diff options
| author | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2013-10-07 22:23:21 +0000 |
|---|---|---|
| committer | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2013-10-07 22:23:21 +0000 |
| commit | 5963a2d3d6860fe57afc138f095bf2d2eb5a7b80 (patch) | |
| tree | 018d3d8c637e265b8292d34e5f7c11ca8ce11b7d /sca-java-2.x/tags/2.0.1-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java | |
| parent | 132aa8a77685ec92bc90c03f987650d275a7b639 (diff) | |
Official Tuscany 2.0.1 Release
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1530096 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-java-2.x/tags/2.0.1-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java')
| -rw-r--r-- | sca-java-2.x/tags/2.0.1-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java | 221 |
1 files changed, 0 insertions, 221 deletions
diff --git a/sca-java-2.x/tags/2.0.1-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java b/sca-java-2.x/tags/2.0.1-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java deleted file mode 100644 index 5f3f1a33ff..0000000000 --- a/sca-java-2.x/tags/2.0.1-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java +++ /dev/null @@ -1,221 +0,0 @@ -/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.tuscany.sca.policy.security.jsr250;
-
-import java.lang.reflect.Method;
-
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
-import javax.annotation.security.RunAs;
-import javax.xml.namespace.QName;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathExpressionException;
-
-import org.apache.tuscany.sca.assembly.AssemblyFactory;
-import org.apache.tuscany.sca.assembly.xml.Constants;
-import org.apache.tuscany.sca.common.xml.stax.reader.NamespaceContextImpl;
-import org.apache.tuscany.sca.common.xml.xpath.XPathHelper;
-import org.apache.tuscany.sca.core.ExtensionPointRegistry;
-import org.apache.tuscany.sca.core.FactoryExtensionPoint;
-import org.apache.tuscany.sca.implementation.java.IntrospectionException;
-import org.apache.tuscany.sca.implementation.java.JavaImplementation;
-import org.apache.tuscany.sca.implementation.java.introspect.BaseJavaClassVisitor;
-import org.apache.tuscany.sca.interfacedef.Operation;
-import org.apache.tuscany.sca.interfacedef.java.JavaOperation;
-import org.apache.tuscany.sca.policy.PolicyExpression;
-import org.apache.tuscany.sca.policy.PolicyFactory;
-import org.apache.tuscany.sca.policy.PolicySet;
-import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy;
-import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy;
-
-/**
- * Processes an {@link javax.annotation.security.*} annotation
- * Below is a list of annotations
- *
- * Type Method
- * RunAs x
- * RolesAllowed x x
- * PermitAll x x
- * DenyAll x
- *
- */
-public class JSR250PolicyProcessor extends BaseJavaClassVisitor {
- private static final QName RUN_AS = new QName(Constants.SCA11_TUSCANY_NS,"runAs");
- private static final QName ALLOW = new QName(Constants.SCA11_TUSCANY_NS,"allow");
- private static final QName PERMIT_ALL = new QName(Constants.SCA11_TUSCANY_NS,"permitAll");
- private static final QName DENY_ALL = new QName(Constants.SCA11_TUSCANY_NS,"denyAll");
-
- private PolicyFactory policyFactory;
- private XPathHelper xpathHelper;
- private String appliesToString = "//sca:implementation.java";
- private XPathExpression appliesToExpression = null;
-
- public JSR250PolicyProcessor(ExtensionPointRegistry registry) throws IntrospectionException {
- super(registry.getExtensionPoint(FactoryExtensionPoint.class).getFactory(AssemblyFactory.class));
- this.policyFactory = registry.getExtensionPoint(FactoryExtensionPoint.class).getFactory(PolicyFactory.class);
-
- this.xpathHelper = XPathHelper.getInstance(registry);
- NamespaceContextImpl nsContext = new NamespaceContextImpl(null);
- nsContext.register("sca", "http://docs.oasis-open.org/ns/opencsa/sca/200912");
- XPath path = xpathHelper.newXPath();
- try {
- appliesToExpression = xpathHelper.compile(path, nsContext, appliesToString);
- } catch (XPathExpressionException e) {
- throw new IntrospectionException(e);
- }
- }
-
-/*
- public JSR250PolicyProcessor(AssemblyFactory assemblyFactory, PolicyFactory policyFactory) {
- super(assemblyFactory);
- this.policyFactory = policyFactory;
- }
-*/
-
- @Override
- public <T> void visitClass(Class<T> clazz, JavaImplementation type) throws IntrospectionException {
-
- RunAs runAs = clazz.getAnnotation(javax.annotation.security.RunAs.class);
- if (runAs != null) {
-
- String roleName = runAs.value();
- if(roleName == null) {
- //FIXME handle monitor or error
- }
-
- SecurityIdentityPolicy policy = new SecurityIdentityPolicy();
- policy.setRunAsRole(roleName);
- PolicySet policySet = createPolicySet(RUN_AS, SecurityIdentityPolicy.NAME, policy);
- type.getPolicySets().add(policySet);
- }
-
- RolesAllowed rolesAllowed = clazz.getAnnotation(javax.annotation.security.RolesAllowed.class);
- if(rolesAllowed != null) {
- if(rolesAllowed.value().length == 0) {
- //FIXME handle monitor or error
- }
-
- AuthorizationPolicy policy = new AuthorizationPolicy();
- policy.setAccessControl(AuthorizationPolicy.AcessControl.allow);
-
- for(String role : rolesAllowed.value()) {
- policy.getRoleNames().add(role);
- }
-
- PolicySet policySet = createPolicySet(ALLOW, AuthorizationPolicy.NAME, policy);
- type.getPolicySets().add(policySet);
- }
-
- PermitAll permitAll = clazz.getAnnotation(javax.annotation.security.PermitAll.class);
- if(permitAll != null) {
- AuthorizationPolicy policy = new AuthorizationPolicy();
- policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll);
- PolicySet policySet = createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, policy);
- type.getPolicySets().add(policySet);
- }
-
- }
-
- @Override
- public void visitMethod(Method method, JavaImplementation type) throws IntrospectionException {
- RolesAllowed rolesAllowed = method.getAnnotation(javax.annotation.security.RolesAllowed.class);
- if(rolesAllowed != null) {
- if(rolesAllowed.value().length == 0) {
- //FIXME handle monitor or error
- }
-
- AuthorizationPolicy policy = new AuthorizationPolicy();
- policy.setAccessControl(AuthorizationPolicy.AcessControl.allow);
-
- for(String role : rolesAllowed.value()) {
- policy.getRoleNames().add(role);
- }
-
- // find the operation in the interface model
- Operation operation = getOperationModel(method, type);
-
- if (operation != null){
- PolicySet policySet = createPolicySet(ALLOW, AuthorizationPolicy.NAME, policy);
- operation.getPolicySets().add(policySet);
- }
- }
-
- PermitAll permitAll = method.getAnnotation(javax.annotation.security.PermitAll.class);
- if(permitAll != null) {
- AuthorizationPolicy policy = new AuthorizationPolicy();
- policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll);
-
- // find the operation in the interface model
- Operation operation = getOperationModel(method, type);
-
- if (operation != null){
- PolicySet policySet = createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, policy);
- operation.getPolicySets().add(policySet);
- }
- }
-
- DenyAll denyAll = method.getAnnotation(javax.annotation.security.DenyAll.class);
- if(denyAll != null) {
- AuthorizationPolicy policy = new AuthorizationPolicy();
- policy.setAccessControl(AuthorizationPolicy.AcessControl.denyAll);
-
- // find the operation in the interface model
- Operation operation = getOperationModel(method, type);
-
- if (operation != null){
- PolicySet policySet = createPolicySet(DENY_ALL, AuthorizationPolicy.NAME, policy);
- operation.getPolicySets().add(policySet);
- }
- }
- }
-
- private Operation getOperationModel(Method method, JavaImplementation type){
-
- for(Operation op : type.getOperations()){
- if (((JavaOperation)op).getJavaMethod().equals(method)){
- return op;
- }
- }
-
- return null;
- }
-
- /**
- * Here we generate policy sets on the fly so they have to be configured as though they
- * had been read and resolved from a defintions.xml file. I.e. they have to have appropriate
- * appliesTo configuration and be marked as resolved.
- */
- private PolicySet createPolicySet(QName policySetName, QName policyExpressionName, Object policy){
-
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(policyExpressionName);
- policyExpression.setPolicy(policy);
-
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(policySetName);
- policySet.setAppliesTo(appliesToString);
- policySet.setAppliesToXPathExpression(appliesToExpression);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
-
- return policySet;
- }
-}
|