cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cschnei...@apache.org
Subject svn commit: r1502553 - in /cxf/trunk/rt/security: ./ src/main/java/org/apache/cxf/rt/security/xacml/ src/main/java/org/apache/cxf/rt/security/xacml/pdp/ src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/ src/test/java/org/apache/cxf/rt/security/xa...
Date Fri, 12 Jul 2013 13:37:12 GMT
Author: cschneider
Date: Fri Jul 12 13:37:12 2013
New Revision: 1502553

URL: http://svn.apache.org/r1502553
Log:
CXF-5121 Refactor for better readability

Added:
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
      - copied, changed from r1502463, cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java
  (with props)
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PDPException.java
  (with props)
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PolicyDecisionPoint.java
  (with props)
    cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/CXFMessageParserTest.java
  (with props)
    cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyXACMLAuthorizingInterceptor.java
      - copied, changed from r1502463, cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptor.java
Removed:
    cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptor.java
Modified:
    cxf/trunk/rt/security/   (props changed)
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
    cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
    cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java
    cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java

Propchange: cxf/trunk/rt/security/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Fri Jul 12 13:37:12 2013
@@ -1 +1,7 @@
 target
+
+.settings
+
+.project
+
+.classpath

Copied: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
(from r1502463, cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java?p2=cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java&p1=cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java&r1=1502463&r2=1502553&rev=1502553&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
(original)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
Fri Jul 12 13:37:12 2013
@@ -40,10 +40,11 @@ import org.apache.cxf.security.LoginSecu
 import org.apache.cxf.security.SecurityContext;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.util.DOM2Writer;
-import org.opensaml.xacml.ctx.DecisionType;
+import org.opensaml.xacml.ctx.DecisionType.DECISION;
 import org.opensaml.xacml.ctx.RequestType;
 import org.opensaml.xacml.ctx.ResponseType;
 import org.opensaml.xacml.ctx.ResultType;
+import org.opensaml.xacml.ctx.StatusType;
 
 
 /**
@@ -129,31 +130,20 @@ public abstract class AbstractXACMLAutho
         // Handle any Obligations returned by the PDP
         handleObligations(request, principal, message, result);
         
-        List<String> resources = requestBuilder.getResources(message);
-        if (result != null 
-            && (result.getDecision().getDecision() == DecisionType.DECISION.Permit))
{
-            if (result.getResourceId() == null) {
-                LOG.fine("XACML authorization permitted");
-                return true;
-            }
-            for (String resource : resources) {
-                if (resource.equals(result.getResourceId())) {
-                    LOG.fine("XACML authorization permitted");
-                    return true;
-                }
-            }
+        if (result == null) {
+            return false;
         }
-        LOG.fine("XACML authorization not permitted:");
-        if (result != null && result.getStatus() != null) {
-            if (result.getStatus().getStatusCode() != null) {
-                LOG.fine("XACML Status Code: " + result.getStatus().getStatusCode().getValue());
-            }
-            if (result.getStatus().getStatusMessage() != null) {
-                LOG.fine("XACML Status Message: " + result.getStatus().getStatusMessage().getValue());
-            }
+
+        DECISION decision = result.getDecision() != null ? result.getDecision().getDecision()
: DECISION.Deny; 
+        String code = "";
+        String statusMessage = "";
+        if (result.getStatus() != null) {
+            StatusType status = result.getStatus();
+            code = status.getStatusCode() != null ? status.getStatusCode().getValue() : "";
+            statusMessage = status.getStatusMessage() != null ? status.getStatusMessage().getValue()
: "";
         }
-        
-        return false;
+        LOG.fine("XACML authorization result: " + decision + ", code: " + code + ", message:
" + statusMessage);
+        return decision == DECISION.Permit;
     }
     
     public abstract ResponseType performRequest(RequestType request, Message message) throws
Exception;

Added: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java?rev=1502553&view=auto
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java
(added)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java
Fri Jul 12 13:37:12 2013
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.xacml;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.interceptor.security.SAMLSecurityContext;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+
+public class CXFMessageParser {
+    private Message message;
+
+    /**
+     * @param message
+     * @param fullRequestURL Whether to send the full Request URL as the resource or not.
If set to true, the
+     *            full Request URL will be sent for both a JAX-WS and JAX-RS service. If
set to false (the
+     *            default), a JAX-WS service will send the "{namespace}operation" QName,
and a JAX-RS service
+     *            will send the RequestURI (i.e. minus the initial https:<ip> prefix)
+     */
+    public CXFMessageParser(Message message) {
+        this.message = message;
+    }
+
+    /**
+     * Return the Resources that have been inserted into the Request
+     */
+    public List<String> getResources(boolean fullRequestURL) {
+        if (message == null) {
+            return Collections.emptyList();
+        }
+        List<String> resources = new ArrayList<String>();
+        if (message.get(Message.WSDL_OPERATION) != null) {
+            resources.add(message.get(Message.WSDL_OPERATION).toString());
+        }
+        String property = fullRequestURL ? Message.REQUEST_URL : Message.REQUEST_URI;
+        String request = (String)message.get(property);
+        if (request != null) {
+            resources.add(request);
+        }
+        return resources;
+    }
+
+    public String getAction(String defaultSOAPAction) {
+        String actionToUse = defaultSOAPAction;
+        // For REST use the HTTP Verb
+        if (message.get(Message.WSDL_OPERATION) == null && message.get(Message.HTTP_REQUEST_METHOD)
!= null) {
+            actionToUse = (String)message.get(Message.HTTP_REQUEST_METHOD);
+        }
+        return actionToUse;
+    }
+
+    /**
+     * Get the Issuer of the SAML Assertion
+     */
+    public String getIssuer() throws WSSecurityException {
+        SecurityContext sc = message.get(SecurityContext.class);
+
+        if (sc instanceof SAMLSecurityContext) {
+            Element assertionElement = ((SAMLSecurityContext)sc).getAssertionElement();
+            if (assertionElement != null) {
+                SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertionElement);
+                return wrapper.getIssuerString();
+            }
+        }
+
+        return null;
+    }
+}

Propchange: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java?rev=1502553&r1=1502552&r2=1502553&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
(original)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
Fri Jul 12 13:37:12 2013
@@ -24,181 +24,103 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import org.w3c.dom.Element;
-
-import org.apache.cxf.interceptor.security.SAMLSecurityContext;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.security.SecurityContext;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.joda.time.DateTime;
 import org.opensaml.xacml.ctx.ActionType;
 import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.AttributeValueType;
 import org.opensaml.xacml.ctx.EnvironmentType;
 import org.opensaml.xacml.ctx.RequestType;
 import org.opensaml.xacml.ctx.ResourceType;
 import org.opensaml.xacml.ctx.SubjectType;
 
-
 /**
- * This class constructs an XACML Request given a Principal, list of roles and MessageContext,
- * following the SAML 2.0 profile of XACML 2.0. The principal name is inserted as the Subject
ID,
- * and the list of roles associated with that principal are inserted as Subject roles.
- * 
- * The action to send defaults to "execute". The resource is the WSDL Operation for a SOAP
service,
- * and the request URI for a REST service. You can also configure the ability to send the
full
- * request URL instead for a SOAP or REST service. The current DateTime is also sent in an
- * Environment, however this can be disabled via configuration. 
+ * This class constructs an XACML Request given a Principal, list of roles and MessageContext,
following the
+ * SAML 2.0 profile of XACML 2.0. The principal name is inserted as the Subject ID, and the
list of roles
+ * associated with that principal are inserted as Subject roles. The action to send defaults
to "execute". The
+ * resource is the WSDL Operation for a SOAP service, and the request URI for a REST service.
You can also
+ * configure the ability to send the full request URL instead for a SOAP or REST service.
The current DateTime
+ * is also sent in an Environment, however this can be disabled via configuration.
  */
 public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
-    
-    private String action = "execute";
+
     private boolean sendDateTime = true;
+    private String action = "execute";
     private boolean sendFullRequestURL;
-    
-    /**
-     * Set a new Action String to use
-     */
-    public void setAction(String newAction) {
-        action = newAction;
-    }
-    
-    /**
-     * Get the Action String currently in use
-     */
-    public String getAction() {
-        return action;
-    }
-    
+
     /**
      * Create an XACML Request given a Principal, list of roles and Message.
      */
-    public RequestType createRequest(
-        Principal principal, List<String> roles, Message message
-    ) throws Exception {
-        String issuer = getIssuer(message);
-        List<String> resources = getResources(message);
-        String actionToUse = getAction(message);
-        
-        // Subject
+    public RequestType createRequest(Principal principal, List<String> roles, Message
message)
+        throws Exception {
+        CXFMessageParser messageParser = new CXFMessageParser(message);
+        String issuer = messageParser.getIssuer();
+        List<String> resources = messageParser.getResources(sendFullRequestURL);
+        String actionToUse = messageParser.getAction(action);
+
+        SubjectType subjectType = createSubjectType(principal, roles, issuer);
+        ResourceType resourceType = createResourceType(resources);
+        AttributeType actionAttribute = createAttribute(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING,
+                                                        null, actionToUse);
+        ActionType actionType = RequestComponentBuilder.createActionType(Collections.singletonList(actionAttribute));
+
+        return RequestComponentBuilder.createRequestType(Collections.singletonList(subjectType),
+                                                         Collections.singletonList(resourceType),

+                                                         actionType,
+                                                         createEnvironmentType());
+    }
+
+    private ResourceType createResourceType(List<String> resources) {
         List<AttributeType> attributes = new ArrayList<AttributeType>();
-        AttributeValueType subjectIdAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(principal.getName());
-        AttributeType subjectIdAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.SUBJECT_ID,
-                    XACMLConstants.XS_STRING,
-                    issuer,
-                    Collections.singletonList(subjectIdAttributeValue)
-            );
-        attributes.add(subjectIdAttribute);
-        
-        for (String role : roles) {
-            if (role != null) {
-                AttributeValueType subjectRoleAttributeValue = 
-                    RequestComponentBuilder.createAttributeValueType(role);
-                AttributeType subjectRoleAttribute = 
-                    RequestComponentBuilder.createAttributeType(
-                            XACMLConstants.SUBJECT_ROLE,
-                            XACMLConstants.XS_ANY_URI,
-                            issuer,
-                            Collections.singletonList(subjectRoleAttributeValue)
-                    );
-                attributes.add(subjectRoleAttribute);
-            }
-        }
-        SubjectType subjectType = RequestComponentBuilder.createSubjectType(attributes, null);
-        
-        // Resource
-        attributes.clear();
         for (String resource : resources) {
             if (resource != null) {
-                AttributeValueType resourceAttributeValue = 
-                    RequestComponentBuilder.createAttributeValueType(resource);
-                AttributeType resourceAttribute = 
-                    RequestComponentBuilder.createAttributeType(
-                            XACMLConstants.RESOURCE_ID,
-                            XACMLConstants.XS_STRING,
-                            null,
-                            Collections.singletonList(resourceAttributeValue)
-                    );
-                attributes.add(resourceAttribute);
+                attributes.add(createAttribute(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING,
null,
+                                               resource));
             }
         }
-        ResourceType resourceType = RequestComponentBuilder.createResourceType(attributes,
null);
-        
-        // Action
-        AttributeValueType actionAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(actionToUse);
-        AttributeType actionAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.ACTION_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(actionAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(actionAttribute);
-        ActionType actionType = RequestComponentBuilder.createActionType(attributes);
-        
-        // Environment
-        attributes.clear();
+        return RequestComponentBuilder.createResourceType(attributes, null);
+    }
+
+    private EnvironmentType createEnvironmentType() {
+        List<AttributeType> attributes = new ArrayList<AttributeType>();
         if (sendDateTime) {
-            DateTime dateTime = new DateTime();
-            AttributeValueType environmentAttributeValue = 
-                RequestComponentBuilder.createAttributeValueType(dateTime.toString());
-            AttributeType environmentAttribute = 
-                RequestComponentBuilder.createAttributeType(
-                        XACMLConstants.CURRENT_DATETIME,
-                        XACMLConstants.XS_DATETIME,
-                        null,
-                        Collections.singletonList(environmentAttributeValue)
-                );
+            AttributeType environmentAttribute = createAttribute(XACMLConstants.CURRENT_DATETIME,
+                                                                 XACMLConstants.XS_DATETIME,
null,
+                                                                 new DateTime().toString());
             attributes.add(environmentAttribute);
         }
-        EnvironmentType environmentType = 
-            RequestComponentBuilder.createEnvironmentType(attributes);
-        
-        // Request
-        RequestType request = 
-            RequestComponentBuilder.createRequestType(
-                Collections.singletonList(subjectType), 
-                Collections.singletonList(resourceType), 
-                actionType, 
-                environmentType
-            );
-        
-        return request;
+        return RequestComponentBuilder.createEnvironmentType(attributes);
     }
-    
-    /**
-     * Get the Issuer of the SAML Assertion
-     */
-    private String getIssuer(Message message) throws WSSecurityException {
-        SecurityContext sc = message.get(SecurityContext.class);
-        
-        if (sc instanceof SAMLSecurityContext) {
-            Element assertionElement = ((SAMLSecurityContext)sc).getAssertionElement();
-            if (assertionElement != null) {
-                SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertionElement);
-                return wrapper.getIssuerString();
+
+    private SubjectType createSubjectType(Principal principal, List<String> roles,
String issuer) {
+        List<AttributeType> attributes = new ArrayList<AttributeType>();
+        attributes.add(createAttribute(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING,
issuer,
+                                       principal.getName()));
+
+        for (String role : roles) {
+            if (role != null) {
+                attributes.add(createAttribute(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI,
+                                               issuer, role));
             }
         }
-        
-        return null;
+
+        return RequestComponentBuilder.createSubjectType(attributes, null);
     }
 
-    public boolean isSendDateTime() {
-        return sendDateTime;
+    private AttributeType createAttribute(String id, String type, String issuer, String value)
{
+        return RequestComponentBuilder.createAttributeType(id, type, issuer, 
+                                                           Collections.singletonList(
+                                                           RequestComponentBuilder.createAttributeValueType(value)));
     }
 
-    public void setSendDateTime(boolean sendDateTime) {
-        this.sendDateTime = sendDateTime;
+    /**
+     * Set a new Action String to use
+     */
+    public void setAction(String action) {
+        this.action = action;
     }
 
-    public boolean isSendFullRequestURL() {
-        return sendFullRequestURL;
+    public void setSendDateTime(boolean sendDateTime) {
+        this.sendDateTime = sendDateTime;
     }
 
     /**
@@ -210,49 +132,15 @@ public class DefaultXACMLRequestBuilder 
     public void setSendFullRequestURL(boolean sendFullRequestURL) {
         this.sendFullRequestURL = sendFullRequestURL;
     }
-    
-    
-    /**
-     * Return the Resources that have been inserted into the Request
-     */
+
+    @Override
     public List<String> getResources(Message message) {
-        if (message == null) {
-            return Collections.emptyList();
-        }
-        List<String> resources = new ArrayList<String>();
-        if (message.get(Message.WSDL_OPERATION) != null) {
-            resources.add(message.get(Message.WSDL_OPERATION).toString());
-        } 
-        if (sendFullRequestURL) {
-            resources.add((String)message.get(Message.REQUEST_URL));
-        } else {
-            resources.add((String)message.get(Message.REQUEST_URI));
-        }
-        return resources;
+        throw new IllegalAccessError("Deprecated");
     }
-    
+
+    @Override
     public String getResource(Message message) {
-        if (message == null) {
-            return null;
-        }
-        String resource = null;
-        if (sendFullRequestURL) {
-            resource = (String)message.get(Message.REQUEST_URL);
-        } else if (message.get(Message.WSDL_OPERATION) != null) {
-            resource = message.get(Message.WSDL_OPERATION).toString();
-        } else {
-            resource = (String)message.get(Message.REQUEST_URI);
-        }
-        return resource;
-    }
-    
-    private String getAction(Message message) {
-        String actionToUse = action;
-        // For REST use the HTTP Verb
-        if (message.get(Message.WSDL_OPERATION) == null
-            && message.get(Message.HTTP_REQUEST_METHOD) != null) {
-            actionToUse = (String)message.get(Message.HTTP_REQUEST_METHOD);
-        }
-        return actionToUse;
+        throw new IllegalAccessError("Deprecated");
     }
+
 }

Modified: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java?rev=1502553&r1=1502552&r2=1502553&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
(original)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilder.java
Fri Jul 12 13:37:12 2013
@@ -40,9 +40,7 @@ public interface XACMLRequestBuilder {
      * @return An OpenSAML RequestType object
      * @throws Exception
      */
-    RequestType createRequest(
-        Principal principal, List<String> roles, Message message
-    ) throws Exception;
+    RequestType createRequest(Principal principal, List<String> roles, Message message)
throws Exception;
     
     /**
      * Return the list of Resources that have been inserted into the Request.
@@ -50,6 +48,7 @@ public interface XACMLRequestBuilder {
      * @param message The Message from which to retrieve the resource
      * @return the list of Resources that have been inserted into the Request
      */
+    @Deprecated
     List<String> getResources(Message message);
     
     /**

Added: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PDPException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PDPException.java?rev=1502553&view=auto
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PDPException.java
(added)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PDPException.java
Fri Jul 12 13:37:12 2013
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.xacml.pdp.api;
+
+/**
+ * A RuntimeException that can be thrown by a PDP implementation.
+ */
+public class PDPException extends RuntimeException {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 5618129354705668073L;
+
+    public PDPException(String message) {
+        super(message);
+    }
+    
+    public PDPException(String message, Throwable e) {
+        super(message, e);
+    }
+
+}

Propchange: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PDPException.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PolicyDecisionPoint.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PolicyDecisionPoint.java?rev=1502553&view=auto
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PolicyDecisionPoint.java
(added)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PolicyDecisionPoint.java
Fri Jul 12 13:37:12 2013
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.xacml.pdp.api;
+
+import javax.xml.transform.Source;
+
+/**
+ * An interface that describes a PolicyDecisionPoint (PDP).
+ */
+public interface PolicyDecisionPoint {
+    
+    /**
+     * Evaluate an XACML Request and return a Response
+     * @param request an XACML Request as a Source
+     * @return the XACML Response as a Source
+     */
+    Source evaluate(Source request);
+    
+}

Propchange: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/pdp/api/PolicyDecisionPoint.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/CXFMessageParserTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/CXFMessageParserTest.java?rev=1502553&view=auto
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/CXFMessageParserTest.java
(added)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/CXFMessageParserTest.java
Fri Jul 12 13:37:12 2013
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.xacml;
+
+import java.util.List;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CXFMessageParserTest {
+    
+    @Test
+    public void testSOAPResource() throws Exception {
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, operation);
+        CXFMessageParser messageParser = new CXFMessageParser(msg);
+        assertSingleElement(operation, messageParser.getResources(true));
+    }
+    
+    @Test
+    public void testSOAPResourceWithRequestURI() throws Exception {
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, operation);
+        msg.put(Message.REQUEST_URI, "/doubleIt");
+        CXFMessageParser messageParser = new CXFMessageParser(msg);
+        Assert.assertEquals(2, messageParser.getResources(false).size());
+    }
+        
+    @Test
+    public void testRelativeRestResource() throws Exception {
+        String operation = "user/list.json";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.REQUEST_URI, operation);
+        
+        CXFMessageParser messageParser = new CXFMessageParser(msg);
+        assertSingleElement(operation, messageParser.getResources(false));
+    }
+    
+    @Test
+    public void testAbsoluteRestResource() throws Exception {
+        String operation = "https://localhost:8080/user/list.json";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.REQUEST_URL, operation);
+        
+        CXFMessageParser messageParser = new CXFMessageParser(msg);
+        assertSingleElement(operation, messageParser.getResources(true));
+    }
+    
+    public void assertSingleElement(String content, List<String> strings) {
+        Assert.assertEquals(1, strings.size());
+        Assert.assertEquals(content, strings.get(0));
+    }
+}

Propchange: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/CXFMessageParserTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Copied: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyXACMLAuthorizingInterceptor.java
(from r1502463, cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyXACMLAuthorizingInterceptor.java?p2=cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyXACMLAuthorizingInterceptor.java&p1=cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptor.java&r1=1502463&r2=1502553&rev=1502553&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptor.java
(original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyXACMLAuthorizingInterceptor.java
Fri Jul 12 13:37:12 2013
@@ -26,6 +26,7 @@ import org.opensaml.Configuration;
 import org.opensaml.xacml.XACMLObjectBuilder;
 import org.opensaml.xacml.ctx.AttributeType;
 import org.opensaml.xacml.ctx.DecisionType;
+import org.opensaml.xacml.ctx.DecisionType.DECISION;
 import org.opensaml.xacml.ctx.RequestType;
 import org.opensaml.xacml.ctx.ResponseType;
 import org.opensaml.xacml.ctx.ResultType;
@@ -40,10 +41,15 @@ import org.opensaml.xml.XMLObjectBuilder
  * object based on the role of the Subject. If the role is "manager" then it permits the
  * request, otherwise it denies it.
  */
-public class XACMLAuthorizingInterceptor extends AbstractXACMLAuthorizingInterceptor {
-    
+public class DummyXACMLAuthorizingInterceptor extends AbstractXACMLAuthorizingInterceptor
{
+
     public ResponseType performRequest(RequestType request, Message message) throws Exception
{
-        
+        String role = getSubjectRole(request);
+        DECISION decision = "manager".equals(role) ? DecisionType.DECISION.Permit : DecisionType.DECISION.Deny;
       
+        return createResponse(decision);
+    }
+
+    private ResponseType createResponse(DECISION decision) {
         XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
         
         @SuppressWarnings("unchecked")
@@ -71,16 +77,10 @@ public class XACMLAuthorizingInterceptor
             (XACMLObjectBuilder<StatusCodeType>)
             builderFactory.getBuilder(StatusCodeType.DEFAULT_ELEMENT_NAME);
             
-        DecisionType decisionType = decisionTypeBuilder.buildObject();
-        
-        String role = getSubjectRole(request);
-        if ("manager".equals(role)) {
-            decisionType.setDecision(DecisionType.DECISION.Permit); 
-        } else {
-            decisionType.setDecision(DecisionType.DECISION.Deny);
-        }
-        
         ResultType result = resultTypeBuilder.buildObject();
+
+        DecisionType decisionType = decisionTypeBuilder.buildObject();
+        decisionType.setDecision(decision);
         result.setDecision(decisionType);
         
         StatusType status = statusTypeBuilder.buildObject();
@@ -91,7 +91,6 @@ public class XACMLAuthorizingInterceptor
         
         ResponseType response = responseTypeBuilder.buildObject();
         response.setResult(result);
-        
         return response;
     }
 
@@ -111,6 +110,5 @@ public class XACMLAuthorizingInterceptor
         }
         return null;
     }
-
     
 }

Modified: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java?rev=1502553&r1=1502552&r2=1502553&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java
(original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java
Fri Jul 12 13:37:12 2013
@@ -50,8 +50,8 @@ public class XACMLAuthorizingInterceptor
         msg.put(Message.WSDL_OPERATION, operation);
         msg.put(SecurityContext.class, sc);
         
-        XACMLAuthorizingInterceptor authorizingInterceptor = 
-            new XACMLAuthorizingInterceptor();
+        AbstractXACMLAuthorizingInterceptor authorizingInterceptor = 
+            new DummyXACMLAuthorizingInterceptor();
         authorizingInterceptor.handleMessage(msg);
     }
     
@@ -65,8 +65,8 @@ public class XACMLAuthorizingInterceptor
         msg.put(Message.WSDL_OPERATION, operation);
         msg.put(SecurityContext.class, sc);
         
-        XACMLAuthorizingInterceptor authorizingInterceptor = 
-            new XACMLAuthorizingInterceptor();
+        AbstractXACMLAuthorizingInterceptor authorizingInterceptor = 
+            new DummyXACMLAuthorizingInterceptor();
         
         try {
             authorizingInterceptor.handleMessage(msg);

Modified: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java?rev=1502553&r1=1502552&r2=1502553&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
(original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
Fri Jul 12 13:37:12 2013
@@ -54,46 +54,7 @@ public class XACMLRequestBuilderTest ext
             builder.createRequest(principal, Collections.singletonList("manager"), msg);
         assertNotNull(request);
     }
-    
-    @org.junit.Test
-    public void testResource() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, operation);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request); 
-        
-        assertTrue(builder.getResources(msg).contains(operation));
-        
-        operation = "user/list.json";
-        msg = new MessageImpl();
-        msg.put(Message.REQUEST_URI, operation);
-        
-        request = builder.createRequest(principal, Collections.singletonList("manager"),
msg);
-        assertNotNull(request); 
-        
-        assertTrue(builder.getResources(msg).contains(operation));
-        
-        operation = "https://localhost:8080/user/list.json";
-        msg = new MessageImpl();
-        msg.put(Message.REQUEST_URL, operation);
-        
-        ((DefaultXACMLRequestBuilder)builder).setSendFullRequestURL(true);
-        request = builder.createRequest(principal, Collections.singletonList("manager"),
msg);
-        assertNotNull(request); 
-        
-        assertTrue(builder.getResources(msg).contains(operation));
-    }
+
     
     @org.junit.Test
     public void testAction() throws Exception {
@@ -108,22 +69,22 @@ public class XACMLRequestBuilderTest ext
         MessageImpl msg = new MessageImpl();
         msg.put(Message.WSDL_OPERATION, operation);
         
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
         RequestType request = 
             builder.createRequest(principal, Collections.singletonList("manager"), msg);
         assertNotNull(request); 
         
         String action = 
             request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
-        assertEquals(action, "execute");
+        assertEquals("execute", action);
         
-        ((DefaultXACMLRequestBuilder)builder).setAction("write");
+        builder.setAction("write");
         request = builder.createRequest(principal, Collections.singletonList("manager"),
msg);
         assertNotNull(request); 
         
         action = 
             request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
-        assertEquals(action, "write");
+        assertEquals("write", action);
     }
     
     @org.junit.Test



Mime
View raw message