diff options
7 files changed, 128 insertions, 61 deletions
diff --git a/sca-java-2.x/trunk/modules/builder/src/main/java/org/apache/tuscany/sca/builder/impl/ComponentPolicyBuilderImpl.java b/sca-java-2.x/trunk/modules/builder/src/main/java/org/apache/tuscany/sca/builder/impl/ComponentPolicyBuilderImpl.java index 9e6c4d758d..238a745429 100644 --- a/sca-java-2.x/trunk/modules/builder/src/main/java/org/apache/tuscany/sca/builder/impl/ComponentPolicyBuilderImpl.java +++ b/sca-java-2.x/trunk/modules/builder/src/main/java/org/apache/tuscany/sca/builder/impl/ComponentPolicyBuilderImpl.java @@ -443,16 +443,24 @@ public class ComponentPolicyBuilderImpl { // or external attachement // resolve policy set names that have been specified for the // policy subject against the real policy sets from the - // definitions files + // definitions files. + // Some policy plugins, e.g. JSR250, add resolved policy sets + // on the fly as they read details from annotations. So check + // that policy sets are unresolved befor blowing them away with + // a warning Set<PolicySet> policySets = new HashSet<PolicySet>(); if (definitions != null) { for (PolicySet policySet : subject.getPolicySets()) { - int index = definitions.getPolicySets().indexOf(policySet); - if (index != -1) { - policySets.add(definitions.getPolicySets().get(index)); + if (policySet.isUnresolved()){ + int index = definitions.getPolicySets().indexOf(policySet); + if (index != -1) { + policySets.add(definitions.getPolicySets().get(index)); + } else { + // PolicySet cannot be resolved + warning(context.getMonitor(), "PolicySetNotFoundAtBuild", subject, policySet); + } } else { - // PolicySet cannot be resolved - warning(context.getMonitor(), "PolicySetNotFoundAtBuild", subject, policySet); + policySets.add(policySet); } } } diff --git a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java index fffb366dfa..5f3f1a33ff 100644 --- a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java +++ b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java @@ -25,9 +25,14 @@ import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed;
import javax.annotation.security.RunAs;
import javax.xml.namespace.QName;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathExpressionException;
import org.apache.tuscany.sca.assembly.AssemblyFactory;
import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.common.xml.stax.reader.NamespaceContextImpl;
+import org.apache.tuscany.sca.common.xml.xpath.XPathHelper;
import org.apache.tuscany.sca.core.ExtensionPointRegistry;
import org.apache.tuscany.sca.core.FactoryExtensionPoint;
import org.apache.tuscany.sca.implementation.java.IntrospectionException;
@@ -59,17 +64,31 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { private static final QName DENY_ALL = new QName(Constants.SCA11_TUSCANY_NS,"denyAll");
private PolicyFactory policyFactory;
+ private XPathHelper xpathHelper;
+ private String appliesToString = "//sca:implementation.java";
+ private XPathExpression appliesToExpression = null;
- public JSR250PolicyProcessor(ExtensionPointRegistry registry) {
+ public JSR250PolicyProcessor(ExtensionPointRegistry registry) throws IntrospectionException {
super(registry.getExtensionPoint(FactoryExtensionPoint.class).getFactory(AssemblyFactory.class));
this.policyFactory = registry.getExtensionPoint(FactoryExtensionPoint.class).getFactory(PolicyFactory.class);
+
+ this.xpathHelper = XPathHelper.getInstance(registry);
+ NamespaceContextImpl nsContext = new NamespaceContextImpl(null);
+ nsContext.register("sca", "http://docs.oasis-open.org/ns/opencsa/sca/200912");
+ XPath path = xpathHelper.newXPath();
+ try {
+ appliesToExpression = xpathHelper.compile(path, nsContext, appliesToString);
+ } catch (XPathExpressionException e) {
+ throw new IntrospectionException(e);
+ }
}
+/*
public JSR250PolicyProcessor(AssemblyFactory assemblyFactory, PolicyFactory policyFactory) {
super(assemblyFactory);
this.policyFactory = policyFactory;
}
-
+*/
@Override
public <T> void visitClass(Class<T> clazz, JavaImplementation type) throws IntrospectionException {
@@ -84,14 +103,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { SecurityIdentityPolicy policy = new SecurityIdentityPolicy();
policy.setRunAsRole(roleName);
-
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(RUN_AS);
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(SecurityIdentityPolicy.NAME);
- policyExpression.setPolicy(policy);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
+ PolicySet policySet = createPolicySet(RUN_AS, SecurityIdentityPolicy.NAME, policy);
type.getPolicySets().add(policySet);
}
@@ -108,13 +120,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { policy.getRoleNames().add(role);
}
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(ALLOW);
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(AuthorizationPolicy.NAME);
- policyExpression.setPolicy(policy);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
+ PolicySet policySet = createPolicySet(ALLOW, AuthorizationPolicy.NAME, policy);
type.getPolicySets().add(policySet);
}
@@ -122,14 +128,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { if(permitAll != null) {
AuthorizationPolicy policy = new AuthorizationPolicy();
policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll);
-
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(PERMIT_ALL);
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(AuthorizationPolicy.NAME);
- policyExpression.setPolicy(policy);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
+ PolicySet policySet = createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, policy);
type.getPolicySets().add(policySet);
}
@@ -154,14 +153,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { Operation operation = getOperationModel(method, type);
if (operation != null){
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(ALLOW);
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(AuthorizationPolicy.NAME);
- policyExpression.setPolicy(policy);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
-
+ PolicySet policySet = createPolicySet(ALLOW, AuthorizationPolicy.NAME, policy);
operation.getPolicySets().add(policySet);
}
}
@@ -175,14 +167,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { Operation operation = getOperationModel(method, type);
if (operation != null){
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(PERMIT_ALL);
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(AuthorizationPolicy.NAME);
- policyExpression.setPolicy(policy);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
-
+ PolicySet policySet = createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, policy);
operation.getPolicySets().add(policySet);
}
}
@@ -196,14 +181,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { Operation operation = getOperationModel(method, type);
if (operation != null){
- PolicySet policySet = policyFactory.createPolicySet();
- policySet.setName(DENY_ALL);
- PolicyExpression policyExpression = policyFactory.createPolicyExpression();
- policyExpression.setName(AuthorizationPolicy.NAME);
- policyExpression.setPolicy(policy);
- policySet.getPolicies().add(policyExpression);
- policySet.setUnresolved(false);
-
+ PolicySet policySet = createPolicySet(DENY_ALL, AuthorizationPolicy.NAME, policy);
operation.getPolicySets().add(policySet);
}
}
@@ -219,4 +197,25 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { return null;
}
+
+ /**
+ * Here we generate policy sets on the fly so they have to be configured as though they
+ * had been read and resolved from a defintions.xml file. I.e. they have to have appropriate
+ * appliesTo configuration and be marked as resolved.
+ */
+ private PolicySet createPolicySet(QName policySetName, QName policyExpressionName, Object policy){
+
+ PolicyExpression policyExpression = policyFactory.createPolicyExpression();
+ policyExpression.setName(policyExpressionName);
+ policyExpression.setPolicy(policy);
+
+ PolicySet policySet = policyFactory.createPolicySet();
+ policySet.setName(policySetName);
+ policySet.setAppliesTo(appliesToString);
+ policySet.setAppliesToXPathExpression(appliesToExpression);
+ policySet.getPolicies().add(policyExpression);
+ policySet.setUnresolved(false);
+
+ return policySet;
+ }
}
diff --git a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java index 2788276029..b6bd00e345 100644 --- a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java +++ b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java @@ -155,7 +155,7 @@ public class PolicyProcessorTestCase extends TestCase { registry.start();
serviceProcessor = new ServiceProcessor(new DefaultAssemblyFactory(), new DefaultJavaInterfaceFactory(registry));
policyProcessor = new PolicyProcessor(registry);
- jsr250Processor = new JSR250PolicyProcessor(new DefaultAssemblyFactory(), new DefaultPolicyFactory());
+ jsr250Processor = new JSR250PolicyProcessor(registry);
visitor = new PolicyJavaInterfaceVisitor(registry);
JavaImplementationFactory javaImplementationFactory = new DefaultJavaImplementationFactory();
type = javaImplementationFactory.createJavaImplementation();
diff --git a/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldClient.java b/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldClient.java index f9d883c83d..674731d61c 100644 --- a/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldClient.java +++ b/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldClient.java @@ -26,10 +26,14 @@ public class HelloWorldClient implements HelloWorld { @Reference
public HelloWorld helloWorldWS;
+ @Reference
+ public HelloWorld helloWorldWS1;
+
public String getGreetings(String s) {
String response = helloWorldWS.getGreetings(s);
+ response += helloWorldWS1.getGreetings(s);
System.out.println("At client: " + response);
return response;
- }
+ }
}
diff --git a/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldService1.java b/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldService1.java new file mode 100644 index 0000000000..962c6afbf9 --- /dev/null +++ b/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/java/org/apache/tuscany/sca/policy/operations/helloworld/HelloWorldService1.java @@ -0,0 +1,33 @@ +/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.operations.helloworld;
+
+import javax.annotation.security.PermitAll;
+
+@PermitAll
+public class HelloWorldService1 implements HelloWorld {
+
+ public String getGreetings(String s) {
+ String response = "Hello " + s;
+ System.out.println("At service: " + response);
+ return response;
+ }
+
+}
diff --git a/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/resources/org/apache/tuscany/sca/policy/operations/helloworld/helloworld.composite b/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/resources/org/apache/tuscany/sca/policy/operations/helloworld/helloworld.composite index ea43579747..f9f437f30e 100644 --- a/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/resources/org/apache/tuscany/sca/policy/operations/helloworld/helloworld.composite +++ b/sca-java-2.x/trunk/testing/itest/policy/operations/src/main/resources/org/apache/tuscany/sca/policy/operations/helloworld/helloworld.composite @@ -26,6 +26,7 @@ <component name="HelloWorldClient">
<implementation.java class="org.apache.tuscany.sca.policy.operations.helloworld.HelloWorldClient"/>
<reference name="helloWorldWS" target="HelloWorldService"/>
+ <reference name="helloWorldWS1" target="HelloWorldService1"/>
</component>
<component name="HelloWorldService">
@@ -35,4 +36,11 @@ </service>
</component>
+ <component name="HelloWorldService1">
+ <implementation.java class="org.apache.tuscany.sca.policy.operations.helloworld.HelloWorldService1"/>
+ <service name="HelloWorld">
+ <binding.ws/>
+ </service>
+ </component>
+
</composite>
diff --git a/sca-java-2.x/trunk/testing/itest/policy/operations/src/test/java/org/apache/tuscany/sca/policy/operations/OperationsPolicyTestCase.java b/sca-java-2.x/trunk/testing/itest/policy/operations/src/test/java/org/apache/tuscany/sca/policy/operations/OperationsPolicyTestCase.java index 44123f44c2..452d448c59 100644 --- a/sca-java-2.x/trunk/testing/itest/policy/operations/src/test/java/org/apache/tuscany/sca/policy/operations/OperationsPolicyTestCase.java +++ b/sca-java-2.x/trunk/testing/itest/policy/operations/src/test/java/org/apache/tuscany/sca/policy/operations/OperationsPolicyTestCase.java @@ -19,22 +19,25 @@ package org.apache.tuscany.sca.policy.operations;
+import javax.xml.namespace.QName;
+
import junit.framework.TestCase;
+import org.apache.tuscany.sca.assembly.Composite;
+import org.apache.tuscany.sca.assembly.xml.Constants;
import org.apache.tuscany.sca.node.Contribution;
import org.apache.tuscany.sca.node.Node;
import org.apache.tuscany.sca.node.NodeFactory;
+import org.apache.tuscany.sca.node.impl.NodeImpl;
import org.apache.tuscany.sca.policy.operations.helloworld.HelloWorld;
public class OperationsPolicyTestCase extends TestCase {
+
+ private static final QName PERMIT_ALL = new QName(Constants.SCA11_TUSCANY_NS,"permitAll");
private Node node;
private HelloWorld helloWorld;
- public void testCalculator() throws Exception {
- assertEquals("Hello petra", helloWorld.getGreetings("petra"));
- }
-
@Override
protected void setUp() throws Exception {
node = NodeFactory.newInstance().createNode(new Contribution("test", "target/classes"));
@@ -47,4 +50,16 @@ public class OperationsPolicyTestCase extends TestCase { node.stop();
}
+ public void testCalculator() throws Exception {
+ assertEquals("Hello petraHello petra", helloWorld.getGreetings("petra"));
+ Composite domainComposite = ((NodeImpl)node).getDomainComposite();
+
+ // Check that the operation level policy is present
+ assertEquals(PERMIT_ALL,
+ domainComposite.getComponents().get(1).getImplementation().getOperations().get(0).getPolicySets().get(0).getName());
+
+ // Check that the class level policy is present
+ assertEquals(PERMIT_ALL,
+ domainComposite.getComponents().get(2).getImplementation().getPolicySets().get(0).getName());
+ }
}
|