[jboss-cvs] JBossAS SVN: r86147 - in projects/security/security-xacml/trunk/jboss-xacml/src: main/java/org/jboss/security/xacml/locators and 6 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Mar 19 23:28:36 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-03-19 23:28:36 -0400 (Thu, 19 Mar 2009)
New Revision: 86147
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/AbstractLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AttributeLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/ResourceLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/SecurityActions.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestAttributeLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestResourceLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/interopPolicySetConfig_additional_testlocators.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-policy.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-request.xml
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/PolicyLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AbstractJBossPolicyLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java
Log:
SECURITY-388: SECURITY-390: attrib locator, resource locator
Added: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/AbstractLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/AbstractLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/AbstractLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.interfaces;
+
+import java.util.List;
+
+import org.jboss.security.xacml.jaxb.Option;
+
+/**
+ * Base interface for all locators
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 19, 2009
+ */
+public interface AbstractLocator extends ContextMapOp
+{
+ String IDENTIFIER_TAG = "identifier";
+
+ String ATTRIBUTE_DESIGNATOR_SUPPORT_TAG = "attributeDesignatorSupport";
+
+ String ATTRIBUTE_SELECTOR_SUPPORT_TAG = "attributeSelectorSupport";
+
+ String ATTRIBUTE_SUPPORTED_ID_TAG = "attributeSupportedId";
+
+ String ATTRIBUTE_DESIGNATOR_INTEGER_TAG = "attributeDesignatorInt";
+
+ String RESOURCE_CHILD_SUPPORTED_TAG = "resourceChildSupport";
+
+ String RESOURCE_DESCENDANT_SUPPORTED_TAG = "resourceDescendantSupport";
+
+ /**
+ * Set a list of options on the locator
+ * @param options
+ */
+ void setOptions(List<Option> options);
+}
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/PolicyLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/PolicyLocator.java 2009-03-20 03:27:33 UTC (rev 86146)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/PolicyLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -21,27 +21,18 @@
*/
package org.jboss.security.xacml.interfaces;
-import java.util.List;
import java.util.Set;
-import org.jboss.security.xacml.jaxb.Option;
-
/**
* Interface representing a locator for a XACML Policy
* @author Anil.Saldhana at redhat.com
* @since Jul 5, 2007
* @version $Revision$
*/
-public interface PolicyLocator extends ContextMapOp
-{
+public interface PolicyLocator extends AbstractLocator
+{
/**
- * Set a list of options on the locator
- * @param options
- */
- void setOptions(List<Option> options);
-
- /**
* Set of policies that this locator is able to return
* @param policies
*/
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AbstractJBossPolicyLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AbstractJBossPolicyLocator.java 2009-03-20 03:27:33 UTC (rev 86146)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AbstractJBossPolicyLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -38,7 +38,7 @@
* @since Jul 6, 2007
* @version $Revision$
*/
-public abstract class AbstractJBossPolicyLocator implements PolicyLocator, ContextMapOp
+public abstract class AbstractJBossPolicyLocator implements PolicyLocator
{
protected List<Option> options = null;
Added: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AttributeLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AttributeLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/AttributeLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,156 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.locators;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.security.xacml.interfaces.AbstractLocator;
+import org.jboss.security.xacml.jaxb.Option;
+import org.jboss.security.xacml.sunxacml.finder.AttributeFinderModule;
+
+/**
+ * An attribute finder module
+ *
+ * <b>Usage:</b>
+ * Remember, when a policy defines an attribute and the request does not contain
+ * it, then the PDP will ask the AttributeLocator for a value.
+ *
+ * The following methods need to be overridden in your attribute locators
+ * @see AttributeFinderModule#findAttribute(String, org.w3c.dom.Node, URI, org.jboss.security.xacml.sunxacml.EvaluationCtx, String)
+ * @see AttributeFinderModule#findAttribute(URI, URI, URI, URI, org.jboss.security.xacml.sunxacml.EvaluationCtx, int)
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 19, 2009
+ */
+public class AttributeLocator extends AttributeFinderModule implements AbstractLocator
+{
+ private String identifier = null;
+
+ private boolean attributeDesignatorSupported = true;
+
+ private boolean attributeSelectorSupported = true;
+
+ private Set<Integer> designatorTypes = new HashSet<Integer>();
+
+ private Set<URI> ids = new HashSet<URI>();
+
+ private List<Option> options = new ArrayList<Option>();
+
+ private Map<String,Object> map = new HashMap<String,Object>();
+
+ public void setOptions(List<Option> options)
+ {
+ this.options = options;
+ try
+ {
+ processOptions();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public <T> T get(String key)
+ {
+ return (T) this.map.get(key);
+ }
+
+ public <T> void set(String key, T obj)
+ {
+ this.map.put(key, obj);
+ }
+
+
+ @Override
+ public String getIdentifier()
+ {
+ if(identifier == null)
+ return super.getIdentifier();
+ return this.identifier;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Set getSupportedDesignatorTypes()
+ {
+ return this.designatorTypes;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Set getSupportedIds()
+ {
+ return this.ids;
+ }
+
+ @Override
+ public boolean isDesignatorSupported()
+ {
+ return this.attributeDesignatorSupported;
+ }
+
+ @Override
+ public boolean isSelectorSupported()
+ {
+ return this.attributeSelectorSupported;
+ }
+
+ private void processOptions() throws Exception
+ {
+ for(Option option:options)
+ {
+ String tag = option.getName();
+ List<Object> values = option.getContent();
+
+ String value = (String) values.get(0);
+
+ if(AbstractLocator.IDENTIFIER_TAG.equals(tag))
+ {
+ this.identifier = value;
+ }
+ else if(AbstractLocator.ATTRIBUTE_DESIGNATOR_SUPPORT_TAG.equals(tag))
+ {
+ this.attributeDesignatorSupported = Boolean.parseBoolean(value);
+ }
+ else if(AbstractLocator.ATTRIBUTE_SELECTOR_SUPPORT_TAG.equals(tag))
+ {
+ this.attributeSelectorSupported = Boolean.parseBoolean(value);
+ }
+ else if(AbstractLocator.ATTRIBUTE_SUPPORTED_ID_TAG.equals(tag))
+ {
+ this.ids.add(new URI(value));
+ }
+ else if(AbstractLocator.ATTRIBUTE_DESIGNATOR_INTEGER_TAG.equals(tag))
+ {
+ this.designatorTypes.add(Integer.parseInt(value));
+ }
+ }
+ }
+}
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/ResourceLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/ResourceLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/ResourceLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.locators;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.security.xacml.interfaces.AbstractLocator;
+import org.jboss.security.xacml.jaxb.Option;
+import org.jboss.security.xacml.sunxacml.finder.ResourceFinderModule;
+
+/**
+ * Resource Finder Module
+ *
+ * The following methods need to be overridden in your locator
+ * @see ResourceFinderModule#findChildResources(org.jboss.security.xacml.sunxacml.attr.AttributeValue, org.jboss.security.xacml.sunxacml.EvaluationCtx)
+ * @see ResourceFinderModule#findDescendantResources(org.jboss.security.xacml.sunxacml.attr.AttributeValue, org.jboss.security.xacml.sunxacml.EvaluationCtx)
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 19, 2009
+ */
+public class ResourceLocator extends ResourceFinderModule implements AbstractLocator
+{
+ private String identifier = null;
+
+ private boolean resourceChildSupported = true;
+
+ private boolean resourceDescendantSupported = true;
+
+ private List<Option> options = new ArrayList<Option>();
+
+ private Map<String,Object> map = new HashMap<String,Object>();
+
+ public void setOptions(List<Option> options)
+ {
+ this.options = options;
+ try
+ {
+ processOptions();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public <T> T get(String key)
+ {
+ return (T) this.map.get(key);
+ }
+
+ public <T> void set(String key, T obj)
+ {
+ this.map.put(key, obj);
+ }
+
+
+ @Override
+ public String getIdentifier()
+ {
+ if(identifier == null)
+ return super.getIdentifier();
+ return this.identifier;
+ }
+
+
+ @Override
+ public boolean isChildSupported()
+ {
+ return this.resourceChildSupported;
+ }
+
+ @Override
+ public boolean isDescendantSupported()
+ {
+ return this.resourceDescendantSupported;
+ }
+
+ private void processOptions() throws Exception
+ {
+ for(Option option:options)
+ {
+ String tag = option.getName();
+ List<Object> values = option.getContent();
+
+ String value = (String) values.get(0);
+
+ if(AbstractLocator.IDENTIFIER_TAG.equals(tag))
+ {
+ this.identifier = value;
+ }
+ else if(AbstractLocator.RESOURCE_CHILD_SUPPORTED_TAG.equals(tag))
+ {
+ this.resourceChildSupported = Boolean.parseBoolean(value);
+ }
+ else if(AbstractLocator.RESOURCE_DESCENDANT_SUPPORTED_TAG.equals(tag))
+ {
+ this.resourceDescendantSupported = Boolean.parseBoolean(value);
+ }
+ }
+ }
+}
Added: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/SecurityActions.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/SecurityActions.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/SecurityActions.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.locators;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 10, 2007
+ * @version $Revision$
+ */
+public class SecurityActions
+{
+ /**
+ * Obtain the Thread Context ClassLoader
+ * @return
+ */
+ public static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java 2009-03-20 03:27:33 UTC (rev 86146)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -35,6 +35,7 @@
import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.jaxb.LocatorType;
import org.jboss.security.xacml.jaxb.LocatorsType;
import org.jboss.security.xacml.jaxb.PDP;
@@ -120,4 +121,22 @@
PolicyDecisionPoint pdp = new JBossPDP(j);
XACMLTestUtil.validateInteropCases(pdp);
}
+
+ public void testPDPConfigJAXBConfigWithAdditionalTestLocators() throws Exception
+ {
+ String fileName = "test/config/interopPolicySetConfig_additional_testlocators.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ URL configFile = tcl.getResource(fileName);
+ JAXBContext jc = JAXBContext.newInstance("org.jboss.security.xacml.jaxb");
+ assertNotNull("JAXBContext is !null", jc);
+ Unmarshaller u = jc.createUnmarshaller();
+ JAXBElement<?> j = (JAXBElement<?>) u.unmarshal(configFile);
+ assertNotNull("JAXBElement is !null", j);
+
+ assertNotNull("configFile != null", configFile);
+ PolicyDecisionPoint pdp = new JBossPDP(j);
+ TestCase.assertEquals("Case 1 should be deny",
+ XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
+ "test/policies/custom/custom-request.xml"));
+ }
}
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestAttributeLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestAttributeLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestAttributeLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.locators;
+
+import java.net.URI;
+
+import org.jboss.security.xacml.locators.AttributeLocator;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.cond.EvaluationResult;
+import org.w3c.dom.Node;
+
+/**
+ * Test Attribute Locator
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 19, 2009
+ */
+public class TestAttributeLocator extends AttributeLocator
+{
+ @Override
+ public EvaluationResult findAttribute(String contextPath, Node namespaceNode, URI attributeType,
+ EvaluationCtx context, String xpathVersion)
+ {
+ validate();
+ return super.findAttribute(contextPath, namespaceNode, attributeType, context, xpathVersion);
+ }
+
+ @Override
+ public EvaluationResult findAttribute(URI attributeType, URI attributeId, URI issuer, URI subjectCategory,
+ EvaluationCtx context, int designatorType)
+ {
+ validate();
+ return super.findAttribute(attributeType, attributeId, issuer, subjectCategory, context, designatorType);
+ }
+
+ private void validate()
+ {
+ try
+ {
+ if("test-attrib".equals(this.getIdentifier()) == false)
+ throw new RuntimeException("Identifier is wrong in TestAttributeLocator");
+
+ String uri = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
+ if(this.getSupportedIds().contains(new URI(uri)) == false)
+ throw new RuntimeException(uri + " not in supported types");
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ }
+}
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestResourceLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestResourceLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/locators/TestResourceLocator.java 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.locators;
+
+import org.jboss.security.xacml.locators.ResourceLocator;
+import org.jboss.security.xacml.sunxacml.EvaluationCtx;
+import org.jboss.security.xacml.sunxacml.attr.AttributeValue;
+import org.jboss.security.xacml.sunxacml.finder.ResourceFinderResult;
+
+/**
+ * Test Resource locator
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 19, 2009
+ */
+public class TestResourceLocator extends ResourceLocator
+{
+
+ @Override
+ public ResourceFinderResult findChildResources(AttributeValue parentResourceId, EvaluationCtx context)
+ {
+ validate();
+ return super.findChildResources(parentResourceId, context);
+ }
+
+ @Override
+ public ResourceFinderResult findDescendantResources(AttributeValue parentResourceId, EvaluationCtx context)
+ {
+ validate();
+ return super.findDescendantResources(parentResourceId, context);
+ }
+
+ private void validate()
+ {
+ try
+ {
+ if("test-attrib".equals(this.getIdentifier()) == false)
+ throw new RuntimeException("Identifier is wrong in TestResourceLocator");
+
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/interopPolicySetConfig_additional_testlocators.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/interopPolicySetConfig_additional_testlocators.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/interopPolicySetConfig_additional_testlocators.xml 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,45 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>test/policies/interop/xacml-policySet.xml</ns:Location>
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy2.xml</ns:Location>
+ </ns:Policy>
+
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy3.xml</ns:Location>
+ </ns:Policy>
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy4.xml</ns:Location>
+ </ns:Policy>
+
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy5.xml</ns:Location>
+ </ns:Policy>
+
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator"/>
+
+ <ns:Locator Name="org.jboss.test.security.xacml.locators.TestAttributeLocator">
+ <ns:Option Name="identifier">test-attrib</ns:Option>
+ <ns:Option Name="attributeDesignatorSupport">true</ns:Option>
+ <ns:Option Name="attributeSelectorSupport">true</ns:Option>
+ <ns:Option Name="attributeDesignatorInt">0</ns:Option>
+ <ns:Option Name="attributeDesignatorInt">1</ns:Option>
+ <ns:Option Name="attributeDesignatorInt">2</ns:Option>
+ <ns:Option Name="attributeSupportedId">urn:oasis:names:tc:xacml:1.0:action:action-id</ns:Option>
+ <ns:Option Name="attributeSupportedId">http://www.w3.org/2001/XMLSchema#string</ns:Option>
+ <ns:Option Name="attributeSupportedId">urn:xacml:2.0:interop:example:subject:buy-offer-price</ns:Option>
+ <ns:Option Name="attributeSupportedId">urn:oasis:names:tc:xacml:1.0:subject:subject-id</ns:Option>
+ </ns:Locator>
+
+ <ns:Locator Name="org.jboss.test.security.xacml.locators.TestResourceLocator">
+ <ns:Option Name="identifier">test-resource</ns:Option>
+ <ns:Option Name="resourceChildSupport">true</ns:Option>
+ <ns:Option Name="resourceDescendantSupport">true</ns:Option>
+ </ns:Locator>
+
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-policy.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-policy.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-policy.xml 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Policy
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicyId="urn:xacml:2.0:interop:example:policyid:02"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Description>
+ XACML 2.0 Interop Example Policy 02: Only allow a customer whose id matches the
+ account owner-id to access the account and only if the account status is active.
+ Only allow trades that have value within credit-line and trade-limit restrictions.
+ </Description>
+ <Target/>
+ <VariableDefinition VariableId="urn:xacml:2.0:interop:example:variableid:01.2">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <ResourceAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:resource:owner-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </VariableDefinition>
+ <VariableDefinition VariableId="urn:xacml:2.0:interop:example:variableid:02">
+ <!-- Function to evaluate: -->
+ <!-- ((buy-num-shares x buy-offer-price) lt -->
+ <!-- (credit-line - current-credit) ) and -->
+ <!-- ((buy-num-shares x buy-offer-price) lt trade-limit) -->
+ <!-- If both the above expressions true, then Request within limits -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply FunctionId=
+ "urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-multiply">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:subject:buy-num-shares"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:subject:buy-offer-price"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <ResourceAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:resource:credit-line"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <ResourceAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:resource:current-credit"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ </Apply>
+ </Apply>
+ <Apply FunctionId=
+ "urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-multiply">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:subject:buy-num-shares"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:subject:buy-offer-price"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <ResourceAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:resource:trade-limit"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"/>
+ </Apply>
+ </Apply>
+ </Apply>
+ </VariableDefinition>
+ <Rule RuleId="urn:xacml:2.0:interop:example:ruleid:02"
+ Effect="Permit">
+ <Description>
+ XACML 2.0 Interop Example Rule 02: Only allow a customer whose id matches the
+ account owner-id to access the account and only if the account status is active.
+ </Description>
+ <Target>
+ <!-- This rule permits access to CustomerAccount resources -->
+ <Resources>
+ <!-- CustomerAccount -->
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >CustomerAccount</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ <!-- Account must have Active status -->
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >Active</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:xacml:2.0:interop:example:resource:account-status"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <!-- This rule only applies to the ViewAccount action -->
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >Buy</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <VariableReference VariableId="urn:xacml:2.0:interop:example:variableid:01.2"/>
+ <VariableReference VariableId="urn:xacml:2.0:interop:example:variableid:02"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule RuleId="urn:xacml:2.0:interop:example:ruleid:deny02" Effect="Deny">
+ <Description>
+ This Policy is permit-overrides, therefore if a rule above evaluated to
+ Permit this Rule will be skipped. However, if no Permit was obtained, this
+ Rule evaluates to true and so produces a Deny. Therefore evaluation of this
+ Policy results in either a Permit or Deny which is the intended effect.
+ </Description>
+ <Target/>
+ </Rule>
+ <Obligations>
+ <!-- These obligations tell PEP to provide specific data items to the response -->
+ <!-- This obligation says provide the xacml:Decision data to the response -->
+ <Obligation
+ ObligationId="urn:xacml:2.0:interop:example:obligation:decision"
+ FulfillOn="Permit"/>
+ <!-- This obligation says provide the xacml:StatusCode data to the response -->
+ <Obligation
+ ObligationId="urn:xacml:2.0:interop:example:obligation:status-code"
+ FulfillOn="Permit"/>
+ <!-- This obligation says provide the xacml:StatusMessage data to the response -->
+ <Obligation
+ ObligationId="urn:xacml:2.0:interop:example:obligation:status-message"
+ FulfillOn="Permit"/>
+ <!-- This obligation says provide the xacml:Decision data to the response -->
+ <Obligation
+ ObligationId="urn:xacml:2.0:interop:example:obligation:decision"
+ FulfillOn="Deny"/>
+ <!-- This obligation says provide the xacml:StatusCode data to the response -->
+ <Obligation
+ ObligationId="urn:xacml:2.0:interop:example:obligation:status-code"
+ FulfillOn="Deny"/>
+ <!-- This obligation says provide the xacml:StatusMessage data to the response -->
+ <Obligation
+ ObligationId="urn:xacml:2.0:interop:example:obligation:status-message"
+ FulfillOn="Deny"/>
+ </Obligations>
+</Policy>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-request.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-request.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/policies/custom/custom-request.xml 2009-03-20 03:28:36 UTC (rev 86147)
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-context:Request
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <Subject
+ SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>123456</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:user-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>John Smith</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:buy-offer-price"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"
+ Issuer="xacml20.interop.com">
+ <AttributeValue>10</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:req-credit-ext-approval"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>false</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:req-trade-approval"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>false</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>123456</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>John Smith</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:account-status"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Active</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:current-credit"
+ DataType="http://www.w3.org/2001/XMLSchema#integer">
+ <AttributeValue>10000</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:trade-limit"
+ DataType="http://www.w3.org/2001/XMLSchema#integer">
+ <AttributeValue>10000</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Buy</AttributeValue>
+ </Attribute>
+ </Action>
+ <Environment/>
+</xacml-context:Request>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list