diff options
| author | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2009-08-13 05:03:43 +0000 |
|---|---|---|
| committer | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2009-08-13 05:03:43 +0000 |
| commit | 7c449ba859ffb8826feedf292281983b16f0a598 (patch) | |
| tree | 7d0b7bfe518d0df99eda7f3429b215dc83f298f4 | |
| parent | 6836d08176b0a62f7443ac098f1345ddd74f4ade (diff) | |
Splitting policy security code specific to geronimo hosting environment to it's own module
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@803776 13f79535-47bb-0310-9956-ffa450edef68
13 files changed, 518 insertions, 84 deletions
diff --git a/branches/sca-java-1.5.1/modules/policy-security-geronimo/pom.xml b/branches/sca-java-1.5.1/modules/policy-security-geronimo/pom.xml new file mode 100644 index 0000000000..eb3be9d9f7 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-geronimo/pom.xml @@ -0,0 +1,70 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +--> +<project> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-modules</artifactId> + <version>1.5.1-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + <artifactId>tuscany-policy-security-geronimo</artifactId> + <name>Apache Tuscany SCA Geronimo Policy Security</name> + + <dependencies> + <dependency> + <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-policy-security-http</artifactId> + <version>1.5.1-SNAPSHOT</version> + </dependency> + + <dependency> + <groupId>org.apache.geronimo.modules</groupId> + <artifactId>geronimo-security</artifactId> + <version>2.0.1</version> + <scope>provided</scope> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <version>2.4</version> <!-- to keep compatible with older servlet containers --> + <scope>provided</scope> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.felix</groupId> + <artifactId>maven-bundle-plugin</artifactId> + + <configuration> + <instructions> + <Bundle-Version>${tuscany.version}</Bundle-Version> + <Bundle-SymbolicName>org.apache.tuscany.sca.policy.security.geronimo</Bundle-SymbolicName> + <Bundle-Description>${pom.name}</Bundle-Description> + <Export-Package>org.apache.tuscany.sca.policy.security.geronimo*</Export-Package> + </instructions> + </configuration> + </plugin> + </plugins> + </build> +</project> diff --git a/branches/sca-java-1.5.1/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java b/branches/sca-java-1.5.1/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java new file mode 100644 index 0000000000..38cad3c0cd --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.geronimo; + +import java.security.AccessControlContext; +import java.util.List; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.security.jacc.WebRoleRefPermission; + +import org.apache.geronimo.security.ContextManager; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationCallbackHandler; +import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; +import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil; +import org.osoa.sca.ServiceRuntimeException; + +public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler { + + public GeronimoLDAPSecurityHandler() { + + } + + /** + * The Http Service calls this method prior to servicing the specified request. + * This method controls whether the request is processed in the normal manner + * or an error is returned. + * + * If the request requires authentication and the Authorization header + * in the request is missing or not acceptable, then this method should + * set the WWW-Authenticate header in the response object, set the status + * in the response object to Unauthorized(401) and return false. + * See also RFC 2617: HTTP Authentication: Basic and Digest Access Authentication + * (available at http://www.ietf.org/rfc/rfc2617.txt). + * + * If the request requires a secure connection and the getScheme method + * in the request does not return 'https' or some other acceptable secure protocol, + * then this method should set the status in the response object to Forbidden(403) + * and return false. + * + * When this method returns false, the Http Service will send the response back to + * the client, thereby completing the request. When this method returns true, the + * Http Service will proceed with servicing the request. + * + * If the specified request has been authenticated, this method must set the + * AUTHENTICATION_TYPE request attribute to the type of authentication used, + * and the REMOTE_USER request attribute to the remote user + * (request attributes are set using the setAttribute method on the request). + * If this method does not perform any authentication, it must not set these attributes. + * + * @param msg + * @return + */ + public void handleSecurity(Message msg, + List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + List<AuthorizationPolicy> authorizationPolicies) throws javax.security.auth.login.LoginException { + Subject subject = null; + Subject authenticatedSubject = null; + + + // Perform user authentication + LDAPRealmAuthenticationPolicy authenticationPolicy = authenticationPolicies.get(0); + if( authenticationPolicy != null) { + subject = HttpSecurityUtil.getSubject(msg); + CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject); + + /* Uses Geronimo to login */ + LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + + authenticatedSubject = geronimoLoginContext.getSubject(); + ContextManager.setCallers(authenticatedSubject, authenticatedSubject); + if (authenticatedSubject != null) { + //TODO: add authenticated subject to the msg header ? + } + } + + AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0); + if(authorizationPolicy != null) { + if(authorizationPolicy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { + /* Geronimo Specific code */ + AccessControlContext acc = ContextManager.getCurrentContext(); + + boolean isAllowed = false; + for (String requiredRole : authorizationPolicy.getRoleNames()) { + isAllowed = isUserInRole(acc, requiredRole); + if(isAllowed) { + break; + } + } + + if(! isAllowed ) { + throw new javax.security.auth.login.LoginException("Insufficient access rights !"); + } + } + + } + + } + + + + + public boolean isUserInRole(AccessControlContext acc, String role) { + /* Geronimo Specific code */ + try { + acc.checkPermission(new WebRoleRefPermission("", role)); + } catch (Exception e) { + return false; + } + + return true; + } + + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-geronimo/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler b/branches/sca-java-1.5.1/modules/policy-security-geronimo/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler new file mode 100644 index 0000000000..f435bf408e --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-geronimo/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +org.apache.tuscany.sca.policy.security.geronimo.GeronimoLDAPSecurityHandler
\ No newline at end of file diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/pom.xml b/branches/sca-java-1.5.1/modules/policy-security-http/pom.xml index 675680795a..17046203f2 100644 --- a/branches/sca-java-1.5.1/modules/policy-security-http/pom.xml +++ b/branches/sca-java-1.5.1/modules/policy-security-http/pom.xml @@ -54,13 +54,6 @@ </dependency> <dependency> - <groupId>org.apache.geronimo.modules</groupId> - <artifactId>geronimo-security</artifactId> - <version>2.0.1</version> - <scope>provided</scope> - </dependency> - - <dependency> <groupId>org.apache.tuscany.sca</groupId> <artifactId>tuscany-contribution-impl</artifactId> <version>1.5.1-SNAPSHOT</version> diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java index dd454f21c7..8a2f38115a 100644 --- a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java @@ -30,17 +30,20 @@ import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Phase; import org.apache.tuscany.sca.policy.PolicySet; import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; import org.apache.tuscany.sca.provider.PolicyProvider; import org.apache.tuscany.sca.runtime.RuntimeComponent; public class LDAPRealmAuthenticationImplementationPolicyProvider implements PolicyProvider { private RuntimeComponent component; private Implementation implementation; + private LDAPSecurityHandler securityHandler; - public LDAPRealmAuthenticationImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + public LDAPRealmAuthenticationImplementationPolicyProvider(RuntimeComponent component, Implementation implementation, LDAPSecurityHandler securityHandler) { super(); this.component = component; this.implementation = implementation; + this.securityHandler = securityHandler; } @@ -53,7 +56,7 @@ public class LDAPRealmAuthenticationImplementationPolicyProvider implements Poli if (policies == null || policies.isEmpty()) { return null; } else { - return new LDAPRealmAuthenticationInterceptor(findAuthenticationPolicies(operation), findAuthorizationPolicies(operation)); + return new LDAPRealmAuthenticationInterceptor(securityHandler, findAuthenticationPolicies(operation), findAuthorizationPolicies(operation)); } } diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java index 07ccd78123..3f71891a01 100644 --- a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java @@ -21,28 +21,27 @@ package org.apache.tuscany.sca.policy.security.http; import java.util.List; -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.LoginContext; - import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Invoker; import org.apache.tuscany.sca.invocation.Message; import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; -import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; import org.osoa.sca.ServiceRuntimeException; /** * @version $Rev$ $Date$ */ public class LDAPRealmAuthenticationInterceptor implements Interceptor { + private LDAPSecurityHandler securityHandler; private List<LDAPRealmAuthenticationPolicy> authenticationPolicies; private List<AuthorizationPolicy> authorizationPolicies; private Invoker next; - public LDAPRealmAuthenticationInterceptor(List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + public LDAPRealmAuthenticationInterceptor(LDAPSecurityHandler securityHandler, + List<LDAPRealmAuthenticationPolicy> authenticationPolicies, List<AuthorizationPolicy> authorizationPolicies) { super(); + this.securityHandler = securityHandler; this.authenticationPolicies = authenticationPolicies; this.authorizationPolicies = authorizationPolicies; } @@ -56,72 +55,12 @@ public class LDAPRealmAuthenticationInterceptor implements Interceptor { } public Message invoke(Message msg) { - Subject subject = null; - Subject authenticatedSubject = null; - try { - // Perform user authentication - LDAPRealmAuthenticationPolicy authenticationPolicy = authenticationPolicies.get(0); - if( authenticationPolicy != null) { - subject = HttpSecurityUtil.getSubject(msg); - CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject); - - /* This bypass Java EE */ - LoginContext lc = new LoginContext(authenticationPolicy.getRealmConfigurationName(), callbackHandler); - lc.login(); - - - /* Uses Geronimo to login */ - /* - LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); - - authenticatedSubject = geronimoLoginContext.getSubject(); - if (authenticatedSubject != null) { - //TODO: add authenticated subject to the msg header ? - } - */ - } - - AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0); - if(authorizationPolicy != null) { - if(authorizationPolicy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { - /* Geronimo Specific code */ - /* - boolean isAllowed = false; - for (String requiredRole : authorizationPolicy.getRoleNames()) { - isAllowed = isUserInRole(authenticatedSubject, requiredRole); - } - - if(! isAllowed ) { - throw new javax.security.auth.login.LoginException("Insufficient access rights !"); - } - */ - } - - } + securityHandler.handleSecurity(msg, authenticationPolicies, authorizationPolicies); } catch (Exception e) { throw new ServiceRuntimeException(e); } return getNext().invoke(msg); } - - public boolean isUserInRole(Subject subject, String role) { - /* Geronimo Specific code */ - /* - AccessControlContext acc = ContextManager.getCurrentContext(); - - try { - acc.checkPermission(new WebRoleRefPermission("", role)); - } catch (Exception e) { - return false; - } - - return true; - */ - - return false; - } - - } diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java index 75176bba9b..edc3850976 100644 --- a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java @@ -22,6 +22,8 @@ package org.apache.tuscany.sca.policy.security.http; import org.apache.tuscany.sca.assembly.Binding; import org.apache.tuscany.sca.assembly.Implementation; import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint; import org.apache.tuscany.sca.provider.PolicyProvider; import org.apache.tuscany.sca.provider.PolicyProviderFactory; import org.apache.tuscany.sca.runtime.RuntimeComponent; @@ -32,9 +34,13 @@ import org.apache.tuscany.sca.runtime.RuntimeComponentService; * @version $Rev$ $Date$ */ public class LDAPRealmAuthenticationPolicyProviderFactory implements PolicyProviderFactory<LDAPRealmAuthenticationPolicy> { + private LDAPSecurityHandler securityHandler; public LDAPRealmAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) { super(); + + LDAPSecurityHandlerExtensionPoint securityHandlerExtensionPoint = registry.getExtensionPoint(LDAPSecurityHandlerExtensionPoint.class); + securityHandler = securityHandlerExtensionPoint.getLDAPSecurityHandlers().get(0); } public Class<LDAPRealmAuthenticationPolicy> getModelType() { @@ -42,7 +48,7 @@ public class LDAPRealmAuthenticationPolicyProviderFactory implements PolicyProvi } public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { - return new LDAPRealmAuthenticationImplementationPolicyProvider(component, implementation); + return new LDAPRealmAuthenticationImplementationPolicyProvider(component, implementation, securityHandler); } public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, @@ -54,7 +60,7 @@ public class LDAPRealmAuthenticationPolicyProviderFactory implements PolicyProvi public PolicyProvider createServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) { - return new LDAPRealmAuthenticationServicePolicyProvider(component, service, binding); + return new LDAPRealmAuthenticationServicePolicyProvider(component, service, binding, securityHandler); } diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java index 32fce4eb81..5a8b7c7d85 100644 --- a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java @@ -30,6 +30,7 @@ import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Phase; import org.apache.tuscany.sca.policy.PolicySet; import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; import org.apache.tuscany.sca.provider.PolicyProvider; import org.apache.tuscany.sca.runtime.RuntimeComponent; import org.apache.tuscany.sca.runtime.RuntimeComponentService; @@ -43,14 +44,16 @@ public class LDAPRealmAuthenticationServicePolicyProvider implements PolicyProvi private RuntimeComponent component; private RuntimeComponentService service; private Binding binding; + LDAPSecurityHandler securityHandler; private List<Operation> operations = new ArrayList<Operation>(); - public LDAPRealmAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) { + public LDAPRealmAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding, LDAPSecurityHandler securityHandler) { super(); this.component = component; this.service = service; this.binding = binding; + this.securityHandler = securityHandler; this.operations.addAll(service.getInterfaceContract().getInterface().getOperations()); } @@ -71,7 +74,7 @@ public class LDAPRealmAuthenticationServicePolicyProvider implements PolicyProvi if (authenticationPolicies == null || authenticationPolicies.isEmpty()) { return null; } else { - return new LDAPRealmAuthenticationInterceptor(authenticationPolicies, authorizationPolicies); + return new LDAPRealmAuthenticationInterceptor(securityHandler, authenticationPolicies, authorizationPolicies); } } diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java new file mode 100644 index 0000000000..3417bd4936 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/DefaultLDAPSecurityExtensionPoint.java @@ -0,0 +1,134 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.core.UtilityExtensionPoint; +import org.apache.tuscany.sca.extensibility.ServiceDeclaration; +import org.apache.tuscany.sca.extensibility.ServiceDiscovery; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.MonitorFactory; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + + +/** + * Default Extension point for LDAP Security Handlers + * + * @version $Rev$ $Date$ + */ + +public class DefaultLDAPSecurityExtensionPoint implements LDAPSecurityHandlerExtensionPoint { + private List<LDAPSecurityHandler> securityHandlers = new ArrayList<LDAPSecurityHandler>(); + + private ExtensionPointRegistry extensionPoints; + private Monitor monitor = null; + + private boolean loaded = false; + + public DefaultLDAPSecurityExtensionPoint(ExtensionPointRegistry extensionPoints) { + this.extensionPoints = extensionPoints; + + UtilityExtensionPoint utilities = extensionPoints.getExtensionPoint(UtilityExtensionPoint.class); + MonitorFactory monitorFactory = utilities.getUtility(MonitorFactory.class); + if (monitorFactory != null) { + this.monitor = monitorFactory.createMonitor(); + } + } + + + public void addLDAPSecurityHandler(LDAPSecurityHandler securityHandler) { + securityHandlers.add(securityHandler); + } + + public void removeLDAPSecurityHandler(LDAPSecurityHandler securityHandler) { + securityHandlers.remove(securityHandler); + } + + public List<LDAPSecurityHandler> getLDAPSecurityHandlers() { + loadHandlers(); + return securityHandlers; + } + + + /** + * Private Utility methods + */ + + /** + * Report a exception. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Exception ex) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), null, Severity.ERROR, model, message, ex); + monitor.problem(problem); + } + } + + /** + * Lazily load artifact processors registered in the extension point. + */ + @SuppressWarnings("unchecked") + private synchronized void loadHandlers() { + if (loaded) { + return; + } + + // Get the proxy factories declarations + Set<ServiceDeclaration> handlerDeclarations = null; + try { + handlerDeclarations = ServiceDiscovery.getInstance().getServiceDeclarations(LDAPSecurityHandler.class); + } catch (IOException e) { + IllegalStateException ie = new IllegalStateException(e); + error("IllegalStateException", handlerDeclarations, ie); + throw ie; + } + + for (ServiceDeclaration processorDeclaration : handlerDeclarations) { + // Create a factory, and register it + LDAPSecurityHandler securityHandler = null; + try { + Class<LDAPSecurityHandler> securityHandlerClass = (Class<LDAPSecurityHandler>) processorDeclaration.loadClass(); + + securityHandler = securityHandlerClass.newInstance(); + + } catch (Exception e) { + IllegalStateException ie = new IllegalStateException(e); + error("IllegalStateException", securityHandler, ie); + throw ie; + } + + addLDAPSecurityHandler(securityHandler); + } + + loaded = true; + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java new file mode 100644 index 0000000000..bf64f8fa30 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandler.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.util.List; + +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy; + +public interface LDAPSecurityHandler { + + /** + * The Http Service calls this method prior to servicing the specified request. + * This method controls whether the request is processed in the normal manner + * or an error is returned. + * + * If the request requires authentication and the Authorization header + * in the request is missing or not acceptable, then this method should + * set the WWW-Authenticate header in the response object, set the status + * in the response object to Unauthorized(401) and return false. + * See also RFC 2617: HTTP Authentication: Basic and Digest Access Authentication + * (available at http://www.ietf.org/rfc/rfc2617.txt). + * + * If the request requires a secure connection and the getScheme method + * in the request does not return 'https' or some other acceptable secure protocol, + * then this method should set the status in the response object to Forbidden(403) + * and return false. + * + * When this method returns false, the Http Service will send the response back to + * the client, thereby completing the request. When this method returns true, the + * Http Service will proceed with servicing the request. + * + * If the specified request has been authenticated, this method must set the + * AUTHENTICATION_TYPE request attribute to the type of authentication used, + * and the REMOTE_USER request attribute to the remote user + * (request attributes are set using the setAttribute method on the request). + * If this method does not perform any authentication, it must not set these attributes. + * + * @param msg + * @return + */ + void handleSecurity(Message msg, + List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + List<AuthorizationPolicy> authorizationPolicies) throws javax.security.auth.login.LoginException; +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java new file mode 100644 index 0000000000..73765c0a10 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/extensibility/LDAPSecurityHandlerExtensionPoint.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.extensibility; + +import java.util.List; + +/** + * Extension point for LDAP Security Handlers + * + * @version $Rev$ $Date$ + */ +public interface LDAPSecurityHandlerExtensionPoint { + + /** + * Add a LDAP security handler + * @param securityHandler + */ + void addLDAPSecurityHandler (LDAPSecurityHandler securityHandler); + + /** + * Remove a LDAP security handler + * @param securityHandler + */ + void removeLDAPSecurityHandler (LDAPSecurityHandler securityHandler); + + /** + * Return a list of security handlers + * @return + */ + List<LDAPSecurityHandler> getLDAPSecurityHandlers(); + + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint new file mode 100644 index 0000000000..79ee88142a --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandlerExtensionPoint @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +org.apache.tuscany.sca.policy.security.http.extensibility.DefaultLDAPSecurityExtensionPoint
\ No newline at end of file diff --git a/branches/sca-java-1.5.1/modules/pom.xml b/branches/sca-java-1.5.1/modules/pom.xml index 907945b0b7..4f30759526 100644 --- a/branches/sca-java-1.5.1/modules/pom.xml +++ b/branches/sca-java-1.5.1/modules/pom.xml @@ -50,7 +50,6 @@ <module>binding-ejb-runtime</module> <module>binding-erlang</module> <module>binding-erlang-runtime</module> - <module>domain-search</module> <!-- obsolete --> <module>binding-feed</module> <!-- new bindings --> @@ -114,6 +113,7 @@ <module>definitions</module> <module>definitions-xml</module> <module>domain-manager</module> + <module>domain-search</module> <module>endpoint</module> <module>extensibility</module> <module>extensibility-osgi</module> @@ -129,11 +129,11 @@ <module>host-http</module> <module>host-jms</module> <module>host-jms-asf</module> + <module>host-jetty</module> <module>host-openejb</module> <module>host-rmi</module> - <module>host-webapp</module> - <module>host-jetty</module> <module>host-tomcat</module> + <module>host-webapp</module> <module>interface</module> <module>interface-java</module> <module>interface-java-jaxws</module> @@ -155,7 +155,7 @@ <module>implementation-resource-runtime</module> <module>implementation-script</module> <module>implementation-spring</module> - <module>implementation-spring-runtime</module> + <module>implementation-spring-runtime</module> <module>implementation-web</module> <module>implementation-web-runtime</module> <module>implementation-widget</module> @@ -176,6 +176,7 @@ <module>policy-logging</module> <module>policy-reliability</module> <module>policy-security</module> + <module>policy-security-geronimo</module> <module>policy-security-http</module> <module>policy-security-jsr250</module> <module>policy-transaction</module> |