diff options
Diffstat (limited to 'sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http')
22 files changed, 2109 insertions, 0 deletions
diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/LICENSE b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/LICENSE new file mode 100644 index 0000000000..8aa906c321 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/LICENSE @@ -0,0 +1,205 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + + diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/NOTICE b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/NOTICE new file mode 100644 index 0000000000..ad2ba40961 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/NOTICE @@ -0,0 +1,6 @@ +${pom.name} +Copyright (c) 2005 - 2010 The Apache Software Foundation + +This product includes software developed by +The Apache Software Foundation (http://www.apache.org/). + diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/pom.xml b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/pom.xml new file mode 100644 index 0000000000..f2e36a67e8 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/pom.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +--> +<project> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-modules</artifactId> + <version>1.6</version> + <relativePath>../pom.xml</relativePath> + </parent> + <artifactId>tuscany-policy-security-http</artifactId> + <name>Apache Tuscany SCA Security Policy Model for HTTP Binding</name> + + <dependencies> + <dependency> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-contribution</artifactId> + <version>1.6</version> + </dependency> + + <dependency> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-host-http</artifactId> + <version>1.6</version> + </dependency> + + <dependency> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-policy-security</artifactId> + <version>1.6</version> + </dependency> + + <dependency> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-assembly-xml</artifactId> + <version>1.6</version> + </dependency> + + <dependency> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-contribution-impl</artifactId> + <version>1.6</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.3</version> + <exclusions> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <version>2.4</version><!-- to keep compatible with older servlet containers --> + <scope>provided</scope> + </dependency> + </dependencies> + + + <build> + <plugins> + <plugin> + <groupId>org.apache.felix</groupId> + <artifactId>maven-bundle-plugin</artifactId> + + <configuration> + <instructions> + <Bundle-Version>${tuscany.version}</Bundle-Version> + <Bundle-SymbolicName>org.apache.tuscany.sca.policy.security</Bundle-SymbolicName> + <Bundle-Description>${pom.name}</Bundle-Description> + <Export-Package> + org.apache.tuscany.sca.policy.identity, + org.apache.tuscany.sca.policy.authorization, + org.apache.tuscany.sca.policy.security* + </Export-Package> + </instructions> + </configuration> + </plugin> + </plugins> + </build> + +</project> diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java new file mode 100644 index 0000000000..4ab7e582ac --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.host.http.UserContext; + +/** + * This policy configures authentication/authorization + * in embedded http servers + * + * @version $Rev$ $Date$ + */ +public class AuthenticationConfigurationPolicy { + public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS, "basicAuthenticationConfiguration"); + + private List<UserContext> users = new ArrayList<UserContext>(); + + public List<UserContext> getUsers() { + return this.users; + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java new file mode 100644 index 0000000000..a112e25364 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java @@ -0,0 +1,156 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import java.util.StringTokenizer; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.host.http.UserContext; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; +import org.apache.tuscany.sca.monitor.impl.ProblemImpl; + +/** + * <sca:policySet name="widgetBindingAuthenticationPolicySet" + * provides="sca:authentication" + * appliesTo="tuscany:binding.http"> + * <tuscany:authenticationConfiguration> + * <tuscany:user username="user1" password="tuscany" roles="admin"/> + * <tuscany:user username="user2" password="tuscany" roles="admin, user"/> + * <tuscany:user username="user3" password="tuscany" roles="user"/> + * </tuscany:authenticationConfiguration> + * </sca:policySet> + * + * + * @version $Rev$ $Date$ + */ + +public class AuthenticationConfigurationPolicyProcessor implements StAXArtifactProcessor<AuthenticationConfigurationPolicy> { + private static final QName AUTHENTICATION_CONFIGURATION_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "authenticationConfiguration"); + private static final QName USER_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "user"); + + private Monitor monitor; + + public AuthenticationConfigurationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-http-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public QName getArtifactType() { + return AuthenticationConfigurationPolicy.NAME; + } + + public Class<AuthenticationConfigurationPolicy> getModelType() { + return AuthenticationConfigurationPolicy.class; + } + + public AuthenticationConfigurationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + AuthenticationConfigurationPolicy authenticationConfiguration = new AuthenticationConfigurationPolicy(); + + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(USER_QNAME.equals(name)) { + UserContext user = new UserContext(); + //<tuscany:user username="user1" password="tuscany" roles="admin, user"/> + String username = reader.getAttributeValue(null, "username"); + if(username == null) { + error("RequiredAttributeUsernameMissing", reader); + } else { + user.setUsername(username); + } + + String password = reader.getAttributeValue(null, "password"); + if(password == null) { + error("RequiredAttributePasswordMissing", reader); + } else { + user.setPassword(password); + } + + String roles = reader.getAttributeValue(null, "roles"); + if(roles == null) { + error("RequiredAttributeRolesMissing", reader); + } else { + for (StringTokenizer tokens = new StringTokenizer(roles, ","); tokens.hasMoreTokens();) { + user.getRoles().add(tokens.nextToken()); + } + } + + authenticationConfiguration.getUsers().add(user); + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return authenticationConfiguration; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return authenticationConfiguration; + } + } + } + + public void write(AuthenticationConfigurationPolicy model, XMLStreamWriter writer) throws ContributionWriteException, XMLStreamException { + // TODO Auto-generated method stub + } + + public void resolve(AuthenticationConfigurationPolicy model, ModelResolver resolver) throws ContributionResolveException { + + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java new file mode 100644 index 0000000000..5301e13269 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import java.util.Properties; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.policy.Policy; + + +/** + * Models the SCA Implementation Security Policy Assertion for Confidentiality. + * + * This would map to enabling SSL communication and would require + * the following configuration items : + * + * - javax.net.ssl.keyStore + * - javax.net.ssl.keyStorePassword + * - javax.net.ssl.keyStoreType + * + * - javax.net.ssl.trustStoreType + * - javax.net.ssl.trustStore + * - javax.net.ssl.trustStorePassword + * + * @version $Rev$ $Date$ + */ +public class ConfidentialityPolicy implements Policy { + public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS, "confidentiality"); + + private String trustStoreType; + private String trustStore; + private String trustStorePassword; + + private String keyStoreType; + private String keyStore; + private String keyStorePassword; + + + public String getTrustStoreType() { + return trustStoreType; + } + + public void setTrustStoreType(String trustStoreType) { + this.trustStoreType = trustStoreType; + } + + public String getTrustStore() { + return trustStore; + } + + public void setTrustStore(String trustStore) { + this.trustStore = trustStore; + } + + public String getTrustStorePassword() { + return trustStorePassword; + } + + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + + public String getKeyStoreType() { + return keyStoreType; + } + + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + + public String getKeyStore() { + return keyStore; + } + + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + + public String getKeyStorePassword() { + return keyStorePassword; + } + + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + + } + + public Properties toProperties() { + Properties properties = new Properties(); + + properties.put("javax.net.ssl.trustStoreType", trustStoreType); + properties.put("javax.net.ssl.trustStore", trustStore); + properties.put("javax.net.ssl.trustStorePassword", trustStorePassword); + + properties.put("javax.net.ssl.keyStoreType", keyStoreType); + properties.put("javax.net.ssl.keyStore", keyStore); + properties.put("javax.net.ssl.keyStorePassword", keyStorePassword); + + return properties; + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java new file mode 100644 index 0000000000..86866c2c8e --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java @@ -0,0 +1,157 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; +import org.apache.tuscany.sca.monitor.impl.ProblemImpl; + +public class ConfidentialityPolicyProcessor implements StAXArtifactProcessor<ConfidentialityPolicy> { + private static final QName KEY_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "keyStore"); + private static final QName TRUST_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "trustStore"); + + private Monitor monitor; + + public ConfidentialityPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-http-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public QName getArtifactType() { + return ConfidentialityPolicy.NAME; + } + + public Class<ConfidentialityPolicy> getModelType() { + return ConfidentialityPolicy.class; + } + + public ConfidentialityPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + ConfidentialityPolicy policy = new ConfidentialityPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(KEY_STORE_QNAME.equals(name)) { + //<tuscany:keyStore type="JKS" file="conf/tomcat.keystore" password="apache"/> + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeKeyStoreTypeMissing", reader); + } else { + policy.setKeyStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeKeyStoreFileMissing", reader); + } else { + policy.setKeyStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeKeyStorePasswordMissing", reader); + } else { + policy.setKeyStorePassword(password); + } + + } else if(TRUST_STORE_QNAME.equals(name)) { + //<tuscany:trustStore type="" file="" password=""/> + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeTrustStoreTypeMissing", reader); + } else { + policy.setTrustStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeTrusStoreFileMissing", reader); + } else { + policy.setTrustStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeTrustStorePasswordMissing", reader); + } else { + policy.setTrustStorePassword(password); + } + + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } } + + public void write(ConfidentialityPolicy model, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + // TODO Auto-generated method stub + + } + + public void resolve(ConfidentialityPolicy model, ModelResolver resolver) throws ContributionResolveException { + + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java new file mode 100644 index 0000000000..ee094f022d --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.io.IOException; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.tuscany.sca.policy.SecurityUtil; +import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal; + + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationCallbackHandler implements CallbackHandler { + private final Subject subject; + + public LDAPRealmAuthenticationCallbackHandler(Subject subject) { + this.subject = subject; + } + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + + BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, BasicAuthenticationPrincipal.class); + + if (principal != null){ + /* + System.out.println(">>> LDAPRealmAuthenticationCallbackHandler" + + " Username: " + principal.getName() + + " Password: " + principal.getPassword()); + */ + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof NameCallback) { + NameCallback nc = (NameCallback)callbacks[i]; + nc.setName(principal.getName()); + } else if (callbacks[i] instanceof PasswordCallback) { + PasswordCallback pc = (PasswordCallback)callbacks[i]; + pc.setPassword(principal.getPassword().toCharArray()); + } else { + throw new UnsupportedCallbackException + (callbacks[i], "Unsupported Callback!"); + } + } + } + + + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java new file mode 100644 index 0000000000..8a2f38115a --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java @@ -0,0 +1,193 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +public class LDAPRealmAuthenticationImplementationPolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + private LDAPSecurityHandler securityHandler; + + public LDAPRealmAuthenticationImplementationPolicyProvider(RuntimeComponent component, Implementation implementation, LDAPSecurityHandler securityHandler) { + super(); + this.component = component; + this.implementation = implementation; + this.securityHandler = securityHandler; + } + + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } + + public Interceptor createInterceptor(Operation operation) { + List<LDAPRealmAuthenticationPolicy> policies = findAuthenticationPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new LDAPRealmAuthenticationInterceptor(securityHandler, findAuthenticationPolicies(operation), findAuthorizationPolicies(operation)); + } + } + + /** + * Internal utility methods + */ + + /** + * Find applicable authentication policySets + * It first check if any explicitly policySet was identified + * Otherwise it look into the list of applicablePolicySets + * @param op + * @return + */ + private List<LDAPRealmAuthenticationPolicy> findAuthenticationPolicies(Operation op) { + List<LDAPRealmAuthenticationPolicy> polices = new ArrayList<LDAPRealmAuthenticationPolicy>(); + + + // check explicity added policies first + ConfiguredOperation configuredOperation = findOperation(op); + if (configuredOperation!= null && configuredOperation.getPolicySets().size() > 0) { + for ( PolicySet ps : configuredOperation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof LDAPRealmAuthenticationPolicy) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + + // otherwise find applicable policySets + if ( polices.size() == 0) { + + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop != null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + } + } + + List<PolicySet> policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + + return polices; + } + + /** + * Find applicable authorization policySets + * It first check if any explicitly policySet was identified + * Otherwise it look into the list of applicablePolicySets + * @param op + * @return + */ + private List<AuthorizationPolicy> findAuthorizationPolicies(Operation op) { + List<AuthorizationPolicy> polices = new ArrayList<AuthorizationPolicy>(); + + + // check explicity added policies first + ConfiguredOperation configuredOperation = findOperation(op); + if (configuredOperation!= null && configuredOperation.getPolicySets().size() > 0) { + for ( PolicySet ps : configuredOperation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof AuthorizationPolicy) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + + // otherwise find applicable policySets + if ( polices.size() == 0) { + + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop != null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + } + } + + List<PolicySet> policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + + } + + return polices; + } + + /** + * Find a given configured operation + * @param operation + * @return + */ + private ConfiguredOperation findOperation(Operation operation) { + ConfiguredOperation configuredOperation = null; + + for (ConfiguredOperation cOperation : ((OperationsConfigurator)component).getConfiguredOperations()) { + if(cOperation.getName().equals(operation.getName())) { + configuredOperation = cOperation; + break; + } + } + + return configuredOperation; + } +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java new file mode 100644 index 0000000000..373063fece --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.List; + +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; +import org.osoa.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationInterceptor implements Interceptor { + private LDAPSecurityHandler securityHandler; + private List<LDAPRealmAuthenticationPolicy> authenticationPolicies; + private List<AuthorizationPolicy> authorizationPolicies; + private Invoker next; + + public LDAPRealmAuthenticationInterceptor(LDAPSecurityHandler securityHandler, + List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + List<AuthorizationPolicy> authorizationPolicies) { + super(); + this.securityHandler = securityHandler; + this.authenticationPolicies = authenticationPolicies; + this.authorizationPolicies = authorizationPolicies; + } + + public Invoker getNext() { + return next; + } + + public void setNext(Invoker next) { + this.next = next; + } + + public Message invoke(Message msg) { + try { + securityHandler.handleSecurity(msg, authenticationPolicies, authorizationPolicies); + + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } +}
\ No newline at end of file diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java new file mode 100644 index 0000000000..ddb6790964 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security.http; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.policy.Policy; + +/** + * This policy provides realm based authentication/authorization + * + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationPolicy implements Policy{ + static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS,"ldapRealmAuthentication"); + + private String realmName; + private String realmConfigurationName; + + /** + * + * @return + */ + public String getRealmName() { + return realmName; + } + + /** + * + * @param realmName + */ + public void setRealmName(String realmName) { + this.realmName = realmName; + } + + /** + * + * @return + */ + public String getRealmConfigurationName() { + return realmConfigurationName; + } + + /** + * + * @param realmConfigurationName + */ + public void setRealmConfigurationName(String realmConfigurationName) { + this.realmConfigurationName = realmConfigurationName; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java new file mode 100644 index 0000000000..625bb08b7f --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; +import org.apache.tuscany.sca.monitor.impl.ProblemImpl; + + +/** + * + * @version $Rev$ $Date$ + */ + +public class LDAPRealmAuthenticationPolicyProcessor implements StAXArtifactProcessor<LDAPRealmAuthenticationPolicy> { + static final QName REALM_QNAME = new QName(Constants.SCA10_TUSCANY_NS,"realm"); + public static final QName REALM_CONFIGURATION_QNAME = new QName(Constants.SCA10_TUSCANY_NS,"realmConfigurationName"); + + private Monitor monitor; + + + public LDAPRealmAuthenticationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-http-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public Class<LDAPRealmAuthenticationPolicy> getModelType() { + return LDAPRealmAuthenticationPolicy.class; + } + + + public QName getArtifactType() { + return LDAPRealmAuthenticationPolicy.NAME; + } + + public LDAPRealmAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + LDAPRealmAuthenticationPolicy policy = new LDAPRealmAuthenticationPolicy(); + int event = reader.getEventType(); + QName name = null; + + while (reader.hasNext()) { + event = reader.getEventType(); + switch (event) { + case START_ELEMENT : { + name = reader.getName(); + if (name.equals(REALM_QNAME)) { + String realmName = reader.getElementText(); + if (realmName != null) { + policy.setRealmName(realmName.trim()); + } + } + if (name.equals(REALM_CONFIGURATION_QNAME)) { + String realmConfigurationName = reader.getElementText(); + if (realmConfigurationName != null) { + policy.setRealmConfigurationName(realmConfigurationName.trim()); + } + } + + break; + } + } + + if ( event == END_ELEMENT ) { + if ( LDAPRealmAuthenticationPolicy.NAME.equals(reader.getName()) ) { + break; + } + } + + //Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return policy; + } + + public void write(LDAPRealmAuthenticationPolicy policy, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + String prefix = "tuscany"; + writer.writeStartElement(prefix, + LDAPRealmAuthenticationPolicy.NAME.getLocalPart(), + LDAPRealmAuthenticationPolicy.NAME.getNamespaceURI()); + writer.writeNamespace("tuscany", Constants.SCA10_TUSCANY_NS); + + + writer.writeEndElement(); + } + + + public void resolve(LDAPRealmAuthenticationPolicy policy, ModelResolver resolver) throws ContributionResolveException { + + } +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java new file mode 100644 index 0000000000..45fe650b22 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationPolicyProviderFactory implements PolicyProviderFactory<LDAPRealmAuthenticationPolicy> { + private LDAPSecurityHandler securityHandler; + + public LDAPRealmAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + + LDAPSecurityHandlerExtensionPoint securityHandlerExtensionPoint = registry.getExtensionPoint(LDAPSecurityHandlerExtensionPoint.class); + if (securityHandlerExtensionPoint.getLDAPSecurityHandlers().size() > 0) { + securityHandler = securityHandlerExtensionPoint.getLDAPSecurityHandlers().get(0); + } + } + + public Class<LDAPRealmAuthenticationPolicy> getModelType() { + return LDAPRealmAuthenticationPolicy.class; + } + + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + return new LDAPRealmAuthenticationImplementationPolicyProvider(component, implementation, securityHandler); + } + + public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + return null; + } + + public PolicyProvider createServicePolicyProvider(RuntimeComponent component, + RuntimeComponentService service, + Binding binding) { + return new LDAPRealmAuthenticationServicePolicyProvider(component, service, binding, securityHandler); + } + + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java new file mode 100644 index 0000000000..5a8b7c7d85 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java @@ -0,0 +1,234 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + + +/** + * + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationServicePolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private RuntimeComponentService service; + private Binding binding; + LDAPSecurityHandler securityHandler; + + private List<Operation> operations = new ArrayList<Operation>(); + + public LDAPRealmAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding, LDAPSecurityHandler securityHandler) { + super(); + this.component = component; + this.service = service; + this.binding = binding; + this.securityHandler = securityHandler; + + this.operations.addAll(service.getInterfaceContract().getInterface().getOperations()); + } + + public String getPhase() { + return Phase.SERVICE_BINDING_POLICY; + } + + public Interceptor createInterceptor(Operation operation) { + List<LDAPRealmAuthenticationPolicy> authenticationPolicies = null; + List<AuthorizationPolicy> authorizationPolicies = null; + + if (operation != null) { + authenticationPolicies = findAuthenticationPolicies(operation); + authorizationPolicies = findAuthorizationPolicies(operation); + } + + if (authenticationPolicies == null || authenticationPolicies.isEmpty()) { + return null; + } else { + return new LDAPRealmAuthenticationInterceptor(securityHandler, authenticationPolicies, authorizationPolicies); + } + } + + + /** + * Private utility methods + */ + + /** + * Find applicable authorization policySets + * It first check if any explicitly policySet was identified + * Otherwise it look into the list of applicablePolicySets + * @param op + * @return + */ + private List<LDAPRealmAuthenticationPolicy> findAuthenticationPolicies(Operation op) { + List<LDAPRealmAuthenticationPolicy> polices = new ArrayList<LDAPRealmAuthenticationPolicy>(); + + // check explicity added policies first + ConfiguredOperation configuredOperation = findOperation(op); + if (configuredOperation!= null && configuredOperation.getPolicySets().size() > 0) { + for ( PolicySet ps : configuredOperation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof LDAPRealmAuthenticationPolicy) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + + + // otherwise find applicable policySets + if ( polices.size() == 0) { + // FIXME: How do we get a list of effective policySets for a given operation? + for(Operation operation : operations) { + if (operation!= null && operation.getName() != null && operation.getName().equals(op.getName())) { + for (PolicySet ps : operation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof LDAPRealmAuthenticationPolicy) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + } + + if (service instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)service; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop!= null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getApplicablePolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof LDAPRealmAuthenticationPolicy) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + } + } + + List<PolicySet> policySets = service.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (p instanceof LDAPRealmAuthenticationPolicy) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + + return polices; + } + + /** + * Find applicable authorization policySets + * It first check if any explicitly policySet was identified + * Otherwise it look into the list of applicablePolicySets + * @param op + * @return + */ + private List<AuthorizationPolicy> findAuthorizationPolicies(Operation op) { + List<AuthorizationPolicy> polices = new ArrayList<AuthorizationPolicy>(); + + // check explicity added policies first + ConfiguredOperation configuredOperation = findOperation(op); + if (configuredOperation!= null && configuredOperation.getPolicySets().size() > 0) { + for ( PolicySet ps : configuredOperation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof AuthorizationPolicy) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + + // otherwise find applicable policySets + if ( polices.size() == 0) { + // FIXME: How do we get a list of effective policySets for a given operation? + for(Operation operation : operations) { + if (operation!= null && operation.getName() != null && operation.getName().equals(op.getName())) { + for (PolicySet ps : operation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof AuthorizationPolicy) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + } + + if (service instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)service; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop != null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getApplicablePolicySets()) { + for (Object p : ps.getPolicies()) { + if (p instanceof AuthorizationPolicy) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + } + } + + List<PolicySet> policySets = service.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (p instanceof AuthorizationPolicy) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + + return polices; + } + + /** + * Find a given configured operation + * @param operation + * @return + */ + private ConfiguredOperation findOperation(Operation operation) { + ConfiguredOperation configuredOperation = null; + + for (ConfiguredOperation cOperation : ((OperationsConfigurator)component).getConfiguredOperations()) { + if(cOperation.getName().equals(operation.getName())) { + configuredOperation = cOperation; + break; + } + } + + return configuredOperation; + } +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java new file mode 100644 index 0000000000..b454289673 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.core.UtilityExtensionPoint; +import org.apache.tuscany.sca.extensibility.ServiceDeclaration; +import org.apache.tuscany.sca.extensibility.ServiceDiscovery; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.MonitorFactory; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + + +/** + * Default Extension point for LDAP Security Handlers + * + * @version $Rev$ $Date$ + */ + +public class DefaultLDAPSecurityExtensionPoint implements LDAPSecurityHandlerExtensionPoint { + private List<LDAPSecurityHandler> securityHandlers = new ArrayList<LDAPSecurityHandler>(); + + private ExtensionPointRegistry extensionPoints; + private Monitor monitor = null; + + private boolean loaded = false; + + public DefaultLDAPSecurityExtensionPoint(ExtensionPointRegistry extensionPoints) { + this.extensionPoints = extensionPoints; + + UtilityExtensionPoint utilities = extensionPoints.getExtensionPoint(UtilityExtensionPoint.class); + MonitorFactory monitorFactory = utilities.getUtility(MonitorFactory.class); + if (monitorFactory != null) { + this.monitor = monitorFactory.createMonitor(); + } + } + + + public void addLDAPSecurityHandler(LDAPSecurityHandler securityHandler) { + securityHandlers.add(securityHandler); + } + + public void removeLDAPSecurityHandler(LDAPSecurityHandler securityHandler) { + securityHandlers.remove(securityHandler); + } + + public List<LDAPSecurityHandler> getLDAPSecurityHandlers() { + loadHandlers(); + return securityHandlers; + } + + + /** + * Private Utility methods + */ + + /** + * Report a exception. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Exception ex) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), null, Severity.ERROR, model, message, ex); + monitor.problem(problem); + } + } + + /** + * Lazily load artifact processors registered in the extension point. + */ + @SuppressWarnings("unchecked") + private synchronized void loadHandlers() { + if (loaded) { + return; + } + + // Get the proxy factories declarations + Set<ServiceDeclaration> handlerDeclarations = null; + try { + handlerDeclarations = ServiceDiscovery.getInstance().getServiceDeclarations(LDAPSecurityHandler.class); + } catch (IOException e) { + IllegalStateException ie = new IllegalStateException(e); + error("IllegalStateException", handlerDeclarations, ie); + throw ie; + } + + for (ServiceDeclaration processorDeclaration : handlerDeclarations) { + // Create a factory, and register it + LDAPSecurityHandler securityHandler = null; + try { + Class<LDAPSecurityHandler> securityHandlerClass = (Class<LDAPSecurityHandler>) processorDeclaration.loadClass(); + + securityHandler = securityHandlerClass.newInstance(); + + } catch (Exception e) { + IllegalStateException ie = new IllegalStateException(e); + error("IllegalStateException", securityHandler, ie); + throw ie; + } + + addLDAPSecurityHandler(securityHandler); + } + + loaded = true; + } + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java new file mode 100644 index 0000000000..bf64f8fa30 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.util.List; + +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy; + +public interface LDAPSecurityHandler { + + /** + * The Http Service calls this method prior to servicing the specified request. + * This method controls whether the request is processed in the normal manner + * or an error is returned. + * + * If the request requires authentication and the Authorization header + * in the request is missing or not acceptable, then this method should + * set the WWW-Authenticate header in the response object, set the status + * in the response object to Unauthorized(401) and return false. + * See also RFC 2617: HTTP Authentication: Basic and Digest Access Authentication + * (available at http://www.ietf.org/rfc/rfc2617.txt). + * + * If the request requires a secure connection and the getScheme method + * in the request does not return 'https' or some other acceptable secure protocol, + * then this method should set the status in the response object to Forbidden(403) + * and return false. + * + * When this method returns false, the Http Service will send the response back to + * the client, thereby completing the request. When this method returns true, the + * Http Service will proceed with servicing the request. + * + * If the specified request has been authenticated, this method must set the + * AUTHENTICATION_TYPE request attribute to the type of authentication used, + * and the REMOTE_USER request attribute to the remote user + * (request attributes are set using the setAttribute method on the request). + * If this method does not perform any authentication, it must not set these attributes. + * + * @param msg + * @return + */ + void handleSecurity(Message msg, + List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + List<AuthorizationPolicy> authorizationPolicies) throws javax.security.auth.login.LoginException; +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java new file mode 100644 index 0000000000..73765c0a10 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.util.List; + +/** + * Extension point for LDAP Security Handlers + * + * @version $Rev$ $Date$ + */ +public interface LDAPSecurityHandlerExtensionPoint { + + /** + * Add a LDAP security handler + * @param securityHandler + */ + void addLDAPSecurityHandler (LDAPSecurityHandler securityHandler); + + /** + * Remove a LDAP security handler + * @param securityHandler + */ + void removeLDAPSecurityHandler (LDAPSecurityHandler securityHandler); + + /** + * Return a list of security handlers + * @return + */ + List<LDAPSecurityHandler> getLDAPSecurityHandlers(); + + +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java new file mode 100644 index 0000000000..88b2ee9fce --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.util; + +import java.util.StringTokenizer; + +import javax.security.auth.Subject; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.codec.binary.Base64; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal; + +/** + * + * @version $Rev$ $Date$ + */ +public class HttpSecurityUtil { + + /** + * Check if Authorization header is available + * @param request + * @param response + * @return + */ + public static boolean hasAuthorizationHeader(HttpServletRequest request) { + boolean result = false; + if(request.getHeader("Authorization") != null) { + result = true; + } + + return result; + } + + /** + * + * @param request + * @param response + * @return + */ + public static String getAuthorizationHeader(HttpServletRequest request) { + return request.getHeader("Authorization"); + } + + public static Subject getSubject(Message msg){ + + Subject subject = null; + HttpServletRequest request = null; + + for (Object header : msg.getHeaders()){ + if (header instanceof Subject){ + subject = (Subject)header; + break; + } else if( header instanceof HttpServletRequest) { + request = (HttpServletRequest) header; + } + } + + //if there is no subject, but request is available + //try to build a subject from authorization header + if (subject == null & request != null) { + if ( hasAuthorizationHeader(request)) { + subject = getSubject(getAuthorizationHeader(request)); + } + + } + if (subject == null){ + subject = new Subject(); + msg.getHeaders().add(subject); + } + + return subject; + + } + + public static Subject getSubject(String httpAuthorizationHeader){ + + + // get the security context + Subject subject = new Subject(); + String user = null; + String password = null; + + if (httpAuthorizationHeader != null) { + StringTokenizer tokens = new StringTokenizer(httpAuthorizationHeader); + if (tokens.hasMoreTokens()) { + String basic = tokens.nextToken(); + if (basic.equalsIgnoreCase("Basic")) { + String credentials = tokens.nextToken(); + String userAndPassword = new String(Base64.decodeBase64(credentials.getBytes())); + int colon = userAndPassword.indexOf(":"); + if (colon != -1) { + user = userAndPassword.substring(0, colon); + password = userAndPassword.substring(colon + 1); + } + } + } + } + + if(user != null && password != null) { + BasicAuthenticationPrincipal principal = new BasicAuthenticationPrincipal(user, password); + subject.getPrincipals().add(principal); + } + + return subject; + } +} diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor new file mode 100644 index 0000000000..fd57d8a44f --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Implementation class for the artifact processor extension +org.apache.tuscany.sca.policy.authentication.AuthenticationConfigurationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#authenticationConfiguration,model=org.apache.tuscany.sca.policy.authentication.AuthenticationConfigurationPolicy +org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#confidentiality,model=org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicy +org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#ldapRealmAuthentication,model=org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint new file mode 100644 index 0000000000..79ee88142a --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +org.apache.tuscany.sca.policy.security.http.extensibility.DefaultLDAPSecurityExtensionPoint
\ No newline at end of file diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory new file mode 100644 index 0000000000..5a92f0dfd7 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Implementation class for the policy extension +org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy diff --git a/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/policy-security-http-validation-messages.properties b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/policy-security-http-validation-messages.properties new file mode 100644 index 0000000000..ebb47f2b60 --- /dev/null +++ b/sca-java-1.x/tags/1.6-TUSCANY-3909/policy-security-http/src/main/resources/policy-security-http-validation-messages.properties @@ -0,0 +1,22 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +RequiredAttributeRolesMissing = Required attribute 'roles' is missing. +ClassNotFoundException = Class Not Found Exception: {0}
\ No newline at end of file |