cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1491478 - in /cxf/branches/2.7.x-fixes/rt/security/src: main/java/org/apache/cxf/rt/security/xacml/ test/java/org/apache/cxf/rt/security/xacml/
Date Mon, 10 Jun 2013 14:49:21 GMT
Author: coheigea
Date: Mon Jun 10 14:49:20 2013
New Revision: 1491478

URL: http://svn.apache.org/r1491478
Log:
Merged revisions 1491475 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1491475 | coheigea | 2013-06-10 15:46:13 +0100 (Mon, 10 Jun 2013) | 2 lines

  Always send Resource URI/URL in the XACML Request

........

Modified:
    cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
    cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
    cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
    cxf/branches/2.7.x-fixes/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java

Modified: cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java?rev=1491478&r1=1491477&r2=1491478&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
Mon Jun 10 14:49:20 2013
@@ -129,12 +129,19 @@ public abstract class AbstractXACMLAutho
         // Handle any Obligations returned by the PDP
         handleObligations(request, principal, message, result);
         
-        String resource = requestBuilder.getResource(message);
+        List<String> resources = requestBuilder.getResources(message);
         if (result != null 
-            && (result.getResourceId() == null || resource.equals(result.getResourceId()))
             && (result.getDecision().getDecision() == DecisionType.DECISION.Permit))
{
-            LOG.fine("XACML authorization permitted");
-            return true;
+            if (result.getResourceId() == null) {
+                LOG.fine("XACML authorization permitted");
+                return true;
+            }
+            for (String resource : resources) {
+                if (resource.equals(result.getResourceId())) {
+                    LOG.fine("XACML authorization permitted");
+                    return true;
+                }
+            }
         }
         LOG.fine("XACML authorization not permitted:");
         if (result != null && result.getStatus() != null) {

Modified: cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java?rev=1491478&r1=1491477&r2=1491478&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
Mon Jun 10 14:49:20 2013
@@ -78,7 +78,7 @@ public class DefaultXACMLRequestBuilder 
         Principal principal, List<String> roles, Message message
     ) throws Exception {
         String issuer = getIssuer(message);
-        String resource = getResource(message);
+        List<String> resources = getResources(message);
         String actionToUse = getAction(message);
         
         // Subject
@@ -109,17 +109,19 @@ public class DefaultXACMLRequestBuilder 
         SubjectType subjectType = RequestComponentBuilder.createSubjectType(attributes, null);
         
         // Resource
-        AttributeValueType resourceAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(resource);
-        AttributeType resourceAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.RESOURCE_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(resourceAttributeValue)
-            );
         attributes.clear();
-        attributes.add(resourceAttribute);
+        for (String resource : resources) {
+            AttributeValueType resourceAttributeValue = 
+                RequestComponentBuilder.createAttributeValueType(resource);
+            AttributeType resourceAttribute = 
+                RequestComponentBuilder.createAttributeType(
+                        XACMLConstants.RESOURCE_ID,
+                        XACMLConstants.XS_STRING,
+                        null,
+                        Collections.singletonList(resourceAttributeValue)
+                );
+            attributes.add(resourceAttribute);
+        }
         ResourceType resourceType = RequestComponentBuilder.createResourceType(attributes,
null);
         
         // Action
@@ -207,8 +209,24 @@ public class DefaultXACMLRequestBuilder 
     
     
     /**
-     * Return the Resource that has been inserted into the Request
+     * Return the Resources that have been inserted into the Request
      */
+    public List<String> getResources(Message message) {
+        if (message == null) {
+            return Collections.emptyList();
+        }
+        List<String> resources = new ArrayList<String>();
+        if (message.get(Message.WSDL_OPERATION) != null) {
+            resources.add(message.get(Message.WSDL_OPERATION).toString());
+        } 
+        if (sendFullRequestURL) {
+            resources.add((String)message.get(Message.REQUEST_URL));
+        } else {
+            resources.add((String)message.get(Message.REQUEST_URI));
+        }
+        return resources;
+    }
+    
     public String getResource(Message message) {
         if (message == null) {
             return null;

Modified: cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java?rev=1491478&r1=1491477&r2=1491478&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
Mon Jun 10 14:49:20 2013
@@ -45,10 +45,19 @@ public interface XACMLRequestBuilder {
     ) throws Exception;
     
     /**
+     * Return the list of Resources that have been inserted into the Request.
+     * 
+     * @param message The Message from which to retrieve the resource
+     * @return the list of Resources that have been inserted into the Request
+     */
+    List<String> getResources(Message message);
+    
+    /**
      * Return the Resource that has been inserted into the Request.
      * 
      * @param message The Message from which to retrieve the resource
      * @return the Resource that has been inserted into the Request
      */
+    @Deprecated
     String getResource(Message message);
 }

Modified: cxf/branches/2.7.x-fixes/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java?rev=1491478&r1=1491477&r2=1491478&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
Mon Jun 10 14:49:20 2013
@@ -74,7 +74,7 @@ public class XACMLRequestBuilderTest ext
             builder.createRequest(principal, Collections.singletonList("manager"), msg);
         assertNotNull(request); 
         
-        assertEquals(operation, builder.getResource(msg));
+        assertTrue(builder.getResources(msg).contains(operation));
         
         operation = "user/list.json";
         msg = new MessageImpl();
@@ -83,7 +83,7 @@ public class XACMLRequestBuilderTest ext
         request = builder.createRequest(principal, Collections.singletonList("manager"),
msg);
         assertNotNull(request); 
         
-        assertEquals(operation, builder.getResource(msg));
+        assertTrue(builder.getResources(msg).contains(operation));
         
         operation = "https://localhost:8080/user/list.json";
         msg = new MessageImpl();
@@ -93,7 +93,7 @@ public class XACMLRequestBuilderTest ext
         request = builder.createRequest(principal, Collections.singletonList("manager"),
msg);
         assertNotNull(request); 
         
-        assertEquals(operation, builder.getResource(msg));
+        assertTrue(builder.getResources(msg).contains(operation));
     }
     
     @org.junit.Test



Mime
View raw message