10:27 a.m.
Author: sohil.shah(a)jboss.com
Date: 2008-10-15 11:27:46 -0400 (Wed, 15 Oct 2008)
New Revision: 12067
Added:
modules/authorization/trunk/PAP/
modules/authorization/trunk/PAP/pom.xml
modules/authorization/trunk/PAP/src/
modules/authorization/trunk/PAP/src/main/
modules/authorization/trunk/PAP/src/main/java/
modules/authorization/trunk/PAP/src/main/java/org/
modules/authorization/trunk/PAP/src/main/java/org/jboss/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPolicyManager.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/PolicyManager.java
modules/authorization/trunk/PAP/src/main/resources/
modules/authorization/trunk/PAP/src/test/
modules/authorization/trunk/PAP/src/test/java/
modules/authorization/trunk/PAP/src/test/java/org/
modules/authorization/trunk/PAP/src/test/java/org/jboss/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java
modules/authorization/trunk/PAP/src/test/resources/
modules/authorization/trunk/PAP/src/test/resources/log4j.properties
modules/authorization/trunk/PEP/multitier-policy.xml
modules/authorization/trunk/PEP/simple-policy.xml
modules/authorization/trunk/common/
modules/authorization/trunk/common/pom.xml
modules/authorization/trunk/common/src/
modules/authorization/trunk/common/src/main/
modules/authorization/trunk/common/src/main/java/
modules/authorization/trunk/common/src/main/java/org/
modules/authorization/trunk/common/src/main/java/org/jboss/
modules/authorization/trunk/common/src/main/java/org/jboss/security/
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Attribute.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AttributeExpression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Effect.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Expression.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyException.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Rule.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java
modules/authorization/trunk/common/src/main/resources/
modules/authorization/trunk/common/src/test/
modules/authorization/trunk/common/src/test/java/
modules/authorization/trunk/common/src/test/resources/
Modified:
modules/authorization/trunk/.classpath
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java
modules/authorization/trunk/pom.xml
Log:
code backup
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2008-10-15 12:33:26 UTC (rev 12066)
+++ modules/authorization/trunk/.classpath 2008-10-15 15:27:46 UTC (rev 12067)
@@ -1,10 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src"
path="security-console/ejb/src/main/java"/>
+<classpath>
+ <classpathentry kind="src" path="common/src/main/java"/>
+ <classpathentry kind="src" path="common/src/main/resources"/>
+ <classpathentry kind="src" path="common/src/test/java"/>
+ <classpathentry kind="src" path="common/src/test/resources"/>
<classpathentry kind="src" path="PEP/src/main/java"/>
<classpathentry kind="src" path="PEP/src/main/resources"/>
<classpathentry kind="src" path="PEP/src/test/java"/>
<classpathentry kind="src" path="PEP/src/test/resources"/>
+ <classpathentry kind="src" path="PAP/src/main/java"/>
+ <classpathentry kind="src" path="PAP/src/main/resources"/>
+ <classpathentry kind="src" path="PAP/src/test/java"/>
+ <classpathentry kind="src" path="PAP/src/test/resources"/>
+ <classpathentry kind="src"
path="security-console/ejb/src/main/java"/>
<classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="output" path="classes"/>
<classpathentry kind="var"
path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
Added: modules/authorization/trunk/PAP/pom.xml
===================================================================
--- modules/authorization/trunk/PAP/pom.xml (rev 0)
+++ modules/authorization/trunk/PAP/pom.xml 2008-10-15 15:27:46 UTC (rev 12067)
@@ -0,0 +1,67 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-parent</artifactId>
+ <version>trunk-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-authz-pap</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Authorization PAP</name>
+ <url>http://www.jboss.org</url>
+ <description>A Generic PAP (Policy Administration Point)
component</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- jboss xacml -->
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-sunxacml</artifactId>
+ </dependency>
+
+ <!-- sun jaxb -->
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-xjc</artifactId>
+ </dependency>
+
+ <!-- junit -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.3.1</version>
+ <configuration>
+ <includes>
+ </includes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/hierarchial/HierarchialPolicy.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,216 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.hierarchial;
+
+import java.util.List;
+import java.util.Set;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.Rule;
+import org.jboss.security.authz.model.Target;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.model.AttributeExpression;
+import org.jboss.security.authz.model.Expression;
+import org.jboss.security.authz.xacml.NoPermitMeansDeniedAlg;
+import org.jboss.security.authz.xacml.AttributeDesignatorUtil;
+
+import org.jboss.security.xacml.core.model.policy.ActionMatchType;
+import org.jboss.security.xacml.core.model.policy.ApplyType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.PolicyType;
+import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
+import org.jboss.security.xacml.core.model.policy.ResourcesType;
+import org.jboss.security.xacml.core.model.policy.ResourceType;
+import org.jboss.security.xacml.core.model.policy.ActionsType;
+import org.jboss.security.xacml.core.model.policy.ActionType;
+import org.jboss.security.xacml.core.model.policy.RuleType;
+import org.jboss.security.xacml.core.model.policy.TargetType;
+import org.jboss.security.xacml.core.model.policy.ConditionType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.core.model.policy.AttributeValueType;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+
+/**
+ * Used for specifying policies for Resources represented by unique URIs, sometimes
forming a tree like relationship with other Resources in the system
+ *
+ * An example of such resources would be tree of resources/nodes in a Content Management
System
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class HierarchialPolicy extends Policy
+{
+ public HierarchialPolicy(String policyUri, Target target, Set<Rule> rules)
+ {
+ super(policyUri, target, rules);
+ }
+
+ @Override
+ public String generateXACMLPolicy() throws PolicyException
+ {
+ ByteArrayOutputStream bos = null;
+ try
+ {
+ String xacmlXml = null;
+
+ //SetUp the Policy Header
+ ObjectFactory objectFactory = new ObjectFactory();
+ PolicyType policyType = new PolicyType();
+ policyType.setPolicyId(this.policyUri);
+ policyType.setVersion("2.0");
+ policyType.setRuleCombiningAlgId(new
NoPermitMeansDeniedAlg().getIdentifier().toString());
+
+ TargetType targetType = new TargetType();
+ policyType.setTarget(targetType);
+
+ //Process Resource Matches as Targets for the Policy
+ List<AttributeExpression> resourceMatches =
this.target.getResourceMatches();
+ if(resourceMatches != null && !resourceMatches.isEmpty())
+ {
+ ResourcesType resourcesType = new ResourcesType();
+ targetType.setResources(resourcesType);
+ for(AttributeExpression resourceMatch: resourceMatches)
+ {
+ ResourceType resourceType = new ResourceType();
+ ResourceMatchType rmt = new ResourceMatchType();
+
+ rmt.setMatchId(resourceMatch.getFunctionId());
+
+
rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute()));
+
+ rmt.setAttributeValue(PolicyAttributeFactory
+ .createStringAttributeType(resourceMatch.getAttribute().getValue()));
+
+ resourceType.getResourceMatch().add(rmt);
+ resourcesType.getResource().add(resourceType);
+ }
+ }
+
+ //Process the Policy Rules
+ if(this.rules != null && !this.rules.isEmpty())
+ {
+ for(Rule rule: this.rules)
+ {
+ RuleType ruleType = new RuleType();
+ ruleType.setRuleId(rule.getRuleId());
+ if(rule.getEffect() == Effect.PERMIT)
+ {
+ ruleType.setEffect(EffectType.PERMIT);
+ }
+ else
+ {
+ ruleType.setEffect(EffectType.DENY);
+ }
+
+ //Process the Rule Target
+ List<AttributeExpression> actionMatches =
rule.getTarget().getActionMatches();
+ if(actionMatches != null && !actionMatches.isEmpty())
+ {
+ TargetType ruleTarget = this.generateRuleActions(actionMatches);
+ ruleType.setTarget(ruleTarget);
+ }
+
+ //Process the Rule Expression/Condition
+ ConditionType condition = this.generateCondition(objectFactory,
rule.getExpression());
+ ruleType.setCondition(condition);
+
+
policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
+ }
+ }
+
+ bos = new ByteArrayOutputStream();
+ policyType.marshall(bos);
+ xacmlXml = new String(bos.toByteArray());
+
+ return xacmlXml;
+ }
+ catch(Exception e)
+ {
+ throw new PolicyException(e);
+ }
+ finally
+ {
+ if(bos != null)
+ {
+ try{bos.close();}catch(IOException ioe){}
+ }
+ }
+ }
+
+ private TargetType generateRuleActions(List<AttributeExpression> actionMatches)
+ {
+ TargetType target = new TargetType();
+
+ ActionsType actions = new ActionsType();
+ for(AttributeExpression action: actionMatches)
+ {
+ ActionType actionType = new ActionType();
+ ActionMatchType amct = new ActionMatchType();
+ amct.setMatchId(action.getFunctionId());
+
amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue()));
+
amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute()));
+ actionType.getActionMatch().add(amct);
+ actions.getAction().add(actionType);
+ }
+
+ target.setActions(actions);
+ return target;
+ }
+
+ /**
+ *
+ * @param expression
+ * @return
+ */
+ private ConditionType generateCondition(ObjectFactory objectFactory, Expression
expression)
+ {
+ ConditionType condition = new ConditionType();
+
+ if(expression instanceof AttributeExpression)
+ {
+ AttributeExpression attributeExpression = (AttributeExpression)expression;
+
+ //Function to be applied
+ ApplyType apply = new ApplyType();
+ apply.setFunctionId(attributeExpression.getFunctionId());
+
+ //Value to check against
+ AttributeValueType attrValue =
PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue());
+ JAXBElement<AttributeValueType> jaxbAttrValue =
objectFactory.createAttributeValue(attrValue);
+ apply.getExpression().add(jaxbAttrValue);
+
+ //Place within the Context where this Value should exist during an Authorization
Request
+
apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute()));
+
+
+ condition.setExpression(objectFactory.createApply(apply));
+ }
+
+ return condition;
+ }
+}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPolicyManager.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPolicyManager.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemPolicyManager.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,70 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.service;
+
+import java.util.List;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.pap.service.PolicyManager;
+
+/**
+ * An abstract class that provides a generic (Policy type agnostic) implementation of
Storage services to be provided by a PolicyManager. This particular implementation
+ * stores Policies on the local FileSystem. This is mostly a demo implementation.
Practially the Policies will be stored in Security repositories like
+ * LDAP, relational databases etc
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+abstract class FileSystemPolicyManager implements PolicyManager
+{
+ //------Storage Services of the PolicyManager
implementation-----------------------------------------------------------------------------------------------
+ /**
+ *
+ */
+ public List<Policy> readAllPolicies()
+ {
+ return null;
+ }
+
+ /**
+ *
+ */
+ public Policy readPolicy(String policyUri)
+ {
+ return null;
+ }
+
+ /**
+ *
+ */
+ public void savePolicy(Policy policy)
+ {
+ }
+
+ /**
+ *
+ */
+ public void deletePolicy(String policyUri)
+ {
+ }
+}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/FileSystemWebTierPolicyManager.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,57 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.service;
+
+import org.jboss.security.authz.model.Policy;
+
+/**
+ * The PolicyManager provides implementation for the Configuration related services of
the PolicyManager. It extends the FileSystemPolicyManager in order to store the managed
Policies
+ * on the local file system. This PolicyManager process configuration provided for
securing Resources within the Web Tier of an application.
+ * It uses the HierarchialPolicy implementation to represent the Web Tier Policies
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class FileSystemWebTierPolicyManager extends FileSystemPolicyManager
+{
+ /**
+ *
+ *
+ */
+ public FileSystemWebTierPolicyManager()
+ {
+ }
+ //------Configuration service of the PolicyManager
implementation----------------------------------------------------------------------------------------------------------------
+ /**
+ * Generates a Policy that can be represented in system level XACML format. The
xmlConfiguration is a user friendly XML configuration that is within the context
+ * of the Web Tier of an Application. For instance, to apply Access Control at the Web
Tier, the XML configuration consists of Resources and
+ * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest
parameters, HTTP actions like GET, POST, PUT, etc
+ *
+ * @param xmlConfiguration User Friendly XML configuration within the context of the
Web Tier of an Application
+ * @return a Policy that can be represented in system level XACML format
+ */
+ public Policy generatePolicy(String xmlConfiguration)
+ {
+ return null;
+ }
+}
Added:
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/PolicyManager.java
===================================================================
---
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/PolicyManager.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/main/java/org/jboss/security/authz/pap/service/PolicyManager.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,75 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.service;
+
+import java.util.List;
+
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyException;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public interface PolicyManager
+{
+ /**
+ * Generates a Policy that can be represented in system level XACML format. The
xmlConfiguration is a user friendly XML configuration that is within the context
+ * of the application tier being protected. For instance, to apply Access Control at
the web tier, the XML configuration would consist of Resources and
+ * Actions in the context of the Web Tier such as HTTP Uris, HttpServletRequest
parameters, HTTP actions like GET, POST, PUT, etc
+ *
+ * @param xmlConfiguration User Friendly XML configuration within the context of the
Application being protected
+ * @return a Policy that can be represented in system level XACML format
+ */
+ public Policy generatePolicy(String xmlConfiguration) throws PolicyException;
+
+ /**
+ * Read a stored Policy identified by the unique policyUri
+ *
+ * @param policyUri
+ * @return a stored Policy
+ */
+ public Policy readPolicy(String policyUri) throws PolicyException;
+
+ /**
+ * Returns all the stored Policies for the system
+ *
+ * @return all the stored Policies
+ */
+ public List<Policy> readAllPolicies() throws PolicyException;
+
+ /**
+ * Saves a Policy into storage. If this policy already exists in storage, then it
updates it
+ *
+ * @param policy Policy to be saved into storage
+ */
+ public void savePolicy(Policy policy) throws PolicyException;
+
+ /**
+ * Deletes the specified Policy from storage
+ *
+ * @param policyUri unique identifier for the Policy
+ */
+ public void deletePolicy(String policyUri) throws PolicyException;
+}
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/hierarchial/TestHierarchialPolicy.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,110 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.hierarchial;
+
+import java.util.Set;
+import java.util.HashSet;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.security.xacml.interfaces.XMLSchemaConstants;
+
+import org.jboss.security.authz.model.*;
+
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestHierarchialPolicy extends TestCase
+{
+ private static Logger log = Logger.getLogger(TestHierarchialPolicy.class);
+
+ protected void setUp() throws Exception
+ {
+ }
+
+ protected void tearDown() throws Exception
+ {
+ }
+
+ /**
+ *
+ */
+ public void testSimplePolicy() throws Exception
+ {
+ //SetUp the Policy Target
+ Target target = new Target();
+ for(int i=0; i<5; i++)
+ {
+ AttributeExpression resourceMatch = new AttributeExpression();
+ resourceMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ XMLSchemaConstants.DATATYPE_STRING,
"http://www.redhat.com/protected/index.html?tier="+i);
+ resourceMatch.setAttribute(attribute);
+ target.addResourceMatch(resourceMatch);
+ }
+
+ //SetUp the Policy Rules
+ Set<Rule> rules = new HashSet<Rule>();
+ Rule writeRule = new Rule();
+
+ writeRule.setRuleId("write");
+ writeRule.setEffect(Effect.PERMIT);
+
+ Target ruleTarget = new Target();
+
+ for(int i=0; i<5; i++)
+ {
+ AttributeExpression actionMatch = new AttributeExpression();
+ actionMatch.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute actionAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ XMLSchemaConstants.DATATYPE_STRING, "WRITE:/"+i);
+ actionMatch.setAttribute(actionAttribute);
+ ruleTarget.addActionMatch(actionMatch);
+ }
+
+ writeRule.setTarget(ruleTarget);
+
+ AttributeExpression roleExpression = new AttributeExpression();
+ roleExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL);
+ Attribute roleAttribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE,
+ XMLSchemaConstants.DATATYPE_STRING, "developer");
+ roleExpression.setAttribute(roleAttribute);
+ writeRule.setExpression(roleExpression);
+
+ rules.add(writeRule);
+
+ //Populate the HierarchialPolicy
+ HierarchialPolicy policy = new
HierarchialPolicy("simpleHierarchialPolicy", target, rules);
+
+ String xacmlPolicy = policy.generateXACMLPolicy();
+
+
log.info("--------------------------------------------------------------------");
+ log.info(xacmlPolicy);
+
log.info("--------------------------------------------------------------------");
+ }
+}
Added:
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java
===================================================================
---
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java
(rev 0)
+++
modules/authorization/trunk/PAP/src/test/java/org/jboss/security/authz/pap/service/TestWebTierPolicyManager.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,98 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.pap.service;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.model.Policy;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class TestWebTierPolicyManager extends TestCase
+{
+ /**
+ *
+ */
+ private static Logger log = Logger.getLogger(TestWebTierPolicyManager.class);
+
+ /**
+ * A simple developer-friendly web tier policy that specifies:
+ *
+ * "Only Root Portal User and Users in the Marketing Department of the
organization must be allowed to Modify the Layout of the "Main Marketing Portal
Page"
+ *
+ * Notice: This configuration is not muddled by the vast low-level details of XACML
Policy representation. That part is automated by the
+ * PAP (Policy Administration Point) Component of the Authorization System
+ */
+ private static String simpleWebTierPolicy = "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>"+
+ "<web-acl>"+
+ "<acl-rule>"+
+ "<resource>"+
+
"<request-uri>/portal/admin-tool/modifyLayout</request-uri>"+
+ "<params>"+
+ "<param>"+
+
"<name>page</name>"+
+
"<value>marketing_index.html</value>"+
+
"</param>"+
+ "</params>"+
+ "</resource>"+
+ "<conditions>"+
+ "<condition>"+
+ "<roles>"+
+
"<role-name>Root-Admin</role-name>"+
+
"<role-name>Marketing Team</role-name>"+
+ "</roles>"+
+ "</condition>"+
+ "</conditions>"+
+ "</acl-rule>"+
+ "</web-acl>";
+
+ /**
+ *
+ */
+ protected void setUp() throws Exception
+ {
+ }
+
+
+ protected void tearDown() throws Exception
+ {
+ }
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testSimpleWebTierPolicy() throws Exception
+ {
+ PolicyManager policyManager = new FileSystemWebTierPolicyManager();
+ Policy policy = policyManager.generatePolicy(simpleWebTierPolicy);
+
+ log.info("------------------------------------------------------");
+ log.info(policy.generateXACMLPolicy());
+ log.info("------------------------------------------------------");
+ }
+}
Added: modules/authorization/trunk/PAP/src/test/resources/log4j.properties
===================================================================
--- modules/authorization/trunk/PAP/src/test/resources/log4j.properties
(rev 0)
+++ modules/authorization/trunk/PAP/src/test/resources/log4j.properties 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,8 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=INFO, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
Added: modules/authorization/trunk/PEP/multitier-policy.xml
===================================================================
--- modules/authorization/trunk/PEP/multitier-policy.xml (rev 0)
+++ modules/authorization/trunk/PEP/multitier-policy.xml 2008-10-15 15:27:46 UTC (rev
12067)
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
RuleCombiningAlgId="rule-combining-alg:nopermit-means-denied"
Version="2.0" PolicyId="MultiTierPolicy">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://ww...
+ <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">org.jboss...
+ <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+ </ResourceMatch>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://ww...
+ <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:2.0:custom:attribute:param0"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule Effect="Permit" RuleId="WriteRule">
+ <Target>
+ <Actions>
+ <Action>
+ <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">write<...
+ <ActionAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ <Condition>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">developer...
+ <SubjectAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
+ </Apply>
+ </Condition>
+ </Rule>
+</Policy>
Added: modules/authorization/trunk/PEP/simple-policy.xml
===================================================================
--- modules/authorization/trunk/PEP/simple-policy.xml (rev 0)
+++ modules/authorization/trunk/PEP/simple-policy.xml 2008-10-15 15:27:46 UTC (rev 12067)
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
RuleCombiningAlgId="rule-combining-alg:nopermit-means-denied"
Version="2.0" PolicyId="SimplePolicy">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://ww...
+ <ResourceAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule Effect="Permit" RuleId="WriteRule">
+ <Target>
+ <Actions>
+ <Action>
+ <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">write<...
+ <ActionAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ <Condition>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">developer...
+ <SubjectAttributeDesignator MustBePresent="false"
DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
+ </Apply>
+ </Condition>
+ </Rule>
+</Policy>
Modified:
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java
===================================================================
---
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java 2008-10-15
12:33:26 UTC (rev 12066)
+++
modules/authorization/trunk/PEP/src/test/java/org/jboss/security/authz/test/pep/TestPDP.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -26,7 +26,6 @@
import java.util.List;
import java.util.HashSet;
import java.util.Set;
-import java.util.StringTokenizer;
import java.net.URI;
import java.io.File;
import java.io.FileOutputStream;
@@ -110,7 +109,7 @@
}
this.generateSimplePolicy();
- this.generateMultiTierPolicy();
+ //this.generateMultiTierPolicy();
}
/**
@@ -118,8 +117,8 @@
*/
public void tearDown() throws Exception
{
- this.deleteSimplePolicy();
- this.deleteMultiTierPolicy();
+ //this.deleteSimplePolicy();
+ //this.deleteMultiTierPolicy();
}
@@ -185,7 +184,7 @@
}
- public void testMultiTierPermit() throws Exception
+ /*public void testMultiTierPermit() throws Exception
{
//PDP Setup
String[] policyFiles = new String[]{"multitier-policy.xml"};
@@ -214,7 +213,7 @@
log.info("-----------------------------------");
log.info("Decision="+responseContext.getDecision());
- }
+ }*/
/*public void testRecursivePermit() throws Exception
{
@@ -413,7 +412,7 @@
return requestContext;
}
- private RequestContext createPermitMultiTierRequestContext() throws Exception
+ /*private RequestContext createPermitMultiTierRequestContext() throws Exception
{
//Create ObjectFactory
ObjectFactory objectFactory = new ObjectFactory();
@@ -470,9 +469,9 @@
requestContext.setRequest(requestType);
return requestContext;
- }
+ }*/
- private RequestContext createPermitRecursiveRequestContext(String path) throws
Exception
+ /*private RequestContext createPermitRecursiveRequestContext(String path) throws
Exception
{
//Create ObjectFactory
ObjectFactory objectFactory = new ObjectFactory();
@@ -540,9 +539,9 @@
requestContext.setRequest(requestType);
return requestContext;
- }
+ }*/
- private RequestContext createImpliesRequestContext() throws Exception
+ /*private RequestContext createImpliesRequestContext() throws Exception
{
//Create ObjectFactory
ObjectFactory objectFactory = new ObjectFactory();
@@ -599,7 +598,7 @@
requestContext.setRequest(requestType);
return requestContext;
- }
+ }*/
//--------------------------------------------------------------------------------------------------------------------------------------------------------
private void generateSimplePolicy() throws Exception
{
@@ -695,7 +694,7 @@
file.delete();
}
- private void generateMultiTierPolicy() throws Exception
+ /*private void generateMultiTierPolicy() throws Exception
{
org.jboss.security.xacml.core.model.policy.ObjectFactory objectFactory = new
org.jboss.security.xacml.core.model.policy.ObjectFactory();
@@ -803,7 +802,7 @@
fos.close();
}
}
- }
+ }*/
private void deleteMultiTierPolicy() throws Exception
{
Added: modules/authorization/trunk/common/pom.xml
===================================================================
--- modules/authorization/trunk/common/pom.xml (rev 0)
+++ modules/authorization/trunk/common/pom.xml 2008-10-15 15:27:46 UTC (rev 12067)
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-parent</artifactId>
+ <version>trunk-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-authz-common</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Authorization Common</name>
+ <url>http://www.jboss.org</url>
+ <description>Contains components that are used by all the other
modules</description>
+
+ <dependencies>
+ <!-- jboss xacml -->
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-sunxacml</artifactId>
+ </dependency>
+
+ <!-- junit -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.3.1</version>
+ <configuration>
+ <includes>
+ </includes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Action.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,66 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+
+/**
+ * Represents a protected Action within a system
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Action extends BaseObject
+{
+ /**
+ * Attributes associated with the Action
+ */
+ private Set<Attribute> attributes = null;
+
+ /**
+ *
+ *
+ */
+ public Action()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set<Attribute> getAttributes()
+ {
+ return attributes;
+ }
+
+ /**
+ *
+ * @param attributes
+ */
+ public void setAttributes(Set<Attribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Attribute.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Attribute.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Attribute.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,123 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * Represents arbitrary data used within the system in various Contexts
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Attribute extends BaseObject
+{
+ /**
+ * unique uri to identify the type of Attribute
+ */
+ private String uri = null;
+
+ /**
+ * dataType of the value of this Attribute
+ */
+ private String datatType = null;
+
+ /**
+ * Value of this Attribute
+ */
+ private String value = null;
+
+ /**
+ *
+ *
+ */
+ public Attribute()
+ {
+
+ }
+
+ /**
+ *
+ * @param uri
+ * @param dataType
+ * @param value
+ */
+ public Attribute(String uri, String dataType, String value)
+ {
+ this.uri = uri;
+ this.datatType = dataType;
+ this.value = value;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getDatatType()
+ {
+ return datatType;
+ }
+
+ /**
+ *
+ * @param datatType
+ */
+ public void setDatatType(String datatType)
+ {
+ this.datatType = datatType;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getUri()
+ {
+ return uri;
+ }
+
+ /**
+ *
+ * @param uri
+ */
+ public void setUri(String uri)
+ {
+ this.uri = uri;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getValue()
+ {
+ return value;
+ }
+
+ /**
+ *
+ * @param value
+ */
+ public void setValue(String value)
+ {
+ this.value = value;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AttributeExpression.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AttributeExpression.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/AttributeExpression.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,76 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * Represents an logic expression applied such that the specified Function is applied
with Value of the specified Attribute as the Predicate
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class AttributeExpression extends Expression
+{
+ private String functionId = null;
+ private Attribute attribute = null;
+
+ public AttributeExpression()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Attribute getAttribute()
+ {
+ return attribute;
+ }
+
+ /**
+ *
+ * @param attribute
+ */
+ public void setAttribute(Attribute attribute)
+ {
+ this.attribute = attribute;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getFunctionId()
+ {
+ return functionId;
+ }
+
+ /**
+ *
+ * @param functionId
+ */
+ public void setFunctionId(String functionId)
+ {
+ this.functionId = functionId;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BaseObject.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,64 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.io.Serializable;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class BaseObject implements Serializable
+{
+ /**
+ * unique storage/database identifier
+ */
+ private Long id = null;
+
+ /**
+ *
+ *
+ */
+ public BaseObject()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Long getId()
+ {
+ return id;
+ }
+
+ /**
+ *
+ * @param id
+ */
+ public void setId(Long id)
+ {
+ this.id = id;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/BusinessLogicExpression.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,50 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * Represents the Logic applied to data within the Authorization Context. The Expression
can contain Drools rules, Bean Shell script etc
+ * that could be applied to data
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class BusinessLogicExpression extends Expression
+{
+ private String logic = null;
+
+ public BusinessLogicExpression()
+ {
+
+ }
+
+ public String getLogic()
+ {
+ return logic;
+ }
+
+ public void setLogic(String logic)
+ {
+ this.logic = logic;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Effect.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Effect.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Effect.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,32 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public enum Effect
+{
+ PERMIT, DENY;
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Environment.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,66 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+
+/**
+ * Represents Environment information in the context of an Authroization Request
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Environment extends BaseObject
+{
+ /**
+ * Attributes associated with the Environment
+ */
+ private Set<Attribute> attributes = null;
+
+ /**
+ *
+ *
+ */
+ public Environment()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set<Attribute> getAttributes()
+ {
+ return attributes;
+ }
+
+ /**
+ *
+ * @param attributes
+ */
+ public void setAttributes(Set<Attribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Expression.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Expression.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Expression.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,37 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * Represents the Logic applied to data within the Authorization Context
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public abstract class Expression extends BaseObject
+{
+ public Expression()
+ {
+
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Policy.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,112 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+
+
+/**
+ * Represents an Authorization Policy
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public abstract class Policy extends BaseObject
+{
+ protected String policyUri = null;
+ protected Target target = null;
+ protected Set<Rule> rules = null;
+
+
+ /**
+ *
+ *
+ */
+ public Policy(String policyUri, Target target, Set<Rule> rules)
+ {
+ if(policyUri == null)
+ {
+ throw new IllegalArgumentException("PolicyUri cannot be Null");
+ }
+
+ if(target == null)
+ {
+ throw new IllegalArgumentException("Target cannot be Null");
+ }
+
+ if(rules == null)
+ {
+ throw new IllegalArgumentException("Rules cannot be Null");
+ }
+
+ this.policyUri = policyUri;
+ this.target = target;
+ this.rules = rules;
+ }
+
+ /**
+ * A unique identifier for the Policy
+ *
+ * @return unique identifier for the Policy
+ */
+ public String getPolicyUri()
+ {
+ return this.policyUri;
+ }
+
+ /**
+ *
+ * @param policyUri
+ */
+ public void setPolicyUri(String policyUri)
+ {
+ this.policyUri = policyUri;
+ }
+
+ public Set<Rule> getRules()
+ {
+ return rules;
+ }
+
+ public void setRules(Set<Rule> rules)
+ {
+ this.rules = rules;
+ }
+
+ public Target getTarget()
+ {
+ return target;
+ }
+
+ public void setTarget(Target target)
+ {
+ this.target = target;
+ }
+
//------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Generates the standard XACML markup that represents the Policy instance in
question
+ *
+ * @return XACML markup to represent this Policy
+ */
+ public abstract String generateXACMLPolicy() throws PolicyException;
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyException.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyException.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/PolicyException.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,51 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class PolicyException extends Exception
+{
+
+ public PolicyException()
+ {
+ super();
+ }
+
+ public PolicyException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public PolicyException(String message)
+ {
+ super(message);
+ }
+
+ public PolicyException(Throwable cause)
+ {
+ super(cause);
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Resource.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,66 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+
+/**
+ * Represents the protected Resource of the system upon which various Actions can be
performed
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Resource extends BaseObject
+{
+ /**
+ * Attributes associated with the Resource
+ */
+ private Set<Attribute> attributes = null;
+
+ /**
+ *
+ *
+ */
+ public Resource()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set<Attribute> getAttributes()
+ {
+ return attributes;
+ }
+
+ /**
+ *
+ * @param attributes
+ */
+ public void setAttributes(Set<Attribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Rule.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Rule.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Rule.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,114 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+/**
+ * Represents the Policy Rule that must be met to achieve the correspoding Permit or Deny
effect
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Rule extends BaseObject
+{
+ private String ruleId = null;
+ private Effect effect = null;
+ private Target target = null;
+ private Expression expression = null;
+
+ public Rule()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Effect getEffect()
+ {
+ return effect;
+ }
+
+ /**
+ *
+ * @param effect
+ */
+ public void setEffect(Effect effect)
+ {
+ this.effect = effect;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Expression getExpression()
+ {
+ return expression;
+ }
+
+ /**
+ *
+ * @param expression
+ */
+ public void setExpression(Expression expression)
+ {
+ this.expression = expression;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getRuleId()
+ {
+ return ruleId;
+ }
+
+ /**
+ *
+ * @param ruleId
+ */
+ public void setRuleId(String ruleId)
+ {
+ this.ruleId = ruleId;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Target getTarget()
+ {
+ return target;
+ }
+
+ /**
+ *
+ * @param target
+ */
+ public void setTarget(Target target)
+ {
+ this.target = target;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Subject.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,66 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.util.Set;
+
+/**
+ * Represents the Identity of the user, machine, etc trying to execute a protected Action
on a protected Resource
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class Subject extends BaseObject
+{
+ /**
+ * Attributes associated with the Subject
+ */
+ private Set<Attribute> attributes = null;
+
+ /**
+ *
+ *
+ */
+ public Subject()
+ {
+
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set<Attribute> getAttributes()
+ {
+ return attributes;
+ }
+
+ /**
+ *
+ * @param attributes
+ */
+ public void setAttributes(Set<Attribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/model/Target.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,145 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.model;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class Target extends BaseObject
+{
+ private List<Resource> resources = null;
+ private List<Action> actions = null;
+ private List<Subject> subjects = null;
+ private List<Environment> environments = null;
+
+ private List<AttributeExpression> resourceMatches = null;
+ private List<AttributeExpression> actionMatches = null;
+ private List<AttributeExpression> subjectMatches = null;
+ private List<AttributeExpression> environmentMatches = null;
+
+ public Target()
+ {
+
+ }
+
+ public List<Action> getActions()
+ {
+ return actions;
+ }
+
+ public void setActions(List<Action> actions)
+ {
+ this.actions = actions;
+ }
+
+ public List<Environment> getEnvironments()
+ {
+ return environments;
+ }
+
+ public void setEnvironments(List<Environment> environments)
+ {
+ this.environments = environments;
+ }
+
+ public List<Resource> getResources()
+ {
+ return resources;
+ }
+
+ public void setResources(List<Resource> resources)
+ {
+ this.resources = resources;
+ }
+
+ public List<Subject> getSubjects()
+ {
+ return subjects;
+ }
+
+ public void setSubjects(List<Subject> subjects)
+ {
+ this.subjects = subjects;
+ }
+
+ public List<AttributeExpression> getActionMatches()
+ {
+ return actionMatches;
+ }
+
+ public void setActionMatches(List<AttributeExpression> actionMatches)
+ {
+ this.actionMatches = actionMatches;
+ }
+
+ public List<AttributeExpression> getEnvironmentMatches()
+ {
+ return environmentMatches;
+ }
+
+ public void setEnvironmentMatches(List<AttributeExpression> environmentMatches)
+ {
+ this.environmentMatches = environmentMatches;
+ }
+
+ public List<AttributeExpression> getResourceMatches()
+ {
+ return resourceMatches;
+ }
+
+ public void setResourceMatches(List<AttributeExpression> resourceMatches)
+ {
+ this.resourceMatches = resourceMatches;
+ }
+
+ public List<AttributeExpression> getSubjectMatches()
+ {
+ return subjectMatches;
+ }
+
+ public void setSubjectMatches(List<AttributeExpression> subjectMatches)
+ {
+ this.subjectMatches = subjectMatches;
+ }
+
//--------------------------------------------------------------------------------------------------------------------------------------------------------
+ public void addResourceMatch(AttributeExpression resourceMatch)
+ {
+ if(this.resourceMatches == null)
+ {
+ this.resourceMatches = new ArrayList<AttributeExpression>();
+ }
+ this.resourceMatches.add(resourceMatch);
+ }
+
+ public void addActionMatch(AttributeExpression actionMatch)
+ {
+ if(this.actionMatches == null)
+ {
+ this.actionMatches = new ArrayList<AttributeExpression>();
+ }
+ this.actionMatches.add(actionMatch);
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/AttributeDesignatorUtil.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,97 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.xacml;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.security.xacml.core.model.policy.AttributeDesignatorType;
+import org.jboss.security.xacml.core.model.policy.ObjectFactory;
+import org.jboss.security.xacml.factories.PolicyAttributeFactory;
+import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
+
+import org.jboss.security.authz.model.Attribute;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class AttributeDesignatorUtil
+{
+ /**
+ *
+ * @param attribute
+ * @return
+ */
+ public static AttributeDesignatorType getAttributeDesignator(Attribute attribute)
+ {
+ AttributeDesignatorType attributeDesignator = null;
+
+ String uri = attribute.getUri();
+
+ //TODO: add all the conditions to detect a Subject Attribute
+ if(uri.equals(XACMLConstants.ATTRIBUTEID_ROLE)
+ )
+ {
+ attributeDesignator =
PolicyAttributeFactory.createSubjectAttributeDesignatorType(attribute.getUri(),
+ attribute.getDatatType(), null, true, null);
+ }
+ else
+ {
+ attributeDesignator =
PolicyAttributeFactory.createAttributeDesignatorType(attribute.getUri(),
attribute.getDatatType(), null, true);
+ }
+
+ return attributeDesignator;
+ }
+
+ /**
+ *
+ * @param attribute
+ * @return
+ */
+ public static JAXBElement<? extends AttributeDesignatorType>
getAttributeDesignatorXml(Attribute attribute)
+ {
+ JAXBElement<? extends AttributeDesignatorType> xmlRep = null;
+
+ ObjectFactory objectFactory = new ObjectFactory();
+ AttributeDesignatorType attributeDesignator =
AttributeDesignatorUtil.getAttributeDesignator(attribute);
+
+ if(attributeDesignator instanceof SubjectAttributeDesignatorType)
+ {
+ xmlRep =
objectFactory.createSubjectAttributeDesignator((SubjectAttributeDesignatorType)attributeDesignator);
+ }
+ else
+ {
+ String uri = attributeDesignator.getAttributeId();
+
+ //TODO: finish this implementation to include all Attribute Types like Resource,
Action, and Environment
+ if(uri.equals(XACMLConstants.ATTRIBUTEID_ACTION_ID))
+ {
+ xmlRep = objectFactory.createActionAttributeDesignator(attributeDesignator);
+ }
+ }
+
+
+ return xmlRep;
+ }
+}
Added:
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java
===================================================================
---
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java
(rev 0)
+++
modules/authorization/trunk/common/src/main/java/org/jboss/security/authz/xacml/NoPermitMeansDeniedAlg.java 2008-10-15
15:27:46 UTC (rev 12067)
@@ -0,0 +1,83 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.xacml;
+
+import java.util.List;
+import java.util.Iterator;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.Rule;
+import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm
+{
+ /**
+ *
+ * @throws URISyntaxException
+ */
+ public NoPermitMeansDeniedAlg() throws URISyntaxException
+ {
+ super(new URI("rule-combining-alg:nopermit-means-denied"));
+ }
+
+ /**
+ *
+ * @param context
+ * @param rules
+ * @return
+ */
+ public Result combine(EvaluationCtx context, List parameters, List ruleElements)
+ {
+ Result result = new Result(Result.DECISION_PERMIT);
+
+ Iterator rules = ruleElements.iterator();
+ boolean permitFound = false;
+ while(rules.hasNext())
+ {
+ RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next();
+ Rule rule = ruleCombinerElement.getRule();
+ Result currentResult = rule.evaluate(context);
+
+ if(currentResult.getDecision() == Result.DECISION_PERMIT)
+ {
+ permitFound = true;
+ break;
+ }
+ }
+
+ if(!permitFound)
+ {
+ result = new Result(Result.DECISION_DENY);
+ }
+
+ return result;
+ }
+}
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2008-10-15 12:33:26 UTC (rev 12066)
+++ modules/authorization/trunk/pom.xml 2008-10-15 15:27:46 UTC (rev 12067)
@@ -10,8 +10,10 @@
<description>JBoss Authorization</description>
<modules>
+ <module>common</module>
<module>security-console</module>
<module>PEP</module>
+ <module>PAP</module>
</modules>
<properties>
6412
days inactive
6412
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org