[jboss-cvs] JBossAS SVN: r71217 - in projects/security/security-xacml/trunk/jboss-xacml/src: main/org/jboss/security/xacml/core and 6 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 24 21:58:25 EDT 2008
Author: mmoyses
Date: 2008-03-24 21:58:25 -0400 (Mon, 24 Mar 2008)
New Revision: 71217
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/rsaConferencePolicySetConfig.xml
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/bridge/PolicySetFinderModule.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/jaxb/PolicySetType.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/locators/JBossPolicySetLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/resources/schema/jbossxacml-2.0.xsd
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java
Log:
Test cases for the rsa conference
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/bridge/PolicySetFinderModule.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/bridge/PolicySetFinderModule.java 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/bridge/PolicySetFinderModule.java 2008-03-25 01:58:25 UTC (rev 71217)
@@ -22,7 +22,7 @@
package org.jboss.security.xacml.bridge;
import java.net.URI;
-import java.util.ArrayList;
+import java.util.ArrayList;
import java.util.List;
import com.sun.xacml.AbstractPolicy;
@@ -43,105 +43,113 @@
* @since Jul 6, 2007
* @version $Revision$
*/
-public class PolicySetFinderModule extends PolicyFinderModule
-{
- private PolicySet policySet;
- private List<Policy> policies = new ArrayList<Policy>();
- protected PolicyFinder policyFinder = null;
-
+public class PolicySetFinderModule extends PolicyFinderModule
+{
+ private PolicySet policySet;
- public PolicySetFinderModule()
- {
- }
-
- public PolicySetFinderModule(PolicySet policySet)
- {
- this.policySet = policySet;
- }
-
- public PolicySetFinderModule(PolicySet policySet, List<Policy> policies)
- {
- this.policySet = policySet;
- this.policies.addAll(policies);
- }
-
- @Override
- public void init(PolicyFinder finder)
- {
- this.policyFinder = finder;
- }
-
- /**
+ private List<Policy> policies = new ArrayList<Policy>();
+
+ private List<PolicySet> policySets = new ArrayList<PolicySet>();
+
+ protected PolicyFinder policyFinder = null;
+
+ public PolicySetFinderModule()
+ {
+ }
+
+ public PolicySetFinderModule(PolicySet policySet)
+ {
+ this.policySet = policySet;
+ }
+
+ public PolicySetFinderModule(PolicySet policySet, List<Policy> policies)
+ {
+ this.policySet = policySet;
+ this.policies.addAll(policies);
+ }
+
+ @Override
+ public void init(PolicyFinder finder)
+ {
+ this.policyFinder = finder;
+ }
+
+ /**
* Finds the applicable policy (if there is one) for the given context.
*
* @param context the evaluation context
*
* @return an applicable policy, if one exists, or an error
*/
- @Override
- public PolicyFinderResult findPolicy(EvaluationCtx context)
- {
- AbstractPolicy selectedPolicy = null;
- MatchResult match = policySet.match(context);
- int result = match.getResult();
+ @Override
+ public PolicyFinderResult findPolicy(EvaluationCtx context)
+ {
+ AbstractPolicy selectedPolicy = null;
+ MatchResult match = policySet.match(context);
+ int result = match.getResult();
- // if target matching was indeterminate, then return the error
- if (result == MatchResult.INDETERMINATE)
- return new PolicyFinderResult(match.getStatus());
+ // if target matching was indeterminate, then return the error
+ if (result == MatchResult.INDETERMINATE)
+ return new PolicyFinderResult(match.getStatus());
- // see if the target matched
- if (result == MatchResult.MATCH) {
- // see if we previously found another match
- if (selectedPolicy != null) {
- // we found a match before, so this is an error
- ArrayList<String> code = new ArrayList<String>();
- code.add(Status.STATUS_PROCESSING_ERROR);
- Status status = new Status(code, "too many applicable "
- + "top-level policies");
- return new PolicyFinderResult(status);
- }
+ // see if the target matched
+ if (result == MatchResult.MATCH)
+ {
+ // see if we previously found another match
+ if (selectedPolicy != null)
+ {
+ // we found a match before, so this is an error
+ ArrayList<String> code = new ArrayList<String>();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "too many applicable " + "top-level policies");
+ return new PolicyFinderResult(status);
+ }
- // this is the first match we've found, so remember it
- selectedPolicy = policySet;
- }
+ // this is the first match we've found, so remember it
+ selectedPolicy = policySet;
+ }
+ // return the single applicable policy (if there was one)
+ return new PolicyFinderResult(selectedPolicy);
+ }
- // return the single applicable policy (if there was one)
- return new PolicyFinderResult(selectedPolicy);
- }
+ @Override
+ public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
+ PolicyMetaData parentMetaData)
+ {
+ for (Policy p : policies)
+ {
+ if (p.getId().compareTo(idReference) == 0)
+ return new PolicyFinderResult(p);
+ }
+ for (PolicySet p : policySets)
+ {
+ if (p.getId().compareTo(idReference) == 0)
+ return new PolicyFinderResult(p);
+ }
+ return new PolicyFinderResult();
+ }
+ @Override
+ public boolean isRequestSupported()
+ {
+ return true;
+ }
- @Override
- public PolicyFinderResult findPolicy(URI idReference, int type,
- VersionConstraints constraints, PolicyMetaData parentMetaData)
- {
- for(Policy p:policies)
- {
- if(p.getId().compareTo(idReference) == 0)
- return new PolicyFinderResult(p);
- }
- return new PolicyFinderResult();
- }
-
- @Override
- public boolean isRequestSupported()
- {
- return true;
- }
-
- /**
+ /**
* Always returns true, since reference-based retrieval is supported.
*
* @return true
*/
- public boolean isIdReferenceSupported()
- {
- return true;
- }
-
- public void set(PolicySet ps, List<Policy> policies)
- {
- this.policySet = ps;
- this.policies = policies;
- }
+ public boolean isIdReferenceSupported()
+ {
+ return true;
+ }
+
+ public void set(PolicySet ps, List<Policy> policies, List<PolicySet> policySets)
+ {
+ this.policySet = ps;
+ this.policies = policies;
+ this.policySets = policySets;
+ }
}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/core/JBossPDP.java 2008-03-25 01:58:25 UTC (rev 71217)
@@ -58,7 +58,7 @@
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.finder.AttributeFinder;
-import com.sun.xacml.finder.AttributeFinderModule;
+import com.sun.xacml.finder.AttributeFinderModule;
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.impl.CurrentEnvModule;
import com.sun.xacml.finder.impl.SelectorModule;
@@ -74,28 +74,30 @@
public class JBossPDP implements PolicyDecisionPoint
{
private Unmarshaller unmarshaller = null;
+
private Set<PolicyLocator> locators = new HashSet<PolicyLocator>();
+
private Set<XACMLPolicy> policies = new HashSet<XACMLPolicy>();
-
- private JBossPolicyFinder policyFinder = new JBossPolicyFinder();
-
+
+ private JBossPolicyFinder policyFinder = new JBossPolicyFinder();
+
/**
* CTR
*/
public JBossPDP()
- {
+ {
}
-
+
/**
* Create a PDP
* @param configFile Inputstream for the JBossXACML Config File
*/
public JBossPDP(InputStream configFile)
- {
+ {
createValidatingUnMarshaller();
try
{
- JAXBElement<?> jxb = (JAXBElement<?>) unmarshaller.unmarshal(configFile);
+ JAXBElement<?> jxb = (JAXBElement<?>) unmarshaller.unmarshal(configFile);
bootstrap((PDP) jxb.getValue());
}
catch (Exception e)
@@ -103,84 +105,84 @@
throw new RuntimeException(e);
}
}
-
+
/**
* Create a PDP
* @param configFile InputSource for the JBossXACML Config File
*/
public JBossPDP(InputSource configFile)
- {
+ {
createValidatingUnMarshaller();
try
{
JAXBElement<?> jxb = (JAXBElement<?>) unmarshaller.unmarshal(configFile);
bootstrap((PDP) jxb.getValue());
}
- catch ( Exception e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
}
-
+
/**
* Create a PDP
* @param configFile Parsed Node for the JBossXACML Config File
*/
public JBossPDP(Node configFile)
- {
+ {
createValidatingUnMarshaller();
try
{
JAXBElement<?> jxb = (JAXBElement<?>) unmarshaller.unmarshal(configFile);
bootstrap((PDP) jxb.getValue());
}
- catch ( Exception e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
}
-
+
/**
* Create a PDP
* @param configFile XMLStreamReader for the JBossXACML Config File
*/
public JBossPDP(XMLStreamReader configFile)
- {
+ {
createValidatingUnMarshaller();
try
{
JAXBElement<?> jxb = (JAXBElement<?>) unmarshaller.unmarshal(configFile);
bootstrap((PDP) jxb.getValue());
}
- catch ( Exception e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
- }
-
+ }
+
/**
* Create a PDP
* @param configFileURL URL of the JBossXACML Config File
*/
public JBossPDP(URL configFileURL)
- {
+ {
createValidatingUnMarshaller();
try
{
JAXBElement<?> jxb = (JAXBElement<?>) unmarshaller.unmarshal(configFileURL.openStream());
bootstrap((PDP) jxb.getValue());
}
- catch ( Exception e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
- }
+ }
/**
* @see PolicyDecisionPoint#setLocators(Set)
*/
public void setLocators(Set<PolicyLocator> locators)
- {
+ {
this.locators = locators;
}
@@ -188,104 +190,122 @@
* @see PolicyDecisionPoint#setPolicies(Set)
*/
public void setPolicies(Set<XACMLPolicy> policies)
- {
+ {
this.policies = policies;
- }
+ }
/**
* @see PolicyDecisionPoint#evaluate(RequestContext)
*/
@SuppressWarnings("unchecked")
public ResponseContext evaluate(RequestContext request)
- {
+ {
HashSet<PolicyFinderModule> policyModules = new HashSet<PolicyFinderModule>();
//Go through the Locators
- for(PolicyLocator locator: locators)
- {
- List finderModulesList = (List)locator.get(XACMLConstants.POLICY_FINDER_MODULE);
- if(finderModulesList == null)
- throw new IllegalStateException("Locator "+locator.getClass().getName()
- + " has no policy finder modules");
+ for (PolicyLocator locator : locators)
+ {
+ List finderModulesList = (List) locator.get(XACMLConstants.POLICY_FINDER_MODULE);
+ if (finderModulesList == null)
+ throw new IllegalStateException("Locator " + locator.getClass().getName() + " has no policy finder modules");
policyModules.addAll(finderModulesList);
- }
+ }
policyFinder.setModules(policyModules);
-
+
AttributeFinder attributeFinder = new AttributeFinder();
- List<AttributeFinderModule> attributeModules = new ArrayList<AttributeFinderModule>();
+ List<AttributeFinderModule> attributeModules = new ArrayList<AttributeFinderModule>();
attributeModules.add(new CurrentEnvModule());
attributeModules.add(new SelectorModule());
attributeFinder.setModules(attributeModules);
-
- com.sun.xacml.PDP pdp = new com.sun.xacml.PDP(new PDPConfig(attributeFinder,
- policyFinder, null));
+
+ com.sun.xacml.PDP pdp = new com.sun.xacml.PDP(new PDPConfig(attributeFinder, policyFinder, null));
RequestCtx req = (RequestCtx) request.get(XACMLConstants.REQUEST_CTX);
- if(req == null)
+ if (req == null)
throw new IllegalStateException("Request Context does not contain a request");
-
+
ResponseCtx resp = pdp.evaluate(req);
-
+
ResponseContext response = RequestResponseContextFactory.createResponseContext();
response.set(XACMLConstants.RESPONSE_CTX, resp);
return response;
}
-
+
private void bootstrap(PDP pdp) throws Exception
- {
+ {
PoliciesType policiesType = pdp.getPolicies();
List<PolicySetType> pset = policiesType.getPolicySet();
- for(PolicySetType pst: pset)
- {
- String loc = pst.getLocation();
- XACMLPolicy policySet = PolicyFactory.createPolicySet(getInputStream(loc),policyFinder);
- List<PolicyType> policyTypeList = pst.getPolicy();
-
- List<XACMLPolicy> policyList = new ArrayList<XACMLPolicy>();
- for(PolicyType pt:policyTypeList)
- {
- policyList.add(PolicyFactory.createPolicy(getInputStream(pt.getLocation())));
- }
- policySet.setEnclosingPolicies(policyList);
-
- policies.add(policySet);
- }
+
+ this.addPolicySets(pset, true);
+
//Take care of additional policies
- List<PolicyType> policyList = policiesType.getPolicy();
- for(PolicyType pt:policyList)
- {
- policies.add(PolicyFactory.createPolicy(getInputStream(pt.getLocation())));
- }
-
+ List<XACMLPolicy> policyList = this.addPolicies(policiesType.getPolicy());
+ policies.addAll(policyList);
+
//Take care of the locators
- LocatorsType locatorsType = pdp.getLocators();
+ LocatorsType locatorsType = pdp.getLocators();
List<LocatorType> locs = locatorsType.getLocator();
- for(LocatorType lt:locs)
+ for (LocatorType lt : locs)
{
PolicyLocator pl = (PolicyLocator) loadClass(lt.getName()).newInstance();
pl.setPolicies(policies);
this.locators.add(pl);
}
}
-
+
+ private List<XACMLPolicy> addPolicySets(List<PolicySetType> policySets, boolean topLevel) throws Exception
+ {
+ List<XACMLPolicy> list = new ArrayList<XACMLPolicy>();
+
+ for (PolicySetType pst : policySets)
+ {
+ String loc = pst.getLocation();
+ XACMLPolicy policySet = PolicyFactory.createPolicySet(getInputStream(loc), policyFinder);
+ list.add(policySet);
+
+ List<XACMLPolicy> policyList = this.addPolicies(pst.getPolicy());
+ policySet.setEnclosingPolicies(policyList);
+
+ List<PolicySetType> pset = pst.getPolicySet();
+ if (pset != null)
+ policySet.getEnclosingPolicies().addAll(this.addPolicySets(pset, false));
+
+ if (topLevel)
+ policies.add(policySet);
+ }
+
+ return list;
+ }
+
+ private List<XACMLPolicy> addPolicies(List<PolicyType> policies) throws Exception
+ {
+ List<XACMLPolicy> policyList = new ArrayList<XACMLPolicy>();
+ for (PolicyType pt : policies)
+ {
+ policyList.add(PolicyFactory.createPolicy(getInputStream(pt.getLocation())));
+ }
+
+ return policyList;
+ }
+
private void createValidatingUnMarshaller()
{
try
- {
- JAXBContext jc = JAXBContext.newInstance( "org.jboss.security.xacml.jaxb" ); ;
- unmarshaller = jc.createUnmarshaller();
+ {
+ JAXBContext jc = JAXBContext.newInstance("org.jboss.security.xacml.jaxb");;
+ unmarshaller = jc.createUnmarshaller();
//Validate against schema
ClassLoader tcl = SecurityActions.getContextClassLoader();
- URL schemaURL = tcl.getResource("schema/jbossxacml-2.0.xsd");
+ URL schemaURL = tcl.getResource("schema/jbossxacml-2.0.xsd");
SchemaFactory scFact = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = scFact.newSchema(schemaURL);
- unmarshaller.setSchema(schema);
+ unmarshaller.setSchema(schema);
}
- catch(Exception jxb)
+ catch (Exception jxb)
{
throw new RuntimeException(jxb);
- }
+ }
}
-
- private InputStream getInputStream(String loc)
+
+ private InputStream getInputStream(String loc)
{
InputStream is = null;
//Try URL
@@ -297,14 +317,14 @@
catch (Exception e)
{
}
- if(is == null)
+ if (is == null)
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
is = tcl.getResourceAsStream(loc);
}
- return is;
+ return is;
}
-
+
private Class<?> loadClass(String fqn) throws Exception
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/jaxb/PolicySetType.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/jaxb/PolicySetType.java 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/jaxb/PolicySetType.java 2008-03-25 01:58:25 UTC (rev 71217)
@@ -1,106 +1,139 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.1-b02-fcs
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2007.07.06 at 03:19:27 PM CDT
-//
-
-
-package org.jboss.security.xacml.jaxb;
-
-import java.util.ArrayList;
-import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlSchemaType;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * <p>Java class for PolicySetType complex type.
- *
- * <p>The following schema fragment specifies the expected content contained within this class.
- *
- * <pre>
- * <complexType name="PolicySetType">
- * <complexContent>
- * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- * <sequence>
- * <element name="Location" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
- * <element name="Policy" type="{urn:jboss:xacml:2.0}PolicyType" maxOccurs="unbounded" minOccurs="0"/>
- * </sequence>
- * </restriction>
- * </complexContent>
- * </complexType>
- * </pre>
- *
- *
- */
- at XmlAccessorType(XmlAccessType.FIELD)
- at XmlType(name = "PolicySetType", propOrder = {
- "location",
- "policy"
-})
-public class PolicySetType {
-
- @XmlElement(name = "Location")
- @XmlSchemaType(name = "anyURI")
- protected String location;
- @XmlElement(name = "Policy")
- protected List<PolicyType> policy;
-
- /**
- * Gets the value of the location property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
- public String getLocation() {
- return location;
- }
-
- /**
- * Sets the value of the location property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setLocation(String value) {
- this.location = value;
- }
-
- /**
- * Gets the value of the policy property.
- *
- * <p>
- * This accessor method returns a reference to the live list,
- * not a snapshot. Therefore any modification you make to the
- * returned list will be present inside the JAXB object.
- * This is why there is not a <CODE>set</CODE> method for the policy property.
- *
- * <p>
- * For example, to add a new item, do as follows:
- * <pre>
- * getPolicy().add(newItem);
- * </pre>
- *
- *
- * <p>
- * Objects of the following type(s) are allowed in the list
- * {@link PolicyType }
- *
- *
- */
- public List<PolicyType> getPolicy() {
- if (policy == null) {
- policy = new ArrayList<PolicyType>();
- }
- return this.policy;
- }
-
-}
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.1-b02-fcs
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2008.03.19 at 05:35:22 PM BRT
+//
+
+
+package org.jboss.security.xacml.jaxb;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for PolicySetType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * <complexType name="PolicySetType">
+ * <complexContent>
+ * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * <sequence>
+ * <element name="Location" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * <element name="Policy" type="{urn:jboss:xacml:2.0}PolicyType" maxOccurs="unbounded" minOccurs="0"/>
+ * <element name="PolicySet" type="{urn:jboss:xacml:2.0}PolicySetType" maxOccurs="unbounded" minOccurs="0"/>
+ * </sequence>
+ * </restriction>
+ * </complexContent>
+ * </complexType>
+ * </pre>
+ *
+ *
+ */
+ at XmlAccessorType(XmlAccessType.FIELD)
+ at XmlType(name = "PolicySetType", propOrder = {
+ "location",
+ "policy",
+ "policySet"
+})
+public class PolicySetType {
+
+ @XmlElement(name = "Location")
+ @XmlSchemaType(name = "anyURI")
+ protected String location;
+ @XmlElement(name = "Policy")
+ protected List<PolicyType> policy;
+ @XmlElement(name = "PolicySet")
+ protected List<PolicySetType> policySet;
+
+ /**
+ * Gets the value of the location property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getLocation() {
+ return location;
+ }
+
+ /**
+ * Sets the value of the location property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setLocation(String value) {
+ this.location = value;
+ }
+
+ /**
+ * Gets the value of the policy property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the policy property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getPolicy().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PolicyType }
+ *
+ *
+ */
+ public List<PolicyType> getPolicy() {
+ if (policy == null) {
+ policy = new ArrayList<PolicyType>();
+ }
+ return this.policy;
+ }
+
+ /**
+ * Gets the value of the policySet property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the policySet property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getPolicySet().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PolicySetType }
+ *
+ *
+ */
+ public List<PolicySetType> getPolicySet() {
+ if (policySet == null) {
+ policySet = new ArrayList<PolicySetType>();
+ }
+ return this.policySet;
+ }
+
+}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/locators/JBossPolicySetLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/locators/JBossPolicySetLocator.java 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/locators/JBossPolicySetLocator.java 2008-03-25 01:58:25 UTC (rev 71217)
@@ -29,6 +29,7 @@
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.interfaces.XACMLPolicy;
+import com.sun.xacml.AbstractPolicy;
import com.sun.xacml.Policy;
import com.sun.xacml.PolicySet;
@@ -41,47 +42,61 @@
* @version $Revision$
*/
public class JBossPolicySetLocator extends AbstractJBossPolicyLocator
-{
- private List<PolicySetFinderModule> pfml = new ArrayList<PolicySetFinderModule>();
-
+{
+ private List<PolicySetFinderModule> pfml = new ArrayList<PolicySetFinderModule>();
+
public JBossPolicySetLocator()
- {
+ {
}
-
+
public JBossPolicySetLocator(Set<XACMLPolicy> policies)
{
setPolicies(policies);
- }
+ }
@Override
public void setPolicies(Set<XACMLPolicy> policies)
- {
- for(XACMLPolicy xp:policies)
+ {
+ for (XACMLPolicy xp : policies)
{
- if(xp.getType() == XACMLPolicy.POLICYSET)
+ if (xp.getType() == XACMLPolicy.POLICYSET)
{
pfml.add(getPopulatedPolicySetFinderModule(xp));
}
}
this.map.put(XACMLConstants.POLICY_FINDER_MODULE, pfml);
- }
-
+ }
+
private PolicySetFinderModule getPopulatedPolicySetFinderModule(XACMLPolicy xpolicy)
{
PolicySetFinderModule psfm = new PolicySetFinderModule();
//Check for enclosed policies
- List<XACMLPolicy> policyList = xpolicy.getEnclosingPolicies();
List<Policy> sunxacmlPolicies = new ArrayList<Policy>();
- for(XACMLPolicy xp: policyList)
- {
- sunxacmlPolicies.add((Policy) xp.get(XACMLConstants.UNDERLYING_POLICY));
- }
-
- psfm.set((PolicySet) xpolicy.get(XACMLConstants.UNDERLYING_POLICY),
- sunxacmlPolicies);
-
+ List<PolicySet> sunxacmlPolicySets = new ArrayList<PolicySet>();
+ this.recursivePopulate(xpolicy, sunxacmlPolicySets, sunxacmlPolicies, psfm);
+
+ psfm.set((PolicySet) xpolicy.get(XACMLConstants.UNDERLYING_POLICY), sunxacmlPolicies, sunxacmlPolicySets);
+
//Make this PolicySetFinderModule the module for this policy set
xpolicy.set(XACMLConstants.POLICY_FINDER_MODULE, psfm);
return psfm;
}
+
+ private void recursivePopulate(XACMLPolicy policy, List<PolicySet> policySets, List<Policy> policies,
+ PolicySetFinderModule psfm)
+ {
+ List<XACMLPolicy> policyList = policy.getEnclosingPolicies();
+ for (XACMLPolicy xp : policyList)
+ {
+ AbstractPolicy p = xp.get(XACMLConstants.UNDERLYING_POLICY);
+ if (p instanceof Policy)
+ policies.add((Policy) p);
+ else if (p instanceof PolicySet)
+ {
+ policySets.add((PolicySet) p);
+ this.recursivePopulate(xp, policySets, policies, psfm);
+ }
+ }
+
+ }
}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/schema/jbossxacml-2.0.xsd
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/schema/jbossxacml-2.0.xsd 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/schema/jbossxacml-2.0.xsd 2008-03-25 01:58:25 UTC (rev 71217)
@@ -24,7 +24,8 @@
<xs:complexType name="PolicySetType">
<xs:sequence>
<xs:element name="Location" type="xs:anyURI" minOccurs="0"/>
- <xs:element name="Policy" type="ns:PolicyType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="Policy" type="ns:PolicyType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="PolicySet" type="ns:PolicySetType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="PolicyType">
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/rsaConferencePolicySetConfig.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/rsaConferencePolicySetConfig.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/config/rsaConferencePolicySetConfig.xml 2008-03-25 01:58:25 UTC (rev 71217)
@@ -0,0 +1,26 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-01-top-level.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02b-N.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java 2008-03-25 01:58:25 UTC (rev 71217)
@@ -44,9 +44,10 @@
* @version $Revision$
*/
public class XACMLTestUtil
-{
+{
//Enable for request trace
- private static boolean debug = "true".equals(System.getProperty("debug","false"));
+ private static boolean debug = "true".equals(System.getProperty("debug", "false"));
+
/**
* Get the decision from the PDP
* @param pdp
@@ -54,19 +55,18 @@
* @return
* @throws Exception
*/
- public static int getDecision(PolicyDecisionPoint pdp,
- String requestFileLoc) throws Exception
+ public static int getDecision(PolicyDecisionPoint pdp, String requestFileLoc) throws Exception
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream(requestFileLoc);
RequestContext request = RequestResponseContextFactory.createRequestCtx();
request.readRequest(is);
ResponseContext response = pdp.evaluate(request);
- if(response == null)
- throw new RuntimeException("Response is null");
- return response.getDecision();
+ if (response == null)
+ throw new RuntimeException("Response is null");
+ return response.getDecision();
}
-
+
/**
* Get the decision from the PDP
* @param pdp
@@ -74,60 +74,62 @@
* @return
* @throws Exception
*/
- public static int getDecision(PolicyDecisionPoint pdp, RequestContext request)
- throws Exception
+ public static int getDecision(PolicyDecisionPoint pdp, RequestContext request) throws Exception
{
ResponseContext response = pdp.evaluate(request);
- if(debug)
+ if (debug)
response.marshall(System.out);
TestCase.assertNotNull("Response is not null", response);
- return response.getDecision();
+ return response.getDecision();
}
-
+
/**
* Get a Group with the passed rolename
* @param roleName rolename which will be placed as a principal
* @return
*/
- public static Group getRoleGroup( final String roleName)
+ public static Group getRoleGroup(final String roleName)
{
- return new Group() {
+ return new Group()
+ {
private Vector vect = new Vector();
+
public boolean addMember(final Principal principal)
- {
+ {
return vect.add(principal);
}
public boolean isMember(Principal principal)
- {
+ {
return vect.contains(principal);
}
public Enumeration<? extends Principal> members()
- {
+ {
vect.add(new Principal()
{
public String getName()
- {
+ {
return roleName;
- }});
+ }
+ });
return vect.elements();
}
public boolean removeMember(Principal principal)
- {
+ {
return vect.remove(principal);
}
public String getName()
- {
+ {
return "ROLES";
}
- };
- }
-
+ };
+ }
+
/**
* Validate the 7 Oasis XACML Interoperability Use Cases
* @param pdp
@@ -136,26 +138,19 @@
public static void validateInteropCases(PolicyDecisionPoint pdp) throws Exception
{
TestCase.assertNotNull("JBossPDP is != null", pdp);
- TestCase.assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase1-request.xml"));
- TestCase.assertEquals("Case 2 should be deny", XACMLConstants.DECISION_PERMIT,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase2-request.xml"));
- TestCase.assertEquals("Case 3 should be deny", XACMLConstants.DECISION_PERMIT,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase3-request.xml"));
- TestCase.assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase4-request.xml"));
- TestCase.assertEquals("Case 5 should be deny", XACMLConstants.DECISION_DENY,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase5-request.xml"));
- TestCase.assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase6-request.xml"));
- TestCase.assertEquals("Case 7 should be deny", XACMLConstants.DECISION_PERMIT,
- XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase7-request.xml"));
+ TestCase.assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase1-request.xml"));
+ TestCase.assertEquals("Case 2 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase2-request.xml"));
+ TestCase.assertEquals("Case 3 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase3-request.xml"));
+ TestCase.assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase4-request.xml"));
+ TestCase.assertEquals("Case 5 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase5-request.xml"));
+ TestCase.assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase6-request.xml"));
+ TestCase.assertEquals("Case 7 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ "test/requests/interop/scenario2-testcase7-request.xml"));
}
}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java 2008-03-25 00:37:42 UTC (rev 71216)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java 2008-03-25 01:58:25 UTC (rev 71217)
@@ -21,13 +21,18 @@
*/
package org.jboss.test.security.xacml.interop.rsaconf;
+import java.io.InputStream;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import junit.framework.TestCase;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+import org.jboss.test.security.xacml.factories.util.XACMLTestUtil;
/**
* A RSAConferenceTestCase.
@@ -38,7 +43,7 @@
public class RSAConferenceTestCase extends TestCase
{
- public void testRequest1() throws Exception
+ public void atestCreateRequestWithHL7Permissions() throws Exception
{
Principal doctor = new Principal()
{
@@ -74,7 +79,7 @@
request.marshall(System.out);
}
- public void testRequest2() throws Exception
+ public void atestCreateRequestWithNormalRoles() throws Exception
{
Principal doctor = new Principal()
{
@@ -103,4 +108,84 @@
request.marshall(System.out);
}
+
+ public void testUseCase1_1() throws Exception
+ {
+ PolicyDecisionPoint pdp = getPDP();
+ assertNotNull("JBossPDP is != null", pdp);
+
+ Principal doctor = new Principal()
+ {
+ public String getName()
+ {
+ return "Dr. Alice";
+ }
+ };
+
+ List<String> permissions = new ArrayList<String>();
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-003");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-005");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-006");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-009");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-010");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-012");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-017");
+
+ String patient = "Anthony Gurrola";
+
+ List<String> confidentialityCodes = new ArrayList<String>();
+ confidentialityCodes.add("CDA");
+ confidentialityCodes.add("N");
+
+ List<String> consentedIds = new ArrayList<String>();
+ consentedIds.add("Dr. Alice");
+
+ String resourceType = "urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record";
+
+ RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions, patient, confidentialityCodes,
+ consentedIds, resourceType);
+
+ assertEquals("Access Allowed?", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp, request));
+ }
+
+ public void testUseCase1_2() throws Exception
+ {
+ PolicyDecisionPoint pdp = getPDP();
+ assertNotNull("JBossPDP is != null", pdp);
+
+ Principal doctor = new Principal()
+ {
+ public String getName()
+ {
+ return "Dr. Alice";
+ }
+ };
+
+ List<String> permissions = new ArrayList<String>();
+
+ String patient = "Anthony Gurrola";
+
+ List<String> confidentialityCodes = new ArrayList<String>();
+ confidentialityCodes.add("CDA");
+ confidentialityCodes.add("N");
+
+ List<String> consentedIds = new ArrayList<String>();
+ consentedIds.add("Dr. Alice");
+
+ String resourceType = "urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record";
+
+ RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions, patient, confidentialityCodes,
+ consentedIds, resourceType);
+
+ assertEquals("Access Allowed?", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp, request));
+ }
+
+ private PolicyDecisionPoint getPDP()
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("test/config/rsaConferencePolicySetConfig.xml");
+ assertNotNull("InputStream != null", is);
+
+ return new JBossPDP(is);
+ }
}
More information about the jboss-cvs-commits
mailing list