From c791fd804344b8719fb69be84b8174c84cc4f4dc Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Mon, 10 Jan 2011 19:51:07 +0000 Subject: Sandbox to experiment with Databinding automatic wrapper transformations. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1057335 13f79535-47bb-0310-9956-ffa450edef68 --- .../java/wrapped/modules/policy-security/LICENSE | 205 +++++++++++++++++++++ .../modules/policy-security/META-INF/MANIFEST.MF | 88 +++++++++ .../java/wrapped/modules/policy-security/NOTICE | 6 + .../java/wrapped/modules/policy-security/pom.xml | 43 +++++ .../basic/BasicAuthenticationPolicy.java | 65 +++++++ .../basic/BasicAuthenticationPolicyProcessor.java | 123 +++++++++++++ .../basic/BasicAuthenticationPrincipal.java | 80 ++++++++ .../authentication/token/TokenPrincipal.java | 75 ++++++++ .../policy/authorization/AuthorizationPolicy.java | 83 +++++++++ .../AuthorizationPolicyProcessor.java | 150 +++++++++++++++ ...ityIdentityImplementationPolicyInterceptor.java | 83 +++++++++ ...curityIdentityImplementationPolicyProvider.java | 89 +++++++++ .../policy/identity/SecurityIdentityPolicy.java | 75 ++++++++ .../identity/SecurityIdentityPolicyProcessor.java | 131 +++++++++++++ .../SecurityIdentityPolicyProviderFactory.java | 56 ++++++ .../tuscany/sca/policy/security/SecurityUtil.java | 65 +++++++ .../sca/policy/security/http/ssl/HTTPSPolicy.java | 130 +++++++++++++ .../security/http/ssl/HTTPSPolicyProcessor.java | 156 ++++++++++++++++ ...AuthenticationImplementationPolicyProvider.java | 91 +++++++++ .../jaas/JaasAuthenticationInterceptor.java | 81 ++++++++ .../security/jaas/JaasAuthenticationPolicy.java | 71 +++++++ .../jaas/JaasAuthenticationPolicyHandler.java | 71 +++++++ .../jaas/JaasAuthenticationPolicyProcessor.java | 148 +++++++++++++++ .../JaasAuthenticationPolicyProviderFactory.java | 60 ++++++ ...ca.contribution.processor.StAXArtifactProcessor | 29 +++ ....apache.tuscany.sca.definitions.xml.Definitions | 18 ++ ...ache.tuscany.sca.provider.PolicyProviderFactory | 21 +++ .../tuscany/sca/policy/security/definitions.xml | 35 ++++ .../sca/policy/security/tuscany_definitions.xml | 30 +++ .../policy-security-validation-messages.properties | 28 +++ .../policy/security/PolicyProcessorTestCase.java | 88 +++++++++ .../policy/security/mock_policy_definitions.xml | 80 ++++++++ 32 files changed, 2554 insertions(+) create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/LICENSE create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/META-INF/MANIFEST.MF create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/NOTICE create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/pom.xml create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/policy-security-validation-messages.properties create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java create mode 100644 sandbox/sebastien/java/wrapped/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml (limited to 'sandbox/sebastien/java/wrapped/modules/policy-security') diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/LICENSE b/sandbox/sebastien/java/wrapped/modules/policy-security/LICENSE new file mode 100644 index 0000000000..6e529a25c4 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/LICENSE @@ -0,0 +1,205 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + + diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/META-INF/MANIFEST.MF b/sandbox/sebastien/java/wrapped/modules/policy-security/META-INF/MANIFEST.MF new file mode 100644 index 0000000000..16d54e3fe8 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/META-INF/MANIFEST.MF @@ -0,0 +1,88 @@ +Manifest-Version: 1.0 +Export-Package: org.apache.tuscany.sca.policy.authentication.basic;version="2.0.0"; + uses:="org.apache.tuscany.sca.runtime, + org.apache.tuscany.sca.assembly, + org.apache.tuscany.sca.provider, + org.apache.tuscany.sca.core, + org.apache.tuscany.sca.policy, + org.apache.tuscany.sca.monitor, + org.apache.tuscany.sca.interfacedef, + javax.xml.namespace, + org.apache.tuscany.sca.invocation, + javax.xml.stream, + org.apache.tuscany.sca.contribution.resolver, + org.apache.tuscany.sca.contribution.processor", + org.apache.tuscany.sca.policy.authentication.token;version="2.0.0", + org.apache.tuscany.sca.policy.authorization;version="2.0.0"; + uses:="javax.xml.stream, + org.apache.tuscany.sca.contribution.resolver, + org.apache.tuscany.sca.contribution.processor, + org.apache.tuscany.sca.core, + org.apache.tuscany.sca.monitor, + org.apache.tuscany.sca.policy, + javax.xml.namespace", + org.apache.tuscany.sca.policy.identity;version="2.0.0"; + uses:="javax.xml.stream, + org.apache.tuscany.sca.contribution.resolver, + org.apache.tuscany.sca.contribution.processor, + org.apache.tuscany.sca.core, + org.apache.tuscany.sca.monitor, + org.apache.tuscany.sca.policy, + javax.xml.namespace", + org.apache.tuscany.sca.policy.security;version="2.0.0"; + uses:="org.apache.tuscany.sca.definitions.util, + org.apache.tuscany.sca.provider, + org.apache.tuscany.sca.definitions, + org.apache.tuscany.sca.contribution.processor, + org.apache.tuscany.sca.core", + org.apache.tuscany.sca.policy.security.http.ssl;version="2.0.0", + org.apache.tuscany.sca.policy.security.jaas;version="2.0.0"; + uses:="javax.security.auth.callback, + org.apache.tuscany.sca.runtime, + org.apache.tuscany.sca.assembly, + org.apache.tuscany.sca.provider, + javax.security.auth.login, + org.apache.tuscany.sca.core, + org.apache.tuscany.sca.monitor, + org.apache.tuscany.sca.policy, + org.apache.tuscany.sca.interfacedef, + javax.xml.namespace, + org.apache.tuscany.sca.invocation, + javax.xml.stream, + org.apache.tuscany.sca.contribution.resolver, + org.apache.tuscany.sca.policy.util, + org.apache.tuscany.sca.contribution.processor, + org.oasisopen.sca" +SCA-Version: 1.1 +Bundle-Name: Apache Tuscany Security Policy Model +Bundle-Vendor: The Apache Software Foundation +Bundle-Version: 2.0.0 +Bundle-ManifestVersion: 2 +Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt +Bundle-Description: Apache Tuscany Security Policy Model +Import-Package: javax.security.auth.callback, + javax.security.auth.login, + javax.xml.namespace, + javax.xml.stream, + org.apache.tuscany.sca.assembly;version="2.0.0", + org.apache.tuscany.sca.contribution.processor;version="2.0.0", + org.apache.tuscany.sca.contribution.resolver;version="2.0.0", + org.apache.tuscany.sca.core;version="2.0.0", + org.apache.tuscany.sca.definitions;version="2.0.0", + org.apache.tuscany.sca.definitions.util;version="2.0.0", + org.apache.tuscany.sca.interfacedef;version="2.0.0", + org.apache.tuscany.sca.invocation;version="2.0.0", + org.apache.tuscany.sca.monitor;version="2.0.0", + org.apache.tuscany.sca.policy;version="2.0.0", + org.apache.tuscany.sca.policy.authentication.basic;version="2.0.0", + org.apache.tuscany.sca.policy.authorization;version="2.0.0", + org.apache.tuscany.sca.policy.identity;version="2.0.0", + org.apache.tuscany.sca.policy.security;version="2.0.0", + org.apache.tuscany.sca.policy.security.jaas;version="2.0.0", + org.apache.tuscany.sca.policy.util;version="2.0.0", + org.apache.tuscany.sca.provider;version="2.0.0", + org.apache.tuscany.sca.runtime;version="2.0.0", + org.oasisopen.sca;version="2.0.0" +Bundle-SymbolicName: org.apache.tuscany.sca.policy.security +Bundle-DocURL: http://www.apache.org/ +Bundle-RequiredExecutionEnvironment: J2SE-1.5,JavaSE-1.6 diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/NOTICE b/sandbox/sebastien/java/wrapped/modules/policy-security/NOTICE new file mode 100644 index 0000000000..f6ce2542c3 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/NOTICE @@ -0,0 +1,6 @@ +${pom.name} +Copyright (c) 2005 - 2011 The Apache Software Foundation + +This product includes software developed by +The Apache Software Foundation (http://www.apache.org/). + diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/pom.xml b/sandbox/sebastien/java/wrapped/modules/policy-security/pom.xml new file mode 100644 index 0000000000..a5322bc87a --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/pom.xml @@ -0,0 +1,43 @@ + + + + 4.0.0 + + org.apache.tuscany.sca + tuscany-modules + 2.0-SNAPSHOT + ../pom.xml + + tuscany-policy-security + Apache Tuscany SCA Policy Security Model + + + + + org.apache.tuscany.sca + tuscany-core-runtime-pom + 2.0-SNAPSHOT + pom + provided + + + + + diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java new file mode 100644 index 0000000000..c735f63b7d --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import javax.xml.namespace.QName; + +/** + * Implementation for policies that could be injected as parameter + * into the axis2config. + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPolicy { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + + public static final QName BASIC_AUTHENTICATION_POLICY_QNAME = new QName(SCA10_TUSCANY_NS, "basicAuthentication"); + public static final String BASIC_AUTHENTICATION_USERNAME = "userName"; + public static final String BASIC_AUTHENTICATION_PASSWORD = "password"; + + private String userName; + private String password; + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public QName getSchemaName() { + return BASIC_AUTHENTICATION_POLICY_QNAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java new file mode 100644 index 0000000000..3df06c1e00 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; + +/** + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + + public QName getArtifactType() { + return BasicAuthenticationPolicy.BASIC_AUTHENTICATION_POLICY_QNAME; + } + + public BasicAuthenticationPolicyProcessor(FactoryExtensionPoint modelFactories) { + } + + + public BasicAuthenticationPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException { + BasicAuthenticationPolicy policy = new BasicAuthenticationPolicy(); + int event = reader.getEventType(); + QName name = null; + + while (reader.hasNext()) { + event = reader.getEventType(); + switch (event) { + case START_ELEMENT : { + name = reader.getName(); + if ( name.equals(getArtifactType()) ) { + // no attributes at the moment + } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) { + policy.setUserName(reader.getElementText()); + } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) { + policy.setPassword(reader.getElementText()); + } + break; + } + } + + if ( event == END_ELEMENT ) { + if ( getArtifactType().equals(reader.getName()) ) { + break; + } + } + + //Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return policy; + } + + public void write(BasicAuthenticationPolicy policy, XMLStreamWriter writer, ProcessorContext context) + throws ContributionWriteException, XMLStreamException { + String prefix = "tuscany"; + writer.writeStartElement(prefix, + getArtifactType().getLocalPart(), + getArtifactType().getNamespaceURI()); + writer.writeNamespace("tuscany", SCA10_TUSCANY_NS); + + if ( policy.getUserName() != null ) { + writer.writeStartElement(prefix, + BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME, + getArtifactType().getNamespaceURI()); + writer.writeCharacters(policy.getUserName()); + writer.writeEndElement(); + } + + if ( policy.getPassword() != null ) { + writer.writeStartElement(prefix, + BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD, + getArtifactType().getNamespaceURI()); + writer.writeCharacters(policy.getPassword()); + writer.writeEndElement(); + } + + writer.writeEndElement(); + } + + public Class getModelType() { + return BasicAuthenticationPolicy.class; + } + + public void resolve(BasicAuthenticationPolicy arg0, ModelResolver arg1, ProcessorContext context) throws ContributionResolveException { + + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java new file mode 100644 index 0000000000..3ab9cb656d --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.basic; + +import java.security.Principal; + + +/** + * + * @version $Rev$ $Date$ + */ +public class BasicAuthenticationPrincipal implements Principal { + + private String name; + private String password; + + public BasicAuthenticationPrincipal(String name, String password){ + if (name == null) { + throw new IllegalArgumentException("name cannot be null"); + } + + this.name = name; + this.password = password; + } + + public String getName() { + return name; + } + + public String getPassword() { + return password; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return name; + } + + + @Override + public boolean equals(Object principal) { + if (principal == null) + return false; + if (this == principal) + return true; + if (getClass() != principal.getClass()) + return false; + final BasicAuthenticationPrincipal other = (BasicAuthenticationPrincipal)principal; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)){ + return false; + } + + return true; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java new file mode 100644 index 0000000000..2cc24a4974 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authentication.token; + +import java.security.Principal; + + +/** + * + * @version $Rev$ $Date$ + * @tuscany.spi.extension.asclient + */ +public class TokenPrincipal implements Principal { + + private String name; + + public TokenPrincipal(String name){ + if (name == null) { + throw new IllegalArgumentException("name cannot be null"); + } + + this.name = name; + } + + public String getName() { + return name; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public String toString() { + return name; + } + + + @Override + public boolean equals(Object principal) { + if (principal == null) + return false; + if (this == principal) + return true; + if (getClass() != principal.getClass()) + return false; + final TokenPrincipal other = (TokenPrincipal)principal; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)){ + return false; + } + + return true; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java new file mode 100644 index 0000000000..c970704929 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicy.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.authorization; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.namespace.QName; + +/** + * Models the SCA Implementation Security Policy Assertion for Authorization. + * + * @version $Rev$ $Date$ + */ +public class AuthorizationPolicy { + private final static String SCA11_NS = "http://docs.oasis-open.org/ns/opencsa/sca/200912"; + // private final static String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName NAME = new QName(SCA11_NS, "authorization"); + + public static enum AcessControl { + permitAll, denyAll, allow + }; + + private List roleNames = new ArrayList(); + + public AuthorizationPolicy() { + } + + private AcessControl accessControl; + + public AcessControl getAccessControl() { + return accessControl; + } + + public void setAccessControl(AcessControl accessControl) { + this.accessControl = accessControl; + } + + public List getRoleNames() { + if (accessControl == AcessControl.allow) { + return roleNames; + } else { + throw new IllegalArgumentException("Role names are only available for 'allow'"); + } + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } + + public QName getSchemaName() { + return NAME; + } + + @Override + public String toString() { + if (accessControl == AcessControl.allow) { + return accessControl.name() + " " + roleNames; + } + return accessControl.name(); + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java new file mode 100644 index 0000000000..8a65a10560 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authorization/AuthorizationPolicyProcessor.java @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.authorization; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import java.util.StringTokenizer; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * @version $Rev$ $Date$ + */ +public class AuthorizationPolicyProcessor implements StAXArtifactProcessor { + private static final String ROLES = "roles"; + + public QName getArtifactType() { + return AuthorizationPolicy.NAME; + } + + public AuthorizationPolicyProcessor(FactoryExtensionPoint modelFactories) { + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(Monitor monitor, String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public AuthorizationPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException { + AuthorizationPolicy policy = new AuthorizationPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + while (true) { + switch (event) { + case START_ELEMENT: + String ac = reader.getName().getLocalPart(); + if ("allow".equals(ac)) { + policy.setAccessControl(AuthorizationPolicy.AcessControl.allow); + String roleNames = reader.getAttributeValue(null, ROLES); + if (roleNames == null) { + error(context.getMonitor(), "RequiredAttributeRolesMissing", reader); + //throw new IllegalArgumentException("Required attribute 'roles' is missing."); + } else { + StringTokenizer st = new StringTokenizer(roleNames); + while (st.hasMoreTokens()) { + policy.getRoleNames().add(st.nextToken()); + } + } + } else if ("permitAll".equals(ac)) { + policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); + } else if ("denyAll".endsWith(ac)) { + policy.setAccessControl(AuthorizationPolicy.AcessControl.denyAll); + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } + } + + public void write(AuthorizationPolicy policy, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException, + XMLStreamException { + writer.writeStartElement(AuthorizationPolicy.NAME.getLocalPart()); + + writer.writeStartElement(policy.getAccessControl().name()); + + if (policy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { + StringBuffer sb = new StringBuffer(); + for (String role : policy.getRoleNames()) { + sb.append(role); + } + + if (sb.length() > 0) { + writer.writeAttribute(ROLES, sb.toString()); + } + } + + writer.writeEndElement(); + writer.writeEndElement(); + } + + public Class getModelType() { + return AuthorizationPolicy.class; + } + + public void resolve(AuthorizationPolicy policy, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException { + + if ((policy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) && + (policy.getRoleNames().isEmpty())){ + // role names are required so leave policy unresolved + return; + } + + //right now nothing to resolve + policy.setUnresolved(false); + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java new file mode 100644 index 0000000000..773c874a90 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import java.util.List; + +import javax.security.auth.Subject; + +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.invocation.PhasedInterceptor; +import org.apache.tuscany.sca.policy.security.SecurityUtil; +import org.oasisopen.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityImplementationPolicyInterceptor implements PhasedInterceptor { + private List securityIdentityPolicies; + private Invoker next; + + public SecurityIdentityImplementationPolicyInterceptor(List securityIdentityPolicies) { + super(); + this.securityIdentityPolicies = securityIdentityPolicies; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#getNext() + */ + public Invoker getNext() { + return next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker) + */ + public void setNext(Invoker next) { + this.next = next; + } + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } + + + /** + * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message) + */ + public Message invoke(Message msg) { + try { + + Subject subject = SecurityUtil.getSubject(msg); + + // May do some selection here based on runAs settings. + // by default though there is nothing to do as the implementation + // assumes the callers user credentials + + + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java new file mode 100644 index 0000000000..ebbc2ba5ff --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.identity; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.PhasedInterceptor; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.provider.BasePolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityImplementationPolicyProvider extends BasePolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + + public SecurityIdentityImplementationPolicyProvider(RuntimeComponent component) { + super(SecurityIdentityPolicy.class, component); + this.component = component; + this.implementation = component.getImplementation(); + } + + private List findPolicies(Operation op) { + List polices = new ArrayList(); + /* + // FIXME: How do we get a list of effective policySets for a given operation? + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (SecurityIdentityPolicy.class.isInstance(p)) { + polices.add((SecurityIdentityPolicy)p); + } + } + } + } + } + } + */ + + List policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (SecurityIdentityPolicy.class.isInstance(p)) { + polices.add((SecurityIdentityPolicy)p); + } + } + } + return polices; + } + + public PhasedInterceptor createInterceptor(Operation operation) { + List policies = findPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new SecurityIdentityImplementationPolicyInterceptor(findPolicies(operation)); + } + } + + public void start() { + } + + public void stop() { + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java new file mode 100644 index 0000000000..e4c24168c5 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicy.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; + +/** + * Models the SCA Implementation Security Policy Assertion for Security Identity. + * + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicy { + public static final QName NAME = new QName(Constants.SCA11_TUSCANY_NS, "securityIdentity"); + + private boolean useCallerIdentity; + + private String runAsRole; + + public SecurityIdentityPolicy() { + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUseCallerIdentity() { + return useCallerIdentity; + } + + public void setUseCallerIdentity(boolean useCallerIdentity) { + this.useCallerIdentity = useCallerIdentity; + } + + public String getRunAsRole() { + return runAsRole; + } + + public void setRunAsRole(String runAsRole) { + this.runAsRole = runAsRole; + } + + @Override + public String toString() { + if (useCallerIdentity) { + return "useCallerIdentity"; + } + return "runAs " + runAsRole; + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java new file mode 100644 index 0000000000..3c91b9fbcf --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProcessor.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.identity; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicyProcessor implements StAXArtifactProcessor { + private static final String ROLE = "role"; + + public QName getArtifactType() { + return SecurityIdentityPolicy.NAME; + } + + public SecurityIdentityPolicyProcessor(FactoryExtensionPoint modelFactories) { + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(Monitor monitor, String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public SecurityIdentityPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException { + SecurityIdentityPolicy policy = new SecurityIdentityPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + while (true) { + switch (event) { + case START_ELEMENT: + String ac = reader.getName().getLocalPart(); + if ("runAs".equals(ac)) { + String roleName = reader.getAttributeValue(null, ROLE); + if (roleName == null) { + error(context.getMonitor(), "RequiredAttributeRolesMissing", reader); + //throw new IllegalArgumentException("Required attribute 'roles' is missing."); + } else { + policy.setRunAsRole(roleName); + } + } else if ("useCallerIdentity".equals(ac)) { + policy.setUseCallerIdentity(true); + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } + } + + public void write(SecurityIdentityPolicy policy, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException, + XMLStreamException { + writer.writeStartElement(SecurityIdentityPolicy.NAME.getLocalPart()); + + String child = policy.isUseCallerIdentity() ? "useCallerIdentity" : "runAs"; + writer.writeStartElement(child); + + if (!policy.isUseCallerIdentity()) { + writer.writeAttribute(ROLE, policy.getRunAsRole()); + } + + writer.writeEndElement(); + writer.writeEndElement(); + } + + public Class getModelType() { + return SecurityIdentityPolicy.class; + } + + public void resolve(SecurityIdentityPolicy policy, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException { + + if (policy.getRunAsRole() != null) + //right now nothing to resolve + policy.setUnresolved(false); + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java new file mode 100644 index 0000000000..80e1494796 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.identity; + +import org.apache.tuscany.sca.assembly.Endpoint; +import org.apache.tuscany.sca.assembly.EndpointReference; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * @version $Rev$ $Date$ + */ +public class SecurityIdentityPolicyProviderFactory implements PolicyProviderFactory { + private ExtensionPointRegistry registry; + + public SecurityIdentityPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + this.registry = registry; + } + + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component) { + return new SecurityIdentityImplementationPolicyProvider(component); + } + + public PolicyProvider createReferencePolicyProvider(EndpointReference endpointReference) { + return null; + } + + public PolicyProvider createServicePolicyProvider(Endpoint endpoint) { + return null; + } + + public Class getModelType() { + return SecurityIdentityPolicy.class; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java new file mode 100644 index 0000000000..50349cdf88 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityUtil.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security; + +import java.security.Principal; + +import javax.security.auth.Subject; + +import org.apache.tuscany.sca.invocation.Message; + + +/** + * Some utilities for dealing with security information in a Tuscany message + * + * @version $Rev$ $Date$ + * @tuscany.spi.extension.asclient + */ +public class SecurityUtil { + + public static String SubjectString = "Subject"; + public static String PrincipalString = "Principal"; + + public static Subject getSubject(Message msg){ + + Subject subject = (Subject)msg.getHeaders().get(SubjectString); + + if (subject == null){ + subject = new Subject(); + msg.getHeaders().put(SubjectString, subject); + } + + return subject; + } + + public static T getPrincipal(Subject subject, Class clazz){ + for (Principal msgPrincipal : subject.getPrincipals() ){ + if (clazz.isInstance(msgPrincipal)){ + return clazz.cast(msgPrincipal); + } + } + + return null; + } + + public static Principal getPrincipal(Message msg){ + + return (Principal)msg.getHeaders().get(PrincipalString); + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java new file mode 100644 index 0000000000..cef6eebadc --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.ssl; + +import java.util.Properties; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; + +/** + * Models the SCA Implementation Security Policy Assertion for Confidentiality. + * + * This would map to enabling SSL communication and would require + * the following configuration items : + * + * - javax.net.ssl.keyStore + * - javax.net.ssl.keyStorePassword + * - javax.net.ssl.keyStoreType + * + * - javax.net.ssl.trustStoreType + * - javax.net.ssl.trustStore + * - javax.net.ssl.trustStorePassword + * + * @version $Rev$ $Date$ + */ +public class HTTPSPolicy { + public static final QName NAME = new QName(Constants.SCA11_TUSCANY_NS, "https"); + + private String trustStoreType; + private String trustStore; + private String trustStorePassword; + + private String keyStoreType; + private String keyStore; + private String keyStorePassword; + + + public String getTrustStoreType() { + return trustStoreType; + } + + public void setTrustStoreType(String trustStoreType) { + this.trustStoreType = trustStoreType; + } + + public String getTrustStore() { + return trustStore; + } + + public void setTrustStore(String trustStore) { + this.trustStore = trustStore; + } + + public String getTrustStorePassword() { + return trustStorePassword; + } + + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + + public String getKeyStoreType() { + return keyStoreType; + } + + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + + public String getKeyStore() { + return keyStore; + } + + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + + public String getKeyStorePassword() { + return keyStorePassword; + } + + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + + } + + public Properties toProperties() { + Properties properties = new Properties(); + + properties.put("javax.net.ssl.trustStoreType", trustStoreType); + properties.put("javax.net.ssl.trustStore", trustStore); + properties.put("javax.net.ssl.trustStorePassword", trustStorePassword); + + properties.put("javax.net.ssl.keyStoreType", keyStoreType); + properties.put("javax.net.ssl.keyStore", keyStore); + properties.put("javax.net.ssl.keyStorePassword", keyStorePassword); + + return properties; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java new file mode 100644 index 0000000000..b0d6da194c --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java @@ -0,0 +1,156 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http.ssl; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; + +public class HTTPSPolicyProcessor implements StAXArtifactProcessor { + private static final QName KEY_STORE_QNAME = new QName(Constants.SCA11_TUSCANY_NS, "keyStore"); + private static final QName TRUST_STORE_QNAME = new QName(Constants.SCA11_TUSCANY_NS, "trustStore"); + + public HTTPSPolicyProcessor(FactoryExtensionPoint modelFactories) { + } + + public QName getArtifactType() { + return HTTPSPolicy.NAME; + } + + public Class getModelType() { + return HTTPSPolicy.class; + } + + public HTTPSPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException { + HTTPSPolicy policy = new HTTPSPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(KEY_STORE_QNAME.equals(name)) { + // + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + Monitor.error(context.getMonitor(), + this, + "policy-security-validation-messages", + "RequiredAttributeKeyStoreTypeMissing"); + } else { + policy.setKeyStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + Monitor.error(context.getMonitor(), + this, + "policy-security-validation-messages", + "RequiredAttributeKeyStoreFileMissing"); + } else { + policy.setKeyStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + Monitor.error(context.getMonitor(), + this, + "policy-security-validation-messages", + "RequiredAttributeKeyStorePasswordMissing"); + } else { + policy.setKeyStorePassword(password); + } + + } else if(TRUST_STORE_QNAME.equals(name)) { + // + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + Monitor.error(context.getMonitor(), + this, + "policy-security-validation-messages", + "RequiredAttributeTrustStoreTypeMissing"); + } else { + policy.setTrustStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + Monitor.error(context.getMonitor(), + this, + "policy-security-validation-messages", + "RequiredAttributeTrustStoreFileMissing"); + } else { + policy.setTrustStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + Monitor.error(context.getMonitor(), + this, + "policy-security-validation-messages", + "RequiredAttributeTrustStorePasswordMissing"); + } else { + policy.setTrustStorePassword(password); + } + + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } } + + public void write(HTTPSPolicy model, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException, + XMLStreamException { + // TODO + + } + + public void resolve(HTTPSPolicy model, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException { + + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java new file mode 100644 index 0000000000..6425ae7fca --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationImplementationPolicyProvider.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security.jaas; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.tuscany.sca.assembly.Implementation; +import org.apache.tuscany.sca.interfacedef.Operation; +import org.apache.tuscany.sca.invocation.PhasedInterceptor; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.provider.BasePolicyProvider; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * Policy handler to handle PolicySet containing JaasAuthenticationPolicy instances + * + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationImplementationPolicyProvider extends BasePolicyProvider { + private RuntimeComponent component; + private Implementation implementation; + + public JaasAuthenticationImplementationPolicyProvider(RuntimeComponent component) { + super(JaasAuthenticationPolicy.class, component); + this.component = component; + this.implementation = component.getImplementation(); + } + + private List findPolicies(Operation op) { + List polices = new ArrayList(); + /* + // FIXME: How do we get a list of effective policySets for a given operation? + if (implementation instanceof OperationsConfigurator) { + OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation; + for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) { + if (cop.getName().equals(op.getName())) { + for (PolicySet ps : cop.getPolicySets()) { + for (Object p : ps.getPolicies()) { + if (JaasAuthenticationPolicy.class.isInstance(p)) { + polices.add((JaasAuthenticationPolicy)p); + } + } + } + } + } + } + */ + + List policySets = component.getPolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (JaasAuthenticationPolicy.class.isInstance(p)) { + polices.add((JaasAuthenticationPolicy)p); + } + } + } + return polices; + } + + public PhasedInterceptor createInterceptor(Operation operation) { + List policies = findPolicies(operation); + if (policies == null || policies.isEmpty()) { + return null; + } else { + return new JaasAuthenticationInterceptor(findPolicies(operation)); + } + } + + public void start() { + } + + public void stop() { + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java new file mode 100644 index 0000000000..247243fcf8 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationInterceptor.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.jaas; + +import java.util.List; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; + +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.invocation.Phase; +import org.apache.tuscany.sca.invocation.PhasedInterceptor; +import org.oasisopen.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationInterceptor implements PhasedInterceptor { + private List authenticationPolicies; + private Invoker next; + + public JaasAuthenticationInterceptor(List authenticationPolicies) { + super(); + this.authenticationPolicies = authenticationPolicies; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#getNext() + */ + public Invoker getNext() { + return next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker) + */ + public void setNext(Invoker next) { + this.next = next; + } + + /** + * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message) + */ + public Message invoke(Message msg) { + try { + for (JaasAuthenticationPolicy policy : authenticationPolicies) { + CallbackHandler callbackHandler = + (CallbackHandler)policy.getCallbackHandlerClass().newInstance(); + LoginContext lc = new LoginContext(policy.getConfigurationName(), callbackHandler); + lc.login(); + // Subject subject = lc.getSubject(); + } + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + + public String getPhase() { + return Phase.IMPLEMENTATION_POLICY; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java new file mode 100644 index 0000000000..65d8b5c597 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicy.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.jaas; + +import javax.xml.namespace.QName; + +/** + * + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationPolicy { + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName NAME = new QName(SCA10_TUSCANY_NS, "jaasAuthentication"); + + private String configurationName = "other"; + private String callbackHandlerClassName; + private Class callbackHandlerClass; + + public String getCallbackHandlerClassName() { + return callbackHandlerClassName; + } + + public void setCallbackHandlerClassName(String callbackHandlerClassName) { + this.callbackHandlerClassName = callbackHandlerClassName; + } + + public Class getCallbackHandlerClass() { + return callbackHandlerClass; + } + + public void setCallbackHandlerClass(Class callbackHandlerClass) { + this.callbackHandlerClass = callbackHandlerClass; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + } + + public String getConfigurationName() { + return configurationName; + } + + public void setConfigurationName(String configurationName) { + this.configurationName = configurationName; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java new file mode 100644 index 0000000000..16629e4c6b --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyHandler.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.jaas; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.policy.PolicySet; + +/** + * Policy handler to handle PolicySet containing JaasAuthenticationPolicy instances + * + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationPolicyHandler { + private static final String jaasPolicy = "JaasPolicy"; + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName policySetQName = new QName(SCA10_TUSCANY_NS, jaasPolicy); + private PolicySet applicablePolicySet = null; + + public void setUp(Object... context) { + if (applicablePolicySet != null) { + } + } + + public void cleanUp(Object... context) { + } + + public void beforeInvoke(Object... context) { + try { + JaasAuthenticationPolicy policy = (JaasAuthenticationPolicy)applicablePolicySet.getPolicies().get(0); + CallbackHandler callbackHandler = + (CallbackHandler)policy.getCallbackHandlerClass().newInstance(); + LoginContext lc = new LoginContext(policy.getConfigurationName(), callbackHandler); + lc.login(); + } catch (Exception e) { + throw new RuntimeException(e); + } + + } + + public void afterInvoke(Object... context) { + + } + + public PolicySet getApplicablePolicySet() { + return applicablePolicySet; + } + + public void setApplicablePolicySet(PolicySet applicablePolicySet) { + this.applicablePolicySet = applicablePolicySet; + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java new file mode 100644 index 0000000000..b9ab68aa2f --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProcessor.java @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.policy.security.jaas; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ClassReference; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +/** + * + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationPolicyProcessor implements StAXArtifactProcessor { + private static final QName JAAS_AUTHENTICATION_POLICY_QNAME = JaasAuthenticationPolicy.NAME; + private static final String callbackHandler = "callbackHandler"; + private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.1"; + public static final QName CALLBACK_HANDLER_QNAME = new QName(SCA10_TUSCANY_NS, callbackHandler); + public static final QName CONFIGURATION_QNAME = new QName(SCA10_TUSCANY_NS, "configurationName"); + + + public QName getArtifactType() { + return JAAS_AUTHENTICATION_POLICY_QNAME; + } + + public JaasAuthenticationPolicyProcessor(FactoryExtensionPoint modelFactories) { + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(Monitor monitor, String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public JaasAuthenticationPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException { + JaasAuthenticationPolicy policy = new JaasAuthenticationPolicy(); + int event = reader.getEventType(); + QName name = null; + + while (reader.hasNext()) { + event = reader.getEventType(); + switch (event) { + case START_ELEMENT : { + name = reader.getName(); + if (name.equals(CALLBACK_HANDLER_QNAME)) { + String callbackHandlerClassName = reader.getElementText(); + if (callbackHandlerClassName != null) { + policy.setCallbackHandlerClassName(callbackHandlerClassName.trim()); + } + } + if (name.equals(CONFIGURATION_QNAME)) { + String configurationName = reader.getElementText(); + if (configurationName != null) { + policy.setConfigurationName(configurationName.trim()); + } + } + + break; + } + } + + if ( event == END_ELEMENT ) { + if ( JAAS_AUTHENTICATION_POLICY_QNAME.equals(reader.getName()) ) { + break; + } + } + + //Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return policy; + } + + public void write(JaasAuthenticationPolicy policy, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException, + XMLStreamException { + String prefix = "tuscany"; + writer.writeStartElement(prefix, + JAAS_AUTHENTICATION_POLICY_QNAME.getLocalPart(), + JAAS_AUTHENTICATION_POLICY_QNAME.getNamespaceURI()); + writer.writeNamespace("tuscany", SCA10_TUSCANY_NS); + + + writer.writeEndElement(); + } + + public Class getModelType() { + return JaasAuthenticationPolicy.class; + } + + public void resolve(JaasAuthenticationPolicy policy, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException { + + if (policy.getCallbackHandlerClassName() != null) { + ClassReference classReference = new ClassReference(policy.getCallbackHandlerClassName()); + classReference = resolver.resolveModel(ClassReference.class, classReference, context); + Class callbackClass = classReference.getJavaClass(); + if (callbackClass == null) { + error(context.getMonitor(), "ClassNotFoundException", resolver, policy.getCallbackHandlerClassName()); + //throw new ContributionResolveException(new ClassNotFoundException(policy.getCallbackHandlerClassName())); + } else { + policy.setCallbackHandlerClass(callbackClass); + policy.setUnresolved(false); + } + } + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java new file mode 100644 index 0000000000..ab1ab1870f --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/jaas/JaasAuthenticationPolicyProviderFactory.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.jaas; + +import org.apache.tuscany.sca.assembly.Endpoint; +import org.apache.tuscany.sca.assembly.EndpointReference; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.provider.PolicyProvider; +import org.apache.tuscany.sca.provider.PolicyProviderFactory; +import org.apache.tuscany.sca.runtime.RuntimeComponent; + +/** + * @version $Rev$ $Date$ + */ +public class JaasAuthenticationPolicyProviderFactory implements PolicyProviderFactory { + + public JaasAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) { + super(); + } + + public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component) { + return new JaasAuthenticationImplementationPolicyProvider(component); + } + + public PolicyProvider createReferencePolicyProvider(EndpointReference endpointReference) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding) + */ + public PolicyProvider createServicePolicyProvider(Endpoint endpoint) { + return null; + } + + /** + * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType() + */ + public Class getModelType() { + return JaasAuthenticationPolicy.class; + } + +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor new file mode 100644 index 0000000000..f402c6f749 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Implementation class for the artifact processor extension +org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy +org.apache.tuscany.sca.policy.security.http.ssl.HTTPSPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#https,model=org.apache.tuscany.sca.policy.security.http.ssl.HTTPSPolicy + +# TODO - following processors are old and somewhat questionable for 2.x, needs reviewing +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy +org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions new file mode 100644 index 0000000000..6c3579dd2e --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.definitions.xml.Definitions @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +org/apache/tuscany/sca/policy/security/definitions.xml +org/apache/tuscany/sca/policy/security/tuscany_definitions.xml diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory new file mode 100644 index 0000000000..37c5ee9cc0 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Implementation classs for policy extensions that are neither binding nor implementation specific +org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy +org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProviderFactory;model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy + diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml new file mode 100644 index 0000000000..21923b3a3b --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml new file mode 100644 index 0000000000..45d4ebaf5e --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml @@ -0,0 +1,30 @@ + + + + + + All invocations are must have an identity set + + + + All invocations to be authenticated + + \ No newline at end of file diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/policy-security-validation-messages.properties b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/policy-security-validation-messages.properties new file mode 100644 index 0000000000..d41dbc3c70 --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/main/resources/policy-security-validation-messages.properties @@ -0,0 +1,28 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +RequiredAttributeRolesMissing = Required attribute 'roles' is missing. +ClassNotFoundException = Class Not Found Exception: {0} +RequiredAttributeKeyStoreTypeMissing = Required attribute 'type' of keyStore element is missing +RequiredAttributeKeyStoreFileMissing = Required attribute 'file' of keyStore element is missing +RequiredAttributeKeyStorePasswordMissing = Required attribute 'password' of keyStore element is missing +RequiredAttributeTrustStoreTypeMissing = Required attribute 'type' of trustStore element is missing +RequiredAttributeTrustStoreFileMissing = Required attribute 'file' of trustStore element is missing +RequiredAttributeTrustStorePasswordMissing = Required attribute 'password' of trustStore element is missing \ No newline at end of file diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java b/sandbox/sebastien/java/wrapped/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java new file mode 100644 index 0000000000..653f6d621c --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/test/java/org/apache/tuscany/sca/policy/security/PolicyProcessorTestCase.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security; + +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamConstants; +import javax.xml.stream.XMLStreamReader; + +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor; +import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy; +import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor; +import org.junit.Assert; +import org.junit.Test; + +/** + * @version $Rev$ $Date$ + */ +public class PolicyProcessorTestCase { + private final static String SCA11_NS = "http://docs.oasis-open.org/ns/opencsa/sca/200912"; + private final static List SEQ = + Arrays.asList("permitAll", + "allow [r1, r2]", + "denyAll", + "runAs admin", + "useCallerIdentity", + "permitAll", + "allow [r1, r2]", + "denyAll", + "runAs admin"); + + @Test + public void testRead() throws Exception { + List results = new ArrayList(); + Map processors = new HashMap(); + processors.put(AuthorizationPolicy.NAME, new AuthorizationPolicyProcessor(null)); + processors.put(SecurityIdentityPolicy.NAME, new SecurityIdentityPolicyProcessor(null)); + processors.put(new QName(SCA11_NS, "allow"), new AuthorizationPolicyProcessor(null)); + processors.put(new QName(SCA11_NS, "permitAll"), new AuthorizationPolicyProcessor(null)); + processors.put(new QName(SCA11_NS, "denyAll"), new AuthorizationPolicyProcessor(null)); + processors.put(new QName(SCA11_NS, "runAs"), new SecurityIdentityPolicyProcessor(null)); + InputStream is = getClass().getResourceAsStream("mock_policy_definitions.xml"); + XMLInputFactory factory = XMLInputFactory.newInstance(); + XMLStreamReader reader = factory.createXMLStreamReader(is); + while (true) { + int event = reader.getEventType(); + if (event == XMLStreamConstants.START_ELEMENT) { + if ("policySet".equals(reader.getName().getLocalPart())) { + reader.nextTag(); + results.add(processors.get(reader.getName()).read(reader, new ProcessorContext()).toString()); + } + } + if (reader.hasNext()) { + reader.next(); + } else { + break; + } + } + Assert.assertEquals(SEQ, results); + } +} diff --git a/sandbox/sebastien/java/wrapped/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml b/sandbox/sebastien/java/wrapped/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml new file mode 100644 index 0000000000..91ab004a7e --- /dev/null +++ b/sandbox/sebastien/java/wrapped/modules/policy-security/src/test/resources/org/apache/tuscany/sca/policy/security/mock_policy_definitions.xml @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3