC (rev 13420)
@@ -0,0 +1,237 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2009, Red Hat Middleware, LLC, and individual
+ ~ contributors as indicated by the @authors tag. See the
+ ~ copyright.txt in the distribution for a full listing of
+ ~ individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site:
http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE project [
+ <!ENTITY libraries SYSTEM "../thirdparty/libraries.ent">
+ <!ENTITY buildmagic SYSTEM
"../tools/etc/buildfragments/buildmagic.ent">
+ <!ENTITY tools SYSTEM "../tools/etc/buildfragments/tools.ent">
+ <!ENTITY modules SYSTEM "../tools/etc/buildfragments/modules.ent">
+ <!ENTITY defaults SYSTEM
"../tools/etc/buildfragments/defaults.ent">
+ <!ENTITY targets SYSTEM "../tools/etc/buildfragments/targets.ent">
+ ]>
+
+<!-- $Id: build.xml 12755 2009-01-31 19:49:19Z chris.laprun(a)jboss.com $ -->
+
+<!--+======================================================================+-->
+<!--| JBoss Portal (The OpenSource Portal) Build File |-->
+<!--| |-->
+<!--| Distributable under LGPL license. |-->
+<!--| See terms of license at
http://www.gnu.org. |-->
+<!--| |-->
+<!--| This file has been designed to work with the 'tools' module and
|-->
+<!--| Buildmagic extentions. |-->
+<!--+======================================================================+-->
+
+<project default="main" name="JBoss Portal">
+
+ <!--+====================================================================+-->
+ <!--| Setup |-->
+ <!--| |-->
+ <!--| Include the common build elements. |-->
+ <!--| |-->
+ <!--| This defines several different targets, properties and paths. |-->
+ <!--| It also sets up the basic extention tasks amoung other things. |-->
+ <!--+====================================================================+-->
+
+ &buildmagic;
+ &modules;
+ &defaults;
+ &tools;
+ &targets;
+
+ <!-- ================================================================== -->
+ <!-- Initialization -->
+ <!-- ================================================================== -->
+
+ <!--
+ | Initialize the build system. Must depend on '_buildmagic:init'.
+ | Other targets should depend on 'init' or things will mysteriously fail.
+ -->
+
+ <target name="init" unless="init.disable"
depends="_buildmagic:init">
+ </target>
+
+ <!--+====================================================================+-->
+ <!--| Configuration |-->
+ <!--| |-->
+ <!--| This target is invoked by the Buildmagic initialization logic |-->
+ <!--| and should contain module specific configuration elements. |-->
+ <!--+====================================================================+-->
+
+ <target name="configure" unless="configure.disable">
+
+ <!-- Configure some properties -->
+ <property name="jboss-junit-configuration" value=""/>
+ <property name="junit.formatter.usefile" value="true"/>
+
+ <!-- Configure thirdparty libraries -->
+ &libraries;
+ <path id="library.classpath">
+ <path refid="jbossas/core.libs.classpath"/>
+ <path refid="apache.log4j.classpath"/>
+ <path refid="jboss.portal/modules/portlet.classpath"/>
+ <!--
+ <path refid="jboss.portal/modules/common.classpath"/>
+ <path refid="oswego.concurrent.classpath"/>
+ <path refid="jbossas/core.libs.classpath"/>
+ <path refid="junit.junit.classpath"/>
+ <path refid="apache.log4j.classpath"/>
+ <path refid="dom4j.dom4j.classpath"/>
+ -->
+ </path>
+
+ <!-- Configure modules -->
+ <call target="configure-modules"/>
+ <path id="dependentmodule.classpath">
+ <path refid="jboss.portal-jems.classpath"/>
+ </path>
+
+ <!--+=======================================+-->
+ <!--| Override any default properties here. |-->
+ <!--+=======================================+-->
+
+ <!-- Configure defaults & build tools -->
+ <call target="configure-defaults"/>
+ <call target="configure-tools"/>
+
+ <!--+=======================================+-->
+ <!--| Define module specific elements here. |-->
+ <!--+=======================================+-->
+ <property name="javadoc.private" value="true"/>
+ <property name="javadoc.protected" value="false"/>
+
+ </target>
+
+ <!--+====================================================================+-->
+ <!--| Compile |-->
+ <!--| |-->
+ <!--| This target should depend on other compile-* targets for each |-->
+ <!--| different type of compile that needs to be performed, short of |-->
+ <!--| documentation compiles. |-->
+ <!--+====================================================================+-->
+
+ <target name="compile"
+ description="Compile all source files."
+ depends="_default:compile-classes,
+ _default:compile-etc,
+ _default:compile-resources">
+ <!-- Add module specific elements here. -->
+ </target>
+
+ <!--+====================================================================+-->
+ <!--| Generate Output |-->
+ <!--| |-->
+ <!--| Generates the target output for this module. Target output is |-->
+ <!--| the output which is ment to be released or used by external |-->
+ <!--| modules. |-->
+ <!--+====================================================================+-->
+
+ <target name="output"
+ description="Generate all target output."
+ depends="compile">
+
+ <!-- -->
+ <mkdir dir="${build.lib}"/>
+
+ <jar jarfile="${build.lib}/portal-authz-lib.jar">
+ <fileset dir="${build.classes}">
+ <exclude name="org/jboss/portal/core/authz/test/**"/>
+ </fileset>
+ </jar>
+
+ <copy todir="${build.lib}/portal-authz.sar">
+ <fileset dir="${build.resources}/sar"/>
+ <fileset file="${build.lib}/portal-authz-lib.jar"/>
+ </copy>
+ </target>
+
+ <!-- generates artifacts used for tests, requires output to be previously run
-->
+ <target name="package-tests" depends="init"/>
+
+ <!-- ================================================================== -->
+ <!-- Cleaning -->
+ <!-- ================================================================== -->
+
+ <!-- Clean up all build output -->
+ <target name="clean" depends="_default:clean">
+ <!-- Add module specific elements here. -->
+ </target>
+
+ <!--+====================================================================+-->
+ <!--| Documents |-->
+ <!--| |-->
+ <!--| Generate all documentation for this module. |-->
+ <!--+====================================================================+-->
+
+ <target name="docs" depends="_default:docs">
+ <!-- Add module specific elements here. -->
+ </target>
+
+ <!-- ================================================================== -->
+ <!-- Misc. -->
+ <!-- ================================================================== -->
+
+ <target name="main" depends="most"/>
+ <target name="all" depends="_default:all"/>
+ <target name="most" depends="_default:most"/>
+ <target name="help" depends="_default:help"/>
+
+ <!-- ================================================================== -->
+ <!-- Deployment -->
+ <!-- ================================================================== -->
+ <target name="deploy"
+ description="Deploy."
+ depends="output">
+ <require file="${jboss.home}/server/${portal.deploy.dir}"/>
+ <copy
todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/portal-authz.sar"
overwrite="true">
+ <fileset dir="${build.lib}/portal-authz.sar"/>
+ </copy>
+ </target>
+
+ <target name="style" depends="init">
+ <xslt
+ style="${source.resources}/style/toto.xsl"
+ in="${source.resources}/test/default-portal.xml"
+ out="${build.resources}/test/toto.xml">
+ </xslt>
+ </target>
+
+ <target name="tests" depends="init">
+ <property name="build.testlog"
value="${module.output}/log"/>
+ <echo message="testlog: ${build.testlog}"/>
+ <mkdir dir="${build.testlog}"/>
+ <execute-tests>
+ <x-test>
+ <test todir="${test.reports}"
name="org.jboss.portal.test.security.SimpleTestCase"/>
+ <test todir="${test.reports}"
name="org.jboss.portal.test.security.ComplexTestCase"/>
+ </x-test>
+ <x-classpath>
+ <pathelement location="${build.classes}"/>
+ <pathelement location="${build.resources}"/>
+ <path refid="library.classpath"/>
+ <path refid="dependentmodule.classpath"/>
+ </x-classpath>
+ </execute-tests>
+ </target>
+</project>
Property changes on: branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/build.xml
___________________________________________________________________
Name: svn:executable
+ *
Added:
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyContext.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyContext.java
(rev 0)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyContext.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -0,0 +1,104 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.portal.core.authz;
+
+import java.util.Map;
+import java.util.HashMap;
+
+import org.jboss.portal.portlet.invocation.PortletInvocation;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class PolicyContext
+{
+ private static final String portlet_invocation = "portlet_invocation";
+ private static final String resource_uri = "resource_uri";
+ private static final String action_uri = "action_uri";
+
+ private Map<String, Object> attributes;
+
+ public PolicyContext()
+ {
+ this.attributes = new HashMap<String, Object>();
+ }
+ //-------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public Object getAttribute(String name)
+ {
+ return this.attributes.get(name);
+ }
+
+ public void setAttribute(String name, Object value)
+ {
+ this.attributes.put(name, value);
+ }
+
+ public void removeAttribute(String name)
+ {
+ this.attributes.remove(name);
+ }
+ //-------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public PortletInvocation getPortletInvocation()
+ {
+ return (PortletInvocation)this.getAttribute(PolicyContext.portlet_invocation);
+ }
+
+ public void setPortletInvocation(PortletInvocation portletInvocation)
+ {
+ if(portletInvocation != null)
+ {
+ this.setAttribute(PolicyContext.portlet_invocation, portletInvocation);
+ }
+ else
+ {
+ this.removeAttribute(PolicyContext.portlet_invocation);
+ }
+ }
+
+ public String getResourceUri()
+ {
+ return (String)this.getAttribute(PolicyContext.resource_uri);
+ }
+
+ public void setResourceUri(String resourceUri)
+ {
+ if(resourceUri == null || resourceUri.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("ResourceUri must not be empty!!");
+ }
+ this.setAttribute(PolicyContext.resource_uri, resourceUri);
+ }
+
+ public String getActionUri()
+ {
+ return (String)this.getAttribute(PolicyContext.action_uri);
+ }
+
+ public void setActionUri(String actionUri)
+ {
+ if(actionUri == null || actionUri.trim().length() == 0)
+ {
+ throw new IllegalArgumentException("ActionUri must not be empty!!");
+ }
+ this.setAttribute(PolicyContext.action_uri, actionUri);
+ }
+}
Added:
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyService.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyService.java
(rev 0)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyService.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -0,0 +1,30 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.portal.core.authz;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public interface PolicyService
+{
+ public boolean checkAccess(PolicyContext policyContext);
+}
Added:
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyServiceImpl.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyServiceImpl.java
(rev 0)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/main/org/jboss/portal/core/authz/PolicyServiceImpl.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -0,0 +1,57 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.portal.core.authz;
+
+import org.jboss.portal.jems.as.system.AbstractJBossService;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class PolicyServiceImpl extends AbstractJBossService implements PolicyService
+{
+ private static Logger log = Logger.getLogger(PolicyServiceImpl.class);
+
+ public PolicyServiceImpl()
+ {
+
+ }
+ //----AbstractJBossService
implementation-----------------------------------------------------------------------------------------------------------------------
+ @Override
+ protected void startService() throws Exception
+ {
+ log.info("------------------------------------------------------");
+ log.info("Policy Service successfully started...................");
+ log.info("------------------------------------------------------");
+ }
+
+ @Override
+ protected void stopService() throws Exception
+ {
+ }
+ //--------PolicyService
operations-------------------------------------------------------------------------------------------------------------------------------
+ public boolean checkAccess(PolicyContext policyContext)
+ {
+ return false;
+ }
+}
Added:
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/META-INF/jboss-service.xml
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/META-INF/jboss-service.xml
(rev 0)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/META-INF/jboss-service.xml 2009-05-28
16:26:13 UTC (rev 13420)
@@ -0,0 +1,33 @@
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site:
http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<server>
+ <!-- PolicyService MBean -->
+ <mbean
+ code="org.jboss.portal.core.authz.PolicyServiceImpl"
+ name="portal.authorization:service=Policy"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ </mbean>
+</server>
Property changes on:
branches/JBoss_Portal_Branch_2_7_Security_POC/core-authz/src/resources/sar/META-INF/jboss-service.xml
___________________________________________________________________
Name: svn:executable
+ *
Modified: branches/JBoss_Portal_Branch_2_7_Security_POC/core-cms/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/core-cms/build.xml 2009-05-28 15:27:04
UTC (rev 13419)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/core-cms/build.xml 2009-05-28 16:26:13
UTC (rev 13420)
@@ -135,6 +135,7 @@
<path refid="jboss.portal-core.classpath"/>
<path refid="jboss.portal-workflow.classpath"/>
<path refid="jboss.portal-core-admin.classpath"/>
+ <path refid="jboss.portal-core-authz.classpath"/>
</path>
<!--+=======================================+-->
Modified: branches/JBoss_Portal_Branch_2_7_Security_POC/core-samples/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/core-samples/build.xml 2009-05-28
15:27:04 UTC (rev 13419)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/core-samples/build.xml 2009-05-28
16:26:13 UTC (rev 13420)
@@ -126,6 +126,7 @@
<path refid="jboss.portal-format.classpath"/>
<path refid="jboss.portal-api.classpath"/>
<path refid="jboss.portal-security.classpath"/>
+ <path refid="jboss.portal-core-authz.classpath"/>
</path>
<!--+=======================================+-->
Modified: branches/JBoss_Portal_Branch_2_7_Security_POC/security/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7_Security_POC/security/build.xml 2009-05-28 15:27:04
UTC (rev 13419)
+++ branches/JBoss_Portal_Branch_2_7_Security_POC/security/build.xml 2009-05-28 16:26:13
UTC (rev 13420)
@@ -100,6 +100,7 @@
<call target="configure-modules"/>
<path id="dependentmodule.classpath">
<path refid="jboss.portal-jems.classpath"/>
+ <path refid="jboss.portal-core-authz.classpath"/>
</path>
<!--+=======================================+-->
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -29,6 +29,7 @@
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
import org.jboss.portal.security.spi.provider.AuthorizationDomain;
import org.jboss.portal.security.spi.provider.PermissionFactory;
+import org.jboss.portal.core.authz.PolicyService;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyConfigurationFactory;
@@ -69,6 +70,8 @@
/** JACC bypass */
private SecurityContext securityContext = null;
+
+ private PolicyService policyService;
/**
* JACC bypass
@@ -79,9 +82,21 @@
{
this.securityContext = securityContext;
}
+
+ PolicyService getPolicyService()
+ {
+ return policyService;
+ }
- public JACCPortalAuthorizationManager(JACCPortalAuthorizationManagerFactory factory)
+ void setPolicyService(PolicyService policyService)
{
+ this.policyService = policyService;
+ }
+
+
+
+public JACCPortalAuthorizationManager(JACCPortalAuthorizationManagerFactory factory)
+ {
this.factory = factory;
try
{
@@ -335,4 +350,10 @@
{
return (Subject)checkedSubjectLocal.get();
}
+
+
+ public boolean checkPermission(org.jboss.portal.core.authz.PolicyContext
policyContext) throws IllegalArgumentException, PortalSecurityException
+ {
+ return this.policyService.checkAccess(policyContext);
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManagerFactory.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManagerFactory.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManagerFactory.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -29,6 +29,7 @@
import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
import org.jboss.security.jacc.DelegatingPolicy;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
+import org.jboss.portal.core.authz.PolicyService;
import javax.security.jacc.PolicyContext;
import java.security.Policy;
@@ -54,6 +55,8 @@
/** JACC bypass */
private SecurityContext securityContext = null;
+
+ private PolicyService policyService;
public AuthorizationDomainRegistry getAuthorizationDomainRegistry()
{
@@ -75,6 +78,7 @@
}
manager.setSecurityContext(this.securityContext);
+ manager.setPolicyService(policyService);
return manager;
}
@@ -110,4 +114,14 @@
//JACC bypass
this.securityContext = new SecurityContext();
}
+
+ public PolicyService getPolicyService()
+ {
+ return policyService;
+ }
+
+ public void setPolicyService(PolicyService policyService)
+ {
+ this.policyService = policyService;
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java 2009-05-28
16:26:13 UTC (rev 13420)
@@ -25,6 +25,8 @@
import org.jboss.portal.security.PortalPermission;
import org.jboss.portal.security.PortalSecurityException;
+import org.jboss.portal.core.authz.PolicyContext;
+
import javax.security.auth.Subject;
/**
@@ -51,4 +53,6 @@
* @throws IllegalArgumentException if the permission is null
*/
public boolean checkPermission(Subject checkedSubject, PortalPermission permission)
throws IllegalArgumentException, PortalSecurityException;
+
+ public boolean checkPermission(PolicyContext policyContext) throws
IllegalArgumentException, PortalSecurityException;
}
Modified:
branches/JBoss_Portal_Branch_2_7_Security_POC/tools/etc/buildfragments/modules.ent
===================================================================
---
branches/JBoss_Portal_Branch_2_7_Security_POC/tools/etc/buildfragments/modules.ent 2009-05-28
15:27:04 UTC (rev 13419)
+++
branches/JBoss_Portal_Branch_2_7_Security_POC/tools/etc/buildfragments/modules.ent 2009-05-28
16:26:13 UTC (rev 13420)
@@ -146,4 +146,11 @@
<path id="jboss.portal-samples.classpath">
<pathelement
path="${jboss.portal-samples.lib}/portal-samples-lib.jar"/>
</path>
+
+ <!-- core-authz -->
+ <property name="jboss.portal-core-authz.root"
value="${project.root}/core-authz/output"/>
+ <property name="jboss.portal-core-authz.lib"
value="${jboss.portal-core-authz.root}/lib"/>
+ <path id="jboss.portal-core-authz.classpath">
+ <pathelement
path="${jboss.portal-core-authz.lib}/portal-authz-lib.jar"/>
+ </path>
</target>