[jboss-cvs] jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates ...
Anil Saldhana
anil.saldhana at jboss.com
Tue Jul 25 23:35:23 EDT 2006
User: asaldhana
Date: 06/07/25 23:35:23
Modified: src/main/org/jboss/web/tomcat/security/authorization/delegates
WebJACCPolicyModuleDelegate.java
WebPolicyModuleDelegate.java
Added: src/main/org/jboss/web/tomcat/security/authorization/delegates
WebXACMLPolicyModuleDelegate.java WebXACMLUtil.java
Log:
JBAS-3324: Be consistent in naming of delegates
Revision Changes Path
1.4 +6 -6 jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: WebJACCPolicyModuleDelegate.java
===================================================================
RCS file: /cvsroot/jboss/jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebJACCPolicyModuleDelegate.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- WebJACCPolicyModuleDelegate.java 25 Jul 2006 17:07:23 -0000 1.3
+++ WebJACCPolicyModuleDelegate.java 26 Jul 2006 03:35:23 -0000 1.4
@@ -45,20 +45,20 @@
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleHelper;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.web.tomcat.security.JaccContextValve;
-//$Id: WebJACCPolicyModuleDelegate.java,v 1.3 2006/07/25 17:07:23 asaldhana Exp $
+//$Id: WebJACCPolicyModuleDelegate.java,v 1.4 2006/07/26 03:35:23 asaldhana Exp $
/**
* JACC based authorization module helper that deals with the web layer
* authorization decisions
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since July 7, 2006
- * @version $Revision: 1.3 $
+ * @version $Revision: 1.4 $
*/
-public class WebJACCPolicyModuleDelegate extends AuthorizationModuleHelper
+public class WebJACCPolicyModuleDelegate extends AuthorizationModuleDelegate
{
private Policy policy = Policy.getPolicy();
@@ -69,7 +69,7 @@
}
/**
- * @see AuthorizationModuleHelper#authorize(Resource)
+ * @see AuthorizationModuleDelegate#authorize(Resource)
*/
public int authorize(Resource resource)
{
@@ -123,7 +123,7 @@
}
/**
- * @see AuthorizationModuleHelper#setPolicyRegistrationManager(PolicyRegistration)
+ * @see AuthorizationModuleDelegate#setPolicyRegistrationManager(PolicyRegistration)
*/
public void setPolicyRegistrationManager(PolicyRegistration authzM)
{
1.2 +4 -4 jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebPolicyModuleDelegate.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: WebPolicyModuleDelegate.java
===================================================================
RCS file: /cvsroot/jboss/jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebPolicyModuleDelegate.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- WebPolicyModuleDelegate.java 25 Jul 2006 17:28:58 -0000 1.1
+++ WebPolicyModuleDelegate.java 26 Jul 2006 03:35:23 -0000 1.2
@@ -25,9 +25,9 @@
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.modules.AuthorizationModuleHelper;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-//$Id: WebPolicyModuleDelegate.java,v 1.1 2006/07/25 17:28:58 asaldhana Exp $
+//$Id: WebPolicyModuleDelegate.java,v 1.2 2006/07/26 03:35:23 asaldhana Exp $
/**
* Authorization Module Delegate that deals with the default authorization
@@ -35,9 +35,9 @@
* made by the base class of Realm (RealmBase))
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jul 21, 2006
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
-public class WebPolicyModuleDelegate extends AuthorizationModuleHelper
+public class WebPolicyModuleDelegate extends AuthorizationModuleDelegate
{
public WebPolicyModuleDelegate()
{
1.1 date: 2006/07/26 03:35:23; author: asaldhana; state: Exp;jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java
Index: WebXACMLPolicyModuleDelegate.java
===================================================================
/*
* JBoss, Home of Professional Open Source
* Copyright 2005, JBoss Inc., and individual contributors as indicated
* by the @authors tag. See the copyright.txt in the distribution for a
* full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.web.tomcat.security.authorization.delegates;
import java.util.Map;
import javax.security.jacc.PolicyContext;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.SecurityConstraint;
import org.jboss.logging.Logger;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
import com.sun.xacml.Policy;
import com.sun.xacml.ctx.RequestCtx;
//$Id: WebXACMLPolicyModuleDelegate.java,v 1.1 2006/07/26 03:35:23 asaldhana Exp $
/**
* XACML based authorization module helper that deals with the web layer
* authorization decisions
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jun 13, 2006
* @version $Revision: 1.1 $
*/
public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
{
public WebXACMLPolicyModuleDelegate()
{
log = Logger.getLogger(getClass());
trace = log.isTraceEnabled();
}
/**
* @see AuthorizationModuleDelegate#authorize(Resource)
*/
public int authorize(Resource resource)
{
//Get the contextual map
Map map = resource.getMap();
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
if(map.size() == 0)
throw new IllegalStateException("Map from the Resource is size zero");
//Get the Catalina Request Object
Request request = (Request)map.get("catalina.request");
SecurityConstraint[] constraints = (SecurityConstraint[])map.get("catalina.constraints");
PolicyRegistration pr = (PolicyRegistration)map.get("authorizationManager");
if(pr != null)
this.authzManager = pr;
return process(request, constraints);
}
/**
* @see AuthorizationModuleDelegate#setPolicyRegistrationManager(PolicyRegistration)
*/
public void setPolicyRegistrationManager(PolicyRegistration authzM)
{
this.authzManager = authzM;
}
/**
* Process the web request
* @param request
* @param sc
* @return
*/
private int process(Request request, SecurityConstraint[] sc)
{
int result = AuthorizationContext.DENY;
WebXACMLUtil util = new WebXACMLUtil();
try
{
RequestCtx requestCtx = util.createXACMLRequest(request,this.authzManager);
String contextID = PolicyContext.getContextID();
Policy policy = (Policy)authzManager.getPolicy(contextID,null);
if(policy == null)
throw new IllegalStateException("Missing xacml policy for contextid:"+contextID);
result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
}
catch(Exception e)
{
if(trace)
log.trace("Exception in processing:",e);
result = AuthorizationContext.DENY;
}
return result;
}
}
1.1 date: 2006/07/26 03:35:23; author: asaldhana; state: Exp;jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java
Index: WebXACMLUtil.java
===================================================================
/*
* JBoss, Home of Professional Open Source
* Copyright 2005, JBoss Inc., and individual contributors as indicated
* by the @authors tag. See the copyright.txt in the distribution for a
* full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.web.tomcat.security.authorization.delegates;
import java.io.ByteArrayOutputStream;
import java.net.URI;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.connector.Request;
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SimplePrincipal;
import com.sun.xacml.Indenter;
import com.sun.xacml.attr.AnyURIAttribute;
import com.sun.xacml.attr.StringAttribute;
import com.sun.xacml.attr.TimeAttribute;
import com.sun.xacml.ctx.Attribute;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.Subject;
//$Id: WebXACMLUtil.java,v 1.1 2006/07/26 03:35:23 asaldhana Exp $
/**
* Utility class for creating XACML Requests
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jun 21, 2006
* @version $Revision: 1.1 $
*/
public class WebXACMLUtil
{
private static Logger log = Logger.getLogger(WebXACMLUtil.class);
private boolean trace = log.isTraceEnabled();
public WebXACMLUtil()
{
}
public RequestCtx createXACMLRequest(Request request,
AuthorizationManager authzManager) throws Exception
{
HttpServletRequest httpRequest = (HttpServletRequest)request;
String httpMethod = httpRequest.getMethod();
String action = "GET".equals(httpMethod)?"read":"write";
//Non-standard uri
String actionURIBase = "urn:oasis:names:tc:xacml:2.0:request-param:attribute:";
RequestCtx requestCtx = null;
Principal principal = request.getPrincipal();
String username = getUserName();
//Get the roles from the authorization manager
Set roles = authzManager.getUserRoles(principal);
//Create the subject set
URI subjectAttrUri = new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
new StringAttribute(username));
Set subjectAttrSet = new HashSet();
subjectAttrSet.add(subjectAttr);
subjectAttrSet.addAll(getXACMLRoleSet(roles));
Set subjectSet = new HashSet();
subjectSet.add(new Subject(subjectAttrSet));
//Create the resource set
URI resourceUri = new URI("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
Attribute resourceAttr = new Attribute(resourceUri,null,null,
new AnyURIAttribute(new URI(getRequestURI(request))));
Set resourceSet = new HashSet();
resourceSet.add(resourceAttr);
//Create the action set
Set actionSet = new HashSet();
actionSet.add(new Attribute(new URI("urn:oasis:names:tc:xacml:1.0:action:action-id"),
null,null, new StringAttribute(action)));
Enumeration enumer = request.getParameterNames();
while(enumer.hasMoreElements())
{
String paramName = (String)enumer.nextElement();
String paramValue = request.getParameter(paramName);
URI actionUri = new URI(actionURIBase + paramName);
Attribute actionAttr = new Attribute(actionUri,null,null,
new StringAttribute(paramValue));
actionSet.add(actionAttr);
}
//Create the Environment set
Set environSet = new HashSet();
//Current time
URI currentTimeUri = new URI("urn:oasis:names:tc:xacml:1.0:environment:current-time");
Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
new TimeAttribute());
environSet.add(currentTimeAttr);
//Create the request context
requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
if(trace)
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
requestCtx.encode(baos, new Indenter());
log.trace("XACML Request:"+baos.toString());
baos.close();
}
return requestCtx;
}
private Set getXACMLRoleSet(Set roles) throws Exception
{
URI roleURI = new URI("urn:oasis:names:tc:xacml:2.0:example:attribute:role");
Set roleset = new HashSet();
Iterator iter = roles != null ? roles.iterator(): null;
while(iter != null && iter.hasNext())
{
Principal role = (Principal)iter.next();
if(role instanceof SimplePrincipal)
{
SimplePrincipal sp = (SimplePrincipal)role;
Attribute roleAttr = new Attribute(roleURI,null,null,
new StringAttribute(sp.getName()));
roleset.add(roleAttr);
}
}
return roleset;
}
private String getRequestURI(Request request)
{
String requestUri = request.getRequestURI();
return requestUri;
}
private String getUserName() throws Exception
{
String user = "";
String key = "javax.security.auth.Subject.container";
javax.security.auth.Subject caller = (javax.security.auth.Subject) PolicyContext.getContext(key);
Iterator iter = caller.getPrincipals().iterator();
while(iter.hasNext())
{
Principal p = (Principal)iter.next();
if(p instanceof SimplePrincipal && !(p instanceof Group))
{
SimplePrincipal sp = (SimplePrincipal)p;
user= sp.getName();
}
}
return user;
}
}
More information about the jboss-cvs-commits
mailing list