[jboss-cvs] JBossAS SVN: r107905 - in projects/security/security-xacml/trunk: jboss-xacml/src/main/java/org/jboss/security/xacml/core and 9 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Aug 30 21:10:47 EDT 2010
Author: anil.saldhana at jboss.com
Date: 2010-08-30 21:10:46 -0400 (Mon, 30 Aug 2010)
New Revision: 107905
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/CacheLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/DecisionCacheLocator.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig_WithSpeed.xml
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/env/
projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/env/DateTimeRequest.xml
Modified:
projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StandardAttributeFactory.java
projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StringAttribute.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossPDP.java
projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java
Log:
SECURITY-522: SECURITY-521: cache for decisions
Modified: projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StandardAttributeFactory.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StandardAttributeFactory.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StandardAttributeFactory.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -82,6 +82,7 @@
* @since 1.2
* @author Seth Proctor
*/
+ at SuppressWarnings({"unchecked", "rawtypes"})
public class StandardAttributeFactory extends BaseAttributeFactory
{
Modified: projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StringAttribute.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StringAttribute.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-sunxacml/src/main/java/org/jboss/security/xacml/sunxacml/attr/StringAttribute.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -39,7 +39,6 @@
import java.net.URI;
import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
/**
@@ -60,7 +59,7 @@
* @author Marco Barreno
* @author Seth Proctor
* @author Steve Hanna
- */
+ */
public class StringAttribute extends AttributeValue
{
/**
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossPDP.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossPDP.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossPDP.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -60,6 +60,9 @@
import org.jboss.security.xacml.jaxb.PolicyType;
import org.jboss.security.xacml.locators.AttributeLocator;
import org.jboss.security.xacml.locators.ResourceLocator;
+import org.jboss.security.xacml.locators.cache.CacheLocator;
+import org.jboss.security.xacml.locators.cache.DecisionCacheLocator;
+import org.jboss.security.xacml.locators.cache.DecisionCacheLocator.DecisionCacheLocatorRequest;
import org.jboss.security.xacml.sunxacml.PDPConfig;
import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
@@ -97,6 +100,8 @@
private Set<PolicyLocator> policyLocators = new HashSet<PolicyLocator>();
private Set<ResourceLocator> resourceLocators = new HashSet<ResourceLocator>();
+ private List<CacheLocator> cacheLocators = new ArrayList<CacheLocator>();
+
private Set<XACMLPolicy> policies = new HashSet<XACMLPolicy>();
private JBossPolicyFinder policyFinder = new JBossPolicyFinder();
@@ -281,7 +286,37 @@
lock.lock();
try
{
- resp = policyDecisionPoint.evaluate(req);
+ int cacheLocatorsLength = cacheLocators.size();
+
+ if( cacheLocatorsLength > 0 )
+ {
+ for( int i = 0 ; i < cacheLocatorsLength; i++ )
+ {
+ CacheLocator cacheLocator = cacheLocators.get(i);
+ resp = cacheLocator.get( req );
+ if( resp != null )
+ break;
+ }
+ }
+
+ //We got nothing from the cache?
+ if( resp == null )
+ {
+ resp = policyDecisionPoint.evaluate(req);
+
+ //add it to cache locators
+ if( cacheLocatorsLength > 0 )
+ {
+ for( int i = 0 ; i < cacheLocatorsLength; i++ )
+ {
+ CacheLocator cacheLocator = cacheLocators.get(i);
+ if( cacheLocator instanceof DecisionCacheLocator )
+ {
+ ( ( DecisionCacheLocator ) cacheLocator ).add( req, resp );
+ }
+ }
+ }
+ }
}
finally
{
@@ -335,18 +370,20 @@
pl.setPolicies(policies);
this.policyLocators.add(pl);
}
- else
- if(locator instanceof AttributeLocator)
- {
- AttributeLocator attribLocator = (AttributeLocator) locator;
- this.attributeLocators.add(attribLocator);
- }
- else
- if(locator instanceof ResourceLocator)
- {
- ResourceLocator resourceLocator = (ResourceLocator) locator;
- this.resourceLocators.add(resourceLocator);
- }
+ else if(locator instanceof AttributeLocator)
+ {
+ AttributeLocator attribLocator = (AttributeLocator) locator;
+ this.attributeLocators.add(attribLocator);
+ }
+ else if(locator instanceof ResourceLocator)
+ {
+ ResourceLocator resourceLocator = (ResourceLocator) locator;
+ this.resourceLocators.add(resourceLocator);
+ }
+ else if( locator instanceof CacheLocator )
+ {
+ this.cacheLocators.add( (CacheLocator) locator );
+ }
}
//Since we do not have any policies in the config file, we need to specify
@@ -382,6 +419,7 @@
//Go through the Locators
for (PolicyLocator locator : policyLocators)
{
+ @SuppressWarnings("rawtypes")
List finderModulesList = (List) locator.get(XACMLConstants.POLICY_FINDER_MODULE);
if (finderModulesList == null)
throw new IllegalStateException("Locator " + locator.getClass().getName() + " has no policy finder modules");
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/core/JBossResponseContext.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -140,10 +140,10 @@
Status status = result.getStatus();
StatusType statusType = objectFactory.createStatusType();
StatusCodeType statusCodeType = objectFactory.createStatusCodeType();
- List statusList = status.getCode();
+ List<String> statusList = status.getCode();
if(statusList != null && statusList.size() > 0)
{
- statusCodeType.setValue((String) statusList.get(0));
+ statusCodeType.setValue( statusList.get(0) );
}
statusType.setStatusMessage(status.getMessage());
statusType.setStatusCode(statusCodeType);
Added: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/CacheLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/CacheLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/CacheLocator.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -0,0 +1,70 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.locators.cache;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.security.xacml.interfaces.AbstractLocator;
+import org.jboss.security.xacml.jaxb.Option;
+import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
+import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
+
+/**
+ * Base Class for Cache Locators
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 27, 2010
+ */
+public abstract class CacheLocator implements AbstractLocator
+{
+ protected List<Option> options = new ArrayList<Option>();
+
+ protected Map<String,Object> optionMap = new HashMap<String, Object>();
+
+ protected Map<String,Object> contextMap = new HashMap<String,Object>();
+
+ @SuppressWarnings("unchecked")
+ public <T> T get(String key)
+ {
+ return (T) contextMap.get(key);
+ }
+
+ public <T> void set(String key, T obj)
+ {
+ this.contextMap.put( key, obj );
+ }
+
+ public void setOptions(List<Option> options)
+ {
+ this.options.addAll( options );
+ int len = options.size();
+ for( int i = 0 ; i < len; i ++ )
+ {
+ Option option = options.get(i);
+ optionMap.put( option.getName(), option.getContent().iterator().next() );
+ }
+ }
+
+ public abstract ResponseCtx get( RequestCtx request );
+}
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/DecisionCacheLocator.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/DecisionCacheLocator.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/java/org/jboss/security/xacml/locators/cache/DecisionCacheLocator.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -0,0 +1,248 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.locators.cache;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.WeakHashMap;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.jboss.security.xacml.sunxacml.ctx.Attribute;
+import org.jboss.security.xacml.sunxacml.ctx.RequestCtx;
+import org.jboss.security.xacml.sunxacml.ctx.ResponseCtx;
+import org.jboss.security.xacml.sunxacml.ctx.Subject;
+
+
+/**
+ * A Cache that stores decisions made on requests.
+ *
+ * NOTE: Configure this if you know that your requests are going to closely match each other.
+ * If the requests are going to be independent, then the cache will just grow. Since the cache
+ * implementation uses a {@code java.util.WeakHashMap}, the cache is going to be JDK controlled
+ * under the Garbage Collector.
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 27, 2010
+ */
+public class DecisionCacheLocator extends CacheLocator
+{
+ private static Logger log = Logger.getLogger( DecisionCacheLocator.class.getCanonicalName() );
+
+ protected WeakHashMap<RequestCtx, ResponseCtx> correctnessDecisionMap = null;
+
+ protected LinkedHashMap< RequestCtx, ResponseCtx> speedDecisionMap = null;
+
+ public static final String IGNORE_SUBJECT_ID = "ignoreSubjectID";
+ public static final String IGNORE_RESOURCE_ID = "ignoreResourceID";
+ public static final String IGNORE_ACTION_ID = "ignoreActionID";
+ public static final String IGNORE_ENVIRONMENT_ID = "ignoreEnvironmentID";
+
+ public static final String ENHANCE_SPEED = "enhanceSpeed";
+
+ public void add( RequestCtx request, ResponseCtx response )
+ {
+ RequestCtx cacheRequest = preprocessRequest( request );
+
+ if( needCorrectness() )
+ {
+ this.validateCorrectnessMap();
+ this.correctnessDecisionMap.put( cacheRequest, response );
+ }
+ else
+ {
+ this.validateSpeedMap();
+ this.speedDecisionMap.put( cacheRequest, response );
+ }
+ }
+
+ public ResponseCtx get( RequestCtx request )
+ {
+ RequestCtx cacheRequest = preprocessRequest( request );
+
+ ResponseCtx response = null;
+
+ int correctnessSize = correctnessDecisionMap != null ? correctnessDecisionMap.size() : 0;
+ int speedSize = speedDecisionMap != null ? speedDecisionMap.size() : 0;
+
+
+ if( needCorrectness() )
+ {
+ this.validateCorrectnessMap();
+ response = this.correctnessDecisionMap.get( cacheRequest );
+ }
+ else
+ {
+ this.validateSpeedMap();
+ response = this.speedDecisionMap.get( cacheRequest );
+ }
+
+ if( response == null )
+ {
+
+ log.log( Level.FINEST, "Cache Miss with " + toString() + " correctness size=" + correctnessSize
+ + " speed size=" + speedSize );
+ }
+
+ return response;
+ }
+
+ public static class DecisionCacheLocatorRequest extends RequestCtx
+ {
+ @SuppressWarnings("rawtypes")
+ public DecisionCacheLocatorRequest(List subjects, List resource, List action, List environment)
+ {
+ super(subjects, resource, action, environment);
+ }
+
+ @SuppressWarnings("rawtypes")
+ public static RequestCtx from( RequestCtx request, List<String> ignoreSubjectIDs,
+ List<String> ignoreResourceIDs, List<String> ignoreActionIDs, List<String> ignoreEnvIDs )
+ {
+ List requestSubject = request.getSubjectsAsList();
+ if( ignoreSubjectIDs != null )
+ requestSubject = processSubject( requestSubject, ignoreSubjectIDs );
+
+ List requestResource = request.getResourceAsList();
+ if( ignoreResourceIDs != null )
+ requestResource = processAttributes( requestResource, ignoreResourceIDs );
+
+ List requestAction = request.getActionAsList();
+ if( ignoreActionIDs != null )
+ requestAction = processAttributes(requestAction, ignoreActionIDs);
+
+ List requestEnvironment = request.getEnvironmentAttributesAsList();
+
+ if( ignoreEnvIDs != null )
+ requestEnvironment = processAttributes( requestEnvironment, ignoreEnvIDs );
+
+ RequestCtx myRequest = new DecisionCacheLocatorRequest( requestSubject, requestResource, requestAction, requestEnvironment);
+ return myRequest;
+ }
+
+ @SuppressWarnings({"rawtypes", "unchecked"})
+ private static List processSubject( List origSet, List<String> ignoreIDs )
+ {
+ List resultSet = new ArrayList();
+
+ Iterator envIter = origSet != null ? origSet.iterator() : null;
+
+ while( envIter != null && envIter.hasNext() )
+ {
+ Subject subject = (Subject) envIter.next();
+ List attributes = subject.getAttributesAsList();
+
+ attributes = processAttributes(attributes, ignoreIDs);
+
+ Subject newSubject = new Subject(attributes);
+ resultSet.add(newSubject);
+ }
+ return resultSet;
+ }
+
+ @SuppressWarnings({"rawtypes", "unchecked"})
+ private static List processAttributes( List origSet, List<String> ignoreIDs )
+ {
+ List resultSet = new ArrayList();
+
+ Iterator envIter = origSet != null ? origSet.iterator() : null;
+
+ while( envIter != null && envIter.hasNext() )
+ {
+ Attribute iterObject = (Attribute) envIter.next();
+
+ String id = iterObject.getId().toASCIIString();
+
+ if( ignoreIDs.contains( id ))
+ continue;
+
+ resultSet.add( iterObject );
+ }
+ return resultSet;
+ }
+
+ }
+
+ private RequestCtx preprocessRequest( RequestCtx request )
+ {
+ List<String> subjectID = new ArrayList<String>();
+ List<String> resourceID = new ArrayList<String>();
+ List<String> actionID = new ArrayList<String>();
+ List<String> envID = new ArrayList<String>();
+
+ String ignoreSubjectOption = (String) optionMap.get( IGNORE_SUBJECT_ID );
+ String ignoreResourceOption = (String) optionMap.get( IGNORE_RESOURCE_ID );
+ String ignoreActionOption = (String) optionMap.get( IGNORE_ACTION_ID );
+ String ignoreEnvOption = (String) optionMap.get( IGNORE_ENVIRONMENT_ID );
+
+ subjectID.addAll( getTokenList( ignoreSubjectOption ));
+ resourceID.addAll( getTokenList( ignoreResourceOption ));
+ actionID.addAll( getTokenList( ignoreActionOption ));
+ envID.addAll( getTokenList( ignoreEnvOption ));
+
+ return DecisionCacheLocatorRequest.from( request,
+ subjectID, resourceID, actionID, envID );
+ }
+
+ private List<String> getTokenList( String commaSeparatedListOfStrings )
+ {
+ List<String> stringList = new ArrayList<String>();
+
+ if( commaSeparatedListOfStrings != null )
+ {
+ StringTokenizer st = new StringTokenizer(commaSeparatedListOfStrings, ",");
+
+ while( st != null && st.hasMoreTokens() )
+ {
+ stringList.add( st.nextToken() );
+ }
+ }
+ return stringList;
+ }
+
+ private boolean needCorrectness()
+ {
+ boolean correctness = false;
+ String correct = (String) optionMap.get( ENHANCE_SPEED );
+ if( correct != null && "false".equalsIgnoreCase( correct ))
+ correctness = true;
+
+ return correctness;
+ }
+
+ private void validateCorrectnessMap()
+ {
+ if( correctnessDecisionMap == null )
+ correctnessDecisionMap = new WeakHashMap<RequestCtx, ResponseCtx>();
+ }
+
+ private void validateSpeedMap()
+ {
+ if( speedDecisionMap == null )
+ speedDecisionMap = new LinkedHashMap<RequestCtx, ResponseCtx>( 100, 5, true );
+ }
+}
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/config/JBossXACMLConfigUnitTestCase.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -41,6 +41,7 @@
import org.jboss.security.xacml.jaxb.PDP;
import org.jboss.security.xacml.jaxb.PoliciesType;
import org.jboss.security.xacml.jaxb.PolicySetType;
+import org.jboss.test.security.xacml.core.AbstractJBossXACMLInteropTestBase;
import org.jboss.test.security.xacml.factories.util.XACMLTestUtil;
@@ -50,7 +51,7 @@
* @since Jul 5, 2007
* @version $Revision$
*/
-public class JBossXACMLConfigUnitTestCase extends TestCase
+public class JBossXACMLConfigUnitTestCase extends AbstractJBossXACMLInteropTestBase
{
public void testBasicPolicySetConfig() throws Exception
{
@@ -109,7 +110,7 @@
URL configFile = tcl.getResource("test/config/interopPolicySetConfig.xml");
assertNotNull("configFile != null", configFile);
PolicyDecisionPoint pdp = new JBossPDP(configFile);
- XACMLTestUtil.validateInteropCases(pdp);
+ validateInteropCases(pdp);
}
/**
@@ -128,7 +129,7 @@
assertNotNull("configFile != null", configFile);
PolicyDecisionPoint pdp = new JBossPDP(j);
- XACMLTestUtil.validateInteropCases(pdp);
+ validateInteropCases(pdp);
}
/**
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/core/JBossPDPUnitTestCase.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -23,8 +23,6 @@
import java.io.InputStream;
-import junit.framework.TestCase;
-
import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.core.model.context.ActionType;
import org.jboss.security.xacml.core.model.context.AttributeType;
@@ -46,7 +44,7 @@
* @since Jul 6, 2007
* @version $Revision$
*/
-public class JBossPDPUnitTestCase extends TestCase
+public class JBossPDPUnitTestCase extends AbstractJBossXACMLInteropTestBase
{
/**Enable to see the xacml request in system out for the objects case**/
//Enable for request trace
@@ -77,7 +75,7 @@
7 10000 15000 10000 True True 1000 10 Permit
*/
- XACMLTestUtil.validateInteropCases(pdp);
+ validateInteropCases(pdp);
}
public void testInteropTestWithObjects() throws Exception
@@ -90,9 +88,9 @@
assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
getRequestContext("false", "false", 10)));
- assertEquals("Case 2 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ assertEquals("Case 2 should be permit", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
getRequestContext("false", "false", 1)));
- assertEquals("Case 3 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ assertEquals("Case 3 should be permit", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
getRequestContext("true", "false", 5)));
assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
getRequestContext("false", "false", 9)));
@@ -100,7 +98,7 @@
getRequestContext("true", "false", 10)));
assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
getRequestContext("true", "false", 15)));
- assertEquals("Case 7 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ assertEquals("Case 7 should be permit", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
getRequestContext("true", "true", 10)));
}
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java 2010-08-31 01:09:29 UTC (rev 107904)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/java/org/jboss/test/security/xacml/factories/util/XACMLTestUtil.java 2010-08-31 01:10:46 UTC (rev 107905)
@@ -33,7 +33,6 @@
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
import org.jboss.security.xacml.interfaces.RequestContext;
import org.jboss.security.xacml.interfaces.ResponseContext;
-import org.jboss.security.xacml.interfaces.XACMLConstants;
/**
@@ -46,6 +45,22 @@
{
//Enable for request trace
private static boolean debug = "true".equals(System.getProperty("debug", "false"));
+
+ /**
+ * Given a request stored in a file, return the xacml request
+ * @param requestFileLoc
+ * @return
+ * @throws Exception
+ */
+ public static RequestContext getRequest( String requestFileLoc ) throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(requestFileLoc);
+ RequestContext request = RequestResponseContextFactory.createRequestCtx();
+ request.readRequest(is);
+
+ return request;
+ }
/**
* Get the decision from the PDP
@@ -73,11 +88,8 @@
*/
public static ResponseContext getResponse(PolicyDecisionPoint pdp,
String requestFileLoc) throws Exception
- {
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- InputStream is = tcl.getResourceAsStream(requestFileLoc);
- RequestContext request = RequestResponseContextFactory.createRequestCtx();
- request.readRequest(is);
+ {
+ RequestContext request = getRequest( requestFileLoc );
if (debug)
request.marshall(System.out);
return getResponse(pdp,request);
@@ -157,29 +169,5 @@
return "ROLES";
}
};
- }
-
- /**
- * Validate the 7 Oasis XACML Interoperability Use Cases
- * @param pdp
- * @throws Exception
- */
- public static void validateInteropCases(PolicyDecisionPoint pdp) throws Exception
- {
- TestCase.assertNotNull("JBossPDP is != null", pdp);
- TestCase.assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase1-request.xml"));
- TestCase.assertEquals("Case 2 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase2-request.xml"));
- TestCase.assertEquals("Case 3 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase3-request.xml"));
- TestCase.assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase4-request.xml"));
- TestCase.assertEquals("Case 5 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase5-request.xml"));
- TestCase.assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase6-request.xml"));
- TestCase.assertEquals("Case 7 should be deny", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
- "test/requests/interop/scenario2-testcase7-request.xml"));
- }
-}
+ }
+}
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig.xml 2010-08-31 01:10:46 UTC (rev 107905)
@@ -0,0 +1,29 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>test/policies/interop/xacml-policySet.xml</ns:Location>
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy2.xml</ns:Location>
+ </ns:Policy>
+
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy3.xml</ns:Location>
+ </ns:Policy>
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy4.xml</ns:Location>
+ </ns:Policy>
+
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy5.xml</ns:Location>
+ </ns:Policy>
+
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator" />
+ <ns:Locator Name="org.jboss.security.xacml.locators.cache.DecisionCacheLocator" >
+ <ns:Option Name="ignoreEnvironmentID">urn:oasis:names:tc:xacml:1.0:environment:current-time</ns:Option>
+ <ns:Option Name="enhanceSpeed">false</ns:Option>
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig_WithSpeed.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig_WithSpeed.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/config/cache/DecisionCacheLocatorConfig_WithSpeed.xml 2010-08-31 01:10:46 UTC (rev 107905)
@@ -0,0 +1,29 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>test/policies/interop/xacml-policySet.xml</ns:Location>
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy2.xml</ns:Location>
+ </ns:Policy>
+
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy3.xml</ns:Location>
+ </ns:Policy>
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy4.xml</ns:Location>
+ </ns:Policy>
+
+ <ns:Policy>
+ <ns:Location>test/policies/interop/xacml-policy5.xml</ns:Location>
+ </ns:Policy>
+
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator" />
+ <ns:Locator Name="org.jboss.security.xacml.locators.cache.DecisionCacheLocator" >
+ <ns:Option Name="ignoreEnvironmentID">urn:oasis:names:tc:xacml:1.0:environment:current-time</ns:Option>
+ <ns:Option Name="enhanceSpeed">true</ns:Option>
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/env/DateTimeRequest.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/env/DateTimeRequest.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/test/requests/env/DateTimeRequest.xml 2010-08-31 01:10:46 UTC (rev 107905)
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-context:Request
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <Subject
+ SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>123456</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:user-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>John Smith</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:buy-num-shares"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"
+ Issuer="xacml20.interop.com">
+ <AttributeValue>1000</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:buy-offer-price"
+ DataType="http://www.w3.org/2001/XMLSchema#integer"
+ Issuer="xacml20.interop.com">
+ <AttributeValue>10</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:req-credit-ext-approval"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>false</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:subject:req-trade-approval"
+ DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
+ <AttributeValue>false</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>CustomerAccount</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>123456</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-name"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>John Smith</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:account-status"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Active</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:credit-line"
+ DataType="http://www.w3.org/2001/XMLSchema#integer">
+ <AttributeValue>15000</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:current-credit"
+ DataType="http://www.w3.org/2001/XMLSchema#integer">
+ <AttributeValue>10000</AttributeValue>
+ </Attribute>
+ <Attribute AttributeId="urn:xacml:2.0:interop:example:resource:trade-limit"
+ DataType="http://www.w3.org/2001/XMLSchema#integer">
+ <AttributeValue>10000</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Buy</AttributeValue>
+ </Attribute>
+ </Action>
+ <Environment>
+ <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"
+ DataType="http://www.w3.org/2001/XMLSchema#dateTime">
+ <AttributeValue>2007-10-18T01:38:32.687000000-05:00</AttributeValue>
+ </Attribute>
+ </Environment>
+
+</xacml-context:Request>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list