[jboss-cvs] JBossAS SVN: r80623 - in projects/security/security-spi/trunk: authorization/src/main/org/jboss/security and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 6 18:27:11 EST 2008
Author: sguilhen at redhat.com
Date: 2008-11-06 18:27:11 -0500 (Thu, 06 Nov 2008)
New Revision: 80623
Added:
projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/authorization/Permission.java
Modified:
projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLContext.java
projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPermission.java
projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java
projects/security/security-spi/trunk/spi/src/tests/org/jboss/test/security/factories/SomeAuthorizationManager.java
Log:
SECURITY-318: added authorize(resource, identity, permission) method to the AuthorizationManager and ACLContext interfaces. Created a Permission interface in the authorization module and changed ACLPermission to extend this new interface.
Modified: projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLContext.java
===================================================================
--- projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLContext.java 2008-11-06 22:55:27 UTC (rev 80622)
+++ projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLContext.java 2008-11-06 23:27:11 UTC (rev 80623)
@@ -1,24 +1,24 @@
/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.acl;
import java.util.ArrayList;
@@ -28,41 +28,65 @@
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Permission;
import org.jboss.security.authorization.Resource;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.identity.Identity;
-
/**
- * Represents a set of ACLProviders
- * @author Anil.Saldhana at redhat.com
- * @since Jan 30, 2008
- * @version $Revision$
+ * Represents a set of ACLProviders
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 30, 2008
+ * @version $Revision$
*/
public abstract class ACLContext
{
- protected String securityDomainName = null;
- protected Map<String,Object> sharedState = new HashMap<String,Object>();
- protected List<ACLProvider> modules = new ArrayList<ACLProvider>();
-
+ protected String securityDomainName = null;
+
+ protected Map<String, Object> sharedState = new HashMap<String, Object>();
+
+ protected List<ACLProvider> modules = new ArrayList<ACLProvider>();
+
/**
- * Instance Based Security
- * Get all the entitlements assigned to the components of a Resource
+ * Control Flags for the individual modules
+ */
+ protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+
+ /**
+ * Instance Based Security Get all the entitlements assigned to the components of a Resource
+ *
* @param clazz class type of the entitlements
* @param resource A Resource (Can be a Portal Resource, a Rules Resource)
* @param identity The Identity against whom the entitlements need to be generated
* @return a Entitlements Wrapper
* @throws AuthorizationException
*/
- public abstract <T> EntitlementHolder<T> getEntitlements(final Class<T> clazz,
- final Resource resource,
+ public abstract <T> EntitlementHolder<T> getEntitlements(final Class<T> clazz, final Resource resource,
final Identity identity) throws AuthorizationException;
-
+
/**
+ * <p>
+ * Authorize access to the resource if the specified identity has the proper permissions.
+ * </p>
+ *
+ * @param resource the {@code Resource} being accessed.
+ * @param identity the {@code Identity} trying to access the resource.
+ * @param permission the permissions required for access to be granted.
+ * @return {@code AuthorizationContext#PERMIT} if access has been granted; {@code AuthorizationContext#DENY}
+ * otherwise.
+ * @throws AuthorizationException if an error occurs while authorizing access to the resource.
+ */
+ public abstract int authorize(Resource resource, Identity identity, Permission permission)
+ throws AuthorizationException;
+
+ /**
* Return the Security Domain Name
+ *
* @return security domain
*/
public String getSecurityDomain()
{
- return this.securityDomainName;
- }
+ return this.securityDomainName;
+ }
}
\ No newline at end of file
Modified: projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPermission.java
===================================================================
--- projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPermission.java 2008-11-06 22:55:27 UTC (rev 80622)
+++ projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPermission.java 2008-11-06 23:27:11 UTC (rev 80623)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.acl;
+import org.jboss.security.authorization.Permission;
+
/**
* <p>
* A {@code Permission} represents privileges held by an {@code Identity}, and is used to
@@ -29,7 +31,7 @@
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
*/
-public interface ACLPermission
+public interface ACLPermission extends Permission
{
}
Modified: projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java
===================================================================
--- projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java 2008-11-06 22:55:27 UTC (rev 80622)
+++ projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java 2008-11-06 23:27:11 UTC (rev 80623)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.security;
+package org.jboss.security;
import java.security.Principal;
import java.security.acl.Group;
@@ -31,68 +31,82 @@
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Permission;
import org.jboss.security.authorization.Resource;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.RoleGroup;
-//$Id$
+// $Id$
/**
- * Generalized Authorization Manager Interface.
- * <br/><br/>
- * <b>Replaces the legacy RealmMapping interface</b>
- * @see org.jboss.security.RealmMapping
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jan 2, 2006
- * @version $Revision$
+ * Generalized Authorization Manager Interface. <br/><br/> <b>Replaces the legacy RealmMapping interface</b>
+ *
+ * @see org.jboss.security.RealmMapping
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jan 2, 2006
+ * @version $Revision$
*/
public interface AuthorizationManager extends BaseSecurityManager
-{
+{
/**
- * Authorize a resource
- * Note: The implementation will try to derive the authenticated
- * subject by some means
+ * Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
+ *
* @param resource Resource to be authorized
* @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
* @throws AuthorizationException
*/
public int authorize(final Resource resource) throws AuthorizationException;
-
+
/**
* Authorize a resource for an authenticated subject
+ *
* @param resource Resource to be authorized
* @param subject Authenticated Subject
* @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
* @throws AuthorizationException
*/
- public int authorize(final Resource resource, final Subject subject)
- throws AuthorizationException;
-
+ public int authorize(final Resource resource, final Subject subject) throws AuthorizationException;
+
/**
* Authorize a resource given a role
+ *
* @param resource
* @param subject the authenticated subject
* @param role a role (which can be a nested role)
* @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
* @throws AuthorizationException
*/
- public int authorize(final Resource resource, Subject subject,
- RoleGroup role) throws AuthorizationException;
-
+ public int authorize(final Resource resource, Subject subject, RoleGroup role) throws AuthorizationException;
+
/**
* Authorize a resource given a Group of Principals representing roles
+ *
* @param resource
* @param subject the authenticated subject
* @param roleGroup
* @return
* @throws AuthorizationException
*/
- public int authorize(final Resource resource,
- Subject subject, Group roleGroup) throws AuthorizationException;
-
+ public int authorize(final Resource resource, Subject subject, Group roleGroup) throws AuthorizationException;
+
/**
- * Instance Based Security
- * Get all the entitlements assigned to the components of a Resource
+ * <p>
+ * Authorize access to the resource if the specified identity has the proper permissions.
+ * </p>
+ *
+ * @param resource the {@code Resource} being accessed.
+ * @param identity the {@code Identity} trying to access the resource.
+ * @param permission the permissions required for access to be granted.
+ * @return {@code AuthorizationContext#PERMIT} if access has been granted; {@code AuthorizationContext#DENY}
+ * otherwise.
+ * @throws AuthorizationException if an error occurs while authorizing access to the resource.
+ */
+ public int authorize(final Resource resource, Identity identity, Permission permission)
+ throws AuthorizationException;
+
+ /**
+ * Instance Based Security Get all the entitlements assigned to the components of a Resource
+ *
* @param clazz Defines the class type of the entitlements
* @param resource A Resource (Can be a Portal Resource, a Rules Resource)
* @param identity The Identity against whom the entitlements need to be generated
@@ -101,47 +115,45 @@
*/
public <T> EntitlementHolder<T> getEntitlements(final Class<T> clazz, final Resource resource,
final Identity identity) throws AuthorizationException;
-
-
- /** Validates the application domain roles to which the operational
- environment Principal belongs.
- @param principal the caller principal as known in the operation environment.
- @param roles The Set<Principal> for the application domain roles that the
- principal is to be validated against.
- @return true if the principal has at least one of the roles in the roles set,
- false otherwise.
+
+ /**
+ * Validates the application domain roles to which the operational environment Principal belongs.
+ *
+ * @param principal the caller principal as known in the operation environment.
+ * @param roles The Set<Principal> for the application domain roles that the principal is to be validated against.
+ * @return true if the principal has at least one of the roles in the roles set, false otherwise.
*/
- public boolean doesUserHaveRole(Principal principal, Set<Principal> roles);
-
-
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roles);
+
/**
- * Get the Current Roles for the authenticated Subject
- * The AuthorizationManager will apply role generation and role mapping
- * logic configured for the security domain
+ * Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role
+ * mapping logic configured for the security domain
+ *
* @param authenticatedSubject
- * @param cbh a CallbackHandler that can be used by the AuthorizationManager
- * to obtain essentials such as SecurityContext etc
+ * @param cbh a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as
+ * SecurityContext etc
* @return
*/
public RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh);
-
- /** Return the set of domain roles the principal has been assigned.
- @return The Set<Principal> for the application domain roles that the
- principal has been assigned.
- @deprecated
+
+ /**
+ * Return the set of domain roles the principal has been assigned.
+ *
+ * @return The Set<Principal> for the application domain roles that the principal has been assigned.
+ * @deprecated
*/
- public Set<Principal> getUserRoles(Principal principal);
-
+ @Deprecated
+ public Set<Principal> getUserRoles(Principal principal);
+
/**
- * Trust usecases may have a need to determine the roles of the target
- * principal which has been derived via a principal from another domain
- * by the Authentication Manager
- * An implementation of this interface may have to contact a trust provider
- * for additional information about the principal
+ * Trust usecases may have a need to determine the roles of the target principal which has been derived via a
+ * principal from another domain by the Authentication Manager An implementation of this interface may have to
+ * contact a trust provider for additional information about the principal
+ *
* @param targetPrincipal Principal applicable in current domain
- * @param contextMap Read-Only Contextual Information that may be useful for the
- * implementation in determining the roles.
+ * @param contextMap Read-Only Contextual Information that may be useful for the implementation in determining the
+ * roles.
* @return roles from the target domain
*/
- public Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap);
- }
\ No newline at end of file
+ public Group getTargetRoles(Principal targetPrincipal, Map<String, Object> contextMap);
+}
\ No newline at end of file
Added: projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/authorization/Permission.java
===================================================================
--- projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/authorization/Permission.java (rev 0)
+++ projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/authorization/Permission.java 2008-11-06 23:27:11 UTC (rev 80623)
@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization;
+
+/**
+ * <p>
+ * Marker interface for permission objects.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public interface Permission
+{
+
+}
Modified: projects/security/security-spi/trunk/spi/src/tests/org/jboss/test/security/factories/SomeAuthorizationManager.java
===================================================================
--- projects/security/security-spi/trunk/spi/src/tests/org/jboss/test/security/factories/SomeAuthorizationManager.java 2008-11-06 22:55:27 UTC (rev 80622)
+++ projects/security/security-spi/trunk/spi/src/tests/org/jboss/test/security/factories/SomeAuthorizationManager.java 2008-11-06 23:27:11 UTC (rev 80623)
@@ -32,6 +32,7 @@
import org.jboss.security.AuthorizationManager;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Permission;
import org.jboss.security.authorization.Resource;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.RoleGroup;
@@ -98,6 +99,11 @@
return 0;
}
+ public int authorize(Resource resource, Identity identity, Permission permission) throws AuthorizationException
+ {
+ return 0;
+ }
+
public RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
{
return null;
More information about the jboss-cvs-commits
mailing list