From 5b67e082ce57df77acc72cd36569a05c9a2fa347 Mon Sep 17 00:00:00 2001 From: slaws Date: Mon, 6 Jul 2009 07:23:44 +0000 Subject: Branch for 1.5.1 git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@791397 13f79535-47bb-0310-9956-ffa450edef68 --- .../AuthenticationConfigurationPolicy.java | 45 ++++++ ...AuthenticationConfigurationPolicyProcessor.java | 156 ++++++++++++++++++ .../confidentiality/ConfidentialityPolicy.java | 132 +++++++++++++++ .../ConfidentialityPolicyProcessor.java | 157 ++++++++++++++++++ .../LDAPRealmAuthenticationCallbackHandler.java | 70 ++++++++ ...AuthenticationImplementationPolicyProvider.java | 124 +++++++++++++++ .../http/LDAPRealmAuthenticationInterceptor.java | 127 +++++++++++++++ .../http/LDAPRealmAuthenticationPolicy.java | 79 +++++++++ .../LDAPRealmAuthenticationPolicyProcessor.java | 140 ++++++++++++++++ ...APRealmAuthenticationPolicyProviderFactory.java | 64 ++++++++ ...APRealmAuthenticationServicePolicyProvider.java | 177 +++++++++++++++++++++ .../security/http/util/HttpSecurityUtil.java | 124 +++++++++++++++ 12 files changed, 1395 insertions(+) create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java create mode 100644 branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java (limited to 'branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org') diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java new file mode 100644 index 0000000000..4ab7e582ac --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicy.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.host.http.UserContext; + +/** + * This policy configures authentication/authorization + * in embedded http servers + * + * @version $Rev$ $Date$ + */ +public class AuthenticationConfigurationPolicy { + public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS, "basicAuthenticationConfiguration"); + + private List users = new ArrayList(); + + public List getUsers() { + return this.users; + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java new file mode 100644 index 0000000000..b45b8a4275 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/authentication/AuthenticationConfigurationPolicyProcessor.java @@ -0,0 +1,156 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authentication; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import java.util.StringTokenizer; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl; +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.host.http.UserContext; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * + * + * + * + * + * + * + * + * @version $Rev$ $Date$ + */ + +public class AuthenticationConfigurationPolicyProcessor implements StAXArtifactProcessor { + private static final QName AUTHENTICATION_CONFIGURATION_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "authenticationConfiguration"); + private static final QName USER_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "user"); + + private Monitor monitor; + + public AuthenticationConfigurationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-http-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public QName getArtifactType() { + return AuthenticationConfigurationPolicy.NAME; + } + + public Class getModelType() { + return AuthenticationConfigurationPolicy.class; + } + + public AuthenticationConfigurationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + AuthenticationConfigurationPolicy authenticationConfiguration = new AuthenticationConfigurationPolicy(); + + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(USER_QNAME.equals(name)) { + UserContext user = new UserContext(); + // + String username = reader.getAttributeValue(null, "username"); + if(username == null) { + error("RequiredAttributeUsernameMissing", reader); + } else { + user.setUsername(username); + } + + String password = reader.getAttributeValue(null, "password"); + if(password == null) { + error("RequiredAttributePasswordMissing", reader); + } else { + user.setPassword(password); + } + + String roles = reader.getAttributeValue(null, "roles"); + if(roles == null) { + error("RequiredAttributeRolesMissing", reader); + } else { + for (StringTokenizer tokens = new StringTokenizer(roles, ","); tokens.hasMoreTokens();) { + user.getRoles().add(tokens.nextToken()); + } + } + + authenticationConfiguration.getUsers().add(user); + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return authenticationConfiguration; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return authenticationConfiguration; + } + } + } + + public void write(AuthenticationConfigurationPolicy model, XMLStreamWriter writer) throws ContributionWriteException, XMLStreamException { + // TODO Auto-generated method stub + } + + public void resolve(AuthenticationConfigurationPolicy model, ModelResolver resolver) throws ContributionResolveException { + + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java new file mode 100644 index 0000000000..5301e13269 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import java.util.Properties; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.policy.Policy; + + +/** + * Models the SCA Implementation Security Policy Assertion for Confidentiality. + * + * This would map to enabling SSL communication and would require + * the following configuration items : + * + * - javax.net.ssl.keyStore + * - javax.net.ssl.keyStorePassword + * - javax.net.ssl.keyStoreType + * + * - javax.net.ssl.trustStoreType + * - javax.net.ssl.trustStore + * - javax.net.ssl.trustStorePassword + * + * @version $Rev$ $Date$ + */ +public class ConfidentialityPolicy implements Policy { + public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS, "confidentiality"); + + private String trustStoreType; + private String trustStore; + private String trustStorePassword; + + private String keyStoreType; + private String keyStore; + private String keyStorePassword; + + + public String getTrustStoreType() { + return trustStoreType; + } + + public void setTrustStoreType(String trustStoreType) { + this.trustStoreType = trustStoreType; + } + + public String getTrustStore() { + return trustStore; + } + + public void setTrustStore(String trustStore) { + this.trustStore = trustStore; + } + + public String getTrustStorePassword() { + return trustStorePassword; + } + + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + + public String getKeyStoreType() { + return keyStoreType; + } + + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + + public String getKeyStore() { + return keyStore; + } + + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + + public String getKeyStorePassword() { + return keyStorePassword; + } + + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + + } + + public Properties toProperties() { + Properties properties = new Properties(); + + properties.put("javax.net.ssl.trustStoreType", trustStoreType); + properties.put("javax.net.ssl.trustStore", trustStore); + properties.put("javax.net.ssl.trustStorePassword", trustStorePassword); + + properties.put("javax.net.ssl.keyStoreType", keyStoreType); + properties.put("javax.net.ssl.keyStore", keyStore); + properties.put("javax.net.ssl.keyStorePassword", keyStorePassword); + + return properties; + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java new file mode 100644 index 0000000000..972700bdce --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java @@ -0,0 +1,157 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl; +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +public class ConfidentialityPolicyProcessor implements StAXArtifactProcessor { + private static final QName KEY_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "keyStore"); + private static final QName TRUST_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "trustStore"); + + private Monitor monitor; + + public ConfidentialityPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-http-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public QName getArtifactType() { + return ConfidentialityPolicy.NAME; + } + + public Class getModelType() { + return ConfidentialityPolicy.class; + } + + public ConfidentialityPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + ConfidentialityPolicy policy = new ConfidentialityPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(KEY_STORE_QNAME.equals(name)) { + // + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeKeyStoreTypeMissing", reader); + } else { + policy.setKeyStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeKeyStoreFileMissing", reader); + } else { + policy.setKeyStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeKeyStorePasswordMissing", reader); + } else { + policy.setKeyStorePassword(password); + } + + } else if(TRUST_STORE_QNAME.equals(name)) { + // + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeTrustStoreTypeMissing", reader); + } else { + policy.setTrustStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeTrusStoreFileMissing", reader); + } else { + policy.setTrustStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeTrustStorePasswordMissing", reader); + } else { + policy.setTrustStorePassword(password); + } + + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } } + + public void write(ConfidentialityPolicy model, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + // TODO Auto-generated method stub + + } + + public void resolve(ConfidentialityPolicy model, ModelResolver resolver) throws ContributionResolveException { + + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java new file mode 100644 index 0000000000..00453a213b --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationCallbackHandler.java @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.io.IOException; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.tuscany.sca.policy.SecurityUtil; +import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal; + + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationCallbackHandler implements CallbackHandler { + private final Subject subject; + + public LDAPRealmAuthenticationCallbackHandler(Subject subject) { + this.subject = subject; + } + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + + BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, BasicAuthenticationPrincipal.class); + + if (principal != null){ + System.out.println(">>> LDAPRealmAuthenticationCallbackHandler" + + " Username: " + principal.getName() + + " Password: " + principal.getPassword()); + + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof NameCallback) { + NameCallback nc = (NameCallback)callbacks[i]; + nc.setName(principal.getName()); + } else if (callbacks[i] instanceof PasswordCallback) { + PasswordCallback pc = (PasswordCallback)callbacks[i]; + pc.setPassword(principal.getPassword().toCharArray()); + } else { + throw new UnsupportedCallbackException + (callbacks[i], "Unsupported Callback!"); + } + } + } + + + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java new file mode 100644 index 0000000000..88f153c064 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationImplementationPolicyProvider.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +public class LDAPRealmAuthenticationImplementationPolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + + public LDAPRealmAuthenticationImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + super(); + this.component = component; + this.implementation = implementation; + } + + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } + + public Interceptor createInterceptor(Operation operation) { + List policies = findAuthenticationPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new LDAPRealmAuthenticationInterceptor(findAuthenticationPolicies(operation), findAuthorizationPolicies(operation)); + } + } + + /** + * Internal utility methods + */ + + /** + * + * @param op + * @return + */ + private List findAuthenticationPolicies(Operation op) { + List polices = new ArrayList(); + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop != null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + } + } + + List policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + return polices; + } + + private List findAuthorizationPolicies(Operation op) { + List polices = new ArrayList(); + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop != null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + } + } + + List policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + return polices; + } +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java new file mode 100644 index 0000000000..07ccd78123 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java @@ -0,0 +1,127 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.List; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; + +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil; +import org.osoa.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationInterceptor implements Interceptor { + private List authenticationPolicies; + private List authorizationPolicies; + private Invoker next; + + public LDAPRealmAuthenticationInterceptor(List authenticationPolicies, + List authorizationPolicies) { + super(); + this.authenticationPolicies = authenticationPolicies; + this.authorizationPolicies = authorizationPolicies; + } + + public Invoker getNext() { + return next; + } + + public void setNext(Invoker next) { + this.next = next; + } + + public Message invoke(Message msg) { + Subject subject = null; + Subject authenticatedSubject = null; + + try { + // Perform user authentication + LDAPRealmAuthenticationPolicy authenticationPolicy = authenticationPolicies.get(0); + if( authenticationPolicy != null) { + subject = HttpSecurityUtil.getSubject(msg); + CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject); + + /* This bypass Java EE */ + LoginContext lc = new LoginContext(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + lc.login(); + + + /* Uses Geronimo to login */ + /* + LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + + authenticatedSubject = geronimoLoginContext.getSubject(); + if (authenticatedSubject != null) { + //TODO: add authenticated subject to the msg header ? + } + */ + } + + AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0); + if(authorizationPolicy != null) { + if(authorizationPolicy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { + /* Geronimo Specific code */ + /* + boolean isAllowed = false; + for (String requiredRole : authorizationPolicy.getRoleNames()) { + isAllowed = isUserInRole(authenticatedSubject, requiredRole); + } + + if(! isAllowed ) { + throw new javax.security.auth.login.LoginException("Insufficient access rights !"); + } + */ + } + + } + + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + + public boolean isUserInRole(Subject subject, String role) { + /* Geronimo Specific code */ + /* + AccessControlContext acc = ContextManager.getCurrentContext(); + + try { + acc.checkPermission(new WebRoleRefPermission("", role)); + } catch (Exception e) { + return false; + } + + return true; + */ + + return false; + } + + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java new file mode 100644 index 0000000000..ddb6790964 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicy.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security.http; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.policy.Policy; + +/** + * This policy provides realm based authentication/authorization + * + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationPolicy implements Policy{ + static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS,"ldapRealmAuthentication"); + + private String realmName; + private String realmConfigurationName; + + /** + * + * @return + */ + public String getRealmName() { + return realmName; + } + + /** + * + * @param realmName + */ + public void setRealmName(String realmName) { + this.realmName = realmName; + } + + /** + * + * @return + */ + public String getRealmConfigurationName() { + return realmConfigurationName; + } + + /** + * + * @param realmConfigurationName + */ + public void setRealmConfigurationName(String realmConfigurationName) { + this.realmConfigurationName = realmConfigurationName; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java new file mode 100644 index 0000000000..caa1a66b94 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProcessor.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl; +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + + +/** + * + * @version $Rev$ $Date$ + */ + +public class LDAPRealmAuthenticationPolicyProcessor implements StAXArtifactProcessor { + static final QName REALM_QNAME = new QName(Constants.SCA10_TUSCANY_NS,"realm"); + public static final QName REALM_CONFIGURATION_QNAME = new QName(Constants.SCA10_TUSCANY_NS,"realmConfigurationName"); + + private Monitor monitor; + + + public LDAPRealmAuthenticationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-http-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public Class getModelType() { + return LDAPRealmAuthenticationPolicy.class; + } + + + public QName getArtifactType() { + return LDAPRealmAuthenticationPolicy.NAME; + } + + public LDAPRealmAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + LDAPRealmAuthenticationPolicy policy = new LDAPRealmAuthenticationPolicy(); + int event = reader.getEventType(); + QName name = null; + + while (reader.hasNext()) { + event = reader.getEventType(); + switch (event) { + case START_ELEMENT : { + name = reader.getName(); + if (name.equals(REALM_QNAME)) { + String realmName = reader.getElementText(); + if (realmName != null) { + policy.setRealmName(realmName.trim()); + } + } + if (name.equals(REALM_CONFIGURATION_QNAME)) { + String realmConfigurationName = reader.getElementText(); + if (realmConfigurationName != null) { + policy.setRealmConfigurationName(realmConfigurationName.trim()); + } + } + + break; + } + } + + if ( event == END_ELEMENT ) { + if ( LDAPRealmAuthenticationPolicy.NAME.equals(reader.getName()) ) { + break; + } + } + + //Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return policy; + } + + public void write(LDAPRealmAuthenticationPolicy policy, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + String prefix = "tuscany"; + writer.writeStartElement(prefix, + LDAPRealmAuthenticationPolicy.NAME.getLocalPart(), + LDAPRealmAuthenticationPolicy.NAME.getNamespaceURI()); + writer.writeNamespace("tuscany", Constants.SCA10_TUSCANY_NS); + + + writer.writeEndElement(); + } + + + public void resolve(LDAPRealmAuthenticationPolicy policy, ModelResolver resolver) throws ContributionResolveException { + + } +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java new file mode 100644 index 0000000000..ec6111a3ef --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationPolicyProviderFactory.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationImplementationPolicyProvider; +import org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy; +import org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationServicePolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationPolicyProviderFactory implements PolicyProviderFactory { + + public LDAPRealmAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + } + + public Class getModelType() { + return LDAPRealmAuthenticationPolicy.class; + } + + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + return new LDAPRealmAuthenticationImplementationPolicyProvider(component, implementation); + } + + public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + return null; + } + + public PolicyProvider createServicePolicyProvider(RuntimeComponent component, + RuntimeComponentService service, + Binding binding) { + return new LDAPRealmAuthenticationServicePolicyProvider(component, service, binding); + } + + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java new file mode 100644 index 0000000000..6189de5a5a --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationServicePolicyProvider.java @@ -0,0 +1,177 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + + +/** + * + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationServicePolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private RuntimeComponentService service; + private Binding binding; + + private List operations = new ArrayList(); + + public LDAPRealmAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) { + super(); + this.component = component; + this.service = service; + this.binding = binding; + + this.operations.addAll(service.getInterfaceContract().getInterface().getOperations()); + } + + public String getPhase() { + return Phase.SERVICE_BINDING_POLICY; + } + + public Interceptor createInterceptor(Operation operation) { + List authenticationPolicies = null; + List authorizationPolicies = null; + + if (operation != null) { + authenticationPolicies = findAuthenticationPolicies(operation); + authorizationPolicies = findAuthorizationPolicies(operation); + } + + if (authenticationPolicies == null || authenticationPolicies.isEmpty()) { + return null; + } else { + return new LDAPRealmAuthenticationInterceptor(authenticationPolicies, authorizationPolicies); + } + } + + + /** + * Private utility methods + */ + + /** + * + * @param op + * @return + */ + private List findAuthenticationPolicies(Operation op) { + List polices = new ArrayList(); + // FIXME: How do we get a list of effective policySets for a given operation? + for(Operation operation : operations) { + if (operation!= null && operation.getName() != null && operation.getName().equals(op.getName())) { + for (PolicySet ps : operation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + } + + if (service instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)service; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop!= null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getApplicablePolicySets()) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + } + } + } + + List policySets = service.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (LDAPRealmAuthenticationPolicy.class.isInstance(p)) { + polices.add((LDAPRealmAuthenticationPolicy)p); + } + } + } + + return polices; + } + + /** + * + * @param op + * @return + */ + private List findAuthorizationPolicies(Operation op) { + List polices = new ArrayList(); + // FIXME: How do we get a list of effective policySets for a given operation? + for(Operation operation : operations) { + if (operation!= null && operation.getName() != null && operation.getName().equals(op.getName())) { + for (PolicySet ps : operation.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + } + + if (service instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)service; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop != null && cop.getName() != null && cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getApplicablePolicySets()) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + } + } + } + + List policySets = service.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (AuthorizationPolicy.class.isInstance(p)) { + polices.add((AuthorizationPolicy)p); + } + } + } + + return polices; + } + +} diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java new file mode 100644 index 0000000000..88b2ee9fce --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.util; + +import java.util.StringTokenizer; + +import javax.security.auth.Subject; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.codec.binary.Base64; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal; + +/** + * + * @version $Rev$ $Date$ + */ +public class HttpSecurityUtil { + + /** + * Check if Authorization header is available + * @param request + * @param response + * @return + */ + public static boolean hasAuthorizationHeader(HttpServletRequest request) { + boolean result = false; + if(request.getHeader("Authorization") != null) { + result = true; + } + + return result; + } + + /** + * + * @param request + * @param response + * @return + */ + public static String getAuthorizationHeader(HttpServletRequest request) { + return request.getHeader("Authorization"); + } + + public static Subject getSubject(Message msg){ + + Subject subject = null; + HttpServletRequest request = null; + + for (Object header : msg.getHeaders()){ + if (header instanceof Subject){ + subject = (Subject)header; + break; + } else if( header instanceof HttpServletRequest) { + request = (HttpServletRequest) header; + } + } + + //if there is no subject, but request is available + //try to build a subject from authorization header + if (subject == null & request != null) { + if ( hasAuthorizationHeader(request)) { + subject = getSubject(getAuthorizationHeader(request)); + } + + } + if (subject == null){ + subject = new Subject(); + msg.getHeaders().add(subject); + } + + return subject; + + } + + public static Subject getSubject(String httpAuthorizationHeader){ + + + // get the security context + Subject subject = new Subject(); + String user = null; + String password = null; + + if (httpAuthorizationHeader != null) { + StringTokenizer tokens = new StringTokenizer(httpAuthorizationHeader); + if (tokens.hasMoreTokens()) { + String basic = tokens.nextToken(); + if (basic.equalsIgnoreCase("Basic")) { + String credentials = tokens.nextToken(); + String userAndPassword = new String(Base64.decodeBase64(credentials.getBytes())); + int colon = userAndPassword.indexOf(":"); + if (colon != -1) { + user = userAndPassword.substring(0, colon); + password = userAndPassword.substring(colon + 1); + } + } + } + } + + if(user != null && password != null) { + BasicAuthenticationPrincipal principal = new BasicAuthenticationPrincipal(user, password); + subject.getPrincipals().add(principal); + } + + return subject; + } +} -- cgit v1.2.3