Author: sohil.shah(a)jboss.com Date: 2009-07-10 17:14:33 -0400 (Fri, 10 Jul 2009) New Revision: 13542 Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementException.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementResponse.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/PolicyEnforcementPoint.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningException.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/AnnotationProcessor.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/SecurityContextDataProcessor.java modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEnforcementGenerator.java modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/SecurityContextData.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/NoPermitMeansDeniedAlg.java Modified: modules/authorization/trunk/agent/pom.xml modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Operation.java modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Identity.java modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java modules/authorization/trunk/http-profile/pom.xml modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/component/resource/HttpResource.java modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestHttpResource.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/integration/TestEnterprisePolicyFinderModule.java modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java modules/authorization/trunk/pom.xml Log: refactoring clear separation between an application agent and the policy server Modified: modules/authorization/trunk/agent/pom.xml =================================================================== --- modules/authorization/trunk/agent/pom.xml 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/agent/pom.xml 2009-07-10 21:14:33 UTC (rev 13542) @@ -23,6 +23,11 @@ <groupId>org.jboss.security.authz</groupId> <artifactId>core-components-api</artifactId> <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>policy-server</artifactId> + <version>${project.version}</version> </dependency> <!-- jboss microcontainer --> <dependency> Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementContext.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,59 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.enforcement; + +import java.io.Serializable; +import java.util.Map; +import java.util.HashMap; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class EnforcementContext implements Serializable +{ + private Map<String, Object> attributes; + + public EnforcementContext() + { + this.attributes = new HashMap<String, Object>(); + } + + public Object getAttribute(String name) + { + return this.attributes.get(name); + } + + public void setAttribute(String name, Object attribute) + { + this.attributes.put(name, attribute); + } + + public void clear(String name) + { + this.attributes.remove(name); + } + + public void clearAll() + { + this.attributes.clear(); + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementException.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementException.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementException.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,50 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.agent.enforcement; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class EnforcementException extends Exception +{ + public EnforcementException() + { + super(); + } + + public EnforcementException(String message, Throwable cause) + { + super(message, cause); + } + + public EnforcementException(String message) + { + super(message); + } + + public EnforcementException(Throwable cause) + { + super(cause); + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementResponse.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementResponse.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/EnforcementResponse.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,96 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.enforcement; + +import java.io.Serializable; + +/** + * An Authorization Response + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class EnforcementResponse implements Serializable +{ + private boolean accessGranted; + private String message; + + public EnforcementResponse() + { + + } + + public boolean isAccessGranted() + { + return accessGranted; + } + + public void setAccessGranted(boolean accessGranted) + { + this.accessGranted = accessGranted; + } + + public String getMessage() + { + return message; + } + + public void setMessage(String message) + { + this.message = message; + } + + public boolean isIndeterminate() + { + boolean isIndeterminate = false; + + if(this.message.toLowerCase().contains("indeterminate")) + { + isIndeterminate = true; + } + + return isIndeterminate; + } + + public boolean isNotApplicable() + { + boolean isNotApplicable = false; + + if(this.message.toLowerCase().contains("notapplicable")) + { + isNotApplicable = true; + } + + return isNotApplicable; + } + + public boolean isDenied() + { + boolean isDenied = false; + + if(this.message.toLowerCase().contains("deny")) + { + isDenied = true; + } + + return isDenied; + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/LocalEnforcementPoint.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,80 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.enforcement; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.policy.client.enforcement.Request; +import org.jboss.security.authz.policy.client.enforcement.Response; +import org.jboss.security.authz.policy.server.PolicyServer; +import org.jboss.security.authz.policy.server.PolicyServerException; + +/** + * This Enforcement point integrates with the Policy Server inside the same VM. This provides the fastest enforcement option + * + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class LocalEnforcementPoint implements PolicyEnforcementPoint +{ + private static Logger log = Logger.getLogger(LocalEnforcementPoint.class); + + private PolicyServer policyServer; + + public LocalEnforcementPoint() + { + + } + + public void start() + { + } + + public void stop() + { + } + + public PolicyServer getPolicyServer() + { + return policyServer; + } + + public void setPolicyServer(PolicyServer policyServer) + { + this.policyServer = policyServer; + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------------------ + public EnforcementResponse checkAccess(EnforcementContext enforcementContext) throws EnforcementException + { + /*try + { + + return this.policyServer.evaluate(request); + } + catch(PolicyServerException pe) + { + log.error(this, pe); + throw new EnforcementException(pe); + }*/ + return null; + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/PolicyEnforcementPoint.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/PolicyEnforcementPoint.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/enforcement/PolicyEnforcementPoint.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,45 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.enforcement; + +import org.jboss.security.authz.policy.client.enforcement.Response; + +/** + * This component typically integrates natively with the application layer to receive Authorization Requests + * It then processes the native request and routes it to the Policy Decision Point component of the Policy Server to get a decision whether the + * Authorization should be granted or not or to do something else + * + * Sometimes, this component can just be a native stub that routes all requests over the network to the Policy Server, and sometimes this component can be co-located with the Policy Server + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public interface PolicyEnforcementPoint +{ + /** + * Checks if Access should be granted for this particular Authorization Request + * + * @param request + * @return + * @throws EnforcementException + */ + public EnforcementResponse checkAccess(EnforcementContext enforcementContext) throws EnforcementException; +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/LocalPolicyProvisioner.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,117 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.provisioning; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; +import org.jboss.security.authz.policy.server.PolicyServer; +import org.jboss.security.authz.policy.server.PolicyServerException; + +/** + * This Policy Provisioner integrates with the Policy Server in the same VM. This provides fastest provisioning option + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class LocalPolicyProvisioner implements PolicyProvisioner +{ + private static Logger log = Logger.getLogger(LocalPolicyProvisioner.class); + + private PolicyServer policyServer; + + public LocalPolicyProvisioner() + { + } + + public void start() + { + + } + + public void stop() + { + + } + + public PolicyServer getPolicyServer() + { + return policyServer; + } + + public void setPolicyServer(PolicyServer policyServer) + { + this.policyServer = policyServer; + } + //--------PolicyProvisioner implementation----------------------------------------------------------------------------------------------------------------------------------------------------------- + public void newPolicy(PolicyMetaData policyMetaData) throws ProvisioningException + { + try + { + this.policyServer.newPolicy(policyMetaData); + } + catch(PolicyServerException pe) + { + log.error(this, pe); + throw new ProvisioningException(pe); + } + } + + public Policy[] readAllPolicies() throws ProvisioningException + { + try + { + return this.policyServer.readAllPolicies(); + } + catch(PolicyServerException pe) + { + log.error(this, pe); + throw new ProvisioningException(pe); + } + } + + public Policy readPolicy(String policyUri) throws ProvisioningException + { + try + { + return this.policyServer.readPolicy(policyUri); + } + catch(PolicyServerException pe) + { + log.error(this, pe); + throw new ProvisioningException(pe); + } + } + + public void deletePolicy(String policyUri) throws ProvisioningException + { + try + { + this.policyServer.deletePolicy(policyUri); + } + catch(PolicyServerException pe) + { + log.error(this, pe); + throw new ProvisioningException(pe); + } + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/PolicyProvisioner.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,60 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.provisioning; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public interface PolicyProvisioner +{ + /** + * Generates a new Policy instance based on the supplied MetaData and stores it into the Policy Store + * + * @param policyMetaData meta data for the policy to be created + */ + public void newPolicy(PolicyMetaData policyMetaData) throws ProvisioningException; + + /** + * Read a stored Policy identified by the unique policyUri + * + * @param policyUri + * @return a stored Policy + */ + public Policy readPolicy(String policyUri) throws ProvisioningException; + + /** + * Returns all the stored Policies for the system + * + * @return all the stored Policies + */ + public Policy[] readAllPolicies() throws ProvisioningException; + + /** + * Deletes the specified Policy from storage + * + * @param policyUri unique identifier for the Policy + */ + public void deletePolicy(String policyUri) throws ProvisioningException; +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningException.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningException.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/provisioning/ProvisioningException.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,50 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.agent.provisioning; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class ProvisioningException extends Exception +{ + public ProvisioningException() + { + super(); + } + + public ProvisioningException(String message, Throwable cause) + { + super(message, cause); + } + + public ProvisioningException(String message) + { + super(message); + } + + public ProvisioningException(Throwable cause) + { + super(cause); + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/AnnotationProcessor.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/AnnotationProcessor.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/AnnotationProcessor.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,134 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.services; + +import java.lang.annotation.Annotation; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.util.List; +import java.util.ArrayList; + +import org.jboss.security.authz.component.Component; +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.component.SecurityContextData; +import org.jboss.security.authz.component.LogicExpression; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +class AnnotationProcessor +{ + static Object[] extractSecurityContextData(Object component) throws Exception + { + Object[] securityContextData = null; + + List<Object> cour = new ArrayList<Object>(); + Class targetClass = component.getClass(); + do + { + Object[] local = extractSecurityContextData(component, targetClass); + if(local != null && local.length>0) + { + for(Object data: local) + { + cour.add(data); + } + } + targetClass = targetClass.getSuperclass(); + }while(targetClass != null); + + if(!cour.isEmpty()) + { + securityContextData = cour.toArray(); + } + + return securityContextData; + } + + static ComponentCategory findComponentCategory(Class targetClass) + { + Annotation component = targetClass.getAnnotation(Component.class); + if(component != null) + { + return ((Component)component).category(); + } + + return null; + } + + static Method findExpression(Class targetClass, String expressionName) + { + Method[] declaredMethods = targetClass.getDeclaredMethods(); + if(declaredMethods != null) + { + for(Method declaredMethod: declaredMethods) + { + Annotation logicExpression = declaredMethod.getAnnotation(LogicExpression.class); + if(logicExpression != null) + { + if(declaredMethod.getName().equals(expressionName)) + { + return declaredMethod; + } + } + } + } + + if(targetClass.getSuperclass() != null) + { + return findExpression(targetClass.getSuperclass(), expressionName); + } + + return null; + } + //--------------------------------------------------------------------------------------------------------------------------------------------------------------------- + private static Object[] extractSecurityContextData(Object component, Class targetClass) throws Exception + { + Object[] securityContextData = null; + + List<Object> cour = new ArrayList<Object>(); + Field[] declaredFields = targetClass.getDeclaredFields(); + if(declaredFields != null) + { + for(Field declaredField: declaredFields) + { + Annotation local = declaredField.getAnnotation(SecurityContextData.class); + if(local != null) + { + declaredField.setAccessible(true); + Object data = declaredField.get(component); + if(data != null) + { + cour.add(data); + } + } + } + } + + if(!cour.isEmpty()) + { + return cour.toArray(); + } + + return securityContextData; + } +} Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/EnforcementStateGenerator.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,214 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.services; + +import java.lang.reflect.Array; +import java.util.Collection; +import java.util.List; +import java.util.ArrayList; +import java.util.Map; +import java.util.Set; + +import org.apache.log4j.Logger; + + +import org.jboss.security.authz.component.ComponentCategory; +import org.jboss.security.authz.model.AbstractContextObject; +import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.model.Subject; +import org.jboss.security.authz.model.Action; +import org.jboss.security.authz.model.Attribute; +import org.jboss.security.authz.components.subject.Identity; +import org.jboss.security.authz.components.subject.Roles; + +import org.jboss.security.xacml.interfaces.XACMLConstants; +import org.jboss.security.xacml.interfaces.XMLSchemaConstants; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +class EnforcementStateGenerator +{ + private static Logger log = Logger.getLogger(EnforcementStateGenerator.class); + + AbstractContextObject[] generate(Object component) + { + try + { + AbstractContextObject[] enforcementState = null; + + List<AbstractContextObject> cour = new ArrayList<AbstractContextObject>(); + + ComponentCategory componentCategory = AnnotationProcessor.findComponentCategory(component.getClass()); + + //Extract SecurityContextData for the component + Object[] securityContextData = AnnotationProcessor.extractSecurityContextData(component); + + for(Object input: securityContextData) + { + if(Collection.class.isAssignableFrom(input.getClass()) || input.getClass().isArray()) + { + if(input.getClass().isArray()) + { + List<Object> local = new ArrayList<Object>(); + int arrayLength = Array.getLength(input); + for(int i=0; i<arrayLength; i++) + { + local.add(Array.get(input, i)); + } + input = SecurityContextDataProcessor.processEnforcementState(local); + } + else + { + input = SecurityContextDataProcessor.processEnforcementState((Collection)input); + } + } + else if(Map.class.isAssignableFrom(input.getClass())) + { + input = SecurityContextDataProcessor.processEnforcementState((Map)input); + } + else + { + input = input.toString(); + } + + //Create the appropriate Context Object + if(componentCategory.getAttributeCategory().equals(XACMLConstants.ATTRIBUTEID_RESOURCE_ID)) + { + if(input instanceof String) + { + cour.add(this.generateURIBasedResource((String)input)); + } + else if(input instanceof Map) + { + cour.add(this.generateCustomResource((Map<String, String>)input)); + } + } + else if(componentCategory.getAttributeCategory().equals(XACMLConstants.ATTRIBUTEID_ACTION_ID)) + { + cour.add(generateAction((String)input)); + } + else if(componentCategory.getAttributeCategory().equals(XACMLConstants.ATTRIBUTEID_SUBJECT_ID)) + { + //Note: Identity and Roles components are exposed to this component since these are part of the core set components shipped + //with the Framework + if(component instanceof Identity) + { + cour.add(generateIdentity(input.toString())); + } + else if(component instanceof Roles) + { + cour.add(this.generateRoles((Set<String>)input)); + } + } + } + + enforcementState = cour.toArray(new AbstractContextObject[0]); + + return enforcementState; + } + catch(Exception e) + { + log.error(this, e); + + //TODO: implement proper exception handling + throw new RuntimeException(e); + } + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------------ + private Resource generateURIBasedResource(String uri) + { + Resource uriResource = new Resource(); + + Attribute attribute = new Attribute(); + attribute.setUri(XACMLConstants.ATTRIBUTEID_RESOURCE_ID); + attribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING); + attribute.setValue(uri); + uriResource.addAttribute(attribute); + + return uriResource; + } + + private Resource generateCustomResource(Map<String, String> parameters) + { + Resource custom = new Resource(); + + Set<String> names = parameters.keySet(); + for(String name: names) + { + String value = parameters.get(name); + + Attribute customAttribute = new Attribute(); + customAttribute.setUri(name); + customAttribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING); + customAttribute.setValue(value); + custom.addAttribute(customAttribute); + } + + return custom; + } + + private Action generateAction(String actionName) + { + Action action = new Action(); + + Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ACTION_ID, + XMLSchemaConstants.DATATYPE_STRING, + actionName + ); + action.addAttribute(attribute); + + return action; + } + + private Subject generateIdentity(String subjectName) + { + Subject subject = new Subject(); + + subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT); + + Attribute attribute = new Attribute( + XACMLConstants.ATTRIBUTEID_SUBJECT_ID, + XMLSchemaConstants.DATATYPE_STRING, subjectName); + subject.addAttribute(attribute); + + return subject; + } + + private Subject generateRoles(Set<String> roleNames) + { + Subject subject = new Subject(); + + subject.setCategory(XACMLConstants.ATTRIBUTEID_ACCESS_SUBJECT); + + for(String name: roleNames) + { + Attribute attribute = new Attribute(XACMLConstants.ATTRIBUTEID_ROLE, + XMLSchemaConstants.DATATYPE_STRING, + name + ); + subject.addAttribute(attribute); + } + + return subject; + } +} Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/RuleComposition.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -22,13 +22,11 @@ package org.jboss.security.authz.agent.services; import java.lang.reflect.Method; -import java.lang.annotation.Annotation; import java.util.Set; import java.util.HashSet; import org.apache.log4j.Logger; -import org.jboss.security.authz.component.LogicExpression; import org.jboss.security.authz.model.Rule; import org.jboss.security.authz.model.Expression; import org.jboss.security.authz.model.Effect; @@ -182,7 +180,7 @@ DroolsRuleExpression expression = new DroolsRuleExpression(); //Read the LogicExpression of the Logic Component - Method expressionMethod = this.findExpression(this.logicComponent.getClass(), this.expressionName); + Method expressionMethod = AnnotationProcessor.findExpression(this.logicComponent.getClass(), this.expressionName); expressionMethod.setAccessible(true); String[] expressionMetaData = (String[])expressionMethod.invoke(this.logicComponent, null); @@ -191,31 +189,5 @@ expression.setRule(expressionMetaData[1]); return expression; - } - - private Method findExpression(Class targetClass, String expressionName) - { - Method[] declaredMethods = targetClass.getDeclaredMethods(); - if(declaredMethods != null) - { - for(Method declaredMethod: declaredMethods) - { - Annotation logicExpression = declaredMethod.getAnnotation(LogicExpression.class); - if(logicExpression != null) - { - if(declaredMethod.getName().equals(expressionName)) - { - return declaredMethod; - } - } - } - } - - if(targetClass.getSuperclass() != null) - { - return this.findExpression(targetClass.getSuperclass(), expressionName); - } - - return null; - } + } } Added: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/SecurityContextDataProcessor.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/SecurityContextDataProcessor.java (rev 0) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/SecurityContextDataProcessor.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,65 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.services; + +import java.util.Collection; +import java.util.Set; +import java.util.Map; +import java.util.HashSet; +import java.util.HashMap; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +class SecurityContextDataProcessor +{ + static Set<String> processEnforcementState(Collection input) + { + Set<String> enforcementState = new HashSet<String>(); + + if(input != null) + { + for(Object local: input) + { + enforcementState.add(local.toString()); + } + } + + return enforcementState; + } + + static Map<String, String> processEnforcementState(Map input) + { + Map<String, String> enforcementState = new HashMap<String, String>(); + + if(input != null) + { + Set<Object> keys = input.keySet(); + for(Object key: keys) + { + enforcementState.put(key.toString(), input.get(key).toString()); + } + } + + return enforcementState; + } +} Modified: modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java =================================================================== --- modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/agent/src/main/java/org/jboss/security/authz/agent/services/TargetComposition.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -22,7 +22,11 @@ package org.jboss.security.authz.agent.services; import java.lang.annotation.Annotation; -import java.lang.reflect.Field; +import java.lang.reflect.Array; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Map; import java.util.Set; import java.util.HashSet; @@ -31,7 +35,6 @@ import org.jboss.security.authz.component.Component; import org.jboss.security.authz.component.ComponentCategory; import org.jboss.security.authz.component.ImpliedActions; -import org.jboss.security.authz.component.TargetUri; import org.jboss.security.authz.model.Target; import org.jboss.security.authz.model.Attribute; import org.jboss.security.authz.model.AttributeExpression; @@ -124,52 +127,22 @@ private Target generateTarget() throws Exception { Target target = new Target(); + + //use the proper category for the data + ComponentCategory category = this.findComponentCategory(this.targetComponent.getClass()); + String attributeCategory = category.getAttributeCategory(); - //Read the TargetUri - Field targetField = this.findTargetField(this.targetComponent.getClass()); - targetField.setAccessible(true); - Object targetUriObj = targetField.get(this.targetComponent); + //Read the SecurityContext State of the Component being provisioned + Object[] securityContextData = AnnotationProcessor.extractSecurityContextData(this.targetComponent); - //Get a String representation of this URI - String uriStr = targetUriObj.toString(); + //Get the Attribute expression based on the Security Context State + List<AttributeExpression> urlExpressions = this.generateAttributeExpression(securityContextData, attributeCategory); - //use the proper category for the data - ComponentCategory category = this.findComponentCategory(this.targetComponent.getClass()); - String attributeCategory = category.getAttributeCategory(); - - AttributeExpression urlExpression = new AttributeExpression(); - if (uriStr.charAt(0) == '/' && uriStr.endsWith("/*")) + //Depending up the data category add the appropriate match expression + for(AttributeExpression urlExpression: urlExpressions) { - // If URL starts with '/' and ends with "/*", use a regular - // expression to match it (In consistency with the servlet spec) - urlExpression - .setFunctionId(XACMLConstants.FUNCTION_REGEXP_STRING_MATCH); - - String uriexp = uriStr.substring(1, uriStr.length() - 2); - StringBuilder buffer = new StringBuilder(); - buffer.append("^/" + uriexp + "$|"); - buffer.append("^" + uriexp + "$|"); - buffer.append("^/" + uriexp + "/.*|"); - buffer.append("^" + uriexp + "/.*"); - - Attribute attribute = new Attribute( - attributeCategory, - XMLSchemaConstants.DATATYPE_STRING, buffer.toString()); - urlExpression.setAttribute(attribute); - } - else - { - // use an exact match - urlExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); - - Attribute attribute = new Attribute( - attributeCategory, - XMLSchemaConstants.DATATYPE_STRING, uriStr); - urlExpression.setAttribute(attribute); + category.setExpression(target, urlExpression); } - - //Depending up the data category add the appropriate match expression - category.setExpression(target, urlExpression); return target; } @@ -195,28 +168,91 @@ return null; } - - private Field findTargetField(Class targetClass) - { - Field[] declaredFields = targetClass.getDeclaredFields(); - if(declaredFields != null) - { - for(Field declaredField: declaredFields) + + private List<AttributeExpression> generateAttributeExpression(Object[] securityContextState, String attributeCategory) + { + List<AttributeExpression> expressions = new ArrayList<AttributeExpression>(); + + for(Object input: securityContextState) + { + if(Collection.class.isAssignableFrom(input.getClass()) || input.getClass().isArray()) { - Annotation targetUri = declaredField.getAnnotation(TargetUri.class); - if(targetUri != null) + Set<String> uris = null; + if(input.getClass().isArray()) { - return declaredField; + List<Object> local = new ArrayList<Object>(); + int arrayLength = Array.getLength(input); + for(int i=0; i<arrayLength; i++) + { + local.add(Array.get(input, i)); + } + uris = SecurityContextDataProcessor.processEnforcementState(local); } + else + { + uris = SecurityContextDataProcessor.processEnforcementState((Collection)input); + } + + for(String uri: uris) + { + AttributeExpression expression = new AttributeExpression(); + this.setAttribute(expression, attributeCategory, uri); + expressions.add(expression); + } } + else if(Map.class.isAssignableFrom(input.getClass())) + { + Map<String, String> mappedUris = SecurityContextDataProcessor.processEnforcementState((Map)input); + Set<String> customCategories = mappedUris.keySet(); + for(String customCategory: customCategories) + { + AttributeExpression expression = new AttributeExpression(); + this.setAttribute(expression, customCategory, mappedUris.get(customCategory)); + expressions.add(expression); + } + } + else + { + AttributeExpression expression = new AttributeExpression(); + this.setAttribute(expression, attributeCategory, input.toString()); + expressions.add(expression); + } } - //If I get here, query the super class - if(targetClass.getSuperclass() != null) + return expressions; + } + + private void setAttribute(AttributeExpression urlExpression, String attributeCategory, String uriStr) + { + Attribute attribute = null; + + if (uriStr.charAt(0) == '/' && uriStr.endsWith("/*")) { - return this.findTargetField(targetClass.getSuperclass()); + // If URL starts with '/' and ends with "/*", use a regular + // expression to match it (In consistency with the servlet spec) + urlExpression.setFunctionId(XACMLConstants.FUNCTION_REGEXP_STRING_MATCH); + + String uriexp = uriStr.substring(1, uriStr.length() - 2); + StringBuilder buffer = new StringBuilder(); + buffer.append("^/" + uriexp + "$|"); + buffer.append("^" + uriexp + "$|"); + buffer.append("^/" + uriexp + "/.*|"); + buffer.append("^" + uriexp + "/.*"); + + attribute = new Attribute( + attributeCategory, + XMLSchemaConstants.DATATYPE_STRING, buffer.toString()); + } + else + { + // use an exact match + urlExpression.setFunctionId(XACMLConstants.FUNCTION_STRING_EQUAL); + + attribute = new Attribute( + attributeCategory, + XMLSchemaConstants.DATATYPE_STRING, uriStr); } - return null; + urlExpression.setAttribute(attribute); } } Modified: modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml =================================================================== --- modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/agent/src/main/resources/META-INF/jboss-beans.xml 2009-07-10 21:14:33 UTC (rev 13542) @@ -4,5 +4,8 @@ xsi:schemaLocation="urn:jboss:bean-deployer:2.0 bean-deployer_2_0.xsd" xmlns="urn:jboss:bean-deployer:2.0"> <bean name="/agent/PolicyComposer" class="org.jboss.security.authz.agent.services.PolicyComposer"> + </bean> + + <bean name="/agent/PolicyEnforcementPoint" class="org.jboss.security.authz.agent.services.PolicyEnforcementPoint"> </bean> </deployment> \ No newline at end of file Added: modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEnforcementGenerator.java =================================================================== --- modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEnforcementGenerator.java (rev 0) +++ modules/authorization/trunk/agent/src/test/java/org/jboss/security/authz/agent/services/TestEnforcementGenerator.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,133 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.agent.services; + +import java.net.URI; + +import junit.framework.TestCase; + +import org.apache.log4j.Logger; + +import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.model.Action; +import org.jboss.security.authz.model.Subject; +import org.jboss.security.authz.model.Attribute; +import org.jboss.security.authz.model.AbstractContextObject; + +import org.jboss.security.authz.components.subject.Identity; +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.components.action.Manage; +import org.jboss.security.authz.components.resource.URIResource; + +import org.jboss.security.authz.agent.Agent; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class TestEnforcementGenerator extends TestCase +{ + private static Logger log = Logger.getLogger(TestEnforcementGenerator.class); + + private EnforcementStateGenerator stateGenerator; + + protected void setUp() throws Exception + { + Agent.bootstrap(); + this.stateGenerator = new EnforcementStateGenerator(); + } + //--------------------------------------------------------------------------------------------------------------------------------------------------------------- + public void testGenerateURIResource() throws Exception + { + //Setup the state of Components to be used for Enforcement State + URIResource uriResource = new URIResource(); + uriResource.setUri(new URI("/portal/admin-tool/modifyLayout")); + + AbstractContextObject[] contextState = this.stateGenerator.generate(uriResource); + Resource enforcementState = (Resource)contextState[0]; + + this.assertResource(enforcementState); + } + + public void testGenerateAction() throws Exception + { + AbstractContextObject[] contextState = this.stateGenerator.generate(new Manage()); + Action enforcementState = (Action)contextState[0]; + + this.assertAction(enforcementState); + } + + public void testGenerateIdentity() throws Exception + { + Identity identity = new Identity(); + identity.setName(&quot;blah(a)blah.com&quot;); + + AbstractContextObject[] contextState = this.stateGenerator.generate(identity); + Subject enforcementState = (Subject)contextState[0]; + + this.assertSubject(enforcementState); + } + + public void testGenerateRoles() throws Exception + { + Roles roles = new Roles(); + roles.addName("admin"); + roles.addName("user"); + + AbstractContextObject[] contextState = this.stateGenerator.generate(roles); + Subject enforcementState = (Subject)contextState[0]; + + this.assertSubject(enforcementState); + } + //-------------------------------------------------------------------------------------------------------------------------------------------------------------- + private void assertResource(Resource resource) + { + log.info("---------------------------------------------------------------"); + for(Attribute attribute: resource.getAttributes()) + { + log.info("Name="+attribute.getUri()); + log.info("Value="+attribute.getValue()); + log.info("---------------------------------------------------------------"); + } + } + + private void assertAction(Action action) + { + log.info("---------------------------------------------------------------"); + for(Attribute attribute: action.getAttributes()) + { + log.info("Name="+attribute.getUri()); + log.info("Value="+attribute.getValue()); + log.info("---------------------------------------------------------------"); + } + } + + private void assertSubject(Subject subject) + { + log.info("---------------------------------------------------------------"); + for(Attribute attribute: subject.getAttributes()) + { + log.info("Name="+attribute.getUri()); + log.info("Value="+attribute.getValue()); + log.info("---------------------------------------------------------------"); + } + } +} Added: modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/SecurityContextData.java =================================================================== --- modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/SecurityContextData.java (rev 0) +++ modules/authorization/trunk/common-api/src/main/java/org/jboss/security/authz/component/SecurityContextData.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,37 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.component; + +import java.lang.annotation.Target; +import java.lang.annotation.Retention; +import java.lang.annotation.ElementType; +import java.lang.annotation.RetentionPolicy; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +(a)Target(ElementType.FIELD) +(a)Retention(RetentionPolicy.RUNTIME) +public @interface SecurityContextData +{ + +} Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Operation.java =================================================================== --- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Operation.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/action/Operation.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -21,7 +21,7 @@ */ package org.jboss.security.authz.components.action; -import org.jboss.security.authz.component.TargetUri; +import org.jboss.security.authz.component.SecurityContextData; /** * Represents any Operation that can be performed on a Resource @@ -30,7 +30,7 @@ */ public abstract class Operation { - @TargetUri + @SecurityContextData protected String name; public Operation() Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java =================================================================== --- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/resource/URIResource.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -28,7 +28,7 @@ import org.jboss.security.authz.component.Component; import org.jboss.security.authz.component.ComponentType; import org.jboss.security.authz.component.ComponentCategory; -import org.jboss.security.authz.component.TargetUri; +import org.jboss.security.authz.component.SecurityContextData; /** * Represents any System Resource uniquely identified by a URI @@ -47,7 +47,7 @@ /** * The unique URI that identifies this resource */ - @TargetUri + @SecurityContextData protected URI uri; Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Identity.java =================================================================== --- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Identity.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -25,8 +25,7 @@ import org.jboss.security.authz.component.Component; import org.jboss.security.authz.component.ComponentType; import org.jboss.security.authz.component.ComponentCategory; -import org.jboss.security.authz.component.TargetUri; -import org.jboss.security.authz.component.LogicData; +import org.jboss.security.authz.component.SecurityContextData; /** * The Identity Policy Component represents the "Identity/User" that is Authenticated by the System @@ -47,8 +46,7 @@ /** * Unique id/name of the Identity */ - @TargetUri - @LogicData + @SecurityContextData private String name; Modified: modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java =================================================================== --- modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/core-components-api/src/main/java/org/jboss/security/authz/components/subject/Roles.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -31,7 +31,7 @@ import org.jboss.security.authz.component.Component; import org.jboss.security.authz.component.ComponentType; import org.jboss.security.authz.component.ComponentCategory; -import org.jboss.security.authz.component.LogicData; +import org.jboss.security.authz.component.SecurityContextData; import org.jboss.security.authz.component.LogicExpression; /** @@ -84,7 +84,7 @@ /** * Role Names */ - @LogicData + @SecurityContextData private Set<String> names; public Roles() @@ -114,6 +114,11 @@ } this.getNames().add(name); } + + public boolean isEmpty() + { + return this.getNames().isEmpty(); + } //------------------------------------------------------------------------------------------------------------------------------------------------------------ /** * Creates a Policy Rule suggesting the roles indicated by this object are permitted access to the 'Resource' designated in the Policy Modified: modules/authorization/trunk/http-profile/pom.xml =================================================================== --- modules/authorization/trunk/http-profile/pom.xml 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/pom.xml 2009-07-10 21:14:33 UTC (rev 13542) @@ -23,6 +23,11 @@ <groupId>org.jboss.security.authz</groupId> <artifactId>core-components-api</artifactId> <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>agent</artifactId> + <version>${project.version}</version> </dependency> <dependency> <groupId>org.jboss.security.authz</groupId> Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/component/resource/HttpResource.java =================================================================== --- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/component/resource/HttpResource.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/component/resource/HttpResource.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -28,7 +28,7 @@ import org.jboss.security.authz.component.Component; import org.jboss.security.authz.component.ComponentCategory; import org.jboss.security.authz.component.ComponentType; -import org.jboss.security.authz.component.TargetUri; +import org.jboss.security.authz.component.SecurityContextData; import org.jboss.security.authz.components.resource.URIResource; /** @@ -45,12 +45,12 @@ type=ComponentType.TARGET, category=ComponentCategory.RESOURCE ) -public class HttpResource extends URIResource implements Cloneable +public class HttpResource extends URIResource { /** * The HTTP Parameters that are used to access this resource */ - @TargetUri + @SecurityContextData private Map<String, String> parameters; /** @@ -79,47 +79,5 @@ public void addParameter(String name, String value) { this.getParameters().put(name, value); - } - - /*public PolicyMetaData getPolicyMetaData() - { - PolicyMetaData metadata = super.getPolicyMetaData(); - - if(!this.getParameters().isEmpty()) - { - Set<String> names = this.parameters.keySet(); - for(String name: names) - { - String value = this.parameters.get(name); - - AttributeExpression paramExpression = ExpressionBuilder.getInstance().createCustomResourceExpression(name, value); - paramExpression.setDesignatorMustBePresent(false); - metadata.getTarget().addResourceMatch(paramExpression); - } - } - - return metadata; - }*/ - - /*public Resource getResource() - { - Resource urlResource = super.getResource(); - - if(!this.getParameters().isEmpty()) - { - Set<String> names = this.parameters.keySet(); - for(String name: names) - { - String value = this.parameters.get(name); - - Attribute customAttribute = new Attribute(); - customAttribute.setUri(name); - customAttribute.setDatatType(XMLSchemaConstants.DATATYPE_STRING); - customAttribute.setValue(value); - urlResource.addAttribute(customAttribute); - } - } - - return urlResource; - }*/ + } } Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java =================================================================== --- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/configuration/HttpPolicyConfig.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -38,11 +38,14 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; +import org.jboss.security.authz.model.Effect; import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; import org.jboss.security.authz.tools.GeneralTool; import org.jboss.security.authz.policy.server.plugin.XACMLPolicy; import org.jboss.security.authz.policy.server.spi.PolicyConfig; +import org.jboss.security.authz.http.component.resource.HttpResource; import org.jboss.security.authz.http.component.action.Delete; import org.jboss.security.authz.http.component.action.Get; import org.jboss.security.authz.http.component.action.Head; @@ -50,7 +53,10 @@ import org.jboss.security.authz.http.component.action.Post; import org.jboss.security.authz.http.component.action.Put; import org.jboss.security.authz.http.component.action.Trace; -import org.jboss.security.authz.http.component.resource.HttpResource; +import org.jboss.security.authz.components.action.Operation; +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; /** @@ -61,6 +67,19 @@ { private static Logger log = Logger.getLogger(HttpPolicyConfig.class); + private PolicyComposer policyComposer; + + + public PolicyComposer getPolicyComposer() + { + return policyComposer; + } + + public void setPolicyComposer(PolicyComposer policyComposer) + { + this.policyComposer = policyComposer; + } + /** * Configures the Policy instances that can be represented in system level XACML format. The easyDomainXml is a user friendly XML configuration that is within the context * of the application tier being protected. For instance, to apply Access Control at the web tier, the XML configuration would consist of Resources and @@ -83,21 +102,87 @@ NodeList securityConstraints = document.getElementsByTagName("security-constraint"); for(int i=0, length=securityConstraints.getLength(); i< length; i++) - { + { Element securityConstraint = (Element)securityConstraints.item(i); - Element webResourceCollection = (Element)securityConstraint.getElementsByTagName("web-resource-collection").item(0); - List<HttpResource> webResources = this.parseWebResources(webResourceCollection); - - if(webResources != null) - { - for(HttpResource policyResource: webResources) - { - //Parse role constraints - this.parseRoles(policyResource, securityConstraint.getElementsByTagName("roles")); - - cour.add(new XACMLPolicy(GeneralTool.generateUniqueId(), policyResource.getPolicyMetaData())); - } - } + + //Parse out information related to access control based on user roles + NodeList roleNodes = securityConstraint.getElementsByTagName("roles"); + Roles allowRoles = new Roles(); + Roles denyRoles = new Roles(); + if(roleNodes != null) + { + for(int j=0; j<roleNodes.getLength(); j++) + { + boolean allow = true; + Element roles = (Element)roleNodes.item(j); + + allow = Boolean.parseBoolean(roles.getAttribute("allow").trim()); + + NodeList roleNames = roles.getElementsByTagName("role-name"); + if(roleNames != null) + { + for(int k=0; k<roleNames.getLength(); k++) + { + Element roleName = (Element)roleNames.item(k); + String role = roleName.getTextContent().trim(); + + if(allow) + { + allowRoles.addName(role); + } + else + { + denyRoles.addName(role); + } + } + } + } + } + + //Parse out the resources and actions upon which the Policies must be created + Element webResourceCollection = (Element)securityConstraint.getElementsByTagName("web-resource-collection").item(0); + NodeList resources = webResourceCollection.getElementsByTagName("web-resource"); + if (resources != null) + { + for (int j = 0; j < resources.getLength(); j++) + { + //SetUp the Http Resource + HttpResource policyResource = new HttpResource(); + Element webResource = (Element) resources.item(j); + Element urlPattern = (Element) webResource + .getElementsByTagName("url-pattern").item(0); + + policyResource.setUri(new URI(urlPattern + .getTextContent().trim())); + this.parseParameters(policyResource, webResource); + + //Setup the Action Targets to be secured on this resource + List<Operation> secureActions = this.parseSecureWebActions(webResource); + + if(secureActions != null) + { + //SetUp Policy Composition Context + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(policyResource); + for(Operation secureAction: secureActions) + { + if(!allowRoles.isEmpty()) + { + context.addPolicyRule(Effect.PERMIT, secureAction, allowRoles, "allowExpression"); + } + + if(!denyRoles.isEmpty()) + { + context.addPolicyRule(Effect.DENY, secureAction, denyRoles, "denyExpression"); + } + } + + //Generate the Policy + PolicyMetaData policyMetaData = this.policyComposer.compose(context); + cour.add(new XACMLPolicy(GeneralTool.generateUniqueId(), policyMetaData)); + } + } + } } policies = cour.toArray(new Policy[0]); @@ -120,41 +205,33 @@ }catch(IOException ioe){log.warn(this, ioe);} } } - //XMLParsing---------------------------------------------------------------------------------------------------------------------------------------------------- - private List<HttpResource> parseWebResources(Element webResourceCollection) throws Exception + //XML Configuration Parsing---------------------------------------------------------------------------------------------------------------------------------------------------- + private void parseParameters(HttpResource policyResource, Element webResource) throws Exception { - List<HttpResource> webResources = new ArrayList<HttpResource>(); - - NodeList resources = webResourceCollection.getElementsByTagName("web-resource"); - if(resources != null) - { - for(int i=0; i<resources.getLength(); i++) - { - HttpResource policyResource = new HttpResource(); - Element webResource = (Element)resources.item(i); - Element urlPattern = (Element)webResource.getElementsByTagName("url-pattern").item(0); - - policyResource.setUri(new URI(urlPattern.getTextContent().trim())); - this.parseParameters(policyResource, webResource); - - List<HttpResource> methodResources = this.parseHttpMethods(policyResource, webResource); - if(methodResources != null && !methodResources.isEmpty()) - { - webResources.addAll(methodResources); - } - else - { - webResources.add(policyResource); - } - } - } - - return webResources; + //Process Parameters + Element parameters = (Element)webResource.getElementsByTagName("parameters").item(0); + if(parameters != null) + { + NodeList params = parameters.getElementsByTagName("parameter"); + if(params != null) + { + for(int i=0, length=params.getLength(); i<length; i++) + { + Element parameter = (Element)params.item(i); + + String name = parameter.getAttribute("name").trim(); + String value = parameter.getTextContent().trim(); + + policyResource.addParameter(name, value); + } + } + } } - private List<HttpResource> parseHttpMethods(HttpResource policyResource, Element webResource) throws Exception + private List<Operation> parseSecureWebActions(Element webResource) throws Exception { - List<HttpResource> webResources = new ArrayList<HttpResource>(); + List<Operation> secureWebActions = new ArrayList<Operation>(); + NodeList httpMethods = webResource.getElementsByTagName("http-method"); if(httpMethods != null) { @@ -162,95 +239,39 @@ { Element httpMethodElem = (Element)httpMethods.item(i); - String httpMethod = httpMethodElem.getTextContent(); - HttpResource methodResource = (HttpResource)policyResource.clone(); + String httpMethod = httpMethodElem.getTextContent(); if(httpMethod.equalsIgnoreCase("get")) { - methodResource.setHttpMethod(new Get()); + secureWebActions.add(new Get()); } else if(httpMethod.equalsIgnoreCase("post")) { - methodResource.setHttpMethod(new Post()); + secureWebActions.add(new Post()); } else if(httpMethod.equalsIgnoreCase("put")) { - methodResource.setHttpMethod(new Put()); + secureWebActions.add(new Put()); } else if(httpMethod.equalsIgnoreCase("delete")) { - methodResource.setHttpMethod(new Delete()); + secureWebActions.add(new Delete()); } else if(httpMethod.equalsIgnoreCase("head")) { - methodResource.setHttpMethod(new Head()); + secureWebActions.add(new Head()); } else if(httpMethod.equalsIgnoreCase("options")) { - methodResource.setHttpMethod(new Options()); + secureWebActions.add(new Options()); } else if(httpMethod.equalsIgnoreCase("trace")) { - methodResource.setHttpMethod(new Trace()); - } - - webResources.add(methodResource); + secureWebActions.add(new Trace()); + } } } - return webResources; - } - - private void parseParameters(HttpResource policyResource, Element webResource) throws Exception - { - //Process Parameters - Element parameters = (Element)webResource.getElementsByTagName("parameters").item(0); - if(parameters != null) - { - NodeList params = parameters.getElementsByTagName("parameter"); - if(params != null) - { - for(int i=0, length=params.getLength(); i<length; i++) - { - Element parameter = (Element)params.item(i); - - String name = parameter.getAttribute("name").trim(); - String value = parameter.getTextContent().trim(); - - policyResource.addParameter(name, value); - } - } - } - } - - private void parseRoles(HttpResource policyResource, NodeList roleNodes) throws Exception - { - if(roleNodes != null) - { - for(int i=0; i<roleNodes.getLength(); i++) - { - boolean allow = true; - Element roles = (Element)roleNodes.item(i); - - allow = Boolean.parseBoolean(roles.getAttribute("allow").trim()); - - NodeList roleNames = roles.getElementsByTagName("role-name"); - if(roleNames != null) - { - for(int j=0; j<roleNames.getLength(); j++) - { - Element roleName = (Element)roleNames.item(j); - - if(allow) - { - policyResource.addAllowed(roleName.getTextContent().trim()); - } - else - { - policyResource.addDenied(roleName.getTextContent().trim()); - } - } - } - } - } - } + + return secureWebActions; + } } Modified: modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java =================================================================== --- modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/main/java/org/jboss/security/authz/http/enforcement/SecurityFilter.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -51,21 +51,20 @@ import org.jboss.security.authz.http.component.action.Post; import org.jboss.security.authz.http.component.action.Put; import org.jboss.security.authz.http.component.action.Trace; +import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.http.component.resource.HttpResource; import org.jboss.security.authz.http.configuration.HttpPolicyConfig; import org.jboss.security.authz.tools.GeneralTool; - import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; import org.jboss.security.authz.policy.server.Server; import org.jboss.security.authz.policy.server.spi.PolicyConfig; import org.jboss.security.authz.policy.server.PolicyServer; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; -import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.enforcement.EnforcementContext; +import org.jboss.security.authz.agent.enforcement.EnforcementResponse; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; /** @@ -156,8 +155,8 @@ HttpServletResponse httpResponse = (HttpServletResponse)response; //Perform a Security check - Request authzRequest = this.createAuthorizationRequest(httpRequest); - Response authzResponse = this.enforcer.checkAccess(authzRequest); + EnforcementContext enforcementContext = this.createEnforcementContext(httpRequest); + EnforcementResponse authzResponse = this.enforcer.checkAccess(enforcementContext); //Process the authorization response and allow or deny further processing if(!authzResponse.isAccessGranted()) @@ -184,9 +183,9 @@ } } //------------------------------------------------------------------------------------------------------------------------------------------------------------------ - private Request createAuthorizationRequest(HttpServletRequest httpRequest) throws Exception + private EnforcementContext createEnforcementContext(HttpServletRequest httpRequest) throws Exception { - Request authzRequest = new Request(); + EnforcementContext context = new EnforcementContext(); HttpResource contextResource = new HttpResource(); @@ -205,7 +204,9 @@ String value = httpRequest.getParameter(name); contextResource.addParameter(name, value); } - + + //TODO: migrate to the new developer framework + /* //Setup Resource context authzRequest.addResource(contextResource.getResource()); @@ -243,9 +244,9 @@ //TODO: replace mock code with actual loading of Roles information of the authenticated user via the new Identity API Roles roles = new Roles(); roles.addName(Roles.ANONYMOUS); - authzRequest.addSubject(roles.getSubject()); + authzRequest.addSubject(roles.getSubject());*/ - return authzRequest; + return context; } private void configure(String httpPolicy) throws Exception Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java (rev 0) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/MockPolicy.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,276 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.components; + +import java.util.List; +import java.util.Set; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.UUID; + +import javax.xml.bind.JAXBElement; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.model.PolicyMetaData; +import org.jboss.security.authz.model.Rule; +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.model.PolicyException; +import org.jboss.security.authz.model.AttributeExpression; +import org.jboss.security.authz.model.DroolsRuleExpression; +import org.jboss.security.authz.model.Expression; +import org.jboss.security.authz.xacml.AttributeDesignatorUtil; +import org.jboss.security.authz.xacml.PolicyUtil; + +import org.jboss.security.xacml.core.model.policy.ActionMatchType; +import org.jboss.security.xacml.core.model.policy.SubjectMatchType; +import org.jboss.security.xacml.core.model.policy.ApplyType; +import org.jboss.security.xacml.core.model.policy.VariableReferenceType; +import org.jboss.security.xacml.core.model.policy.EffectType; +import org.jboss.security.xacml.core.model.policy.PolicyType; +import org.jboss.security.xacml.core.model.policy.ResourceMatchType; +import org.jboss.security.xacml.core.model.policy.ResourcesType; +import org.jboss.security.xacml.core.model.policy.ResourceType; +import org.jboss.security.xacml.core.model.policy.ActionsType; +import org.jboss.security.xacml.core.model.policy.ActionType; +import org.jboss.security.xacml.core.model.policy.SubjectsType; +import org.jboss.security.xacml.core.model.policy.SubjectType; +import org.jboss.security.xacml.core.model.policy.RuleType; +import org.jboss.security.xacml.core.model.policy.TargetType; +import org.jboss.security.xacml.core.model.policy.ConditionType; +import org.jboss.security.xacml.core.model.policy.ObjectFactory; +import org.jboss.security.xacml.core.model.policy.AttributeValueType; +import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType; +import org.jboss.security.xacml.factories.PolicyAttributeFactory; + +/** + * Used for specifying policies for Resources represented by unique URIs, sometimes forming a tree like relationship with other Resources in the system + * + * An example of such resources would be tree of resources/nodes in a Content Management System + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class MockPolicy extends Policy +{ + + public MockPolicy(String policyUri, PolicyMetaData metaData) throws PolicyException + { + super(policyUri, metaData); + } + + + @Override + public String generateSystemPolicy() throws PolicyException + { + ByteArrayOutputStream bos = null; + try + { + String xacmlXml = null; + + //SetUp the Policy Header + ObjectFactory objectFactory = new ObjectFactory(); + PolicyType policyType = new PolicyType(); + policyType.setPolicyId(this.policyUri); + policyType.setVersion("2.0"); + policyType.setRuleCombiningAlgId(new NoPermitMeansDeniedAlg().getIdentifier().toString()); + + TargetType targetType = new TargetType(); + policyType.setTarget(targetType); + + //Process Resource Matches as Targets for the Policy + List<AttributeExpression> resourceMatches = this.metaData.getTarget().getResourceMatches(); + if(resourceMatches != null && !resourceMatches.isEmpty()) + { + ResourcesType resourcesType = new ResourcesType(); + targetType.setResources(resourcesType); + ResourceType resourceType = new ResourceType(); + + for(AttributeExpression resourceMatch: resourceMatches) + { + ResourceMatchType rmt = new ResourceMatchType(); + + rmt.setMatchId(resourceMatch.getFunctionId()); + rmt.setResourceAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(resourceMatch.getAttribute(), true)); + rmt.setAttributeValue(PolicyAttributeFactory + .createStringAttributeType(resourceMatch.getAttribute().getValue())); + + resourceType.getResourceMatch().add(rmt); + } + + resourcesType.getResource().add(resourceType); + } + + //Process the Policy Rules + Set<Rule> rules = this.metaData.getRules(); + if(rules != null && !rules.isEmpty()) + { + for(Rule rule: rules) + { + RuleType ruleType = new RuleType(); + ruleType.setRuleId(rule.getRuleId()); + if(rule.getEffect() == Effect.PERMIT) + { + ruleType.setEffect(EffectType.PERMIT); + } + else + { + ruleType.setEffect(EffectType.DENY); + } + + //Process the Rule Target + if(rule.getTarget() != null) + { + List<AttributeExpression> actionMatches = rule.getTarget().getActionMatches(); + List<AttributeExpression> subjectMatches = rule.getTarget().getSubjectMatches(); + TargetType ruleTarget = new TargetType(); + + if(actionMatches != null && !actionMatches.isEmpty()) + { + ruleTarget.setActions(this.generateRuleActions(actionMatches)); + } + + if(subjectMatches != null && !subjectMatches.isEmpty()) + { + ruleTarget.setSubjects(this.generateRuleSubjects(subjectMatches)); + } + + ruleType.setTarget(ruleTarget); + } + + //Process the Rule Expression/Condition + ConditionType condition = this.generateCondition(objectFactory, rule.getExpression()); + ruleType.setCondition(condition); + + policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType); + } + } + + bos = new ByteArrayOutputStream(); + PolicyUtil.marshall(bos, policyType); + xacmlXml = new String(bos.toByteArray()); + + return xacmlXml; + } + catch(Exception e) + { + throw new PolicyException(e); + } + finally + { + if(bos != null) + { + try{bos.close();}catch(IOException ioe){} + } + } + } + + private ActionsType generateRuleActions(List<AttributeExpression> actionMatches) + { + ActionsType actions = new ActionsType(); + + for(AttributeExpression action: actionMatches) + { + ActionType actionType = new ActionType(); + ActionMatchType amct = new ActionMatchType(); + amct.setMatchId(action.getFunctionId()); + amct.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(action.getAttribute().getValue())); + amct.setActionAttributeDesignator(AttributeDesignatorUtil.getAttributeDesignator(action.getAttribute(), true)); + actionType.getActionMatch().add(amct); + actions.getAction().add(actionType); + } + + return actions; + } + + private SubjectsType generateRuleSubjects(List<AttributeExpression> subjectMatches) + { + SubjectsType subjects = new SubjectsType(); + + for(AttributeExpression subject: subjectMatches) + { + SubjectType subjectType = new SubjectType(); + SubjectMatchType match = new SubjectMatchType(); + match.setMatchId(subject.getFunctionId()); + match.setAttributeValue(PolicyAttributeFactory.createStringAttributeType(subject.getAttribute().getValue())); + match.setSubjectAttributeDesignator((SubjectAttributeDesignatorType)AttributeDesignatorUtil.getAttributeDesignator(subject.getAttribute(), true)); + subjectType.getSubjectMatch().add(match); + subjects.getSubject().add(subjectType); + } + + return subjects; + } + + /** + * + * @param expression + * @return + */ + private ConditionType generateCondition(ObjectFactory objectFactory, Expression expression) + { + ConditionType condition = new ConditionType(); + + if(expression instanceof AttributeExpression) + { + AttributeExpression attributeExpression = (AttributeExpression)expression; + + //Function to be applied + ApplyType apply = new ApplyType(); + apply.setFunctionId(attributeExpression.getFunctionId()); + + //Value to check against + AttributeValueType attrValue = PolicyAttributeFactory.createStringAttributeType(attributeExpression.getAttribute().getValue()); + JAXBElement<AttributeValueType> jaxbAttrValue = objectFactory.createAttributeValue(attrValue); + apply.getExpression().add(jaxbAttrValue); + + //Place within the Context where this Value should exist during an Authorization Request + apply.getExpression().add(AttributeDesignatorUtil.getAttributeDesignatorXml(attributeExpression.getAttribute(), true)); + + + condition.setExpression(objectFactory.createApply(apply)); + } + else if(expression instanceof DroolsRuleExpression) + { + DroolsRuleExpression ruleExpression = (DroolsRuleExpression)expression; + + //Function to be applied + ApplyType apply = new ApplyType(); + apply.setFunctionId(ruleExpression.getFunctionId()); + + + VariableReferenceType ruleReference = new VariableReferenceType(); + ruleReference.setVariableId(ruleExpression.getRuleReference()); + JAXBElement<VariableReferenceType> jaxbRuleReference = objectFactory.createVariableReference(ruleReference); + apply.getExpression().add(jaxbRuleReference); + + + condition.setExpression(objectFactory.createApply(apply)); + } + + return condition; + } + + private String generateUniqueId() + { + return UUID.randomUUID().toString(); + } +} Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/NoPermitMeansDeniedAlg.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/NoPermitMeansDeniedAlg.java (rev 0) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/NoPermitMeansDeniedAlg.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -0,0 +1,83 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2006, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.jboss.security.authz.http.components; + +import java.util.List; +import java.util.Iterator; +import java.net.URI; +import java.net.URISyntaxException; + +import org.jboss.security.xacml.sunxacml.combine.RuleCombiningAlgorithm; +import org.jboss.security.xacml.sunxacml.EvaluationCtx; +import org.jboss.security.xacml.sunxacml.ctx.Result; +import org.jboss.security.xacml.sunxacml.Rule; +import org.jboss.security.xacml.sunxacml.combine.RuleCombinerElement; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + * + */ +public class NoPermitMeansDeniedAlg extends RuleCombiningAlgorithm +{ + /** + * + * @throws URISyntaxException + */ + public NoPermitMeansDeniedAlg() throws URISyntaxException + { + super(new URI("rule-combining-alg:nopermit-means-denied")); + } + + /** + * + * @param context + * @param rules + * @return + */ + public Result combine(EvaluationCtx context, List parameters, List ruleElements) + { + Result result = new Result(Result.DECISION_PERMIT); + + Iterator rules = ruleElements.iterator(); + boolean permitFound = false; + while(rules.hasNext()) + { + RuleCombinerElement ruleCombinerElement = (RuleCombinerElement)rules.next(); + Rule rule = ruleCombinerElement.getRule(); + Result currentResult = rule.evaluate(context); + + if(currentResult.getDecision() == Result.DECISION_PERMIT) + { + permitFound = true; + break; + } + } + + if(!permitFound) + { + result = new Result(Result.DECISION_DENY); + } + + return result; + } +} Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestHttpResource.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestHttpResource.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestHttpResource.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -27,10 +27,17 @@ import org.apache.log4j.Logger; -import org.jboss.security.authz.http.component.resource.HttpResource; +import org.jboss.security.authz.agent.Agent; +import org.jboss.security.authz.agent.services.CompositionContext; +import org.jboss.security.authz.agent.services.PolicyComposer; + +import org.jboss.security.authz.components.subject.Identity; +import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.test.MockPolicy; +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.http.component.resource.HttpResource; +import org.jboss.security.authz.http.component.action.Get; /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> @@ -39,12 +46,29 @@ { private static Logger log = Logger.getLogger(TestHttpResource.class); + private PolicyComposer policyComposer; + + protected void setUp() throws Exception + { + Agent.bootstrap(); + this.policyComposer = (PolicyComposer)Agent.lookup("/agent/PolicyComposer"); + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------------ + //TODO: migrate to the new developer framework public void testGetURLTargetNoParameters() throws Exception { HttpResource httpResource = new HttpResource(); httpResource.setUri(new URI("/portal/admin-tool/modifyLayout")); + + Identity identity = new Identity(); + identity.setName("blahUser"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(httpResource); + context.addPolicyRule(Effect.PERMIT, identity, null); - Policy policy = new MockPolicy("testGetURLTargetNoParameters", httpResource.getPolicyMetaData()); + Policy policy = new MockPolicy("testGetURLTargetNoParameters", this.policyComposer.compose(context)); log.info("------------------------------------------------------------------"); log.info(policy.generateSystemPolicy()); @@ -56,10 +80,17 @@ httpResource.setUri(new URI("/portal/admin-tool/modifyLayout")); httpResource.addParameter("test1", "test1://value"); httpResource.addParameter("test2", "test2://value"); + + Identity identity = new Identity(); + identity.setName("blahUser"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(httpResource); + context.addPolicyRule(Effect.PERMIT, identity, null); + Policy policy = new MockPolicy("testGetURLTargetWithParameters", this.policyComposer.compose(context)); - Policy policy = new MockPolicy("testGetURLTargetWithParameters", httpResource.getPolicyMetaData()); - log.info("------------------------------------------------------------------"); log.info(policy.generateSystemPolicy()); } @@ -70,42 +101,49 @@ httpResource.setUri(new URI("/portal/admin-tool/modifyLayout")); httpResource.addParameter("test1", "test1://value"); httpResource.addParameter("test2", "test2://value"); - httpResource.addAllowed("admin"); - httpResource.addDenied("anonymous"); + + Roles allowedRoles = new Roles(); + allowedRoles.addName("admin"); + allowedRoles.addName("user"); + + Roles deniedRoles = new Roles(); + deniedRoles.addName("anonymous"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(httpResource); + context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression"); + context.addPolicyRule(Effect.DENY, new Get(), deniedRoles, "denyExpression"); - Policy policy = new MockPolicy("testRoleRules", httpResource.getPolicyMetaData()); + Policy policy = new MockPolicy("testRoleRules", this.policyComposer.compose(context)); log.info("------------------------------------------------------------------"); log.info(policy.generateSystemPolicy()); } - - public void testIPRules() throws Exception - { - HttpResource httpResource = new HttpResource(); - httpResource.setUri(new URI("/portal/admin-tool/modifyLayout")); - httpResource.addParameter("test1", "test1://value"); - httpResource.addParameter("test2", "test2://value"); - httpResource.addAllowed("admin"); - httpResource.addDenied("anonymous"); - - Policy policy = new MockPolicy("testIPRules", httpResource.getPolicyMetaData()); - log.info("------------------------------------------------------------------"); - log.info(policy.generateSystemPolicy()); - } - public void testURLPattern() throws Exception { HttpResource httpResource = new HttpResource(); httpResource.setUri(new URI("/portal/*")); httpResource.addParameter("test1", "test1://value"); httpResource.addParameter("test2", "test2://value"); - httpResource.addAllowed("admin"); - httpResource.addDenied("anonymous"); + + Roles allowedRoles = new Roles(); + allowedRoles.addName("admin"); + allowedRoles.addName("user"); + + Roles deniedRoles = new Roles(); + deniedRoles.addName("anonymous"); + + //Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(httpResource); + context.addPolicyRule(Effect.PERMIT, new Get(), allowedRoles, "allowExpression"); + context.addPolicyRule(Effect.DENY, new Get(), deniedRoles, "denyExpression"); - Policy policy = new MockPolicy("testURLPattern", httpResource.getPolicyMetaData()); + Policy policy = new MockPolicy("testURLPattern", this.policyComposer.compose(context)); log.info("------------------------------------------------------------------"); log.info(policy.generateSystemPolicy()); - } + } } Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -24,6 +24,8 @@ import java.net.URI; import org.apache.log4j.Logger; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.action.Read; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.http.component.resource.HttpResource; @@ -31,8 +33,6 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.policy.client.enforcement.Request; import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; import org.jboss.security.authz.policy.server.Server; import junit.framework.TestCase; @@ -55,7 +55,8 @@ this.provisioner = (PolicyProvisioner)Server.lookup("/provisioning/localProvisioner"); } - public void testMatchContextSuperset() throws Exception + //TODO: migrate to the new developer framework + /*public void testMatchContextSuperset() throws Exception { //SetUp HttpResource component to generate/store a policy HttpResource policyResource = new HttpResource(); @@ -178,5 +179,5 @@ request.setAction(new Read().getAction()); return request; - } + }*/ } Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestRoles.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -24,15 +24,15 @@ import java.net.URI; import org.apache.log4j.Logger; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.action.Read; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.http.component.resource.HttpResource; import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; import org.jboss.security.authz.policy.client.enforcement.Request; import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; import org.jboss.security.authz.policy.server.Server; import junit.framework.TestCase; @@ -54,7 +54,8 @@ this.provisioner = (PolicyProvisioner)Server.lookup("/provisioning/localProvisioner"); } - public void test() throws Exception + //TODO: migrate to the new developer framework + /*public void test() throws Exception { HttpResource policyResource = new HttpResource(); policyResource.setUri(new URI("/private/devspace/*")); @@ -149,5 +150,5 @@ request.setAction(new Read().getAction()); return request; - } + }*/ } Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestURLPattern.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -25,6 +25,8 @@ import java.util.regex.Pattern; import org.apache.log4j.Logger; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.action.Read; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.http.component.resource.HttpResource; @@ -32,10 +34,8 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyMetaData; import org.jboss.security.authz.model.Resource; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; import org.jboss.security.authz.policy.client.enforcement.Request; import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; import org.jboss.security.authz.policy.server.Server; import junit.framework.TestCase; @@ -57,12 +57,13 @@ this.provisioner = (PolicyProvisioner)Server.lookup("/provisioning/localProvisioner"); } - public void testRegex() throws Exception + //TODO: migrate to the new developer framework + /*public void testRegex() throws Exception { - /** - * Rule = "/prefix/url/*" matches any URL starting with /prefix/url, - * including prefix/url itself. It does not match /prefix/urlfoo because any slash must immediately follow url - */ + // + // Rule = "/prefix/url/*" matches any URL starting with /prefix/url, + // including prefix/url itself. It does not match /prefix/urlfoo because any slash must immediately follow url + // String regex = "^/prefix/url$|^prefix/url$|^/prefix/url/.*|^prefix/url/.*"; //Should Match @@ -150,5 +151,5 @@ request.setAction(new Read().getAction()); return request; - } + }*/ } Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/integration/TestEnterprisePolicyFinderModule.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/integration/TestEnterprisePolicyFinderModule.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/integration/TestEnterprisePolicyFinderModule.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -31,13 +31,13 @@ import org.jboss.security.authz.model.PolicyMetaData; import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.components.action.Read; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; import org.jboss.security.authz.policy.client.enforcement.Request; import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; import org.jboss.security.authz.policy.server.Server; @@ -62,7 +62,8 @@ { } - public void testNewPolicyEnforcement() throws Exception + //TODO: migrate to the new developer framework + /*public void testNewPolicyEnforcement() throws Exception { HttpResource httpResource = new HttpResource(); httpResource.setUri(new URI("/blah/index.html")); @@ -126,5 +127,5 @@ request.setAction(new Read().getAction()); return request; - } + }*/ } Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyConfig.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -29,6 +29,10 @@ import org.apache.log4j.Logger; +import org.jboss.security.authz.agent.Agent; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; +import org.jboss.security.authz.agent.services.PolicyComposer; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.http.component.action.Get; import org.jboss.security.authz.http.component.action.Post; @@ -38,8 +42,6 @@ import org.jboss.security.authz.tools.GeneralTool; import org.jboss.security.authz.policy.client.enforcement.Request; import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; import org.jboss.security.authz.policy.server.Server; import org.jboss.security.authz.policy.server.spi.PolicyConfig; @@ -56,6 +58,7 @@ private PolicyEnforcementPoint enforcer; private PolicyProvisioner provisioner; + private PolicyComposer policyComposer; /** * @@ -63,13 +66,19 @@ protected void setUp() throws Exception { Server.bootstrap(); + Agent.bootstrap(); + this.enforcer = (PolicyEnforcementPoint)Server.lookup("/enforcement/localEnforcementPoint"); this.provisioner = (PolicyProvisioner)Server.lookup("/provisioning/localProvisioner"); + this.policyComposer = (PolicyComposer)Agent.lookup("/agent/PolicyComposer"); } //------------------------------------------------------------------------------------------------------------------------------------------------------ + //TODO: migrate to the new developer framework public void testExecutiveFiles() throws Exception { PolicyConfig config = new HttpPolicyConfig(); + ((HttpPolicyConfig)config).setPolicyComposer(this.policyComposer); + InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("http-policy.xml"); Policy[] policies = config.configure(GeneralTool.readStream(is)); @@ -79,7 +88,7 @@ for(int i=0; i<policies.length; i++) { String xacmlPolicy = policies[i].generateSystemPolicy(); - this.provisioner.newPolicy(policies[i].getMetaData()); + //this.provisioner.newPolicy(policies[i].getMetaData()); log.info("------------------------------------------------------"); log.info(xacmlPolicy); @@ -89,7 +98,7 @@ is.close(); //Perform an Enforcement - HttpResource incoming = new HttpResource(); + /*HttpResource incoming = new HttpResource(); incoming.setUri(new URI("/private/executives/index.html")); incoming.addParameter("id", "1234"); @@ -105,7 +114,7 @@ this.enforce(this.createGetRequest(incoming, new String[]{"manager"}), false); //Anonymous is Not Allowed - this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false); + this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false);*/ } /*public void testBoardFiles() throws Exception @@ -186,7 +195,7 @@ //Anonymous is Not Allowed this.enforce(this.createGetRequest(incoming, new String[]{"anonymous"}), false); - }*/ + } //------------------------------------------------------------------------------------------------------------------------------------------------- private void enforce(Request request, boolean mustBePermitted) throws Exception { @@ -249,5 +258,5 @@ request.setAction(new Post().getAction()); return request; - } + }*/ } Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java =================================================================== --- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestHierarchialPropagation.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -29,15 +29,15 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyMetaData; import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.policy.client.enforcement.Request; +import org.jboss.security.authz.policy.client.enforcement.Response; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.resource.URIResource; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.components.action.Read; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java =================================================================== --- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliedActions.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -29,7 +29,11 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyMetaData; import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.policy.client.enforcement.Request; +import org.jboss.security.authz.policy.client.enforcement.Response; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.resource.URIResource; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.components.action.Operation; @@ -37,10 +41,6 @@ import org.jboss.security.authz.components.action.Write; import org.jboss.security.authz.components.action.Manage; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java =================================================================== --- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestImpliesHierarchialPropagation.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -29,17 +29,17 @@ import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.model.PolicyMetaData; import org.jboss.security.authz.model.Resource; +import org.jboss.security.authz.policy.client.enforcement.Request; +import org.jboss.security.authz.policy.client.enforcement.Response; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.components.resource.URIResource; import org.jboss.security.authz.components.subject.Roles; import org.jboss.security.authz.components.action.Read; import org.jboss.security.authz.components.action.Write; import org.jboss.security.authz.components.action.Manage; -import org.jboss.security.authz.policy.client.enforcement.PolicyEnforcementPoint; -import org.jboss.security.authz.policy.client.enforcement.Request; -import org.jboss.security.authz.policy.client.enforcement.Response; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> Modified: modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java =================================================================== --- modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java 2009-07-10 21:14:33 UTC (rev 13542) @@ -25,8 +25,8 @@ import junit.framework.TestCase; import org.apache.log4j.Logger; +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.model.Policy; -import org.jboss.security.authz.policy.client.provisioning.PolicyProvisioner; /** * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> Modified: modules/authorization/trunk/pom.xml =================================================================== --- modules/authorization/trunk/pom.xml 2009-07-10 18:27:56 UTC (rev 13541) +++ modules/authorization/trunk/pom.xml 2009-07-10 21:14:33 UTC (rev 13542) @@ -14,8 +14,8 @@ <module>core-components-api</module> <module>agent</module> <module>policy-server</module> + <module>http-profile</module> <!-- - <module>http-profile</module> <module>portal-profile</module> --> </modules>