[jboss-cvs] JBossAS SVN: r72199 - in projects/security/security-xacml/trunk/jboss-xacml/src: main/java/org/jboss/security/xacml/interfaces and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 14 15:28:27 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-14 15:28:27 -0400 (Mon, 14 Apr 2008)
New Revision: 72199
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/ResponseContext.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/InteropUseCasesUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml
Log:
SECURITY-197: result type from response context
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java 2008-04-14 18:00:37 UTC (rev 72198)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java 2008-04-14 19:28:27 UTC (rev 72199)
@@ -30,14 +30,23 @@
import javax.xml.parsers.DocumentBuilderFactory;
+import org.jboss.security.xacml.core.model.context.ObjectFactory;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.core.model.context.StatusCodeType;
+import org.jboss.security.xacml.core.model.context.StatusType;
+import org.jboss.security.xacml.core.model.policy.EffectType;
+import org.jboss.security.xacml.core.model.policy.ObligationType;
+import org.jboss.security.xacml.core.model.policy.ObligationsType;
import org.jboss.security.xacml.interfaces.ContextMapOp;
import org.jboss.security.xacml.interfaces.ElementMappingType;
import org.jboss.security.xacml.interfaces.ResponseContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.sunxacml.Indenter;
+import org.jboss.security.xacml.sunxacml.Obligation;
import org.jboss.security.xacml.sunxacml.ParsingException;
import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
import org.jboss.security.xacml.sunxacml.ctx.Result;
+import org.jboss.security.xacml.sunxacml.ctx.Status;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -92,6 +101,47 @@
}
/**
+ * @see ResponseContext#getResult()
+ */
+ @SuppressWarnings("unchecked")
+ public ResultType getResult()
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+ ResultType resultType = objectFactory.createResultType();
+ ResponseCtx response = (ResponseCtx) map.get(XACMLConstants.RESPONSE_CTX);
+ if (response != null)
+ {
+ //Resource ID
+ Result result = (Result) response.getResults().iterator().next();
+ resultType.setResourceId(result.getResource());
+
+ //Status
+ Status status = result.getStatus();
+ StatusType statusType = objectFactory.createStatusType();
+ StatusCodeType statusCodeType = objectFactory.createStatusCodeType();
+ statusCodeType.setValue(status.getMessage());
+ statusType.setStatusCode(statusCodeType);
+
+ //Obligations
+ Set<Obligation> obligationsSet = result.getObligations();
+ if(obligationsSet != null)
+ {
+ for(Obligation obl:obligationsSet)
+ {
+ ObligationType obType = new ObligationType();
+ obType.setObligationId(obl.getId().toASCIIString());
+ obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
+
+ ObligationsType obligationsType = new ObligationsType();
+ obligationsType.getObligation().add(obType);
+ resultType.setObligations(obligationsType);
+ }
+ }
+ }
+ return resultType;
+ }
+
+ /**
* @see ResponseContext#getDocumentElement()
*/
public Node getDocumentElement()
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/ResponseContext.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/ResponseContext.java 2008-04-14 18:00:37 UTC (rev 72198)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/ResponseContext.java 2008-04-14 19:28:27 UTC (rev 72199)
@@ -25,6 +25,7 @@
import java.io.InputStream;
import java.io.OutputStream;
+import org.jboss.security.xacml.core.model.context.ResultType;
import org.w3c.dom.Node;
@@ -42,6 +43,12 @@
* @see XACMLConstants
*/
int getDecision();
+
+ /**
+ * Get the result
+ * @return
+ */
+ ResultType getResult();
/**
* Return the element of the document
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java 2008-04-14 18:00:37 UTC (rev 72198)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java 2008-04-14 19:28:27 UTC (rev 72199)
@@ -56,19 +56,45 @@
*/
public static int getDecision(PolicyDecisionPoint pdp, String requestFileLoc) throws Exception
{
+ ResponseContext response = getResponse(pdp,requestFileLoc);
+ if (response == null)
+ throw new RuntimeException("Response is null");
+ if (debug)
+ response.marshall(System.out);
+ return response.getDecision();
+ }
+
+ /**
+ * Get the Response
+ * @param pdp
+ * @param requestFileLoc
+ * @return
+ * @throws Exception
+ */
+ public static ResponseContext getResponse(PolicyDecisionPoint pdp,
+ String requestFileLoc) throws Exception
+ {
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream(requestFileLoc);
RequestContext request = RequestResponseContextFactory.createRequestCtx();
request.readRequest(is);
if (debug)
request.marshall(System.out);
- ResponseContext response = pdp.evaluate(request);
- if (response == null)
- throw new RuntimeException("Response is null");
- if (debug)
- response.marshall(System.out);
- return response.getDecision();
+ return getResponse(pdp,request);
}
+
+ /**
+ * Get the response for a request from the pdp
+ * @param pdp
+ * @param request
+ * @return
+ * @throws Exception
+ */
+ public static ResponseContext getResponse(PolicyDecisionPoint pdp
+ , RequestContext request) throws Exception
+ {
+ return pdp.evaluate(request);
+ }
/**
* Get the decision from the PDP
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/InteropUseCasesUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/InteropUseCasesUnitTestCase.java 2008-04-14 18:00:37 UTC (rev 72198)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/InteropUseCasesUnitTestCase.java 2008-04-14 19:28:27 UTC (rev 72199)
@@ -24,7 +24,10 @@
import java.io.InputStream;
import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.core.model.policy.ObligationsType;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.ResponseContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.test.security.xacml.factories.util.XACMLTestUtil;
@@ -45,7 +48,8 @@
<!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
<!-- **************************************************************** -->
**/
- validateCase("XacmlRequest-01-01.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("XacmlRequest-01-01.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testRequest01_02() throws Exception
@@ -55,7 +59,8 @@
<!-- Test case 1-02: Should be Deny: Dr A missing 2 reqd perms -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-01-02.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("XacmlRequest-01-02.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testRequest01_03() throws Exception
@@ -65,7 +70,8 @@
<!-- Test case 1-03: Should be Perm: Dr A has all reqd perms +2 extra -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-01-03.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("XacmlRequest-01-03.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testRequest01_04() throws Exception
@@ -75,7 +81,8 @@
<!-- Test case 1-04: Should be Deny: Dr A has no facility -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-01-04.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("XacmlRequest-01-04.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testRequest02_01() throws Exception
@@ -85,7 +92,8 @@
<!-- Test case 2-01: Should be Deny: provides role but needs perms -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-02-01.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("XacmlRequest-02-01.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testRequest02_02() throws Exception
@@ -95,7 +103,8 @@
<!-- Test case 2-02: Should be Deny: Dr A is on dissented list -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-02-02.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("XacmlRequest-02-02.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testRequest02_03() throws Exception
@@ -105,7 +114,8 @@
<!-- Test case 2-03: Should be Perm: Dr A is not on dissented list -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-02-03.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("XacmlRequest-02-03.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testRequest02_04() throws Exception
@@ -115,7 +125,8 @@
<!-- Test case 2-04: Should be Deny: Dr A is on dissented multi-list -->
<!-- **************************************************************** -->
**/
- validateCase("XacmlRequest-02-04.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("XacmlRequest-02-04.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testRequest03_01() throws Exception
@@ -125,7 +136,8 @@
<!-- Test case 3-01: Should be Deny: signed = Fals, Dr. A not author -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-03-01.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("XacmlRequest-03-01.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testRequest03_02() throws Exception
@@ -135,7 +147,8 @@
<!-- Test case 3-02: Should be Permit: sign = True, Dr. A not author -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-03-02.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("XacmlRequest-03-02.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testRequest03_03() throws Exception
@@ -143,10 +156,11 @@
/**
*
!-- **************************************************************** -->
- <!-- Test case 3-03: Should be Perm: signed = Fals, Dr. A is author -->
+ <!-- Test case 3-03: Should be Perm: signed = False, Dr. A is author -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-03-03.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("XacmlRequest-03-03.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testRequest04_01() throws Exception
@@ -156,7 +170,12 @@
<!-- Test case 4-01: Should be Perm + Obl: Dr A has emergency perm -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-04-01.xml", XACMLConstants.DECISION_PERMIT);
+ String file = "XacmlRequest-04-01.xml";
+ ResponseContext response = getResponse(file);
+ ResultType result = response.getResult();
+ ObligationsType obligationsType = result.getObligations();
+ assertTrue("1 obligation", obligationsType.getObligation().size() == 1);
+ validateCase(response, XACMLConstants.DECISION_PERMIT);
}
public void testRequest04_02() throws Exception
@@ -166,7 +185,13 @@
<!-- Test case 04-02: Should be Perm + Obl: Dr A has emergency perm -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-04-02.xml", XACMLConstants.DECISION_PERMIT);
+ String file = "XacmlRequest-04-02.xml";
+ ResponseContext response = getResponse(file);
+ ResultType result = response.getResult();
+ ObligationsType obligationsType = result.getObligations();
+ assertTrue("1 obligation", obligationsType.getObligation().size() == 1);
+
+ validateCase( response, XACMLConstants.DECISION_PERMIT);
}
public void testRequest04_03() throws Exception
@@ -177,7 +202,12 @@
<!-- Test case 4-03: Should be Deny+Obl: DrA has pea-001 but UBA set -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-04-03.xml", XACMLConstants.DECISION_DENY);
+ String file = "XacmlRequest-04-03.xml";
+ ResponseContext response = getResponse(file);
+ ResultType result = response.getResult();
+ ObligationsType obligationsType = result.getObligations();
+ assertTrue("1 obligation", obligationsType.getObligation().size() == 1);
+ validateCase(response, XACMLConstants.DECISION_DENY);
}
public void testRequest05_01() throws Exception
@@ -187,7 +217,12 @@
<!-- Test case 5-01: Should be Perm + Obl: Dr A is on dissented list -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-05-01.xml", XACMLConstants.DECISION_PERMIT);
+ String file = "XacmlRequest-05-01.xml";
+ ResponseContext response = getResponse(file);
+ ResultType result = response.getResult();
+ ObligationsType obligationsType = result.getObligations();
+ assertTrue("1 obligation", obligationsType.getObligation().size() == 1);
+ validateCase(response, XACMLConstants.DECISION_PERMIT);
}
public void testRequest05_02() throws Exception
@@ -197,12 +232,14 @@
<!-- Test case 5-02: Should be Perm: no obl; Dr A not on dis-list -->
<!-- **************************************************************** -->
*/
- validateCase("XacmlRequest-05-02.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("XacmlRequest-05-02.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testPatientSearch() throws Exception
{
- validateCase("patient_search.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("patient_search.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testEmergencyAccess() throws Exception
@@ -212,7 +249,8 @@
* absence of the “env:locality” turns on emergency override.
* If you remove the “pea” from the request, it should turn into a “deny”.
*/
- validateCase("emergency_access.xml", XACMLConstants.DECISION_PERMIT);
+ validateCase(getResponse("emergency_access.xml"),
+ XACMLConstants.DECISION_PERMIT);
}
public void testEmergencyAccessDeny() throws Exception
@@ -222,7 +260,8 @@
* absence of the “env:locality” turns on emergency override.
* If you remove the “pea” from the request, it should turn into a “deny”.
*/
- validateCase("emergency_access_deny.xml", XACMLConstants.DECISION_DENY);
+ validateCase(getResponse("emergency_access_deny.xml"),
+ XACMLConstants.DECISION_DENY);
}
public void testDrCharlieFromFacilityBAccessPatientFromFacilityADeny()
@@ -233,7 +272,7 @@
* Dr.Charlie from FacilityB tries to access the chart of a patient
* from Facility A. Should be deny
*/
- validateCase("charliefacilityB_patientA_deny_request.xml",
+ validateCase(getResponse("charliefacilityB_patientA_deny_request.xml"),
XACMLConstants.DECISION_DENY);
}
@@ -246,7 +285,7 @@
* from Facility A. There is an emergency access attribute in the subject
* "pea-001"
*/
- validateCase("charliefacilityB_patientA_emergency_request.xml",
+ validateCase(getResponse("charliefacilityB_patientA_emergency_request.xml"),
XACMLConstants.DECISION_PERMIT);
}
@@ -259,11 +298,16 @@
return new JBossPDP(is);
}
- private void validateCase(String loc, int decisionval) throws Exception
+ private ResponseContext getResponse(String loc) throws Exception
{
loc = "test/requests/interop/rsaconf08/" + loc;
+ return XACMLTestUtil.getResponse(getPDP(), loc);
+ }
+
+ private void validateCase(ResponseContext response, int decisionval) throws Exception
+ {
+ int decision = response.getDecision();
- int decision = XACMLTestUtil.getDecision(getPDP(), loc);
switch(decisionval)
{
case XACMLConstants.DECISION_PERMIT:
@@ -274,6 +318,5 @@
break;
default: fail("wrong value");
}
- }
-
+ }
}
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml 2008-04-14 18:00:37 UTC (rev 72198)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml 2008-04-14 19:28:27 UTC (rev 72199)
@@ -32,4 +32,4 @@
<ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
</ns:Locator>
</ns:Locators>
-</ns:jbosspdp>
+</ns:jbosspdp>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list