diff options
Diffstat (limited to '')
31 files changed, 2409 insertions, 0 deletions
diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java new file mode 100644 index 0000000000..c735f63b7d --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import javax.xml.namespace.QName; + +/** + * Implementation for policies that could be injected as parameter + * into the axis2config. + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPolicy { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + + public static final QName BASIC_AUTHENTICATION_POLICY_QNAME = new QName(SCA10_TUSCANY_NS, "basicAuthentication"); + public static final String BASIC_AUTHENTICATION_USERNAME = "userName"; + public static final String BASIC_AUTHENTICATION_PASSWORD = "password"; + + private String userName; + private String password; + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public QName getSchemaName() { + return BASIC_AUTHENTICATION_POLICY_QNAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java new file mode 100644 index 0000000000..99a8508ba4 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; + +/** + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor<BasicAuthenticationPolicy> { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + + public QName getArtifactType() { + return BasicAuthenticationPolicy.BASIC_AUTHENTICATION_POLICY_QNAME; + } + + public BasicAuthenticationPolicyProcessor(FactoryExtensionPoint modelFactories, Monitor monitor) { + } + + + public BasicAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + BasicAuthenticationPolicy policy = new BasicAuthenticationPolicy(); + int event = reader.getEventType(); + QName name = null; + + while (reader.hasNext()) { + event = reader.getEventType(); + switch (event) { + case START_ELEMENT : { + name = reader.getName(); + if ( name.equals(getArtifactType()) ) { + // no attributes at the moment + } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) { + policy.setUserName(reader.getElementText()); + } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) { + policy.setPassword(reader.getElementText()); + } + break; + } + } + + if ( event == END_ELEMENT ) { + if ( getArtifactType().equals(reader.getName()) ) { + break; + } + } + + //Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return policy; + } + + public void write(BasicAuthenticationPolicy policy, XMLStreamWriter writer) + throws ContributionWriteException, XMLStreamException { + String prefix = "tuscany"; + writer.writeStartElement(prefix, + getArtifactType().getLocalPart(), + getArtifactType().getNamespaceURI()); + writer.writeNamespace("tuscany", SCA10_TUSCANY_NS); + + if ( policy.getUserName() != null ) { + writer.writeStartElement(prefix, + BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME, + getArtifactType().getNamespaceURI()); + writer.writeCharacters(policy.getUserName()); + writer.writeEndElement(); + } + + if ( policy.getPassword() != null ) { + writer.writeStartElement(prefix, + BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD, + getArtifactType().getNamespaceURI()); + writer.writeCharacters(policy.getPassword()); + writer.writeEndElement(); + } + + writer.writeEndElement(); + } + + public Class<BasicAuthenticationPolicy> getModelType() { + return BasicAuthenticationPolicy.class; + } + + public void resolve(BasicAuthenticationPolicy arg0, ModelResolver arg1) throws ContributionResolveException { + + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProviderFactory.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProviderFactory.java new file mode 100644 index 0000000000..348934bd6c --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProviderFactory.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication.basic; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPolicyProviderFactory implements PolicyProviderFactory<BasicAuthenticationPolicy> { + private ExtensionPointRegistry registry; + + public BasicAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + this.registry = registry; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation) + */ + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + return null;//new BasicAuthenticationImplementationPolicyProvider(component, implementation); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + return new BasicAuthenticationReferencePolicyProvider(component, reference, binding); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createServicePolicyProvider(RuntimeComponent component, + RuntimeComponentService service, + Binding binding) { + return new BasicAuthenticationServicePolicyProvider(component, service, binding); + } + + /** + * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType() + */ + public Class getModelType() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java new file mode 100644 index 0000000000..3ab9cb656d --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import java.security.Principal; + + +/** + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPrincipal implements Principal { + + private String name; + private String password; + + public BasicAuthenticationPrincipal(String name, String password){ + if (name == null) { + throw new IllegalArgumentException("name cannot be null"); + } + + this.name = name; + this.password = password; + } + + public String getName() { + return name; + } + + public String getPassword() { + return password; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return name; + } + + + @Override + public boolean equals(Object principal) { + if (principal == null) + return false; + if (this == principal) + return true; + if (getClass() != principal.getClass()) + return false; + final BasicAuthenticationPrincipal other = (BasicAuthenticationPrincipal)principal; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)){ + return false; + } + + return true; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java new file mode 100644 index 0000000000..ef1e66b7de --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import javax.security.auth.Subject; +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.security.SecurityUtil; + +/** + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationReferencePolicyInterceptor implements Interceptor { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName policySetQName = new QName(SCA10_TUSCANY_NS, "wsBasicAuthentication"); + + private Invoker next; + private Operation operation; + private PolicySet policySet = null; + private String context; + private BasicAuthenticationPolicy policy; + + public BasicAuthenticationReferencePolicyInterceptor(String context, Operation operation, PolicySet policySet) { + super(); + this.operation = operation; + this.policySet = policySet; + this.context = context; + init(); + } + + private void init() { + if (policySet != null) { + for (Object policyObject : policySet.getPolicies()){ + if (policyObject instanceof BasicAuthenticationPolicy){ + policy = (BasicAuthenticationPolicy)policyObject; + break; + } + } + } + } + + public Message invoke(Message msg) { + + // get the security context + Subject subject = SecurityUtil.getSubject(msg); + BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, + BasicAuthenticationPrincipal.class); + + // if no credentials propogated from the reference then use + // the ones from the policy + if (principal == null && + policy.getUserName() != null && + !policy.getUserName().equals("")) { + principal = new BasicAuthenticationPrincipal(policy.getUserName(), + policy.getPassword()); + subject.getPrincipals().add(principal); + } + + if (principal == null){ + // alternatively we could call out here to some 3rd party system to get credentials + // or convert from some other security principal + } + + return getNext().invoke(msg); + } + + public Invoker getNext() { + return next; + } + + public void setNext(Invoker next) { + this.next = next; + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java new file mode 100644 index 0000000000..c5352e1f57 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication.basic; + +import java.util.List; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.PolicySubject; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; + +/** + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationReferencePolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private RuntimeComponentReference reference; + private Binding binding; + + public BasicAuthenticationReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + super(); + this.component = component; + this.reference = reference; + this.binding = binding; + } + + private PolicySet findPolicySet() { + if (binding instanceof PolicySubject) { + List<PolicySet> policySets = ((PolicySubject)binding).getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (BasicAuthenticationPolicy.class.isInstance(p)) { + return ps; + } + } + } + } + return null; + } + + private String getContext() { + return "component.reference: " + component.getURI() + + "#" + + reference.getName() + + "(" + + binding.getClass().getName() + + ")"; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProvider#createInterceptor(org.apache.tuscany.sca.interfacedef.Operation) + */ + public Interceptor createInterceptor(Operation operation) { + PolicySet ps = findPolicySet(); + return ps == null ? null : new BasicAuthenticationReferencePolicyInterceptor(getContext(), operation, ps); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProvider#getPhase() + */ + public String getPhase() { + return Phase.REFERENCE_POLICY; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java new file mode 100644 index 0000000000..da4d31a11a --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + + +import javax.security.auth.Subject; +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.security.SecurityUtil; + + +/** + * Policy handler to handle PolicySet related to Logging with the QName + * {http://tuscany.apache.org/xmlns/sca/1.1/impl/java}LoggingPolicy + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationServicePolicyInterceptor implements Interceptor { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName policySetQName = new QName(SCA10_TUSCANY_NS, "wsBasicAuthentication"); + + private Invoker next; + private Operation operation; + private PolicySet policySet = null; + private String context; + private BasicAuthenticationPolicy policy; + + public BasicAuthenticationServicePolicyInterceptor(String context, Operation operation, PolicySet policySet) { + super(); + this.operation = operation; + this.policySet = policySet; + this.context = context; + init(); + } + + private void init() { + if (policySet != null) { + for (Object policyObject : policySet.getPolicies()){ + if (policyObject instanceof BasicAuthenticationPolicy){ + policy = (BasicAuthenticationPolicy)policyObject; + break; + } + } + } + } + + public Message invoke(Message msg) { + + Subject subject = SecurityUtil.getSubject(msg); + BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, + BasicAuthenticationPrincipal.class); + + if (principal != null){ + + System.out.println("Username: " + + principal.getName() + + " Password: " + + principal.getPassword()); + + // could call out here to some 3rd party system to do whatever you + // need to do do with username and password + + } + + return getNext().invoke(msg); + } + + public Invoker getNext() { + return next; + } + + public void setNext(Invoker next) { + this.next = next; + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java new file mode 100644 index 0000000000..b8684e29c0 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication.basic; + +import java.util.List; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.PolicySubject; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationServicePolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private RuntimeComponentService service; + private Binding binding; + + public BasicAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) { + super(); + this.component = component; + this.service = service; + this.binding = binding; + } + + private PolicySet findPolicySet() { + if (binding instanceof PolicySubject) { + List<PolicySet> policySets = ((PolicySubject)binding).getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (BasicAuthenticationPolicy.class.isInstance(p)) { + return ps; + } + } + } + } + return null; + } + + private String getContext() { + return "component.service: " + component.getURI() + + "#" + + service.getName() + + "(" + + binding.getClass().getName() + + ")"; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProvider#createInterceptor(org.apache.tuscany.sca.interfacedef.Operation) + */ + public Interceptor createInterceptor(Operation operation) { + PolicySet ps = findPolicySet(); + return ps == null ? null : new BasicAuthenticationServicePolicyInterceptor(getContext(), operation, ps); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProvider#getPhase() + */ + public String getPhase() { + return Phase.SERVICE_POLICY; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java new file mode 100644 index 0000000000..147b863c01 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.token; + +import java.security.Principal; + + +/** + * + * @version $Rev$ $Date$ + */ +public class TokenPrincipal implements Principal { + + private String name; + + public TokenPrincipal(String name){ + if (name == null) { + throw new IllegalArgumentException("name cannot be null"); + } + + this.name = name; + } + + public String getName() { + return name; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return name; + } + + + @Override + public boolean equals(Object principal) { + if (principal == null) + return false; + if (this == principal) + return true; + if (getClass() != principal.getClass()) + return false; + final TokenPrincipal other = (TokenPrincipal)principal; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)){ + return false; + } + + return true; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java new file mode 100644 index 0000000000..8b0bbd54ff --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authorization; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.namespace.QName; + +/** + * Models the SCA Implementation Security Policy Assertion for Authorization. + * + * @version $Rev$ $Date$ + */ +public class AuthorizationPolicy { + private final static String SCA11_NS = "http://docs.oasis-open.org/ns/opencsa/sca/200903"; + // private final static String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName NAME = new QName(SCA11_NS, "authorization"); + + public static enum AcessControl { + permitAll, denyAll, allow + }; + + private List<String> roleNames = new ArrayList<String>(); + + public AuthorizationPolicy() { + } + + private AcessControl accessControl; + + public AcessControl getAccessControl() { + return accessControl; + } + + public void setAccessControl(AcessControl accessControl) { + this.accessControl = accessControl; + } + + public List<String> getRoleNames() { + if (accessControl == AcessControl.allow) { + return roleNames; + } else { + throw new IllegalArgumentException("Role names are only available for 'allow'"); + } + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } + + public QName getSchemaName() { + return NAME; + } + + @Override + public String toString() { + if (accessControl == AcessControl.allow) { + return accessControl.name() + " " + roleNames; + } + return accessControl.name(); + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java new file mode 100644 index 0000000000..d78c0fc2e3 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java @@ -0,0 +1,151 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authorization; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import java.util.StringTokenizer; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * @version $Rev$ $Date$ + */ +public class AuthorizationPolicyProcessor implements StAXArtifactProcessor<AuthorizationPolicy> { + private static final String ROLES = "roles"; + private Monitor monitor; + + public QName getArtifactType() { + return AuthorizationPolicy.NAME; + } + + public AuthorizationPolicyProcessor(FactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public AuthorizationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + AuthorizationPolicy policy = new AuthorizationPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + while (true) { + switch (event) { + case START_ELEMENT: + String ac = reader.getName().getLocalPart(); + if ("allow".equals(ac)) { + policy.setAccessControl(AuthorizationPolicy.AcessControl.allow); + String roleNames = reader.getAttributeValue(null, ROLES); + if (roleNames == null) { + error("RequiredAttributeRolesMissing", reader); + //throw new IllegalArgumentException("Required attribute 'roles' is missing."); + } else { + StringTokenizer st = new StringTokenizer(roleNames); + while (st.hasMoreTokens()) { + policy.getRoleNames().add(st.nextToken()); + } + } + } else if ("permitAll".equals(ac)) { + policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); + } else if ("denyAll".endsWith(ac)) { + policy.setAccessControl(AuthorizationPolicy.AcessControl.denyAll); + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } + } + + public void write(AuthorizationPolicy policy, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + writer.writeStartElement(AuthorizationPolicy.NAME.getLocalPart()); + + writer.writeStartElement(policy.getAccessControl().name()); + + if (policy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { + StringBuffer sb = new StringBuffer(); + for (String role : policy.getRoleNames()) { + sb.append(role); + } + + if (sb.length() > 0) { + writer.writeAttribute(ROLES, sb.toString()); + } + } + + writer.writeEndElement(); + writer.writeEndElement(); + } + + public Class<AuthorizationPolicy> getModelType() { + return AuthorizationPolicy.class; + } + + public void resolve(AuthorizationPolicy policy, ModelResolver resolver) throws ContributionResolveException { + + if ((policy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) && + (policy.getRoleNames().isEmpty())){ + // role names are required so leave policy unresolved + return; + } + + //right now nothing to resolve + policy.setUnresolved(false); + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java new file mode 100644 index 0000000000..1f48b3b30a --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import java.util.List; + +import javax.security.auth.Subject; + +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.security.SecurityUtil; +import org.oasisopen.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityImplementationPolicyInterceptor implements Interceptor { + private List<SecurityIdentityPolicy> securityIdentityPolicies; + private Invoker next; + + public SecurityIdentityImplementationPolicyInterceptor(List<SecurityIdentityPolicy> securityIdentityPolicies) { + super(); + this.securityIdentityPolicies = securityIdentityPolicies; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#getNext() + */ + public Invoker getNext() { + return next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker) + */ + public void setNext(Invoker next) { + this.next = next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message) + */ + public Message invoke(Message msg) { + try { + + Subject subject = SecurityUtil.getSubject(msg); + + // May do some selection here based on runAs settings. + // by default though there is nothing to do as the implementation + // assumes the callers user credentials + + + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java new file mode 100644 index 0000000000..38feea21b5 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.identity; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityImplementationPolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + + public SecurityIdentityImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + super(); + this.component = component; + this.implementation = implementation; + } + + private List<SecurityIdentityPolicy> findPolicies(Operation op) { + List<SecurityIdentityPolicy> polices = new ArrayList<SecurityIdentityPolicy>(); + /* + // FIXME: How do we get a list of effective policySets for a given operation? + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (SecurityIdentityPolicy.class.isInstance(p)) { + polices.add((SecurityIdentityPolicy)p); + } + } + } + } + } + } + */ + + List<PolicySet> policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (SecurityIdentityPolicy.class.isInstance(p)) { + polices.add((SecurityIdentityPolicy)p); + } + } + } + return polices; + } + + public Interceptor createInterceptor(Operation operation) { + List<SecurityIdentityPolicy> policies = findPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new SecurityIdentityImplementationPolicyInterceptor(findPolicies(operation)); + } + } + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java new file mode 100644 index 0000000000..28ffcaf348 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import javax.xml.namespace.QName; + +/** + * Models the SCA Implementation Security Policy Assertion for Security Identity. + * + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicy { + private final static String SCA11_NS = "http://docs.oasis-open.org/ns/opencsa/sca/200903"; + public static final QName NAME = new QName(SCA11_NS, "securityIdentity"); + + private boolean useCallerIdentity; + + private String runAsRole; + + public SecurityIdentityPolicy() { + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUseCallerIdentity() { + return useCallerIdentity; + } + + public void setUseCallerIdentity(boolean useCallerIdentity) { + this.useCallerIdentity = useCallerIdentity; + } + + public String getRunAsRole() { + return runAsRole; + } + + public void setRunAsRole(String runAsRole) { + this.runAsRole = runAsRole; + } + + @Override + public String toString() { + if (useCallerIdentity) { + return "useCallerIdentity"; + } + return "runAs " + runAsRole; + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java new file mode 100644 index 0000000000..0ccda91364 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.identity; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicyProcessor implements StAXArtifactProcessor<SecurityIdentityPolicy> { + private static final String ROLE = "role"; + private Monitor monitor; + + public QName getArtifactType() { + return SecurityIdentityPolicy.NAME; + } + + public SecurityIdentityPolicyProcessor(FactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public SecurityIdentityPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + SecurityIdentityPolicy policy = new SecurityIdentityPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + while (true) { + switch (event) { + case START_ELEMENT: + String ac = reader.getName().getLocalPart(); + if ("runAs".equals(ac)) { + String roleName = reader.getAttributeValue(null, ROLE); + if (roleName == null) { + error("RequiredAttributeRolesMissing", reader); + //throw new IllegalArgumentException("Required attribute 'roles' is missing."); + } else { + policy.setRunAsRole(roleName); + } + } else if ("useCallerIdentity".equals(ac)) { + policy.setUseCallerIdentity(true); + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } + } + + public void write(SecurityIdentityPolicy policy, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + writer.writeStartElement(SecurityIdentityPolicy.NAME.getLocalPart()); + + String child = policy.isUseCallerIdentity() ? "useCallerIdentity" : "runAs"; + writer.writeStartElement(child); + + if (!policy.isUseCallerIdentity()) { + writer.writeAttribute(ROLE, policy.getRunAsRole()); + } + + writer.writeEndElement(); + writer.writeEndElement(); + } + + public Class<SecurityIdentityPolicy> getModelType() { + return SecurityIdentityPolicy.class; + } + + public void resolve(SecurityIdentityPolicy policy, ModelResolver resolver) throws ContributionResolveException { + + if (policy.getRunAsRole() != null) + //right now nothing to resolve + policy.setUnresolved(false); + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java new file mode 100644 index 0000000000..a20f314a2a --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicyProviderFactory implements PolicyProviderFactory<SecurityIdentityPolicy> { + private ExtensionPointRegistry registry; + + public SecurityIdentityPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + this.registry = registry; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation) + */ + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + return new SecurityIdentityImplementationPolicyProvider(component, implementation); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createServicePolicyProvider(RuntimeComponent component, + RuntimeComponentService service, + Binding binding) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType() + */ + public Class getModelType() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java new file mode 100644 index 0000000000..1297b44b93 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security; + +import java.security.Principal; + +import javax.security.auth.Subject; + +import org.apache.tuscany.sca.invocation.Message; + + +/** + * + * @version $Rev$ $Date$ + */ +public class SecurityUtil { + + public static Subject getSubject(Message msg){ + + Subject subject = null; + + for (Object header : msg.getHeaders()){ + if (header instanceof Subject){ + subject = (Subject)header; + break; + } + } + + if (subject == null){ + subject = new Subject(); + msg.getHeaders().add(subject); + } + + return subject; + } + + public static <T> T getPrincipal(Subject subject, Class<T> clazz){ + for (Principal msgPrincipal : subject.getPrincipals() ){ + if (clazz.isInstance(msgPrincipal)){ + return clazz.cast(msgPrincipal); + } + } + + return null; + } + + public static Principal getPrincipal(Message msg){ + + Principal principal = null; + + for (Object header : msg.getHeaders()){ + if (header instanceof Principal){ + principal = (Principal)header; + break; + } + } + + return principal; + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java new file mode 100644 index 0000000000..203d9ca0ab --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security.jaas; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * Policy handler to handle PolicySet containing JaasAuthenticationPolicy instances + * + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationImplementationPolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + + public JaasAuthenticationImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + super(); + this.component = component; + this.implementation = implementation; + } + + private List<JaasAuthenticationPolicy> findPolicies(Operation op) { + List<JaasAuthenticationPolicy> polices = new ArrayList<JaasAuthenticationPolicy>(); + /* + // FIXME: How do we get a list of effective policySets for a given operation? + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (JaasAuthenticationPolicy.class.isInstance(p)) { + polices.add((JaasAuthenticationPolicy)p); + } + } + } + } + } + } + */ + + List<PolicySet> policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (JaasAuthenticationPolicy.class.isInstance(p)) { + polices.add((JaasAuthenticationPolicy)p); + } + } + } + return polices; + } + + public Interceptor createInterceptor(Operation operation) { + List<JaasAuthenticationPolicy> policies = findPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new JaasAuthenticationInterceptor(findPolicies(operation)); + } + } + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java new file mode 100644 index 0000000000..41a7b62772 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.jaas; + +import java.util.List; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; + +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.oasisopen.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationInterceptor implements Interceptor { + private List<JaasAuthenticationPolicy> authenticationPolicies; + private Invoker next; + + public JaasAuthenticationInterceptor(List<JaasAuthenticationPolicy> authenticationPolicies) { + super(); + this.authenticationPolicies = authenticationPolicies; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#getNext() + */ + public Invoker getNext() { + return next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker) + */ + public void setNext(Invoker next) { + this.next = next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message) + */ + public Message invoke(Message msg) { + try { + for (JaasAuthenticationPolicy policy : authenticationPolicies) { + CallbackHandler callbackHandler = + (CallbackHandler)policy.getCallbackHandlerClass().newInstance(); + LoginContext lc = new LoginContext(policy.getConfigurationName(), callbackHandler); + lc.login(); + // Subject subject = lc.getSubject(); + } + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java new file mode 100644 index 0000000000..179fd0700f --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java @@ -0,0 +1,71 @@ +/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.security.jaas;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class JaasAuthenticationPolicy {
+ private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1";
+ public static final QName NAME = new QName(SCA10_TUSCANY_NS, "jaasAuthentication");
+
+ private String configurationName = "other";
+ private String callbackHandlerClassName;
+ private Class<?> callbackHandlerClass;
+
+ public String getCallbackHandlerClassName() {
+ return callbackHandlerClassName;
+ }
+
+ public void setCallbackHandlerClassName(String callbackHandlerClassName) {
+ this.callbackHandlerClassName = callbackHandlerClassName;
+ }
+
+ public Class<?> getCallbackHandlerClass() {
+ return callbackHandlerClass;
+ }
+
+ public void setCallbackHandlerClass(Class<?> callbackHandlerClass) {
+ this.callbackHandlerClass = callbackHandlerClass;
+ }
+
+ public QName getSchemaName() {
+ return NAME;
+ }
+
+ public boolean isUnresolved() {
+ return false;
+ }
+
+ public void setUnresolved(boolean unresolved) {
+ }
+
+ public String getConfigurationName() {
+ return configurationName;
+ }
+
+ public void setConfigurationName(String configurationName) {
+ this.configurationName = configurationName;
+ }
+
+}
diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java new file mode 100644 index 0000000000..a45ac9b250 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java @@ -0,0 +1,71 @@ +/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.security.jaas;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.xml.namespace.QName;
+
+import org.apache.tuscany.sca.policy.PolicySet;
+
+/**
+ * Policy handler to handle PolicySet containing JaasAuthenticationPolicy instances
+ *
+ * @version $Rev$ $Date$
+ */
+public class JaasAuthenticationPolicyHandler {
+ private static final String jaasPolicy = "JaasPolicy";
+ private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1";
+ public static final QName policySetQName = new QName(SCA10_TUSCANY_NS, jaasPolicy);
+ private PolicySet applicablePolicySet = null;
+
+ public void setUp(Object... context) {
+ if (applicablePolicySet != null) {
+ }
+ }
+
+ public void cleanUp(Object... context) {
+ }
+
+ public void beforeInvoke(Object... context) {
+ try {
+ JaasAuthenticationPolicy policy = (JaasAuthenticationPolicy)applicablePolicySet.getPolicies().get(0);
+ CallbackHandler callbackHandler =
+ (CallbackHandler)policy.getCallbackHandlerClass().newInstance();
+ LoginContext lc = new LoginContext(policy.getConfigurationName(), callbackHandler);
+ lc.login();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+
+ }
+
+ public void afterInvoke(Object... context) {
+
+ }
+
+ public PolicySet getApplicablePolicySet() {
+ return applicablePolicySet;
+ }
+
+ public void setApplicablePolicySet(PolicySet applicablePolicySet) {
+ this.applicablePolicySet = applicablePolicySet;
+ }
+}
diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java new file mode 100644 index 0000000000..615e8bf5a3 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security.jaas; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ClassReference; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationPolicyProcessor implements StAXArtifactProcessor<JaasAuthenticationPolicy> { + private static final QName JAAS_AUTHENTICATION_POLICY_QNAME = JaasAuthenticationPolicy.NAME; + private static final String callbackHandler = "callbackHandler"; + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName CALLBACK_HANDLER_QNAME = new QName(SCA10_TUSCANY_NS, callbackHandler); + public static final QName CONFIGURATION_QNAME = new QName(SCA10_TUSCANY_NS, "configurationName"); + private Monitor monitor; + + public QName getArtifactType() { + return JAAS_AUTHENTICATION_POLICY_QNAME; + } + + public JaasAuthenticationPolicyProcessor(FactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public JaasAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + JaasAuthenticationPolicy policy = new JaasAuthenticationPolicy(); + int event = reader.getEventType(); + QName name = null; + + while (reader.hasNext()) { + event = reader.getEventType(); + switch (event) { + case START_ELEMENT : { + name = reader.getName(); + if (name.equals(CALLBACK_HANDLER_QNAME)) { + String callbackHandlerClassName = reader.getElementText(); + if (callbackHandlerClassName != null) { + policy.setCallbackHandlerClassName(callbackHandlerClassName.trim()); + } + } + if (name.equals(CONFIGURATION_QNAME)) { + String configurationName = reader.getElementText(); + if (configurationName != null) { + policy.setConfigurationName(configurationName.trim()); + } + } + + break; + } + } + + if ( event == END_ELEMENT ) { + if ( JAAS_AUTHENTICATION_POLICY_QNAME.equals(reader.getName()) ) { + break; + } + } + + //Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return policy; + } + + public void write(JaasAuthenticationPolicy policy, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + String prefix = "tuscany"; + writer.writeStartElement(prefix, + JAAS_AUTHENTICATION_POLICY_QNAME.getLocalPart(), + JAAS_AUTHENTICATION_POLICY_QNAME.getNamespaceURI()); + writer.writeNamespace("tuscany", SCA10_TUSCANY_NS); + + + writer.writeEndElement(); + } + + public Class<JaasAuthenticationPolicy> getModelType() { + return JaasAuthenticationPolicy.class; + } + + public void resolve(JaasAuthenticationPolicy policy, ModelResolver resolver) throws ContributionResolveException { + + if (policy.getCallbackHandlerClassName() != null) { + ClassReference classReference = new ClassReference(policy.getCallbackHandlerClassName()); + classReference = resolver.resolveModel(ClassReference.class, classReference); + Class<?> callbackClass = classReference.getJavaClass(); + if (callbackClass == null) { + error("ClassNotFoundException", resolver, policy.getCallbackHandlerClassName()); + //throw new ContributionResolveException(new ClassNotFoundException(policy.getCallbackHandlerClassName())); + } else { + policy.setCallbackHandlerClass(callbackClass); + policy.setUnresolved(false); + } + } + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java new file mode 100644 index 0000000000..48a42eb711 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.jaas; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationPolicyProviderFactory implements PolicyProviderFactory<JaasAuthenticationPolicy> { + + public JaasAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation) + */ + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + return new JaasAuthenticationImplementationPolicyProvider(component, implementation); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createServicePolicyProvider(RuntimeComponent component, + RuntimeComponentService service, + Binding binding) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType() + */ + public Class<JaasAuthenticationPolicy> getModelType() { + return JaasAuthenticationPolicy.class; + } + +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor new file mode 100644 index 0000000000..24b1e5841d --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Implementation class for the artifact processor extension
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200903#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200903#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200903#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200903#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200903#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200903#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
+org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
+org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions new file mode 100644 index 0000000000..6c36975678 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+org/apache/tuscany/sca/policy/security/definitions.xml
+org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
\ No newline at end of file diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory new file mode 100644 index 0000000000..0363fbd981 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Implementation class for the policy extension
+org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
+org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProviderFactory;model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml new file mode 100644 index 0000000000..84ff597e15 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="ASCII"?> +<!-- + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +--> +<definitions xmlns="http://docs.oasis-open.org/ns/opencsa/sca/200903" + targetNamespace="http://docs.oasis-open.org/ns/opencsa/sca/200903" + xmlns:sca="http://docs.oasis-open.org/ns/opencsa/sca/200903" + xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.1"> + + <!-- POLICY SETS --> + <policySet name="runAs" appliesTo="sca:implementation.java"/> + <policySet name="allow" appliesTo="sca:implementation.java"/> + <policySet name="rolesAllowed" appliesTo="sca:implementation.java"/> + <policySet name="permitAll" appliesTo="sca:implementation.java"/> + <policySet name="denyAll" appliesTo="sca:implementation.java"/> + + <!-- Policy Intents Defined by the SCA Runtime --> + <intent name="authentication" + constrains="sca:binding"> + <description> + Specifying this intent on references requires necessary authentication information + to be sent along with outgoing messages. Specifying this intent on service requires + incoming messages to be authenticated + </description> + </intent> + + <intent name="confidentiality" + constrains="sca:binding"> + <description> + Specifying this intent requires message exchanged to be encrypted + </description> + </intent> + + <intent name="integrity" + constrains="sca:binding"> + <description> + Specifying this intent requires message exchanged to be signed + </description> + </intent> +</definitions> diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml new file mode 100644 index 0000000000..2881a5a56d --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="ASCII"?> +<!-- + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +--> +<definitions xmlns="http://docs.oasis-open.org/ns/opencsa/sca/200903" targetNamespace="http://tuscany.apache.org/xmlns/sca/1.1" + xmlns:sca="http://docs.oasis-open.org/ns/opencsa/sca/200903" xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.1"> + + <intent name="identity" constrains="sca:implementation.java + sca:implementation.spring"> + <description>All invocations are must have an identity set</description> + </intent> + + <intent name="jaasAuthentication" constrains="sca:implementation.java + sca:implementation.spring"> + <description>All invocations to be authenticated</description> + </intent> +</definitions>
\ No newline at end of file diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/policy-security-validation-messages.properties b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/policy-security-validation-messages.properties new file mode 100644 index 0000000000..ebb47f2b60 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/main/resources/policy-security-validation-messages.properties @@ -0,0 +1,22 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +RequiredAttributeRolesMissing = Required attribute 'roles' is missing. +ClassNotFoundException = Class Not Found Exception: {0}
\ No newline at end of file diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java b/branches/sca-java-2.0-M3/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java new file mode 100644 index 0000000000..a1b790dbb4 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security; + +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamConstants; +import javax.xml.stream.XMLStreamReader; + +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor; +import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy; +import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor; +import org.junit.Assert; +import org.junit.Test; + +/** + * @version $Rev$ $Date$ + */ +public class PolicyProcessorTestCase { + private final static String SCA11_NS = "http://docs.oasis-open.org/ns/opencsa/sca/200903"; + private final static List<String> SEQ = + Arrays.asList("permitAll", + "allow [r1, r2]", + "denyAll", + "runAs admin", + "useCallerIdentity", + "permitAll", + "allow [r1, r2]", + "denyAll", + "runAs admin"); + + @Test + public void testRead() throws Exception { + List<String> results = new ArrayList<String>(); + Map<QName, StAXArtifactProcessor> processors = new HashMap<QName, StAXArtifactProcessor>(); + processors.put(AuthorizationPolicy.NAME, new AuthorizationPolicyProcessor(null,null)); + processors.put(SecurityIdentityPolicy.NAME, new SecurityIdentityPolicyProcessor(null,null)); + processors.put(new QName(SCA11_NS, "allow"), new AuthorizationPolicyProcessor(null,null)); + processors.put(new QName(SCA11_NS, "permitAll"), new AuthorizationPolicyProcessor(null,null)); + processors.put(new QName(SCA11_NS, "denyAll"), new AuthorizationPolicyProcessor(null,null)); + processors.put(new QName(SCA11_NS, "runAs"), new SecurityIdentityPolicyProcessor(null,null)); + InputStream is = getClass().getResourceAsStream("mock_policy_definitions.xml"); + XMLInputFactory factory = XMLInputFactory.newInstance(); + XMLStreamReader reader = factory.createXMLStreamReader(is); + while (true) { + int event = reader.getEventType(); + if (event == XMLStreamConstants.START_ELEMENT) { + if ("policySet".equals(reader.getName().getLocalPart())) { + reader.nextTag(); + results.add(processors.get(reader.getName()).read(reader).toString()); + } + } + if (reader.hasNext()) { + reader.next(); + } else { + break; + } + } + Assert.assertEquals(SEQ, results); + } +} diff --git a/branches/sca-java-2.0-M3/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml b/branches/sca-java-2.0-M3/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml new file mode 100644 index 0000000000..acb47de243 --- /dev/null +++ b/branches/sca-java-2.0-M3/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml @@ -0,0 +1,78 @@ +<?xml version="1.0" encoding="ASCII"?> +<!-- + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +--> +<definitions xmlns="http://docs.oasis-open.org/ns/opencsa/sca/200903" targetNamespace="http://tuscany.apache.org/xmlns/sca/1.1" + xmlns:sca="http://docs.oasis-open.org/ns/opencsa/sca/200903"> + + <!-- POLICY SETS --> + <policySet name="ps1" provides="authorization" appliesTo="sca:implementation"> + <authorization> + <permitAll /> + </authorization> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps2" provides="authorization" appliesTo="sca:implementation"> + <authorization> + <allow roles="r1 r2" /> + </authorization> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps3" provides="authorization" appliesTo="sca:implementation"> + <authorization> + <denyAll /> + </authorization> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps4" provides="securityIdentity" appliesTo="sca:implementation"> + <securityIdentity> + <runAs role="admin" /> + </securityIdentity> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps5" provides="securityIdentity" appliesTo="sca:implementation"> + <securityIdentity> + <useCallerIdentity /> + </securityIdentity> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps6" provides="authorization" appliesTo="sca:implementation"> + <permitAll /> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps7" provides="authorization" appliesTo="sca:implementation"> + <allow roles="r1 r2" /> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps8" provides="authorization" appliesTo="sca:implementation"> + <denyAll /> + </policySet> + + <!-- POLICY SETS --> + <policySet name="ps9" provides="securityIdentity" appliesTo="sca:implementation"> + <runAs role="admin" /> + </policySet> + +</definitions>
\ No newline at end of file |