summaryrefslogtreecommitdiffstats
path: root/java/sca/modules/policy-security/src/main
diff options
context:
space:
mode:
authorlresende <lresende@13f79535-47bb-0310-9956-ffa450edef68>2008-11-19 05:27:58 +0000
committerlresende <lresende@13f79535-47bb-0310-9956-ffa450edef68>2008-11-19 05:27:58 +0000
commit5f3869c451e46aadc943d00087d6847877dd1c50 (patch)
treee22baaff1fb9ea42606b7d04af52e032e3bc03bc /java/sca/modules/policy-security/src/main
parent60744a36aae604ac3c4499ed54f1082ab8f5947d (diff)
Merging the 1.x delta on top of the equinox based modules
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@718858 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/sca/modules/policy-security/src/main')
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java76
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java2
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java12
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java80
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java30
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java1
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java24
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java1
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java74
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java80
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java88
-rw-r--r--java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java75
-rw-r--r--java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor53
-rw-r--r--java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory1
-rw-r--r--java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml8
-rw-r--r--java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml8
16 files changed, 554 insertions, 59 deletions
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java
new file mode 100644
index 0000000000..81bc3271c6
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tuscany.sca.policy;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.apache.tuscany.sca.invocation.Message;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class SecurityUtil {
+
+ public static Subject getSubject(Message msg){
+
+ Subject subject = null;
+
+ for (Object header : msg.getHeaders()){
+ if (header instanceof Subject){
+ subject = (Subject)header;
+ break;
+ }
+ }
+
+ if (subject == null){
+ subject = new Subject();
+ msg.getHeaders().add(subject);
+ }
+
+ return subject;
+ }
+
+ public static <T> T getPrincipal(Subject subject, Class<T> clazz){
+ for (Principal msgPrincipal : subject.getPrincipals() ){
+ if (clazz.isInstance(msgPrincipal)){
+ return clazz.cast(msgPrincipal);
+ }
+ }
+
+ return null;
+ }
+
+ public static Principal getPrincipal(Message msg){
+
+ Principal principal = null;
+
+ for (Object header : msg.getHeaders()){
+ if (header instanceof Principal){
+ principal = (Principal)header;
+ break;
+ }
+ }
+
+ return principal;
+ }
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
index eb0da76acf..152a8de6cc 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
@@ -32,7 +32,7 @@ public class BasicAuthenticationPolicy implements Policy {
private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.0";
public static final QName BASIC_AUTHENTICATION_POLICY_QNAME = new QName(SCA10_TUSCANY_NS, "basicAuthentication");
- public static final String BASIC_AUTHENTICATION_USERNAME = "username";
+ public static final String BASIC_AUTHENTICATION_USERNAME = "userName";
public static final String BASIC_AUTHENTICATION_PASSWORD = "password";
private String userName;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
index 0b3dfd5539..43db3ec9be 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
@@ -41,10 +41,6 @@ import org.apache.tuscany.sca.monitor.Monitor;
public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor<BasicAuthenticationPolicy> {
private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.0";
- private static final String USER_NAME = "userName";
- private static final String PASSWORD = "password";
-
-
public QName getArtifactType() {
return BasicAuthenticationPolicy.BASIC_AUTHENTICATION_POLICY_QNAME;
}
@@ -65,9 +61,9 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
name = reader.getName();
if ( name.equals(getArtifactType()) ) {
// no attributes at the moment
- } else if ( USER_NAME.equals(name.getLocalPart()) ) {
+ } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) {
policy.setUserName(reader.getElementText());
- } else if ( PASSWORD.equals(name.getLocalPart()) ) {
+ } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) {
policy.setPassword(reader.getElementText());
}
break;
@@ -99,7 +95,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
if ( policy.getUserName() != null ) {
writer.writeStartElement(prefix,
- USER_NAME,
+ BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
getArtifactType().getNamespaceURI());
writer.writeCharacters(policy.getUserName());
writer.writeEndElement();
@@ -107,7 +103,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
if ( policy.getPassword() != null ) {
writer.writeStartElement(prefix,
- PASSWORD,
+ BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
getArtifactType().getNamespaceURI());
writer.writeCharacters(policy.getPassword());
writer.writeEndElement();
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java
new file mode 100644
index 0000000000..3ab9cb656d
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tuscany.sca.policy.authentication.basic;
+
+import java.security.Principal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class BasicAuthenticationPrincipal implements Principal {
+
+ private String name;
+ private String password;
+
+ public BasicAuthenticationPrincipal(String name, String password){
+ if (name == null) {
+ throw new IllegalArgumentException("name cannot be null");
+ }
+
+ this.name = name;
+ this.password = password;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ @Override
+ public String toString() {
+ return name;
+ }
+
+
+ @Override
+ public boolean equals(Object principal) {
+ if (principal == null)
+ return false;
+ if (this == principal)
+ return true;
+ if (getClass() != principal.getClass())
+ return false;
+ final BasicAuthenticationPrincipal other = (BasicAuthenticationPrincipal)principal;
+ if (name == null) {
+ if (other.name != null)
+ return false;
+ } else if (!name.equals(other.name)){
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
index c0ed282276..4120fdb405 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
@@ -18,17 +18,16 @@
*/
package org.apache.tuscany.sca.policy.authentication.basic;
-import javax.xml.namespace.QName;
+import javax.security.auth.Subject;
import org.apache.tuscany.sca.interfacedef.Operation;
import org.apache.tuscany.sca.invocation.Interceptor;
import org.apache.tuscany.sca.invocation.Invoker;
import org.apache.tuscany.sca.invocation.Message;
import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
/**
- * Policy handler to handle PolicySet related to Logging with the QName
- * {http://tuscany.apache.org/xmlns/sca/1.0/impl/java}LoggingPolicy
*
* @version $Rev$ $Date$
*/
@@ -62,11 +61,26 @@ public class BasicAuthenticationReferencePolicyInterceptor implements Intercepto
}
public Message invoke(Message msg) {
- // could call out here to some 3rd part system to get credentials
- msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
- policy.getUserName());
- msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
- policy.getPassword());
+
+ // get the security context
+ Subject subject = SecurityUtil.getSubject(msg);
+ BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject,
+ BasicAuthenticationPrincipal.class);
+
+ // if no credentials propogated from the reference then use
+ // the ones from the policy
+ if (principal == null &&
+ policy.getUserName() != null &&
+ !policy.getUserName().equals("")) {
+ principal = new BasicAuthenticationPrincipal(policy.getUserName(),
+ policy.getPassword());
+ subject.getPrincipals().add(principal);
+ }
+
+ if (principal == null){
+ // alternatively we could call out here to some 3rd party system to get credentials
+ // or convert from some other security principal
+ }
return getNext().invoke(msg);
}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java
index f6453e2b65..5aa36ecc89 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java
@@ -27,7 +27,6 @@ import org.apache.tuscany.sca.invocation.Interceptor;
import org.apache.tuscany.sca.invocation.Phase;
import org.apache.tuscany.sca.policy.PolicySet;
import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
-import org.apache.tuscany.sca.policy.util.PolicyHandler;
import org.apache.tuscany.sca.provider.PolicyProvider;
import org.apache.tuscany.sca.runtime.RuntimeComponent;
import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
index 6c0f7d48d0..88a790c9e9 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
@@ -19,13 +19,15 @@
package org.apache.tuscany.sca.policy.authentication.basic;
-import javax.xml.namespace.QName;
+import javax.security.auth.Subject;
import org.apache.tuscany.sca.interfacedef.Operation;
import org.apache.tuscany.sca.invocation.Interceptor;
import org.apache.tuscany.sca.invocation.Invoker;
import org.apache.tuscany.sca.invocation.Message;
import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+
/**
* Policy handler to handle PolicySet related to Logging with the QName
@@ -64,16 +66,20 @@ public class BasicAuthenticationServicePolicyInterceptor implements Interceptor
public Message invoke(Message msg) {
- String username = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME);
- String password = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD);
-
- if (username != null) {
+ Subject subject = SecurityUtil.getSubject(msg);
+ BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject,
+ BasicAuthenticationPrincipal.class);
+
+ if (principal != null){
- System.out.println("Username: " + username + " Password: " + password);
- // could call out here to some 3rd part system to do whatever you
- // need to turn credentials into a principal
+ System.out.println("Username: " +
+ principal.getName() +
+ " Password: " +
+ principal.getPassword());
- msg.getQoSContext().put(Message.QOS_CTX_SECURITY_PRINCIPAL, username);
+ // could call out here to some 3rd party system to do whatever you
+ // need to do do with username and password
+
}
return getNext().invoke(msg);
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java
index 9bbb0e2d33..aae0386589 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java
@@ -27,7 +27,6 @@ import org.apache.tuscany.sca.invocation.Interceptor;
import org.apache.tuscany.sca.invocation.Phase;
import org.apache.tuscany.sca.policy.PolicySet;
import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
-import org.apache.tuscany.sca.policy.util.PolicyHandler;
import org.apache.tuscany.sca.provider.PolicyProvider;
import org.apache.tuscany.sca.runtime.RuntimeComponent;
import org.apache.tuscany.sca.runtime.RuntimeComponentService;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java
new file mode 100644
index 0000000000..147b863c01
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tuscany.sca.policy.authentication.token;
+
+import java.security.Principal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class TokenPrincipal implements Principal {
+
+ private String name;
+
+ public TokenPrincipal(String name){
+ if (name == null) {
+ throw new IllegalArgumentException("name cannot be null");
+ }
+
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ @Override
+ public String toString() {
+ return name;
+ }
+
+
+ @Override
+ public boolean equals(Object principal) {
+ if (principal == null)
+ return false;
+ if (this == principal)
+ return true;
+ if (getClass() != principal.getClass())
+ return false;
+ final TokenPrincipal other = (TokenPrincipal)principal;
+ if (name == null) {
+ if (other.name != null)
+ return false;
+ } else if (!name.equals(other.name)){
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java
new file mode 100644
index 0000000000..1559e22cb9
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.identity;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Invoker;
+import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+import org.osoa.sca.ServiceRuntimeException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityImplementationPolicyInterceptor implements Interceptor {
+ private List<SecurityIdentityPolicy> securityIdentityPolicies;
+ private Invoker next;
+
+ public SecurityIdentityImplementationPolicyInterceptor(List<SecurityIdentityPolicy> securityIdentityPolicies) {
+ super();
+ this.securityIdentityPolicies = securityIdentityPolicies;
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.invocation.Interceptor#getNext()
+ */
+ public Invoker getNext() {
+ return next;
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker)
+ */
+ public void setNext(Invoker next) {
+ this.next = next;
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message)
+ */
+ public Message invoke(Message msg) {
+ try {
+
+ Subject subject = SecurityUtil.getSubject(msg);
+
+ // May do some selection here based on runAs settings.
+ // by default though there is nothing to do as the implementation
+ // assumes the callers user credentials
+
+
+ } catch (Exception e) {
+ throw new ServiceRuntimeException(e);
+ }
+ return getNext().invoke(msg);
+ }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java
new file mode 100644
index 0000000000..aa52e0bc41
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tuscany.sca.policy.identity;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.tuscany.sca.assembly.ConfiguredOperation;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.assembly.OperationsConfigurator;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Phase;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityImplementationPolicyProvider implements PolicyProvider {
+ private RuntimeComponent component;
+ private Implementation implementation;
+
+ public SecurityIdentityImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+ super();
+ this.component = component;
+ this.implementation = implementation;
+ }
+
+ private List<SecurityIdentityPolicy> findPolicies(Operation op) {
+ List<SecurityIdentityPolicy> polices = new ArrayList<SecurityIdentityPolicy>();
+ // FIXME: How do we get a list of effective policySets for a given operation?
+ if (implementation instanceof OperationsConfigurator) {
+ OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation;
+ for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) {
+ if (cop.getName().equals(op.getName())) {
+ for (PolicySet ps : cop.getPolicySets()) {
+ for (Object p : ps.getPolicies()) {
+ if (SecurityIdentityPolicy.class.isInstance(p)) {
+ polices.add((SecurityIdentityPolicy)p);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ List<PolicySet> policySets = component.getPolicySets();
+ for (PolicySet ps : policySets) {
+ for (Object p : ps.getPolicies()) {
+ if (SecurityIdentityPolicy.class.isInstance(p)) {
+ polices.add((SecurityIdentityPolicy)p);
+ }
+ }
+ }
+ return polices;
+ }
+
+ public Interceptor createInterceptor(Operation operation) {
+ List<SecurityIdentityPolicy> policies = findPolicies(operation);
+ if (policies == null || policies.isEmpty()) {
+ return null;
+ } else {
+ return new SecurityIdentityImplementationPolicyInterceptor(findPolicies(operation));
+ }
+ }
+
+ public String getPhase() {
+ return Phase.IMPLEMENTATION_POLICY;
+ }
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java
new file mode 100644
index 0000000000..a20f314a2a
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.identity;
+
+import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.core.ExtensionPointRegistry;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.provider.PolicyProviderFactory;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
+import org.apache.tuscany.sca.runtime.RuntimeComponentService;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityPolicyProviderFactory implements PolicyProviderFactory<SecurityIdentityPolicy> {
+ private ExtensionPointRegistry registry;
+
+ public SecurityIdentityPolicyProviderFactory(ExtensionPointRegistry registry) {
+ super();
+ this.registry = registry;
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation)
+ */
+ public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+ return new SecurityIdentityImplementationPolicyProvider(component, implementation);
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding)
+ */
+ public PolicyProvider createReferencePolicyProvider(RuntimeComponent component,
+ RuntimeComponentReference reference,
+ Binding binding) {
+ return null;
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding)
+ */
+ public PolicyProvider createServicePolicyProvider(RuntimeComponent component,
+ RuntimeComponentService service,
+ Binding binding) {
+ return null;
+ }
+
+ /**
+ * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType()
+ */
+ public Class getModelType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
index 3a514e6088..bf8e4d11b4 100644
--- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
+++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
@@ -1,26 +1,27 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Implementation class for the artifact processor extension
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
-org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
-org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
-org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Implementation class for the artifact processor extension
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
+org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
+org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
index 95263b8836..0363fbd981 100644
--- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
+++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
@@ -18,3 +18,4 @@
# Implementation class for the policy extension
org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProviderFactory;model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml
index e1be4ab03c..f8f0634a9a 100644
--- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml
+++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml
@@ -31,7 +31,7 @@
<!-- Policy Intents Defined by the SCA Runtime -->
<intent name="authentication"
- constrains="sca:binding">
+ constrains="sca:binding tuscany:binding">
<description>
Specifying this intent on references requires necessary authentication information
to be sent along with outgoing messages. Specifying this intent on service requires
@@ -40,16 +40,16 @@
</intent>
<intent name="confidentiality"
- constrains="sca:binding">
+ constrains="sca:binding tuscany:binding">
<description>
Specifying this intent requires message exchanged to be encrypted
</description>
</intent>
<intent name="integrity"
- constrains="sca:binding">
+ constrains="sca:binding tuscany:binding">
<description>
Specifying this intent requires message exchanged to be signed
</description>
</intent>
-</definitions> \ No newline at end of file
+</definitions>
diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
index f5b79af7ee..91383eaf6a 100644
--- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
+++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
@@ -20,7 +20,13 @@
<definitions xmlns="http://www.osoa.org/xmlns/sca/1.0" targetNamespace="http://tuscany.apache.org/xmlns/sca/1.0"
xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0">
- <intent name="jaasAuthentication" constrains="sca:implementation.java">
+ <intent name="identity" constrains="sca:implementation.java
+ sca:implementation.spring">
+ <description>All invocations are must have an identity set</description>
+ </intent>
+
+ <intent name="jaasAuthentication" constrains="sca:implementation.java
+ sca:implementation.spring">
<description>All invocations to be authenticated</description>
</intent>
</definitions> \ No newline at end of file