[jboss-cvs] Picketbox SVN: r53 - in trunk/picketbox/src: main/java/org/picketbox/core and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Mar 4 16:13:57 EST 2010
Author: anil.saldhana at jboss.com
Date: 2010-03-04 16:13:57 -0500 (Thu, 04 Mar 2010)
New Revision: 53
Added:
trunk/picketbox/src/main/java/org/picketbox/core/
trunk/picketbox/src/main/java/org/picketbox/core/authorization/
trunk/picketbox/src/main/java/org/picketbox/core/authorization/resources/
trunk/picketbox/src/main/java/org/picketbox/core/authorization/resources/POJOResource.java
trunk/picketbox/src/test/java/org/picketbox/test/pojos/AuthAuthorizationAnnotatedPOJO.java
Modified:
trunk/picketbox/src/main/java/org/picketbox/plugins/PicketBoxProcessor.java
trunk/picketbox/src/test/java/org/picketbox/test/annotations/PicketBoxProcessorUnitTestCase.java
Log:
add authorization logic
Added: trunk/picketbox/src/main/java/org/picketbox/core/authorization/resources/POJOResource.java
===================================================================
--- trunk/picketbox/src/main/java/org/picketbox/core/authorization/resources/POJOResource.java (rev 0)
+++ trunk/picketbox/src/main/java/org/picketbox/core/authorization/resources/POJOResource.java 2010-03-04 21:13:57 UTC (rev 53)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketbox.core.authorization.resources;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+
+/**
+ * A resource denoting a POJO
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 4, 2010
+ */
+public class POJOResource implements Resource
+{
+ private Map<String,Object> map = new HashMap<String, Object>();
+
+ @SuppressWarnings("unused")
+ private Object pojo = null;
+
+ public POJOResource(Object obj)
+ {
+ this.pojo = obj;
+ }
+
+ public ResourceType getLayer()
+ {
+ return ResourceType.IDTRUST;
+ }
+
+ public void add(Map<String,Object> m)
+ {
+ this.map.putAll(m);
+ }
+
+ public Map<String, Object> getMap()
+ {
+ return map;
+ }
+}
\ No newline at end of file
Modified: trunk/picketbox/src/main/java/org/picketbox/plugins/PicketBoxProcessor.java
===================================================================
--- trunk/picketbox/src/main/java/org/picketbox/plugins/PicketBoxProcessor.java 2010-03-04 21:11:03 UTC (rev 52)
+++ trunk/picketbox/src/main/java/org/picketbox/plugins/PicketBoxProcessor.java 2010-03-04 21:13:57 UTC (rev 53)
@@ -50,10 +50,10 @@
import org.jboss.security.annotation.SecurityDomain;
import org.jboss.security.annotation.SecurityMapping;
import org.jboss.security.annotation.ModuleOption.VALUE_TYPE;
-import org.jboss.security.audit.AuditManager;
-import org.jboss.security.audit.config.AuditConfigEntryHolder;
import org.jboss.security.audit.config.AuditProviderEntry;
import org.jboss.security.auth.login.AuthenticationInfo;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.config.ApplicationPolicy;
@@ -65,6 +65,7 @@
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.mapping.config.MappingModuleEntry;
import org.picketbox.config.PicketBoxConfiguration;
+import org.picketbox.core.authorization.resources.POJOResource;
import org.picketbox.exceptions.PicketBoxProcessingException;
import org.picketbox.factories.SecurityFactory;
@@ -194,6 +195,8 @@
SecurityFactory.prepare();
try
{
+ boolean needAuthorization = false;
+
SecurityConfig securityConfig = objectClass.getAnnotation(SecurityConfig.class);
Authentication authenticationAnnotation = objectClass.getAnnotation(Authentication.class);
@@ -221,6 +224,8 @@
{
AuthorizationInfo authorizationInfo = getAuthorizationInfo(authorizationAnnotation, securityDomain);
aPolicy.setAuthorizationInfo(authorizationInfo);
+
+ needAuthorization = true;
}
if(auditAnnotation != null)
@@ -264,7 +269,14 @@
//apply the role mapping logic if it is configured at the security domain level
RoleGroup roles = authzMgr.getSubjectRoles(subject, cbh);
if(roles == null)
- throw new PicketBoxProcessingException("Roles from subject is null");
+ throw new PicketBoxProcessingException("Roles from subject is null");
+
+ if(needAuthorization)
+ {
+ int permit = authzMgr.authorize(new POJOResource(pojo), subject, roles);
+ if(permit != AuthorizationContext.PERMIT)
+ throw new AuthorizationException("Authorization failed");
+ }
}
catch(PrivilegedActionException pae)
{
@@ -272,6 +284,18 @@
log.trace("Exception in processing:",pae);
throw new PicketBoxProcessingException(pae.getCause());
}
+ catch (AuthorizationException e)
+ {
+ if(log.isTraceEnabled())
+ log.trace("Authorization Exception:",e);
+ throw new PicketBoxProcessingException(e);
+ }
+ catch (Exception e)
+ {
+ if(log.isTraceEnabled())
+ log.trace("Exception in processing:",e);
+ throw new PicketBoxProcessingException(e);
+ }
finally
{
SecurityFactory.release();
Modified: trunk/picketbox/src/test/java/org/picketbox/test/annotations/PicketBoxProcessorUnitTestCase.java
===================================================================
--- trunk/picketbox/src/test/java/org/picketbox/test/annotations/PicketBoxProcessorUnitTestCase.java 2010-03-04 21:11:03 UTC (rev 52)
+++ trunk/picketbox/src/test/java/org/picketbox/test/annotations/PicketBoxProcessorUnitTestCase.java 2010-03-04 21:13:57 UTC (rev 53)
@@ -34,6 +34,7 @@
import org.jboss.security.identity.plugins.SimpleRole;
import org.junit.Test;
import org.picketbox.plugins.PicketBoxProcessor;
+import org.picketbox.test.pojos.AuthAuthorizationAnnotatedPOJO;
import org.picketbox.test.pojos.AuthPlusMappingAnnotatedPOJO;
import org.picketbox.test.pojos.AuthenticationAnnotatedPOJO;
import org.picketbox.test.pojos.SecurityMappingAnnotationRolePOJO;
@@ -99,4 +100,21 @@
assertTrue("InternalUser is a role", callerRoles.containsRole(new SimpleRole("InternalUser")));
assertTrue("AuthorizedUser is a role", callerRoles.containsRole(new SimpleRole("AuthorizedUser")));
}
+
+ @Test
+ public void testAuthenticationAndAuthorization() throws Exception
+ {
+ AuthAuthorizationAnnotatedPOJO pojo = new AuthAuthorizationAnnotatedPOJO();
+
+ PicketBoxProcessor processor = new PicketBoxProcessor();
+ processor.setSecurityInfo("anil", "pass");
+ processor.process(pojo);
+
+ Principal anil = new SimplePrincipal("anil");
+ assertEquals("Principal == anil", anil, processor.getCallerPrincipal());
+ Subject callerSubject = processor.getCallerSubject();
+ assertNotNull("Subject is not null", callerSubject);
+ assertTrue("Subject contains principal anil", callerSubject.getPrincipals().contains(anil));
+ RoleGroup callerRoles = processor.getCallerRoles();
+ }
}
\ No newline at end of file
Added: trunk/picketbox/src/test/java/org/picketbox/test/pojos/AuthAuthorizationAnnotatedPOJO.java
===================================================================
--- trunk/picketbox/src/test/java/org/picketbox/test/pojos/AuthAuthorizationAnnotatedPOJO.java (rev 0)
+++ trunk/picketbox/src/test/java/org/picketbox/test/pojos/AuthAuthorizationAnnotatedPOJO.java 2010-03-04 21:13:57 UTC (rev 53)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketbox.test.pojos;
+
+import org.jboss.security.annotation.Authentication;
+import org.jboss.security.annotation.Authorization;
+import org.jboss.security.annotation.Module;
+import org.jboss.security.annotation.ModuleOption;
+
+/**
+ * POJO with both Authentication and Authorization
+ * annotations
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 4, 2010
+ */
+ at Authentication(modules={@Module(code = "org.jboss.security.auth.spi.UsersRolesLoginModule", options =
+{@ModuleOption})})
+ at Authorization(modules ={@Module(code = "org.picketbox.plugins.authorization.PicketBoxAuthorizationModule", options =
+{@ModuleOption(key="roles",value="validuser")})})
+public class AuthAuthorizationAnnotatedPOJO
+{
+
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list