JBoss Portal SVN: r12767 - in modules/authorization/trunk/policy-server: src/main/java/org/jboss/security/authz/policy/server and 5 other directories.
11:24 a.m.
Author: sohil.shah(a)jboss.com
Date: 2009-02-03 12:24:30 -0500 (Tue, 03 Feb 2009)
New Revision: 12767
Added:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServerException.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
Removed:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java
Modified:
modules/authorization/trunk/policy-server/pom.xml
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml
modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java
Log:
first pass at implementing the EnterprisePolicyFinderModule
Modified: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml 2009-02-02 11:41:03 UTC (rev 12766)
+++ modules/authorization/trunk/policy-server/pom.xml 2009-02-03 17:24:30 UTC (rev 12767)
@@ -21,6 +21,11 @@
</dependency>
<dependency>
<groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-core-components</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
<artifactId>jboss-authz-enforcement</artifactId>
<version>${project.version}</version>
</dependency>
@@ -60,8 +65,8 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.3.1</version>
<configuration>
- <includes>
- <include>**/TestPolicyServer.java</include>
+ <includes>
+ <include>**/TestPolicyServer.java</include>
</includes>
</configuration>
</plugin>
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServer.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -21,16 +21,24 @@
*/
package org.jboss.security.authz.policy.server;
+import java.util.Set;
+
import org.apache.log4j.Logger;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
import org.jboss.security.authz.model.PolicyException;
+import org.jboss.security.authz.tools.GeneralTool;
import org.jboss.security.authz.policy.server.decision.PolicyDecisionPoint;
import org.jboss.security.authz.policy.server.spi.PolicyStore;
+import org.jboss.security.authz.policy.server.plugin.HierarchialPolicy;
+import org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule;
import org.jboss.security.authz.enforcement.Request;
import org.jboss.security.authz.enforcement.Response;
+import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
+
/**
* The Central Policy Server
*
@@ -42,6 +50,7 @@
private PolicyDecisionPoint policyDecisionPoint;
private PolicyStore policyStore;
+ private EnterprisePolicyFinderModule policyFinderModule;
public PolicyServer()
{
@@ -49,7 +58,22 @@
}
public void start()
- {
+ {
+ try
+ {
+ Set<PolicyFinderModule> finders =
this.policyDecisionPoint.getPDPConfiguration().getPolicyFinder().getModules();
+ for(PolicyFinderModule module: finders)
+ {
+ if(module instanceof EnterprisePolicyFinderModule)
+ {
+ this.policyFinderModule = (EnterprisePolicyFinderModule)module;
+ }
+ }
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
}
public void stop()
@@ -105,6 +129,18 @@
}
//------- Provisioning
services-----------------------------------------------------------------------------------------------------------------------------
/**
+ * Generates a new Policy instance based on the supplied MetaData and stores it into
the Policy Store
+ *
+ * @param policyMetaData meta data for the policy to be created
+ */
+ public void newPolicy(PolicyMetaData policyMetaData) throws PolicyException
+ {
+ Policy policy = new HierarchialPolicy(GeneralTool.generateUniqueId(), policyMetaData);
+ this.policyStore.savePolicy(policy);
+ this.policyFinderModule.addPolicy(policy);
+ }
+
+ /**
* Read a stored Policy identified by the unique policyUri
*
* @param policyUri
@@ -124,18 +160,8 @@
{
return this.policyStore.readAllPolicies();
}
-
+
/**
- * Saves a Policy into storage. If this policy already exists in storage, then it
updates it
- *
- * @param policy Policy to be saved into storage
- */
- public void savePolicy(Policy policy) throws PolicyException
- {
- this.policyStore.savePolicy(policy);
- }
-
- /**
* Deletes the specified Policy from storage
*
* @param policyUri unique identifier for the Policy
Added:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServerException.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServerException.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/PolicyServerException.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -0,0 +1,50 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class PolicyServerException extends Exception
+{
+ public PolicyServerException()
+ {
+ super();
+ }
+
+ public PolicyServerException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public PolicyServerException(String message)
+ {
+ super(message);
+ }
+
+ public PolicyServerException(Throwable cause)
+ {
+ super(cause);
+ }
+}
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/decision/PolicyDecisionPoint.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -27,9 +27,11 @@
import org.jboss.security.authz.enforcement.Request;
import org.jboss.security.authz.enforcement.Response;
+import org.jboss.security.authz.policy.server.PolicyServerException;
import org.jboss.security.xacml.sunxacml.ConfigurationStore;
import org.jboss.security.xacml.sunxacml.PDP;
+import org.jboss.security.xacml.sunxacml.PDPConfig;
/**
* This component processes all incoming Authorization requests and responds with a
response
@@ -45,6 +47,7 @@
private static Logger log = Logger.getLogger(PolicyDecisionPoint.class);
private PDP policyDecisionPoint;
+ private ConfigurationStore store;
public PolicyDecisionPoint()
{
@@ -55,11 +58,11 @@
{
try
{
- ConfigurationStore store = new ConfigurationStore(new
File(Thread.currentThread().getContextClassLoader().
+ this.store = new ConfigurationStore(new
File(Thread.currentThread().getContextClassLoader().
getResource("META-INF/pdp-config.xml").getFile()));
- store.useDefaultFactories();
+ this.store.useDefaultFactories();
- this.policyDecisionPoint = new PDP(store.getDefaultPDPConfig());
+ this.policyDecisionPoint = new PDP(this.store.getDefaultPDPConfig());
log.info("-------------------------------------------------------");
log.info("Policy Decision Point successfully
started.....................");
@@ -75,6 +78,7 @@
public void stop()
{
this.policyDecisionPoint = null;
+ this.store = null;
}
//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/**
@@ -105,4 +109,16 @@
String responseXml = null;
return responseXml;
}
+ //---------Expose some configuration
information--------------------------------------------------------------------------------------------------------------------------------------------------
+ public PDPConfig getPDPConfiguration() throws PolicyServerException
+ {
+ try
+ {
+ return this.store.getDefaultPDPConfig();
+ }
+ catch(Exception e)
+ {
+ throw new PolicyServerException(e);
+ }
+ }
}
Deleted:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -1,52 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-package org.jboss.security.authz.policy.server.plugin;
-
-import org.jboss.security.xacml.sunxacml.finder.PolicyFinder;
-import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
-
-/**
- * A production ready Enterprise Policy Finder that would be used by the Policy
Server/PDP component.
- *
- * It is designed for being production ready from a performance/scalability/clustering
standpoint
- *
- * This particular version will provide performance enhancement by the use of a clustered
cache based on JBoss Cache
- * The actual storage of the policies will be done within a relational database
- *
- * This also allows for runtime modification of Security Policies without requiring any
restart/refresh of the Applications
- *
- * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
- *
- */
-public class EnterprisePolicyFinder extends PolicyFinderModule
-{
- public EnterprisePolicyFinder()
- {
-
- }
-
- @Override
- public void init(PolicyFinder finder)
- {
- }
-}
\ No newline at end of file
Copied:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
(from rev 12766,
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinder.java)
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java
(rev 0)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/plugin/EnterprisePolicyFinderModule.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -0,0 +1,155 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.security.authz.policy.server.plugin;
+
+import java.io.IOException;
+import java.io.ByteArrayInputStream;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.policy.server.PolicyServerException;
+
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.finder.PolicyFinder;
+import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
+import org.jboss.security.xacml.sunxacml.finder.PolicyFinderResult;
+import org.jboss.security.xacml.sunxacml.support.finder.PolicyReader;
+import org.jboss.security.xacml.sunxacml.support.finder.PolicyCollection;
+import org.jboss.security.xacml.sunxacml.support.finder.TopLevelPolicyException;
+import org.jboss.security.xacml.sunxacml.AbstractPolicy;
+
+/**
+ * A production ready Enterprise Policy Finder that would be used by the Policy
Server/PDP component.
+ *
+ * It is designed for being production ready from a performance/scalability/clustering
standpoint
+ *
+ * This particular version will provide performance enhancement by the use of a clustered
cache based on JBoss Cache
+ * The actual storage of the policies will be done within a relational database
+ *
+ * This also allows for runtime modification of Security Policies without requiring any
restart/refresh of the Applications
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class EnterprisePolicyFinderModule extends PolicyFinderModule
+{
+ private static Logger log = Logger.getLogger(EnterprisePolicyFinderModule.class);
+
+ private PolicyReader reader;
+ private PolicyCollection policies;
+
+ public EnterprisePolicyFinderModule()
+ {
+ this.policies = new PolicyCollection();
+ }
+
+ public void addPolicy(Policy policy) throws PolicyServerException
+ {
+ ByteArrayInputStream bos = null;
+ try
+ {
+ String xacmlPolicyStr = policy.generateXACMLPolicy();
+ bos = new ByteArrayInputStream(xacmlPolicyStr.getBytes());
+
+
+ AbstractPolicy xacmlPolicy = this.reader.readPolicy(bos);
+ this.policies.addPolicy(xacmlPolicy);
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new PolicyServerException(e);
+ }
+ finally
+ {
+ if(bos != null)
+ {
+ try
+ {
+ bos.close();
+ }catch(IOException ioe){}
+ }
+ }
+ }
+ //-----------PolicyFinderModule
Implementation------------------------------------------------------------------------------------------------------------
+ /**
+ * Initializes this module for use by the given finder. Typically this
+ * is called when a <code>PDP</code> is initialized with a
+ * <code>PDPConfig</code> containing the given
<code>PolicyFinder</code>.
+ * Because <code>PolicyFinderModule</code>s usually need to parse
+ * policies, and this requires knowing their <code>PolicyFinder<code>,
+ * parsing is usually done at or after this point in the lifetime
+ * of this module. This might also be a good time to reset any internal
+ * caches or temporary data. Note that this method may be called more
+ * than once in the lifetime of a module.
+ *
+ * @param finder the <code>PolicyFinder</code> using this module
+ */
+ public void init(PolicyFinder finder)
+ {
+ this.reader = new PolicyReader(finder,
java.util.logging.Logger.getLogger(this.getClass().getName()));
+ }
+
+ /**
+ * Returns true if the module supports finding policies based on a
+ * request (ie, target matching). By default this method returns false.
+ *
+ * @return true if request retrieval is supported
+ */
+ public boolean isRequestSupported()
+ {
+ return true;
+ }
+
+ /**
+ * Tries to find one and only one matching policy given the request
+ * represented by the context data. If more than one policy is found,
+ * this is an error and must be reported as such. If no policies are
+ * found, then an empty result must be returned. By default this
+ * method returns an empty result. This method should never return null.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of looking for a matching policy
+ */
+ public PolicyFinderResult findPolicy(EvaluationCtx context)
+ {
+ try
+ {
+ AbstractPolicy policy = this.policies.getPolicy(context);
+ if (policy == null)
+ {
+ return new PolicyFinderResult();
+ }
+ else
+ {
+ return new PolicyFinderResult(policy);
+ }
+ }
+ catch (TopLevelPolicyException e)
+ {
+ return new PolicyFinderResult(e.getStatus());
+ }
+ }
+}
\ No newline at end of file
Modified:
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java
===================================================================
---
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/spi/PolicyStore.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -30,7 +30,7 @@
*
*/
public interface PolicyStore
-{
+{
/**
* Read a stored Policy identified by the unique policyUri
*
Modified:
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml
===================================================================
---
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/main/resources/META-INF/jboss-beans.xml 2009-02-03
17:24:30 UTC (rev 12767)
@@ -16,5 +16,8 @@
</bean>
<bean name="/policy-server/PolicyStore"
class="org.jboss.security.authz.policy.server.provisioning.MemoryPolicyStore">
+ </bean>
+
+ <bean name="/policy-server/PolicyDeployer"
class="org.jboss.security.authz.policy.server.provisioning.PolicyDeployer">
</bean>
</deployment>
\ No newline at end of file
Modified:
modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml
===================================================================
---
modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/main/resources/META-INF/pdp-config.xml 2009-02-03
17:24:30 UTC (rev 12767)
@@ -6,7 +6,7 @@
<pdp name="pdp">
<attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule"/>
<attributeFinderModule
class="org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule"/>
- <policyFinderModule
class="org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinder">
+ <policyFinderModule
class="org.jboss.security.authz.policy.server.plugin.EnterprisePolicyFinderModule">
</policyFinderModule>
</pdp>
Modified:
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java
===================================================================
---
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java 2009-02-02
11:41:03 UTC (rev 12766)
+++
modules/authorization/trunk/policy-server/src/test/java/org/jboss/security/authz/policy/server/TestPolicyServer.java 2009-02-03
17:24:30 UTC (rev 12767)
@@ -22,24 +22,44 @@
package org.jboss.security.authz.policy.server;
import junit.framework.TestCase;
+import org.apache.log4j.Logger;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.components.http.HttpResource;
+import org.jboss.security.authz.policy.server.PolicyServer;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public class TestPolicyServer extends TestCase
{
+ private static Logger log = Logger.getLogger(TestPolicyServer.class);
+
+ private PolicyServer policyServer;
+
public void setUp() throws Exception
{
Server.bootstrap();
+ this.policyServer =
(PolicyServer)Server.lookup("/policy-server/PolicyServer");
}
public void tearDown() throws Exception
{
-
}
- public void test() throws Exception
+ public void testNewPolicy() throws Exception
{
+ HttpResource httpResource = new HttpResource();
+ httpResource.setUrl("/blah/index.html");
+ httpResource.addParameter("param1", "param1Value");
+ policyServer.newPolicy(httpResource.getPolicyMetaData(true));
+
+ //Assert Policy State of the Server
+ Policy[] policies = policyServer.readAllPolicies();
+
+ assertTrue("Policy Store must not be empty!!", (policies != null &&
policies.length == 1));
+ log.info("------------------------------------------------------------------------------");
+ log.info(policies[0].generateXACMLPolicy());
}
}
6300
days inactive
6300
days old
portal-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
portal-commits@lists.jboss.org