[jboss-cvs] JBossAS SVN: r72325 - in projects/security/security-jboss-sx/trunk/jbosssx: src/main/org/jboss/security/authorization and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Apr 17 01:02:28 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-17 01:02:28 -0400 (Thu, 17 Apr 2008)
New Revision: 72325
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/util/
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/util/JBossXACMLUtil.java
Removed:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/.classpath
projects/security/security-jboss-sx/trunk/jbosssx/pom.xml
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
Log:
SECURITY-196:XACMLAuthorizationModule should use JBossXACML
Modified: projects/security/security-jboss-sx/trunk/jbosssx/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/.classpath 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/.classpath 2008-04-17 05:02:28 UTC (rev 72325)
@@ -1,67 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="." including="JBossORG-EULA.txt" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/main"/>
- <classpathentry kind="src" path="src/resources" including="**/*.dtd|**/*.xsd" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/tests" output="target/test-classes"/>
- <classpathentry kind="src" path="src/tests/resources" output="target/test-classes" excluding="**/*.java"/>
- <classpathentry kind="src" path="target/generated-sources/javacc"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.4.GA/javassist-3.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.ga/javassist-3.3.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.4.GA/jboss-common-core-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0.Beta3/jnpserver-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-xacml/sun-xacml/2.0/sun-xacml-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-xacml/sunxacml-support/2.0/sunxacml-support-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
-</classpath>
\ No newline at end of file
+ <classpathentry excluding="**/*.java|src/tests/resources/" including="JBossORG-EULA.txt" kind="src" path=""/>
+ <classpathentry kind="src" path="src/tests/resources"/>
+ <classpathentry kind="src" path="src/main"/>
+ <classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd" kind="src" path="src/resources"/>
+ <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
+ <classpathentry kind="src" path="target/generated-sources/javacc"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.4.GA/javassist-3.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.ga/javassist-3.3.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.4.GA/jboss-common-core-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0.Beta3/jnpserver-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.GA/jboss-xacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.2.GA/jboss-sunxacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.4/jaxb-api-2.1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.4/jaxb-impl-2.1.4.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Modified: projects/security/security-jboss-sx/trunk/jbosssx/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/pom.xml 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/pom.xml 2008-04-17 05:02:28 UTC (rev 72325)
@@ -163,15 +163,15 @@
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>sun-xacml</groupId>
- <artifactId>sun-xacml</artifactId>
- <version>2.0</version>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ <version>2.0.2.GA</version>
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>sun-xacml</groupId>
- <artifactId>sunxacml-support</artifactId>
- <version>2.0</version>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-sunxacml</artifactId>
+ <version>2.0.2.GA</version>
<scope>compile</scope>
</dependency>
<dependency>
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -25,6 +25,8 @@
import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate;
+import org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate;
//$Id$
@@ -39,10 +41,8 @@
public XACMLAuthorizationModule()
{
log = Logger.getLogger(getClass());
- delegateMap.put(ResourceType.WEB,
- "org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate");
- delegateMap.put(ResourceType.EJB,
- "org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate");
+ delegateMap.put(ResourceType.WEB, WebXACMLPolicyModuleDelegate.class.getName());
+ delegateMap.put(ResourceType.EJB, EJBXACMLPolicyModuleDelegate.class.getName());
}
/**
@@ -52,4 +52,4 @@
{
return this.invokeDelegate(resource);
}
- }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.security.Principal;
+import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
@@ -34,12 +35,13 @@
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
-import com.sun.xacml.Policy;
-import com.sun.xacml.ctx.RequestCtx;
-
//$Id$
/**
@@ -102,24 +104,27 @@
* @param sc
* @return
*/
+ @SuppressWarnings("unchecked")
private int process(RoleGroup callerRoles)
{
int result = AuthorizationContext.DENY;
EJBXACMLUtil util = new EJBXACMLUtil();
try
{
- RequestCtx requestCtx = util.createXACMLRequest(this.ejbName,
- this.ejbMethod.getName(),this.principal, callerRoles);
+ RequestContext requestCtx = util.createXACMLRequest(this.ejbName,
+ this.ejbMethod.getName(),this.principal, callerRoles);
- Policy policy = (Policy)policyRegistration.getPolicy(policyContextID,
- PolicyRegistration.XACML, null);
- if(policy == null)
- {
- if(trace)
- log.trace("Policy obtained is null for contextID:"+policyContextID);
- throw new IllegalStateException("Missing xacml policy for contextid:"+policyContextID);
- }
- result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
+ //See if a PDP exists already
+ Map<String,Object> contextMap = new HashMap<String,Object>();
+ contextMap.put("PDP", "PDP");
+
+ PolicyDecisionPoint pdp = util.getPDP(policyRegistration, this.policyContextID);
+ if(pdp == null)
+ throw new IllegalStateException("PDP is null");
+
+ ResponseContext response = pdp.evaluate(requestCtx);
+ result = response.getDecision() == XACMLConstants.DECISION_PERMIT ?
+ AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
catch(Exception e)
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -1,48 +1,45 @@
/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.authorization.modules.ejb;
import java.io.ByteArrayOutputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
import java.security.Principal;
-import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
-import java.util.Set;
import org.jboss.logging.Logger;
-import org.jboss.security.authorization.XACMLConstants;
+import org.jboss.security.authorization.util.JBossXACMLUtil;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.RoleType;
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.EnvironmentType;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestAttributeFactory;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
-import com.sun.xacml.Indenter;
-import com.sun.xacml.attr.StringAttribute;
-import com.sun.xacml.attr.TimeAttribute;
-import com.sun.xacml.ctx.Attribute;
-import com.sun.xacml.ctx.RequestCtx;
-import com.sun.xacml.ctx.Subject;
-
//$Id$
/**
@@ -51,170 +48,79 @@
* @since Jul 6, 2006
* @version $Revision$
*/
-public class EJBXACMLUtil
+public class EJBXACMLUtil extends JBossXACMLUtil
{
private static Logger log = Logger.getLogger(EJBXACMLUtil.class);
private boolean trace = log.isTraceEnabled();
-
- public EJBXACMLUtil()
- {
- }
-
- public RequestCtx createXACMLRequest(String ejbName, String methodName,
- Principal principal, Set<Principal> roles) throws Exception
- {
+
+ public RequestContext createXACMLRequest(String ejbName, String methodName,
+ Principal principal, RoleGroup callerRoles) throws Exception
+ {
if(principal == null)
throw new IllegalArgumentException("principal is null");
-
+
String action = methodName;
-
- RequestCtx requestCtx = null;
- String username = principal.getName();
-
- //Create the subject set
- URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set<Attribute> subjectAttrSet = new HashSet<Attribute>();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(roles));
-
- Set<Subject> subjectSet = new HashSet<Subject>();
- subjectSet.add(new Subject(subjectAttrSet));
-
- //Create the resource set
- URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new StringAttribute(ejbName));
- Set<Attribute> resourceSet = new HashSet<Attribute>();
- resourceSet.add(resourceAttr);
-
- //Create the action set
- Set<Attribute> actionSet = new HashSet<Attribute>();
- actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
- null,null, new StringAttribute(action)));
-
-
- //TODO: Get hold of the invocation arguments and populate in the xacml request
-
- //Create the Environment set
- Set<Attribute> environSet = new HashSet<Attribute>();
- //Current time
- URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
-
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
-
- if(trace)
+
+ RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a subject type
+ SubjectType subject = new SubjectType();
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_SUBJECT_ID, "jboss.org",
+ principal.getName()));
+
+ List<Role> rolesList = callerRoles.getRoles();
+ if(rolesList != null)
{
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
- }
- return requestCtx;
- }
-
- public RequestCtx createXACMLRequest(String ejbName, String methodName,
- Principal principal, RoleGroup roles) throws Exception
- {
- if(principal == null)
- throw new IllegalArgumentException("principal is null");
- if(roles == null)
- throw new IllegalArgumentException("roles is null");
-
- String action = methodName;
-
- RequestCtx requestCtx = null;
- String username = principal.getName();
-
- //Create the subject set
- URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set<Attribute> subjectAttrSet = new HashSet<Attribute>();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(roles));
-
- Set<Subject> subjectSet = new HashSet<Subject>();
- subjectSet.add(new Subject(subjectAttrSet));
-
- //Create the resource set
- URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new StringAttribute(ejbName));
- Set<Attribute> resourceSet = new HashSet<Attribute>();
- resourceSet.add(resourceAttr);
-
- //Create the action set
- Set<Attribute> actionSet = new HashSet<Attribute>();
- actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
- null,null, new StringAttribute(action)));
-
- //TODO: Get hold of the invocation arguments and populate in the xacml request
-
- //Create the Environment set
- Set<Attribute> environSet = new HashSet<Attribute>();
- //Current time
- URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
-
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
-
- if(trace)
- {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
- }
- return requestCtx;
- }
-
- private Set<Attribute> getXACMLRoleSet(Role role) throws Exception
- {
-
- Set<Attribute> roleset = new HashSet<Attribute>();
-
- if(role.getType() == RoleType.group)
- {
- RoleGroup rg = (RoleGroup) role;
- List<Role> roleList = rg.getRoles();
- for(Role r: roleList)
+ for(Role role:rolesList)
{
- roleset.add(getRoleAttribute(r.getRoleName()));
+ String roleName = role.getRoleName();
+ AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ROLE, "jboss.org", roleName);
+ subject.getAttribute().add(attSubjectID);
}
- }
- else
- roleset.add(getRoleAttribute(role.getRoleName()));
- return roleset;
- }
-
- private Attribute getRoleAttribute(String roleName) throws URISyntaxException
- {
- URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
- return new Attribute(roleURI,null,null, new StringAttribute(roleName));
- }
-
- private Set<Attribute> getXACMLRoleSet(Set<Principal> roles) throws Exception
- {
- URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
-
- Set<Attribute> roleset = new HashSet<Attribute>();
- Iterator<Principal> iter = roles != null ? roles.iterator(): null;
- while(iter != null && iter.hasNext())
+ }
+
+ //Create a resource type
+ ResourceType resourceType = new ResourceType();
+ resourceType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ null,
+ ejbName));
+
+ //Create an action type
+ ActionType actionType = new ActionType();
+ actionType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ "jboss.org",
+ action));
+
+ //Create an Environment Type (Optional)
+ EnvironmentType environmentType = new EnvironmentType();
+ environmentType.getAttribute().add(
+ RequestAttributeFactory.createDateTimeAttributeType(
+ XACMLConstants.ATTRIBUTEID_CURRENT_TIME, null));
+
+ //Create a Request Type
+ RequestType requestType = new RequestType();
+ requestType.getSubject().add(subject);
+ requestType.getResource().add(resourceType);
+ requestType.setAction(actionType);
+ requestType.setEnvironment(environmentType);
+
+ requestCtx.setRequest(requestType);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ if(trace)
{
- Principal role = iter.next();
- Attribute roleAttr = new Attribute(roleURI,null,null,
- new StringAttribute(role.getName()));
- roleset.add(roleAttr);
+ requestCtx.marshall(baos);
+ log.trace(new String(baos.toByteArray()));
}
- return roleset;
- }
+ return requestCtx;
+ }
+
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -35,12 +35,12 @@
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.WebResource;
-import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
-import com.sun.xacml.Policy;
-import com.sun.xacml.ctx.RequestCtx;
-
//$Id: WebXACMLPolicyModuleDelegate.java 46543 2006-07-27 20:22:05Z asaldhana $
/**
@@ -74,9 +74,7 @@
throw new IllegalStateException("Map from the Resource is null");
if(map.size() == 0)
- throw new IllegalStateException("Map from the Resource is size zero");
- //Get the Catalina Request Object
- //HttpServletRequest request = (HttpServletRequest)map.get(ResourceKeys.WEB_REQUEST);
+ throw new IllegalStateException("Map from the Resource is size zero");
HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest();
@@ -115,6 +113,7 @@
* @param sc
* @return
*/
+ @SuppressWarnings("unchecked")
private int process(HttpServletRequest request, RoleGroup callerRoles )
{
Principal userP = request.getUserPrincipal();
@@ -125,13 +124,13 @@
WebXACMLUtil util = new WebXACMLUtil();
try
{
- RequestCtx requestCtx = util.createXACMLRequest(request,callerRoles);
+ RequestContext requestCtx = util.createXACMLRequest(request,callerRoles);
String contextID = PolicyContext.getContextID();
- Policy policy = (Policy)policyRegistration.getPolicy(contextID,
- PolicyRegistration.XACML, null);
- if(policy == null)
- throw new IllegalStateException("Missing xacml policy for contextid:"+contextID);
- result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
+
+ PolicyDecisionPoint pdp = util.getPDP(this.policyRegistration, contextID);
+ ResponseContext response = pdp.evaluate(requestCtx);
+ result = response.getDecision() == XACMLConstants.DECISION_PERMIT ?
+ AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
catch(Exception e)
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -25,25 +25,25 @@
import java.net.URI;
import java.security.Principal;
import java.util.Enumeration;
-import java.util.HashSet;
import java.util.List;
-import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.jboss.logging.Logger;
-import org.jboss.security.authorization.XACMLConstants;
+import org.jboss.security.authorization.util.JBossXACMLUtil;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
-
-import com.sun.xacml.Indenter;
-import com.sun.xacml.attr.AnyURIAttribute;
-import com.sun.xacml.attr.StringAttribute;
-import com.sun.xacml.attr.TimeAttribute;
-import com.sun.xacml.ctx.Attribute;
-import com.sun.xacml.ctx.RequestCtx;
-import com.sun.xacml.ctx.Subject;
-
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.EnvironmentType;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestAttributeFactory;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
//$Id: WebXACMLUtil.java 46543 2006-07-27 20:22:05Z asaldhana $
/**
@@ -52,16 +52,14 @@
* @since Jun 21, 2006
* @version $Revision: 46543 $
*/
-public class WebXACMLUtil
+public class WebXACMLUtil extends JBossXACMLUtil
{
private static Logger log = Logger.getLogger(WebXACMLUtil.class);
private boolean trace = log.isTraceEnabled();
+
- public WebXACMLUtil()
- {
- }
-
- public RequestCtx createXACMLRequest(HttpServletRequest request,
+ @SuppressWarnings("unchecked")
+ public RequestContext createXACMLRequest(HttpServletRequest request,
RoleGroup callerRoles) throws Exception
{
if(request == null)
@@ -69,81 +67,87 @@
if(callerRoles == null)
throw new IllegalArgumentException("roles is null");
String httpMethod = request.getMethod();
- String action = "GET".equals(httpMethod)?"read":"write";
-
+ String action = "GET".equals(httpMethod) ? "read" : "write";
+
//Non-standard uri
- String actionURIBase = XACMLConstants.JBOSS_RESOURCE_PARAM_IDENTIFIER;
+ String actionURIBase = "urn:oasis:names:tc:xacml:2.0:request-param:attribute:";
- RequestCtx requestCtx = null;
- Principal principal = request.getUserPrincipal();
- String username = principal.getName();
- //Create the subject set
- URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set subjectAttrSet = new HashSet();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(callerRoles));
+ Principal principal = request.getUserPrincipal();
- Set subjectSet = new HashSet();
- subjectSet.add(new Subject(subjectAttrSet));
- //Create the resource set
- URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new AnyURIAttribute(new URI(request.getRequestURI())));
- Set resourceSet = new HashSet();
- resourceSet.add(resourceAttr);
+ RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a subject type
+ SubjectType subject = new SubjectType();
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
+ "jboss.org",
+ principal.getName()));
- //Create the action set
- Set actionSet = new HashSet();
- actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
- null,null, new StringAttribute(action)));
-
+ List<Role> rolesList = callerRoles.getRoles();
+ if(rolesList != null)
+ {
+ for(Role role:rolesList)
+ {
+ String roleName = role.getRoleName();
+ AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ROLE, "jboss.org", roleName);
+ subject.getAttribute().add(attSubjectID);
+ }
+ }
+
+ //Create a resource type
+ ResourceType resourceType = new ResourceType();
+ resourceType.getAttribute().add(
+ RequestAttributeFactory.createAnyURIAttributeType(
+ XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ null,
+ new URI(request.getRequestURI())));
+
+ //Create an action type
+ ActionType actionType = new ActionType();
+ actionType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ "jboss.org",
+ action));
+
Enumeration<String> enumer = request.getParameterNames();
while(enumer.hasMoreElements())
{
String paramName = enumer.nextElement();
String paramValue = request.getParameter(paramName);
URI actionUri = new URI(actionURIBase + paramName);
- Attribute actionAttr = new Attribute(actionUri,null,null,
- new StringAttribute(paramValue));
- actionSet.add(actionAttr);
+ actionType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ actionUri.toASCIIString(),
+ "jboss.org",
+ paramValue));
}
- //Create the Environment set
- Set environSet = new HashSet();
- //Current time
- URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
+ //Create an Environment Type (Optional)
+ EnvironmentType environmentType = new EnvironmentType();
+ environmentType.getAttribute().add( RequestAttributeFactory.createDateTimeAttributeType(
+ XACMLConstants.ATTRIBUTEID_CURRENT_TIME, null));
+
+ //Create a Request Type
+ RequestType requestType = new RequestType();
+ requestType.getSubject().add(subject);
+ requestType.getResource().add(resourceType);
+ requestType.setAction(actionType);
+ requestType.setEnvironment(environmentType);
+
+ requestCtx.setRequest(requestType);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
if(trace)
{
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
+ requestCtx.marshall(baos);
+ log.trace(new String(baos.toByteArray()));
}
return requestCtx;
- }
-
- private Set<Attribute> getXACMLRoleSet(RoleGroup roles) throws Exception
- {
- URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
-
- Set<Attribute> roleset = new HashSet<Attribute>();
- List<Role> croles = roles.getRoles();
-
- for(Role r: croles)
- {
- Attribute roleAttr = new Attribute(roleURI,null,null,
- new StringAttribute(r.getRoleName()));
- roleset.add(roleAttr);
- }
- return roleset;
- }
+ }
}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/util/JBossXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/util/JBossXACMLUtil.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/util/JBossXACMLUtil.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.util;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.PolicyLocator;
+import org.jboss.security.xacml.interfaces.XACMLPolicy;
+import org.jboss.security.xacml.locators.JBossPolicyLocator;
+import org.jboss.security.xacml.locators.JBossPolicySetLocator;
+
+/**
+ * Utility class dealing with JBossXACML
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 16, 2008
+ * @version $Revision$
+ */
+public class JBossXACMLUtil
+{
+ @SuppressWarnings("unchecked")
+ public PolicyDecisionPoint getPDP(PolicyRegistration policyRegistration, String contextID)
+ {
+ //See if a PDP exists already
+ Map<String,Object> contextMap = new HashMap<String,Object>();
+ contextMap.put("PDP", "PDP");
+
+ PolicyDecisionPoint pdp = null;
+ try
+ {
+ pdp = policyRegistration.getPolicy(contextID,
+ PolicyRegistration.XACML, contextMap);
+ }
+ catch(Exception ignore)
+ {
+ }
+ if(pdp == null)
+ {
+ Set<XACMLPolicy> policies = (Set<XACMLPolicy>)policyRegistration.getPolicy(contextID,
+ PolicyRegistration.XACML, null);
+ if(policies == null)
+ throw new IllegalStateException("Missing xacml policy for contextid:" + contextID);
+ JBossPolicyLocator jpl = new JBossPolicyLocator(policies);
+ JBossPolicySetLocator jpsl = new JBossPolicySetLocator(policies);
+ HashSet<PolicyLocator> plset = new HashSet<PolicyLocator>();
+ plset.add(jpl);
+ plset.add(jpsl);
+
+ pdp = new JBossPDP();
+ pdp.setPolicies(policies);
+ pdp.setLocators(plset);
+ }
+ return pdp;
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java 2008-04-17 01:19:49 UTC (rev 72324)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java 2008-04-17 05:02:28 UTC (rev 72325)
@@ -24,15 +24,15 @@
import java.io.InputStream;
import java.net.URL;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.jboss.logging.Logger;
import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.util.NotImplementedException;
-import org.jboss.util.xml.DOMUtils;
-import org.w3c.dom.Element;
-
-import com.sun.xacml.Policy;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.factories.PolicyFactory;
+import org.jboss.security.xacml.interfaces.XACMLPolicy;
/**
* Default implementation of Policy Registration interface
@@ -46,8 +46,15 @@
protected boolean trace = log.isTraceEnabled();
- private Map<String,Policy> contextIdToXACMLPolicy = new HashMap<String,Policy>();
+ private Map<String,Set<XACMLPolicy>> contextIdToXACMLPolicy =
+ new HashMap<String,Set<XACMLPolicy>>();
+ /** When the policy configuration file is registered, we directly
+ * store a copy of the JBossPDP that has read in the config file
+ */
+ private Map<String,JBossPDP> contextIDToJBossPDP =
+ new HashMap<String,JBossPDP>();
+
public void deRegisterPolicy(String contextID, String type)
{
@@ -64,6 +71,12 @@
{
if(PolicyRegistration.XACML.equalsIgnoreCase(type))
{
+ if(contextMap != null)
+ {
+ String pdp = (String) contextMap.get("PDP");
+ if(pdp != null)
+ return (T) this.contextIDToJBossPDP.get(contextID);
+ }
return (T) this.contextIdToXACMLPolicy.get(contextID);
}
throw new RuntimeException("Unsupported type:" + type);
@@ -97,9 +110,15 @@
{
try
{
- Element elm = DOMUtils.parse(stream);
- Policy policy = Policy.getInstance(elm);
- this.contextIdToXACMLPolicy.put(contextID, policy);
+ XACMLPolicy policy = PolicyFactory.createPolicy(stream);
+
+ Set<XACMLPolicy> policySet = this.contextIdToXACMLPolicy.get(contextID);
+ if(policySet == null)
+ {
+ policySet = new HashSet<XACMLPolicy>();
+ }
+ policySet.add(policy);
+ this.contextIdToXACMLPolicy.put(contextID, policySet);
}
catch(Exception e)
{
@@ -113,6 +132,17 @@
*/
public void registerPolicyConfigFile(String contextId, String type, InputStream stream)
{
- throw new NotImplementedException();
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ try
+ {
+ JBossPDP pdp = new JBossPDP(stream);
+ this.contextIDToJBossPDP.put(contextId, pdp);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
}
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list