From ad1c9458ea08eb593be252b706a88568f17c494c Mon Sep 17 00:00:00 2001 From: lresende Date: Wed, 19 Nov 2008 00:07:37 +0000 Subject: Moving current trunk modules to contrib, before starting the Equinox branch merge git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@718812 13f79535-47bb-0310-9956-ffa450edef68 --- .../implementation/java/impl/JSR250Activator.java | 51 ++++++ .../introspect/impl/JSR250PolicyProcessor.java | 178 +++++++++++++++++++++ .../org.apache.tuscany.sca.core.ModuleActivator | 18 +++ 3 files changed, 247 insertions(+) create mode 100644 java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/impl/JSR250Activator.java create mode 100644 java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java create mode 100644 java/sca/contrib/modules/policy-security-jsr250/src/main/resources/META-INF/services/org.apache.tuscany.sca.core.ModuleActivator (limited to 'java/sca/contrib/modules/policy-security-jsr250/src/main') diff --git a/java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/impl/JSR250Activator.java b/java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/impl/JSR250Activator.java new file mode 100644 index 0000000000..befe398129 --- /dev/null +++ b/java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/impl/JSR250Activator.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.implementation.java.impl; + +import org.apache.tuscany.sca.assembly.AssemblyFactory; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.core.ModuleActivator; +import org.apache.tuscany.sca.implementation.java.JavaImplementationFactory; +import org.apache.tuscany.sca.implementation.java.introspect.impl.JSR250PolicyProcessor; +import org.apache.tuscany.sca.policy.PolicyFactory; + +/** + * A module activator for the Java implementation model. + * + * @version $Rev$ $Date$ + */ +public class JSR250Activator implements ModuleActivator { + + public void start(ExtensionPointRegistry registry) { + ModelFactoryExtensionPoint modelFactories = registry.getExtensionPoint(ModelFactoryExtensionPoint.class); + AssemblyFactory assemblyFactory = modelFactories.getFactory(AssemblyFactory.class); + PolicyFactory policyFactory = modelFactories.getFactory(PolicyFactory.class); + + JavaImplementationFactory javaImplementationFactory = modelFactories.getFactory(JavaImplementationFactory.class); + javaImplementationFactory.addClassVisitor(new JSR250PolicyProcessor(assemblyFactory, policyFactory)); + + } + + public void stop(ExtensionPointRegistry registry) { + + } + +} diff --git a/java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java b/java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java new file mode 100644 index 0000000000..f639bc679f --- /dev/null +++ b/java/sca/contrib/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java @@ -0,0 +1,178 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.implementation.java.introspect.impl; + +import java.lang.reflect.Method; + +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.annotation.security.RunAs; +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.AssemblyFactory; +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.implementation.java.IntrospectionException; +import org.apache.tuscany.sca.implementation.java.JavaImplementation; +import org.apache.tuscany.sca.policy.PolicyFactory; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy; + +/** + * Processes an {@link javax.annotation.security.*} annotation + * Below is a list of annotations + * + * Type Method + * RunAs x + * RolesAllowed x x + * PermitAll x x + * DenyAll x + * + * @version $Rev$ $Date$ + */ +public class JSR250PolicyProcessor extends BaseJavaClassVisitor { + private static final QName RUN_AS = new QName("http://www.osoa.org/xmlns/sca/1.0","runAs"); + private static final QName ALLOW = new QName("http://www.osoa.org/xmlns/sca/1.0","allow"); + private static final QName PERMIT_ALL = new QName("http://www.osoa.org/xmlns/sca/1.0","permitAll"); + private static final QName DENY_ALL = new QName("http://www.osoa.org/xmlns/sca/1.0","denyAll"); + + private PolicyFactory policyFactory; + + public JSR250PolicyProcessor(AssemblyFactory assemblyFactory, PolicyFactory policyFactory) { + super(assemblyFactory); + this.policyFactory = policyFactory; + } + + + @Override + public void visitClass(Class clazz, JavaImplementation type) throws IntrospectionException { + + RunAs runAs = clazz.getAnnotation(javax.annotation.security.RunAs.class); + if (runAs != null) { + + String roleName = runAs.value(); + if(roleName == null) { + //FIXME handle monitor or error + } + + SecurityIdentityPolicy policy = new SecurityIdentityPolicy(); + policy.setRunAsRole(roleName); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(RUN_AS); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + ((org.apache.tuscany.sca.policy.PolicySetAttachPoint)type).getPolicySets().add(policySet); + } + + RolesAllowed rolesAllowed = clazz.getAnnotation(javax.annotation.security.RolesAllowed.class); + if(rolesAllowed != null) { + if(rolesAllowed.value().length == 0) { + //FIXME handle monitor or error + } + + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.allow); + + for(String role : rolesAllowed.value()) { + policy.getRoleNames().add(role); + } + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(ALLOW); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + ((org.apache.tuscany.sca.policy.PolicySetAttachPoint)type).getPolicySets().add(policySet); + } + + PermitAll permitAll = clazz.getAnnotation(javax.annotation.security.PermitAll.class); + if(permitAll != null) { + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(PERMIT_ALL); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + ((org.apache.tuscany.sca.policy.PolicySetAttachPoint)type).getPolicySets().add(policySet); + } + + } + + @Override + public void visitMethod(Method method, JavaImplementation type) throws IntrospectionException { + RolesAllowed rolesAllowed = method.getAnnotation(javax.annotation.security.RolesAllowed.class); + if(rolesAllowed != null) { + if(rolesAllowed.value().length == 0) { + //FIXME handle monitor or error + } + + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.allow); + + for(String role : rolesAllowed.value()) { + policy.getRoleNames().add(role); + } + + ConfiguredOperation confOp = assemblyFactory.createConfiguredOperation(); + confOp.setName(method.getName()); + ((OperationsConfigurator)type).getConfiguredOperations().add(confOp); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(ALLOW); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + confOp.getPolicySets().add(policySet); + } + + PermitAll permitAll = method.getAnnotation(javax.annotation.security.PermitAll.class); + if(permitAll != null) { + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); + + ConfiguredOperation confOp = assemblyFactory.createConfiguredOperation(); + confOp.setName(method.getName()); + ((OperationsConfigurator)type).getConfiguredOperations().add(confOp); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(PERMIT_ALL); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + confOp.getPolicySets().add(policySet); + } + + DenyAll denyAll = method.getAnnotation(javax.annotation.security.DenyAll.class); + if(denyAll != null) { + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.denyAll); + + ConfiguredOperation confOp = assemblyFactory.createConfiguredOperation(); + confOp.setName(method.getName()); + ((OperationsConfigurator)type).getConfiguredOperations().add(confOp); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(DENY_ALL); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + confOp.getPolicySets().add(policySet); + } + } +} diff --git a/java/sca/contrib/modules/policy-security-jsr250/src/main/resources/META-INF/services/org.apache.tuscany.sca.core.ModuleActivator b/java/sca/contrib/modules/policy-security-jsr250/src/main/resources/META-INF/services/org.apache.tuscany.sca.core.ModuleActivator new file mode 100644 index 0000000000..550e6d3708 --- /dev/null +++ b/java/sca/contrib/modules/policy-security-jsr250/src/main/resources/META-INF/services/org.apache.tuscany.sca.core.ModuleActivator @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +org.apache.tuscany.sca.implementation.java.impl.JSR250Activator -- cgit v1.2.3