From 5f3869c451e46aadc943d00087d6847877dd1c50 Mon Sep 17 00:00:00 2001 From: lresende Date: Wed, 19 Nov 2008 05:27:58 +0000 Subject: Merging the 1.x delta on top of the equinox based modules git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@718858 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/tuscany/sca/policy/SecurityUtil.java | 76 +++++++++++++++++++ .../basic/BasicAuthenticationPolicy.java | 2 +- .../basic/BasicAuthenticationPolicyProcessor.java | 12 +-- .../basic/BasicAuthenticationPrincipal.java | 80 ++++++++++++++++++++ ...icAuthenticationReferencePolicyInterceptor.java | 30 ++++++-- ...BasicAuthenticationReferencePolicyProvider.java | 1 - ...asicAuthenticationServicePolicyInterceptor.java | 24 +++--- .../BasicAuthenticationServicePolicyProvider.java | 1 - .../authentication/token/TokenPrincipal.java | 74 ++++++++++++++++++ ...ityIdentityImplementationPolicyInterceptor.java | 80 ++++++++++++++++++++ ...curityIdentityImplementationPolicyProvider.java | 88 ++++++++++++++++++++++ .../SecurityIdentityPolicyProviderFactory.java | 75 ++++++++++++++++++ ...ca.contribution.processor.StAXArtifactProcessor | 53 ++++++------- ...ache.tuscany.sca.provider.PolicyProviderFactory | 1 + .../tuscany/sca/policy/security/definitions.xml | 8 +- .../sca/policy/security/tuscany_definitions.xml | 8 +- 16 files changed, 554 insertions(+), 59 deletions(-) create mode 100644 java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java create mode 100644 java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java create mode 100644 java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java create mode 100644 java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java create mode 100644 java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java create mode 100644 java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java (limited to 'java/sca/modules/policy-security') diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java new file mode 100644 index 0000000000..81bc3271c6 --- /dev/null +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy; + +import java.security.Principal; + +import javax.security.auth.Subject; + +import org.apache.tuscany.sca.invocation.Message; + + +/** + * + * @version $Rev$ $Date$ + */ +public class SecurityUtil { + + public static Subject getSubject(Message msg){ + + Subject subject = null; + + for (Object header : msg.getHeaders()){ + if (header instanceof Subject){ + subject = (Subject)header; + break; + } + } + + if (subject == null){ + subject = new Subject(); + msg.getHeaders().add(subject); + } + + return subject; + } + + public static T getPrincipal(Subject subject, Class clazz){ + for (Principal msgPrincipal : subject.getPrincipals() ){ + if (clazz.isInstance(msgPrincipal)){ + return clazz.cast(msgPrincipal); + } + } + + return null; + } + + public static Principal getPrincipal(Message msg){ + + Principal principal = null; + + for (Object header : msg.getHeaders()){ + if (header instanceof Principal){ + principal = (Principal)header; + break; + } + } + + return principal; + } +} diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java index eb0da76acf..152a8de6cc 100644 --- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java @@ -32,7 +32,7 @@ public class BasicAuthenticationPolicy implements Policy { private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.0"; public static final QName BASIC_AUTHENTICATION_POLICY_QNAME = new QName(SCA10_TUSCANY_NS, "basicAuthentication"); - public static final String BASIC_AUTHENTICATION_USERNAME = "username"; + public static final String BASIC_AUTHENTICATION_USERNAME = "userName"; public static final String BASIC_AUTHENTICATION_PASSWORD = "password"; private String userName; diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java index 0b3dfd5539..43db3ec9be 100644 --- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java @@ -41,10 +41,6 @@ import org.apache.tuscany.sca.monitor.Monitor; public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor { private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.0"; - private static final String USER_NAME = "userName"; - private static final String PASSWORD = "password"; - - public QName getArtifactType() { return BasicAuthenticationPolicy.BASIC_AUTHENTICATION_POLICY_QNAME; } @@ -65,9 +61,9 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor name = reader.getName(); if ( name.equals(getArtifactType()) ) { // no attributes at the moment - } else if ( USER_NAME.equals(name.getLocalPart()) ) { + } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) { policy.setUserName(reader.getElementText()); - } else if ( PASSWORD.equals(name.getLocalPart()) ) { + } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) { policy.setPassword(reader.getElementText()); } break; @@ -99,7 +95,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor if ( policy.getUserName() != null ) { writer.writeStartElement(prefix, - USER_NAME, + BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME, getArtifactType().getNamespaceURI()); writer.writeCharacters(policy.getUserName()); writer.writeEndElement(); @@ -107,7 +103,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor if ( policy.getPassword() != null ) { writer.writeStartElement(prefix, - PASSWORD, + BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD, getArtifactType().getNamespaceURI()); writer.writeCharacters(policy.getPassword()); writer.writeEndElement(); diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java new file mode 100644 index 0000000000..3ab9cb656d --- /dev/null +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import java.security.Principal; + + +/** + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPrincipal implements Principal { + + private String name; + private String password; + + public BasicAuthenticationPrincipal(String name, String password){ + if (name == null) { + throw new IllegalArgumentException("name cannot be null"); + } + + this.name = name; + this.password = password; + } + + public String getName() { + return name; + } + + public String getPassword() { + return password; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return name; + } + + + @Override + public boolean equals(Object principal) { + if (principal == null) + return false; + if (this == principal) + return true; + if (getClass() != principal.getClass()) + return false; + final BasicAuthenticationPrincipal other = (BasicAuthenticationPrincipal)principal; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)){ + return false; + } + + return true; + } + +} diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java index c0ed282276..4120fdb405 100644 --- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java @@ -18,17 +18,16 @@ */ package org.apache.tuscany.sca.policy.authentication.basic; -import javax.xml.namespace.QName; +import javax.security.auth.Subject; import org.apache.tuscany.sca.interfacedef.Operation; import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Invoker; import org.apache.tuscany.sca.invocation.Message; import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.SecurityUtil; /** - * Policy handler to handle PolicySet related to Logging with the QName - * {http://tuscany.apache.org/xmlns/sca/1.0/impl/java}LoggingPolicy * * @version $Rev$ $Date$ */ @@ -62,11 +61,26 @@ public class BasicAuthenticationReferencePolicyInterceptor implements Intercepto } public Message invoke(Message msg) { - // could call out here to some 3rd part system to get credentials - msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME, - policy.getUserName()); - msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD, - policy.getPassword()); + + // get the security context + Subject subject = SecurityUtil.getSubject(msg); + BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, + BasicAuthenticationPrincipal.class); + + // if no credentials propogated from the reference then use + // the ones from the policy + if (principal == null && + policy.getUserName() != null && + !policy.getUserName().equals("")) { + principal = new BasicAuthenticationPrincipal(policy.getUserName(), + policy.getPassword()); + subject.getPrincipals().add(principal); + } + + if (principal == null){ + // alternatively we could call out here to some 3rd party system to get credentials + // or convert from some other security principal + } return getNext().invoke(msg); } diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java index f6453e2b65..5aa36ecc89 100644 --- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java @@ -27,7 +27,6 @@ import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Phase; import org.apache.tuscany.sca.policy.PolicySet; import org.apache.tuscany.sca.policy.PolicySetAttachPoint; -import org.apache.tuscany.sca.policy.util.PolicyHandler; import org.apache.tuscany.sca.provider.PolicyProvider; import org.apache.tuscany.sca.runtime.RuntimeComponent; import org.apache.tuscany.sca.runtime.RuntimeComponentReference; diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java index 6c0f7d48d0..88a790c9e9 100644 --- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java @@ -19,13 +19,15 @@ package org.apache.tuscany.sca.policy.authentication.basic; -import javax.xml.namespace.QName; +import javax.security.auth.Subject; import org.apache.tuscany.sca.interfacedef.Operation; import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Invoker; import org.apache.tuscany.sca.invocation.Message; import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.SecurityUtil; + /** * Policy handler to handle PolicySet related to Logging with the QName @@ -64,16 +66,20 @@ public class BasicAuthenticationServicePolicyInterceptor implements Interceptor public Message invoke(Message msg) { - String username = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME); - String password = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD); - - if (username != null) { + Subject subject = SecurityUtil.getSubject(msg); + BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, + BasicAuthenticationPrincipal.class); + + if (principal != null){ - System.out.println("Username: " + username + " Password: " + password); - // could call out here to some 3rd part system to do whatever you - // need to turn credentials into a principal + System.out.println("Username: " + + principal.getName() + + " Password: " + + principal.getPassword()); - msg.getQoSContext().put(Message.QOS_CTX_SECURITY_PRINCIPAL, username); + // could call out here to some 3rd party system to do whatever you + // need to do do with username and password + } return getNext().invoke(msg); diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java index 9bbb0e2d33..aae0386589 100644 --- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java @@ -27,7 +27,6 @@ import org.apache.tuscany.sca.invocation.Interceptor; import org.apache.tuscany.sca.invocation.Phase; import org.apache.tuscany.sca.policy.PolicySet; import org.apache.tuscany.sca.policy.PolicySetAttachPoint; -import org.apache.tuscany.sca.policy.util.PolicyHandler; import org.apache.tuscany.sca.provider.PolicyProvider; import org.apache.tuscany.sca.runtime.RuntimeComponent; import org.apache.tuscany.sca.runtime.RuntimeComponentService; diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java new file mode 100644 index 0000000000..147b863c01 --- /dev/null +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.token; + +import java.security.Principal; + + +/** + * + * @version $Rev$ $Date$ + */ +public class TokenPrincipal implements Principal { + + private String name; + + public TokenPrincipal(String name){ + if (name == null) { + throw new IllegalArgumentException("name cannot be null"); + } + + this.name = name; + } + + public String getName() { + return name; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return name; + } + + + @Override + public boolean equals(Object principal) { + if (principal == null) + return false; + if (this == principal) + return true; + if (getClass() != principal.getClass()) + return false; + final TokenPrincipal other = (TokenPrincipal)principal; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)){ + return false; + } + + return true; + } + +} diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java new file mode 100644 index 0000000000..1559e22cb9 --- /dev/null +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import java.security.Principal; +import java.util.List; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; + +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.SecurityUtil; +import org.osoa.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityImplementationPolicyInterceptor implements Interceptor { + private List securityIdentityPolicies; + private Invoker next; + + public SecurityIdentityImplementationPolicyInterceptor(List securityIdentityPolicies) { + super(); + this.securityIdentityPolicies = securityIdentityPolicies; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#getNext() + */ + public Invoker getNext() { + return next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker) + */ + public void setNext(Invoker next) { + this.next = next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message) + */ + public Message invoke(Message msg) { + try { + + Subject subject = SecurityUtil.getSubject(msg); + + // May do some selection here based on runAs settings. + // by default though there is nothing to do as the implementation + // assumes the callers user credentials + + + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + +} diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java new file mode 100644 index 0000000000..aa52e0bc41 --- /dev/null +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.identity; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityImplementationPolicyProvider implements PolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + + public SecurityIdentityImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + super(); + this.component = component; + this.implementation = implementation; + } + + private List findPolicies(Operation op) { + List polices = new ArrayList(); + // FIXME: How do we get a list of effective policySets for a given operation? + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (SecurityIdentityPolicy.class.isInstance(p)) { + polices.add((SecurityIdentityPolicy)p); + } + } + } + } + } + } + + List policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (SecurityIdentityPolicy.class.isInstance(p)) { + polices.add((SecurityIdentityPolicy)p); + } + } + } + return polices; + } + + public Interceptor createInterceptor(Operation operation) { + List policies = findPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new SecurityIdentityImplementationPolicyInterceptor(findPolicies(operation)); + } + } + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } +} diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java new file mode 100644 index 0000000000..a20f314a2a --- /dev/null +++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import org.apache.tuscany.sca.assembly.Binding; +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; +import org.apache.tuscany.sca.runtime.RuntimeComponentReference; +import org.apache.tuscany.sca.runtime.RuntimeComponentService; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicyProviderFactory implements PolicyProviderFactory { + private ExtensionPointRegistry registry; + + public SecurityIdentityPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + this.registry = registry; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation) + */ + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) { + return new SecurityIdentityImplementationPolicyProvider(component, implementation); + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createReferencePolicyProvider(RuntimeComponent component, + RuntimeComponentReference reference, + Binding binding) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createServicePolicyProvider(RuntimeComponent component, + RuntimeComponentService service, + Binding binding) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType() + */ + public Class getModelType() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor index 3a514e6088..bf8e4d11b4 100644 --- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor +++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor @@ -1,26 +1,27 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# Implementation class for the artifact processor extension -org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy -org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy -org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy -org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy -org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy -org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy -org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy -org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Implementation class for the artifact processor extension +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy +org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy +org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory index 95263b8836..0363fbd981 100644 --- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory +++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory @@ -18,3 +18,4 @@ # Implementation class for the policy extension org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProviderFactory;model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml index e1be4ab03c..f8f0634a9a 100644 --- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml +++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml @@ -31,7 +31,7 @@ + constrains="sca:binding tuscany:binding"> Specifying this intent on references requires necessary authentication information to be sent along with outgoing messages. Specifying this intent on service requires @@ -40,16 +40,16 @@ + constrains="sca:binding tuscany:binding"> Specifying this intent requires message exchanged to be encrypted + constrains="sca:binding tuscany:binding"> Specifying this intent requires message exchanged to be signed - \ No newline at end of file + diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml index f5b79af7ee..91383eaf6a 100644 --- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml +++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml @@ -20,7 +20,13 @@ - + + All invocations are must have an identity set + + + All invocations to be authenticated \ No newline at end of file -- cgit v1.2.3