[jboss-cvs] JBossAS SVN: r62924 - trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 8 23:08:38 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-05-08 23:08:38 -0400 (Tue, 08 May 2007)
New Revision: 62924
Removed:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java
Log:
remove the xacml web integration as it is now in the security project
Deleted: trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java 2007-05-09 03:08:14 UTC (rev 62923)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java 2007-05-09 03:08:38 UTC (rev 62924)
@@ -1,140 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.web.tomcat.security.authorization.delegates;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.deploy.SecurityConstraint;
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
-
-import com.sun.xacml.Policy;
-import com.sun.xacml.ctx.RequestCtx;
-
-//$Id$
-
-/**
- * XACML based authorization module helper that deals with the web layer
- * authorization decisions
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 13, 2006
- * @version $Revision$
- */
-public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
-{
- private Subject callerSubject = null;
-
- public WebXACMLPolicyModuleDelegate()
- {
- log = Logger.getLogger(getClass());
- trace = log.isTraceEnabled();
- }
-
- /**
- * @see AuthorizationModuleDelegate#authorize(Resource)
- */
- public int authorize(Resource resource)
- {
- //Get the contextual map
- Map map = resource.getMap();
- if(map == null)
- throw new IllegalStateException("Map from the Resource is null");
-
- if(map.size() == 0)
- throw new IllegalStateException("Map from the Resource is size zero");
- //Get the Catalina Request Object
- Request request = (Request)map.get(ResourceKeys.WEB_REQUEST);
- SecurityConstraint[] constraints = (SecurityConstraint[])map.get(ResourceKeys.WEB_SECURITY_CONSTRAINTS);
- PolicyRegistration pr = (PolicyRegistration)map.get(ResourceKeys.AUTHORIZATION_MANAGER);
- callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
- if(pr != null)
- this.authzManager = pr;
- Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
- Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
-
- //If it is a userDataCheck or a RoleRefCheck, then the base class (RealmBase) decision holds
- if(userDataCheck || roleRefCheck)
- return AuthorizationContext.PERMIT; //Base class decision holds good
-
- if(request == null)
- throw new IllegalStateException("Request is null");
-
- return process(request, constraints);
- }
-
- /**
- * @see AuthorizationModuleDelegate#setPolicyRegistrationManager(PolicyRegistration)
- */
- public void setPolicyRegistrationManager(PolicyRegistration authzM)
- {
- this.authzManager = authzM;
- }
-
- /**
- * Ensure that the bool is a valid value
- * @param bool
- * @return bool or Boolean.FALSE (when bool is null)
- */
- private Boolean checkBooleanValue(Boolean bool)
- {
- if(bool == null)
- return Boolean.FALSE;
- return bool;
- }
-
- /**
- * Process the web request
- * @param request
- * @param sc
- * @return
- */
- private int process(Request request, SecurityConstraint[] sc)
- {
- int result = AuthorizationContext.DENY;
- WebXACMLUtil util = new WebXACMLUtil();
- try
- {
- RequestCtx requestCtx = util.createXACMLRequest(request,authzManager, callerSubject);
- String contextID = PolicyContext.getContextID();
- Policy policy = (Policy)authzManager.getPolicy(contextID,null);
- if(policy == null)
- throw new IllegalStateException("Missing xacml policy for contextid:"+contextID);
- result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
- }
- catch(Exception e)
- {
- if(trace)
- log.trace("Exception in processing:",e);
- result = AuthorizationContext.DENY;
- }
- return result;
- }
- }
Deleted: trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java 2007-05-09 03:08:14 UTC (rev 62923)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java 2007-05-09 03:08:38 UTC (rev 62924)
@@ -1,180 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.web.tomcat.security.authorization.delegates;
-
-import java.io.ByteArrayOutputStream;
-import java.net.URI;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.security.jacc.PolicyContext;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.catalina.connector.Request;
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SimplePrincipal;
-
-import com.sun.xacml.Indenter;
-import com.sun.xacml.attr.AnyURIAttribute;
-import com.sun.xacml.attr.StringAttribute;
-import com.sun.xacml.attr.TimeAttribute;
-import com.sun.xacml.ctx.Attribute;
-import com.sun.xacml.ctx.RequestCtx;
-import com.sun.xacml.ctx.Subject;
-
-//$Id$
-
-/**
- * Utility class for creating XACML Requests
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 21, 2006
- * @version $Revision$
- */
-public class WebXACMLUtil
-{
- private static Logger log = Logger.getLogger(WebXACMLUtil.class);
- private boolean trace = log.isTraceEnabled();
-
- public WebXACMLUtil()
- {
- }
-
- public RequestCtx createXACMLRequest(Request request,
- AuthorizationManager authzManager, javax.security.auth.Subject callerSubject) throws Exception
- {
- HttpServletRequest httpRequest = (HttpServletRequest)request.getRequest();
- if(httpRequest == null)
- throw new IllegalArgumentException("Http Request is null");
- if(authzManager == null)
- throw new IllegalArgumentException("Authorization Manager is null");
- String httpMethod = httpRequest.getMethod();
- String action = "GET".equals(httpMethod)?"read":"write";
-
- //Non-standard uri
- String actionURIBase = "urn:oasis:names:tc:xacml:2.0:request-param:attribute:";
-
- RequestCtx requestCtx = null;
- Principal principal = request.getPrincipal();
- String username = getUserName(callerSubject);
- //Get the roles from the authorization manager
- Set roles = authzManager.getUserRoles(principal);
- //Create the subject set
- URI subjectAttrUri = new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set subjectAttrSet = new HashSet();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(roles));
-
- Set subjectSet = new HashSet();
- subjectSet.add(new Subject(subjectAttrSet));
-
- //Create the resource set
- URI resourceUri = new URI("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new AnyURIAttribute(new URI(getRequestURI(request))));
- Set resourceSet = new HashSet();
- resourceSet.add(resourceAttr);
-
- //Create the action set
- Set actionSet = new HashSet();
- actionSet.add(new Attribute(new URI("urn:oasis:names:tc:xacml:1.0:action:action-id"),
- null,null, new StringAttribute(action)));
-
- Enumeration enumer = request.getParameterNames();
- while(enumer.hasMoreElements())
- {
- String paramName = (String)enumer.nextElement();
- String paramValue = request.getParameter(paramName);
- URI actionUri = new URI(actionURIBase + paramName);
- Attribute actionAttr = new Attribute(actionUri,null,null,
- new StringAttribute(paramValue));
- actionSet.add(actionAttr);
- }
- //Create the Environment set
- Set environSet = new HashSet();
- //Current time
- URI currentTimeUri = new URI("urn:oasis:names:tc:xacml:1.0:environment:current-time");
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
-
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
-
- if(trace)
- {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
- }
- return requestCtx;
- }
-
- private Set getXACMLRoleSet(Set roles) throws Exception
- {
- URI roleURI = new URI("urn:oasis:names:tc:xacml:2.0:example:attribute:role");
-
- Set roleset = new HashSet();
- Iterator iter = roles != null ? roles.iterator(): null;
- while(iter != null && iter.hasNext())
- {
- Principal role = (Principal)iter.next();
- if(role instanceof SimplePrincipal)
- {
- SimplePrincipal sp = (SimplePrincipal)role;
- Attribute roleAttr = new Attribute(roleURI,null,null,
- new StringAttribute(sp.getName()));
- roleset.add(roleAttr);
- }
- }
- return roleset;
- }
-
- private String getRequestURI(Request request)
- {
- String requestUri = request.getRequestURI();
- return requestUri;
- }
-
- private String getUserName(javax.security.auth.Subject caller) throws Exception
- {
- String user = "";
- Iterator iter = caller.getPrincipals().iterator();
- while(iter.hasNext())
- {
- Principal p = (Principal)iter.next();
- if(p instanceof SimplePrincipal && !(p instanceof Group))
- {
- SimplePrincipal sp = (SimplePrincipal)p;
- user= sp.getName();
- }
- }
- return user;
- }
-}
More information about the jboss-cvs-commits
mailing list