diff options
Diffstat (limited to 'sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility')
3 files changed, 246 insertions, 0 deletions
diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java new file mode 100644 index 0000000000..b454289673 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.core.UtilityExtensionPoint; +import org.apache.tuscany.sca.extensibility.ServiceDeclaration; +import org.apache.tuscany.sca.extensibility.ServiceDiscovery; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.MonitorFactory; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + + +/** + * Default Extension point for LDAP Security Handlers + * + * @version $Rev$ $Date$ + */ + +public class DefaultLDAPSecurityExtensionPoint implements LDAPSecurityHandlerExtensionPoint { + private List<LDAPSecurityHandler> securityHandlers = new ArrayList<LDAPSecurityHandler>(); + + private ExtensionPointRegistry extensionPoints; + private Monitor monitor = null; + + private boolean loaded = false; + + public DefaultLDAPSecurityExtensionPoint(ExtensionPointRegistry extensionPoints) { + this.extensionPoints = extensionPoints; + + UtilityExtensionPoint utilities = extensionPoints.getExtensionPoint(UtilityExtensionPoint.class); + MonitorFactory monitorFactory = utilities.getUtility(MonitorFactory.class); + if (monitorFactory != null) { + this.monitor = monitorFactory.createMonitor(); + } + } + + + public void addLDAPSecurityHandler(LDAPSecurityHandler securityHandler) { + securityHandlers.add(securityHandler); + } + + public void removeLDAPSecurityHandler(LDAPSecurityHandler securityHandler) { + securityHandlers.remove(securityHandler); + } + + public List<LDAPSecurityHandler> getLDAPSecurityHandlers() { + loadHandlers(); + return securityHandlers; + } + + + /** + * Private Utility methods + */ + + /** + * Report a exception. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Exception ex) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), null, Severity.ERROR, model, message, ex); + monitor.problem(problem); + } + } + + /** + * Lazily load artifact processors registered in the extension point. + */ + @SuppressWarnings("unchecked") + private synchronized void loadHandlers() { + if (loaded) { + return; + } + + // Get the proxy factories declarations + Set<ServiceDeclaration> handlerDeclarations = null; + try { + handlerDeclarations = ServiceDiscovery.getInstance().getServiceDeclarations(LDAPSecurityHandler.class); + } catch (IOException e) { + IllegalStateException ie = new IllegalStateException(e); + error("IllegalStateException", handlerDeclarations, ie); + throw ie; + } + + for (ServiceDeclaration processorDeclaration : handlerDeclarations) { + // Create a factory, and register it + LDAPSecurityHandler securityHandler = null; + try { + Class<LDAPSecurityHandler> securityHandlerClass = (Class<LDAPSecurityHandler>) processorDeclaration.loadClass(); + + securityHandler = securityHandlerClass.newInstance(); + + } catch (Exception e) { + IllegalStateException ie = new IllegalStateException(e); + error("IllegalStateException", securityHandler, ie); + throw ie; + } + + addLDAPSecurityHandler(securityHandler); + } + + loaded = true; + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java new file mode 100644 index 0000000000..bf64f8fa30 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.util.List; + +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy; + +public interface LDAPSecurityHandler { + + /** + * The Http Service calls this method prior to servicing the specified request. + * This method controls whether the request is processed in the normal manner + * or an error is returned. + * + * If the request requires authentication and the Authorization header + * in the request is missing or not acceptable, then this method should + * set the WWW-Authenticate header in the response object, set the status + * in the response object to Unauthorized(401) and return false. + * See also RFC 2617: HTTP Authentication: Basic and Digest Access Authentication + * (available at http://www.ietf.org/rfc/rfc2617.txt). + * + * If the request requires a secure connection and the getScheme method + * in the request does not return 'https' or some other acceptable secure protocol, + * then this method should set the status in the response object to Forbidden(403) + * and return false. + * + * When this method returns false, the Http Service will send the response back to + * the client, thereby completing the request. When this method returns true, the + * Http Service will proceed with servicing the request. + * + * If the specified request has been authenticated, this method must set the + * AUTHENTICATION_TYPE request attribute to the type of authentication used, + * and the REMOTE_USER request attribute to the remote user + * (request attributes are set using the setAttribute method on the request). + * If this method does not perform any authentication, it must not set these attributes. + * + * @param msg + * @return + */ + void handleSecurity(Message msg, + List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + List<AuthorizationPolicy> authorizationPolicies) throws javax.security.auth.login.LoginException; +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java new file mode 100644 index 0000000000..73765c0a10 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.util.List; + +/** + * Extension point for LDAP Security Handlers + * + * @version $Rev$ $Date$ + */ +public interface LDAPSecurityHandlerExtensionPoint { + + /** + * Add a LDAP security handler + * @param securityHandler + */ + void addLDAPSecurityHandler (LDAPSecurityHandler securityHandler); + + /** + * Remove a LDAP security handler + * @param securityHandler + */ + void removeLDAPSecurityHandler (LDAPSecurityHandler securityHandler); + + /** + * Return a list of security handlers + * @return + */ + List<LDAPSecurityHandler> getLDAPSecurityHandlers(); + + +} |