From 1b903cae8b2c1920fbbef2904b0b4d4f014ec052 Mon Sep 17 00:00:00 2001 From: slaws Date: Mon, 31 Oct 2011 10:38:52 +0000 Subject: Ensure that fully resolved JSR250 policy sets, added by the policy processor on the fly, are not re-resolved. Hence the dynamic information in the policy sets is not lost. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1195401 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/jsr250/JSR250PolicyProcessor.java | 97 +++++++++++----------- .../security/jsr250/PolicyProcessorTestCase.java | 2 +- 2 files changed, 49 insertions(+), 50 deletions(-) (limited to 'sca-java-2.x/trunk/modules/policy-security-jsr250') diff --git a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java index fffb366dfa..5f3f1a33ff 100644 --- a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java +++ b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/main/java/org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.java @@ -25,9 +25,14 @@ import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.annotation.security.RunAs; import javax.xml.namespace.QName; +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathExpression; +import javax.xml.xpath.XPathExpressionException; import org.apache.tuscany.sca.assembly.AssemblyFactory; import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.common.xml.stax.reader.NamespaceContextImpl; +import org.apache.tuscany.sca.common.xml.xpath.XPathHelper; import org.apache.tuscany.sca.core.ExtensionPointRegistry; import org.apache.tuscany.sca.core.FactoryExtensionPoint; import org.apache.tuscany.sca.implementation.java.IntrospectionException; @@ -59,17 +64,31 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { private static final QName DENY_ALL = new QName(Constants.SCA11_TUSCANY_NS,"denyAll"); private PolicyFactory policyFactory; + private XPathHelper xpathHelper; + private String appliesToString = "//sca:implementation.java"; + private XPathExpression appliesToExpression = null; - public JSR250PolicyProcessor(ExtensionPointRegistry registry) { + public JSR250PolicyProcessor(ExtensionPointRegistry registry) throws IntrospectionException { super(registry.getExtensionPoint(FactoryExtensionPoint.class).getFactory(AssemblyFactory.class)); this.policyFactory = registry.getExtensionPoint(FactoryExtensionPoint.class).getFactory(PolicyFactory.class); + + this.xpathHelper = XPathHelper.getInstance(registry); + NamespaceContextImpl nsContext = new NamespaceContextImpl(null); + nsContext.register("sca", "http://docs.oasis-open.org/ns/opencsa/sca/200912"); + XPath path = xpathHelper.newXPath(); + try { + appliesToExpression = xpathHelper.compile(path, nsContext, appliesToString); + } catch (XPathExpressionException e) { + throw new IntrospectionException(e); + } } +/* public JSR250PolicyProcessor(AssemblyFactory assemblyFactory, PolicyFactory policyFactory) { super(assemblyFactory); this.policyFactory = policyFactory; } - +*/ @Override public void visitClass(Class clazz, JavaImplementation type) throws IntrospectionException { @@ -84,14 +103,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { SecurityIdentityPolicy policy = new SecurityIdentityPolicy(); policy.setRunAsRole(roleName); - - PolicySet policySet = policyFactory.createPolicySet(); - policySet.setName(RUN_AS); - PolicyExpression policyExpression = policyFactory.createPolicyExpression(); - policyExpression.setName(SecurityIdentityPolicy.NAME); - policyExpression.setPolicy(policy); - policySet.getPolicies().add(policyExpression); - policySet.setUnresolved(false); + PolicySet policySet = createPolicySet(RUN_AS, SecurityIdentityPolicy.NAME, policy); type.getPolicySets().add(policySet); } @@ -108,13 +120,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { policy.getRoleNames().add(role); } - PolicySet policySet = policyFactory.createPolicySet(); - policySet.setName(ALLOW); - PolicyExpression policyExpression = policyFactory.createPolicyExpression(); - policyExpression.setName(AuthorizationPolicy.NAME); - policyExpression.setPolicy(policy); - policySet.getPolicies().add(policyExpression); - policySet.setUnresolved(false); + PolicySet policySet = createPolicySet(ALLOW, AuthorizationPolicy.NAME, policy); type.getPolicySets().add(policySet); } @@ -122,14 +128,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { if(permitAll != null) { AuthorizationPolicy policy = new AuthorizationPolicy(); policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll); - - PolicySet policySet = policyFactory.createPolicySet(); - policySet.setName(PERMIT_ALL); - PolicyExpression policyExpression = policyFactory.createPolicyExpression(); - policyExpression.setName(AuthorizationPolicy.NAME); - policyExpression.setPolicy(policy); - policySet.getPolicies().add(policyExpression); - policySet.setUnresolved(false); + PolicySet policySet = createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, policy); type.getPolicySets().add(policySet); } @@ -154,14 +153,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { Operation operation = getOperationModel(method, type); if (operation != null){ - PolicySet policySet = policyFactory.createPolicySet(); - policySet.setName(ALLOW); - PolicyExpression policyExpression = policyFactory.createPolicyExpression(); - policyExpression.setName(AuthorizationPolicy.NAME); - policyExpression.setPolicy(policy); - policySet.getPolicies().add(policyExpression); - policySet.setUnresolved(false); - + PolicySet policySet = createPolicySet(ALLOW, AuthorizationPolicy.NAME, policy); operation.getPolicySets().add(policySet); } } @@ -175,14 +167,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { Operation operation = getOperationModel(method, type); if (operation != null){ - PolicySet policySet = policyFactory.createPolicySet(); - policySet.setName(PERMIT_ALL); - PolicyExpression policyExpression = policyFactory.createPolicyExpression(); - policyExpression.setName(AuthorizationPolicy.NAME); - policyExpression.setPolicy(policy); - policySet.getPolicies().add(policyExpression); - policySet.setUnresolved(false); - + PolicySet policySet = createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, policy); operation.getPolicySets().add(policySet); } } @@ -196,14 +181,7 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { Operation operation = getOperationModel(method, type); if (operation != null){ - PolicySet policySet = policyFactory.createPolicySet(); - policySet.setName(DENY_ALL); - PolicyExpression policyExpression = policyFactory.createPolicyExpression(); - policyExpression.setName(AuthorizationPolicy.NAME); - policyExpression.setPolicy(policy); - policySet.getPolicies().add(policyExpression); - policySet.setUnresolved(false); - + PolicySet policySet = createPolicySet(DENY_ALL, AuthorizationPolicy.NAME, policy); operation.getPolicySets().add(policySet); } } @@ -219,4 +197,25 @@ public class JSR250PolicyProcessor extends BaseJavaClassVisitor { return null; } + + /** + * Here we generate policy sets on the fly so they have to be configured as though they + * had been read and resolved from a defintions.xml file. I.e. they have to have appropriate + * appliesTo configuration and be marked as resolved. + */ + private PolicySet createPolicySet(QName policySetName, QName policyExpressionName, Object policy){ + + PolicyExpression policyExpression = policyFactory.createPolicyExpression(); + policyExpression.setName(policyExpressionName); + policyExpression.setPolicy(policy); + + PolicySet policySet = policyFactory.createPolicySet(); + policySet.setName(policySetName); + policySet.setAppliesTo(appliesToString); + policySet.setAppliesToXPathExpression(appliesToExpression); + policySet.getPolicies().add(policyExpression); + policySet.setUnresolved(false); + + return policySet; + } } diff --git a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java index 2788276029..b6bd00e345 100644 --- a/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java +++ b/sca-java-2.x/trunk/modules/policy-security-jsr250/src/test/java/org/apache/tuscany/sca/policy/security/jsr250/PolicyProcessorTestCase.java @@ -155,7 +155,7 @@ public class PolicyProcessorTestCase extends TestCase { registry.start(); serviceProcessor = new ServiceProcessor(new DefaultAssemblyFactory(), new DefaultJavaInterfaceFactory(registry)); policyProcessor = new PolicyProcessor(registry); - jsr250Processor = new JSR250PolicyProcessor(new DefaultAssemblyFactory(), new DefaultPolicyFactory()); + jsr250Processor = new JSR250PolicyProcessor(registry); visitor = new PolicyJavaInterfaceVisitor(registry); JavaImplementationFactory javaImplementationFactory = new DefaultJavaImplementationFactory(); type = javaImplementationFactory.createJavaImplementation(); -- cgit v1.2.3