From 6d685c8e138af8d18bc71181ec630ccb9a17bdd9 Mon Sep 17 00:00:00 2001 From: nash Date: Wed, 6 Apr 2011 22:03:35 +0000 Subject: Tag for 1.6.2-RC1 git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1089647 13f79535-47bb-0310-9956-ffa450edef68 --- .../introspect/impl/JSR250PolicyProcessor.java | 178 +++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 sca-java-1.x/tags/1.6.2-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java (limited to 'sca-java-1.x/tags/1.6.2-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java') diff --git a/sca-java-1.x/tags/1.6.2-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java b/sca-java-1.x/tags/1.6.2-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java new file mode 100644 index 0000000000..f639bc679f --- /dev/null +++ b/sca-java-1.x/tags/1.6.2-RC1/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JSR250PolicyProcessor.java @@ -0,0 +1,178 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.tuscany.sca.implementation.java.introspect.impl; + +import java.lang.reflect.Method; + +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.annotation.security.RunAs; +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.AssemblyFactory; +import org.apache.tuscany.sca.assembly.ConfiguredOperation; +import org.apache.tuscany.sca.assembly.OperationsConfigurator; +import org.apache.tuscany.sca.implementation.java.IntrospectionException; +import org.apache.tuscany.sca.implementation.java.JavaImplementation; +import org.apache.tuscany.sca.policy.PolicyFactory; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy; + +/** + * Processes an {@link javax.annotation.security.*} annotation + * Below is a list of annotations + * + * Type Method + * RunAs x + * RolesAllowed x x + * PermitAll x x + * DenyAll x + * + * @version $Rev$ $Date$ + */ +public class JSR250PolicyProcessor extends BaseJavaClassVisitor { + private static final QName RUN_AS = new QName("http://www.osoa.org/xmlns/sca/1.0","runAs"); + private static final QName ALLOW = new QName("http://www.osoa.org/xmlns/sca/1.0","allow"); + private static final QName PERMIT_ALL = new QName("http://www.osoa.org/xmlns/sca/1.0","permitAll"); + private static final QName DENY_ALL = new QName("http://www.osoa.org/xmlns/sca/1.0","denyAll"); + + private PolicyFactory policyFactory; + + public JSR250PolicyProcessor(AssemblyFactory assemblyFactory, PolicyFactory policyFactory) { + super(assemblyFactory); + this.policyFactory = policyFactory; + } + + + @Override + public void visitClass(Class clazz, JavaImplementation type) throws IntrospectionException { + + RunAs runAs = clazz.getAnnotation(javax.annotation.security.RunAs.class); + if (runAs != null) { + + String roleName = runAs.value(); + if(roleName == null) { + //FIXME handle monitor or error + } + + SecurityIdentityPolicy policy = new SecurityIdentityPolicy(); + policy.setRunAsRole(roleName); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(RUN_AS); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + ((org.apache.tuscany.sca.policy.PolicySetAttachPoint)type).getPolicySets().add(policySet); + } + + RolesAllowed rolesAllowed = clazz.getAnnotation(javax.annotation.security.RolesAllowed.class); + if(rolesAllowed != null) { + if(rolesAllowed.value().length == 0) { + //FIXME handle monitor or error + } + + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.allow); + + for(String role : rolesAllowed.value()) { + policy.getRoleNames().add(role); + } + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(ALLOW); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + ((org.apache.tuscany.sca.policy.PolicySetAttachPoint)type).getPolicySets().add(policySet); + } + + PermitAll permitAll = clazz.getAnnotation(javax.annotation.security.PermitAll.class); + if(permitAll != null) { + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(PERMIT_ALL); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + ((org.apache.tuscany.sca.policy.PolicySetAttachPoint)type).getPolicySets().add(policySet); + } + + } + + @Override + public void visitMethod(Method method, JavaImplementation type) throws IntrospectionException { + RolesAllowed rolesAllowed = method.getAnnotation(javax.annotation.security.RolesAllowed.class); + if(rolesAllowed != null) { + if(rolesAllowed.value().length == 0) { + //FIXME handle monitor or error + } + + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.allow); + + for(String role : rolesAllowed.value()) { + policy.getRoleNames().add(role); + } + + ConfiguredOperation confOp = assemblyFactory.createConfiguredOperation(); + confOp.setName(method.getName()); + ((OperationsConfigurator)type).getConfiguredOperations().add(confOp); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(ALLOW); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + confOp.getPolicySets().add(policySet); + } + + PermitAll permitAll = method.getAnnotation(javax.annotation.security.PermitAll.class); + if(permitAll != null) { + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); + + ConfiguredOperation confOp = assemblyFactory.createConfiguredOperation(); + confOp.setName(method.getName()); + ((OperationsConfigurator)type).getConfiguredOperations().add(confOp); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(PERMIT_ALL); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + confOp.getPolicySets().add(policySet); + } + + DenyAll denyAll = method.getAnnotation(javax.annotation.security.DenyAll.class); + if(denyAll != null) { + AuthorizationPolicy policy = new AuthorizationPolicy(); + policy.setAccessControl(AuthorizationPolicy.AcessControl.denyAll); + + ConfiguredOperation confOp = assemblyFactory.createConfiguredOperation(); + confOp.setName(method.getName()); + ((OperationsConfigurator)type).getConfiguredOperations().add(confOp); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(DENY_ALL); + policySet.getPolicies().add(policy); + policySet.setUnresolved(false); + confOp.getPolicySets().add(policySet); + } + } +} -- cgit v1.2.3