You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2019/12/12 22:14:30 UTC
[juddi] branch feature/JUDDI-558 updated (4c90588 -> 56fb8a9)
This is an automated email from the ASF dual-hosted git repository.
alexoree pushed a change to branch feature/JUDDI-558
in repository https://gitbox.apache.org/repos/asf/juddi.git.
from 4c90588 JUDDI-558 amother interface change to better handling the filtering of publisher assertions
new d352ac0 JUDDI-558 processing with enhanced security, still has lots of unit test failures, work in progress
new 56fb8a9 JUDDI-558 WIP
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../src/test/resources/META-INF/persistence.xml | 2 +
.../resources/{juddiv3.xml => juddiv3rbac.xml} | 7 +
juddi-core/pom.xml | 1 -
.../src/main/java/org/apache/juddi/Registry.java | 2 +-
.../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 19 +-
.../apache/juddi/api/impl/UDDIPublicationImpl.java | 34 +-
.../apache/juddi/api/impl/UDDISecurityImpl.java | 4 +-
.../java/org/apache/juddi/config/AppConfig.java | 2 +-
.../apache/juddi/model/UddiEntityPublisher.java | 2 +-
.../juddi/security/AccessControlFactory.java | 18 +-
.../juddi/security/AllowAllAccessControlImpl.java | 19 +-
.../org/apache/juddi/security/IAccessControl.java | 13 +-
.../apache/juddi/security/rbac/RbacRulesModel.java | 2 +
.../security/rbac/RoleBasedAccessControlImpl.java | 125 ++++--
.../apache/juddi/validation/ValidatePublish.java | 34 +-
.../apache/juddi/validation/ValidateUDDIApi.java | 109 +++---
.../juddi/api/impl/API_180_RbacSecurityTest.java | 154 +++++++-
.../impl/mock/WebServiceContextMock.java} | 40 +-
.../src/test/resources/META-INF/persistence.xml | 2 +
.../src/test/resources/juddiv3rbac.xml | 421 +++++++++++----------
.../WEB-INF/classes/META-INF/persistence.xml | 1 +
.../WEB-INF/classes/META-INF/persistence.xml | 3 +-
.../WEB-INF/classes/META-INF/persistence.xml | 3 +-
.../java/org/apache/juddi/v3/tck/TckBusiness.java | 1 +
.../java/org/apache/juddi/v3/tck/TckTModel.java | 13 +-
.../java/org/apache/juddi/api_v3/AccessLevel.java | 21 +-
26 files changed, 682 insertions(+), 370 deletions(-)
copy juddi-core-openjpa/src/test/resources/{juddiv3.xml => juddiv3rbac.xml} (94%)
copy juddi-core/src/test/java/org/apache/juddi/{auth/MockWebServiceContext.java => api/impl/mock/WebServiceContextMock.java} (51%)
copy juddi-core-openjpa/src/test/resources/juddiv3.xml => juddi-core/src/test/resources/juddiv3rbac.xml (96%)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org
[juddi] 01/02: JUDDI-558 processing with enhanced security,
still has lots of unit test failures, work in progress
Posted by al...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
alexoree pushed a commit to branch feature/JUDDI-558
in repository https://gitbox.apache.org/repos/asf/juddi.git
commit d352ac0aa6118934bd5bab204ea14dec873651c6
Author: Alex O'Ree <al...@apache.org>
AuthorDate: Sat Jul 27 18:32:06 2019 -0400
JUDDI-558 processing with enhanced security, still has lots of unit test failures, work in progress
---
.../src/test/resources/META-INF/persistence.xml | 2 +
.../src/test/resources/juddiv3rbac.xml | 215 +++++++++++++++++++++
juddi-core/pom.xml | 1 -
.../src/main/java/org/apache/juddi/Registry.java | 2 +-
.../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 15 +-
.../apache/juddi/api/impl/UDDIPublicationImpl.java | 34 ++--
.../apache/juddi/api/impl/UDDISecurityImpl.java | 4 +-
.../java/org/apache/juddi/config/AppConfig.java | 2 +-
.../apache/juddi/model/UddiEntityPublisher.java | 2 +-
.../juddi/security/AccessControlFactory.java | 18 +-
.../juddi/security/AllowAllAccessControlImpl.java | 19 +-
.../org/apache/juddi/security/IAccessControl.java | 13 +-
.../apache/juddi/security/rbac/RbacRulesModel.java | 2 +
.../security/rbac/RoleBasedAccessControlImpl.java | 123 +++++++++---
.../apache/juddi/validation/ValidatePublish.java | 34 ++--
.../apache/juddi/validation/ValidateUDDIApi.java | 109 ++++++-----
.../juddi/api/impl/API_180_RbacSecurityTest.java | 154 +++++++++++++--
.../juddi/api/impl/mock/WebServiceContextMock.java | 69 +++++++
.../src/test/resources/META-INF/persistence.xml | 2 +
juddi-core/src/test/resources/juddiv3rbac.xml | 215 +++++++++++++++++++++
.../WEB-INF/classes/META-INF/persistence.xml | 1 +
.../WEB-INF/classes/META-INF/persistence.xml | 3 +-
.../WEB-INF/classes/META-INF/persistence.xml | 3 +-
.../java/org/apache/juddi/v3/tck/TckBusiness.java | 1 +
.../java/org/apache/juddi/v3/tck/TckTModel.java | 13 +-
.../java/org/apache/juddi/api_v3/AccessLevel.java | 21 +-
26 files changed, 932 insertions(+), 145 deletions(-)
diff --git a/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml b/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml
index 1142ef5..fe10d56 100644
--- a/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml
+++ b/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml
@@ -90,6 +90,8 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="openjpa.jdbc.SynchronizeMappings" value="buildSchema(SchemaAction='dropDB,add')"/>
<property name="openjpa.Log" value="DefaultLevel=WARN, Tool=INFO"/>
diff --git a/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml b/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml
new file mode 100644
index 0000000..bac2aca
--- /dev/null
+++ b/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+* Copyright 2001-2009 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICenSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+*/ -->
+<!--
+################################################################
+# jUDDI-v3.0 configuration. #
+################################################################
+# Note that the property settings in this #
+# file can be overriden by system parameters #
+# #
+################################################################
+-->
+<config>
+ <juddi>
+ <!-- The ${juddi.server.baseurl} token can be referenced in accessPoints and will be resolved at runtime. -->
+ <server>
+ <baseurl>http://localhost:8080/juddiv3</baseurl>
+ <baseurlsecure>https://localhost:8443/juddiv3</baseurlsecure>
+ </server>
+ <!-- The node Id must be unique when setup in a cluster of UDDI servers implementing the replication API
+ don't worry, jUDDI doesn't implement it right now, but it may come in the future -->
+ <nodeId>uddi:juddi.apache.org:node1</nodeId>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <root>
+ <!-- this is the 'root' username, or owner of the node -->
+ <publisher>root</publisher>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <businessId>uddi:juddi.apache.org:businesses-asf</businessId>
+ <partition>uddi:juddi.apache.org</partition>
+ </root>
+ <seed>
+ <always>false</always>
+ </seed>
+
+ <!-- Name of the persistence unit to use (the default, "juddiDatabase" refers to the unit compiled into the juddi library)-->
+ <persistenceunit>
+ <name>juddiDatabase</name>
+ </persistenceunit>
+
+ <!-- Check-the-time-stamp-on-this-file Interval in milli seconds -->
+ <configuration>
+ <reload>
+ <delay>2000</delay>
+ </reload>
+ </configuration>
+ <!--Default locale-->
+ <locale>en_US</locale>
+
+ <!--The UDDI Operator Contact Email Address-->
+ <operatorEmailAddress>admin@local.localhost</operatorEmailAddress>
+
+ <!-- The maximum name size and maximum number of name elements allows in several of the FindXxxx and SaveXxxx UDDI functions.-->
+ <maxNameLength>255</maxNameLength>
+ <maxNameElementsAllowed>5</maxNameElementsAllowed>
+
+
+ <!-- The maximum number of rows returned in a find_* operation. Each call can set this independently, but this property defines a global maximum.-->
+ <maxRows>1000</maxRows>
+ <!-- The maximum number of "IN" clause parameters. Some RDMBS limit the number of parameters allowed in a SQL "IN" clause.-->
+ <maxInClause>1000</maxInClause>
+
+ <!-- The maximum number of UDDI artifacts allowed per publisher. A value of '-1' indicates any number of artifacts is valid (These values can be overridden at the individual publisher level).-->
+ <maxBusinessesPerPublisher>100</maxBusinessesPerPublisher>
+ <maxServicesPerBusiness>100</maxServicesPerBusiness>
+ <maxBindingsPerService>100</maxBindingsPerService>
+ <maxTModelsPerPublisher>100</maxTModelsPerPublisher>
+
+ <!-- Days before a transfer request expires-->
+ <transfer>
+ <expiration>
+ <days>3</days>
+ </expiration>
+ </transfer>
+
+ <!-- Days before a subscription expires-->
+ <subscription>
+ <expiration>
+ <days>30</days>
+ </expiration>
+
+ <!-- Minutes before a "chunked" subscription call expires-->
+ <chunkexpiration>
+ <minutes>5</minutes>
+ </chunkexpiration>
+
+ <!--Since 3.1.5 the maxium ammount of returned subscription entities allowed-->
+ <maxentities>1000</maxentities>
+ </subscription>
+
+ <!-- jUDDI UUIDGen implementation to use-->
+ <uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
+
+ <!-- jUDDI Cryptor implementation to use-->
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
+
+ <!-- jUDDI Key Generator to use-->
+ <keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
+
+ <notification>
+ <!-- Specifies the interval at which the notification timer triggers-->
+ <interval>5000</interval>
+ <!-- Specifies the amount of time to wait before the notification timer initially fires-->
+ <start>
+ <buffer>0</buffer>
+ </start>
+ <acceptableLagtime>1000</acceptableLagtime>
+ <maxTries>3</maxTries>
+ <!-- 10 minutes -->
+ <maxTriesResetInterval>600000</maxTriesResetInterval>
+ <sendAuthTokenWithResultList>false</sendAuthTokenWithResultList>
+ </notification>
+ <!-- All Authentication related settings -->
+ <auth>
+ <!-- Specifies whether the inquiry API requires authentication, all other APIs require authN-->
+ <Inquiry>false</Inquiry>
+
+ <!-- When using file based authentication, this is the filename to use
+ <usersfile>juddi-users.xml</usersfile>-->
+ <!-- jUDDI Authentication module to use-->
+ <authenticator>
+ <!-- build in Authenticators:
+ org.apache.juddi.v3.auth.JUDDIAuthenticator - no authentication
+ LDAP Based
+ org.apache.juddi.v3.auth.LdapSimpleAuthenticator - use LDAP
+ org.apache.juddi.v3.auth.LdapExpandedAuthenticator - use LDAP
+
+ File based, see usersfile
+ org.apache.juddi.v3.auth.XMLDocAuthenticator - XML doc, clear text
+ org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - XML doc, encrypted
+ org.apache.juddi.v3.auth.MD5XMLDocAuthenticator - XML doc, Hashed
+ -->
+ <class>org.apache.juddi.v3.auth.JUDDIAuthenticator</class>
+ <!-- other settings
+ url
+ initialcontext
+ style
+ ldapexp
+ -->
+ </authenticator>
+
+ <token>
+ <!-- Time in minutes to expire tokes after inactivity-->
+ <Timeout>15</Timeout>
+ <!-- As of 3.1.5 Duration of time for tokens to expire, regardless of inactivity -->
+ <Expiration>15</Expiration>
+ </token>
+ </auth>
+
+
+
+
+ <validation>
+ <!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true. set to false for backwards compatibility or for a more lax registry-->
+ <enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+ </validation>
+
+ <!--As of 3.1.5 Email delivery options for subscription API functions-->
+ <mail>
+ <smtp>
+ <!--The Operator’s Email address
+ <from>admin@local.localhost</from>-->
+
+ <!--the hostname of the SMTP server
+ <host>localhost</host>-->
+
+ <!--The portname of the SMTP server
+ <port>25</port>-->
+
+ <!--If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.-->
+ <socketFactory>
+ <!--<class></class>-->
+
+ <!--If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true.
+ <fallback>true</fallback>-->
+ <!--Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used.
+ <port>25</port>-->
+ </socketFactory>
+ <!--if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false.
+ <starttls>
+ <enabled>false</enabled>
+ </starttls>-->
+
+ <!--If true, attempt to authenticate the user using the AUTH command. Defaults to false.
+ <auth>false</auth>-->
+
+ <!--Username used to authenticate to the SMTP server used only if mail.smtp.auth is true
+ <user>user</user>-->
+
+ <!--Password used to authenticate to the SMTP server, used only if mail.smtp.auth is true
+ <password encrypted="false">pass</password>-->
+ </smtp>
+ </mail>
+
+
+ <!-- additional access control module
+ provides item level access permissions.
+ default is everyone can read everything, only owners can change stuff
+ -->
+ <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider>
+ </juddi>
+</config>
\ No newline at end of file
diff --git a/juddi-core/pom.xml b/juddi-core/pom.xml
index 46b026d..3a1049e 100644
--- a/juddi-core/pom.xml
+++ b/juddi-core/pom.xml
@@ -195,5 +195,4 @@ language governing permissions and * limitations under the License. * */ -->
<version>2.2.0</version>
</dependency>
</dependencies>
-
</project>
diff --git a/juddi-core/src/main/java/org/apache/juddi/Registry.java b/juddi-core/src/main/java/org/apache/juddi/Registry.java
index 4a1fff0..bd2fc89 100644
--- a/juddi-core/src/main/java/org/apache/juddi/Registry.java
+++ b/juddi-core/src/main/java/org/apache/juddi/Registry.java
@@ -31,7 +31,7 @@ import org.apache.juddi.subscription.SubscriptionNotifier;
public class Registry {
private static Registry registry = null;
- private static Log log = LogFactory.getLog(Registry.class);
+ private static final Log log = LogFactory.getLog(Registry.class);
private static SubscriptionNotifier subscriptionNotifier = null;
private static ReplicationNotifier replicationNotifier = null;
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
index d2dbfa1..ea1d530 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
@@ -342,13 +342,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry
long procTime = System.currentTimeMillis() - startTime;
serviceCounter.update(InquiryQuery.FIND_SERVICE, QueryStatus.SUCCESS, procTime);
- List<org.uddi.api_v3.ServiceInfo> FilterBindingTemplates =
+ result.setServiceInfos(
AccessControlFactory.getAccessControlInstance().filterServiceInfo(
this.ctx,
- entityPublisher, result.getServiceInfos().getServiceInfo());
- result.getServiceInfos().getServiceInfo().clear();
- result.getServiceInfos().getServiceInfo().addAll(FilterBindingTemplates);
-
+ entityPublisher, result.getServiceInfos()));
+
return result;
} finally {
if (tx.isActive()) {
@@ -391,12 +389,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry
long procTime = System.currentTimeMillis() - startTime;
serviceCounter.update(InquiryQuery.FIND_TMODEL, QueryStatus.SUCCESS, procTime);
- List<org.uddi.api_v3.TModelInfo> FilterBindingTemplates =
+ result.setTModelInfos(
AccessControlFactory.getAccessControlInstance().filterTModelInfo(
this.ctx,entityPublisher,
- result.getTModelInfos().getTModelInfo());
- result.getTModelInfos().getTModelInfo().clear();
- result.getTModelInfos().getTModelInfo().addAll(FilterBindingTemplates);
+ result.getTModelInfos()));
+
return result;
} finally {
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java
index b6ace81..5583bd2 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java
@@ -127,7 +127,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateAddPublisherAssertions(em, body);
+ new ValidatePublish(publisher,ctx).validateAddPublisherAssertions(em, body);
List<org.uddi.api_v3.PublisherAssertion> apiPubAssertionList = body.getPublisherAssertion();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -213,6 +213,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
}
}
+ @Override
public void deleteBinding(DeleteBinding body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -224,7 +225,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteBinding(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteBinding(em, body);
List<String> entityKeyList = body.getBindingKey();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -272,6 +273,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
}
+ @Override
public void deleteBusiness(DeleteBusiness body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -283,7 +285,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteBusiness(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteBusiness(em, body);
List<String> entityKeyList = body.getBusinessKey();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -323,6 +325,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
em.remove(obj);
}
+ @Override
public void deletePublisherAssertions(DeletePublisherAssertions body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -334,7 +337,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeletePublisherAssertions(em, body);
+ new ValidatePublish(publisher,ctx).validateDeletePublisherAssertions(em, body);
List<org.uddi.api_v3.PublisherAssertion> entityList = body.getPublisherAssertion();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -439,6 +442,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
}
+ @Override
public void deleteService(DeleteService body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -450,7 +454,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteService(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteService(em, body);
List<String> entityKeyList = body.getServiceKey();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -511,7 +515,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteTModel(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteTModel(em, body);
// tModels are only lazily deleted!
List<String> entityKeyList = body.getTModelKey();
@@ -637,7 +641,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
/**
* {@inheritdoc}
*
+ * @throws org.uddi.v3_service.DispositionReportFaultMessage
*/
+ @Override
public RegisteredInfo getRegisteredInfo(GetRegisteredInfo body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -649,7 +655,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateRegisteredInfo(body);
+ new ValidatePublish(publisher,ctx).validateRegisteredInfo(body);
List<?> businessKeysFound = null;
businessKeysFound = FindBusinessByPublisherQuery.select(em, null, publisher, businessKeysFound);
@@ -718,7 +724,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
/**
* {@inheritdoc}
*
+ * @throws org.uddi.v3_service.DispositionReportFaultMessage
*/
+ @Override
public BindingDetail saveBinding(SaveBinding body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -730,7 +738,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- ValidatePublish validator = new ValidatePublish(publisher);
+ ValidatePublish validator = new ValidatePublish(publisher,ctx);
validator.validateSaveBinding(em, body, null, publisher);
BindingDetail result = new BindingDetail();
@@ -783,7 +791,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
/**
* {@inheritdoc}
*
+ * @throws org.uddi.v3_service.DispositionReportFaultMessage
*/
+ @Override
public BusinessDetail saveBusiness(SaveBusiness body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -795,7 +805,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- ValidatePublish validator = new ValidatePublish(publisher);
+ ValidatePublish validator = new ValidatePublish(publisher,ctx);
validator.validateSaveBusiness(em, body, null, publisher);
BusinessDetail result = new BusinessDetail();
@@ -864,7 +874,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- ValidatePublish validator = new ValidatePublish(publisher);
+ ValidatePublish validator = new ValidatePublish(publisher,ctx);
validator.validateSaveService(em, body, null, publisher);
ServiceDetail result = new ServiceDetail();
@@ -927,7 +937,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- new ValidatePublish(publisher).validateSaveTModel(em, body, null, publisher);
+ new ValidatePublish(publisher,ctx).validateSaveTModel(em, body, null, publisher);
TModelDetail result = new TModelDetail();
@@ -999,7 +1009,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, authInfo);
- new ValidatePublish(publisher).validateSetPublisherAssertions(em, publisherAssertion);
+ new ValidatePublish(publisher,ctx).validateSetPublisherAssertions(em, publisherAssertion);
List<?> businessKeysFound = null;
businessKeysFound = FindBusinessByPublisherQuery.select(em, null, publisher, businessKeysFound);
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
index 24077c5..5d7eb56 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
@@ -71,6 +71,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri
serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
}
+ @Override
public void discardAuthToken(DiscardAuthToken body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -110,6 +111,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri
}
+ @Override
public AuthToken getAuthToken(GetAuthToken body)
throws DispositionReportFaultMessage {
@@ -122,7 +124,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri
}
public AuthToken getAuthToken(String publisherId)
- throws DispositionReportFaultMessage {
+ throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
if (publisherId == null || publisherId.length() == 0)
diff --git a/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java b/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java
index d67f940..6779cf3 100644
--- a/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java
+++ b/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java
@@ -257,7 +257,7 @@ public class AppConfig
* @return the APplicationConfuration Singleton Instance.
* @throws ConfigurationException
*/
- public static AppConfig getInstance() throws ConfigurationException
+ public static synchronized AppConfig getInstance() throws ConfigurationException
{
if (instance==null) {
instance = new AppConfig();
diff --git a/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java b/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java
index 1aaa2f7..bcbcdb4 100644
--- a/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java
+++ b/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java
@@ -117,7 +117,7 @@ public class UddiEntityPublisher {
if (key == null)
return false;
- if (keyGeneratorKeys == null)
+ if (keyGeneratorKeys == null)//||keyGeneratorKeys.isEmpty()
populateKeyGeneratorKeys(em);
if (! key.contains(KeyGenerator.PARTITION_SEPARATOR)) return true; //v2 style key
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java b/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java
index 8493d7f..a2d6d24 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java
@@ -15,7 +15,6 @@
*/
package org.apache.juddi.security;
-
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.configuration.ConfigurationException;
@@ -24,6 +23,7 @@ import org.apache.juddi.config.Property;
/**
* Provides an accessor to the access control mechanism
+ *
* @since 3.4
* @author Alex O'Ree
*/
@@ -33,11 +33,15 @@ public class AccessControlFactory {
private static IAccessControl instance = null;
/**
- * Gets an instance of IAccessControl using the following procedure, in order<br>
+ * Gets an instance of IAccessControl using the following procedure, in
+ * order<br>
* <ol>
- * <li>Using the judiv3.properties configuration file setting Property.JUDDI_FINE_GRAIN_ACCESS_CONTROL_PROVIDER</li>
- * <li>If the previous fails to load or is not defined, DefaultCorseAccessControlImpl</li>
+ * <li>Using the judiv3.properties configuration file setting
+ * Property.JUDDI_FINE_GRAIN_ACCESS_CONTROL_PROVIDER</li>
+ * <li>If the previous fails to load or is not defined,
+ * DefaultCorseAccessControlImpl</li>
* </ol>
+ *
* @return should never return null or throw exceptions
* @see DefaultCorseAccessControlImpl
* @see Property
@@ -71,4 +75,8 @@ public class AccessControlFactory {
}
return new AllowAllAccessControlImpl();
}
-}
\ No newline at end of file
+
+ public static synchronized void reset() {
+ instance = null;
+ }
+}
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
index 3363e8a..23bd2aa 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
@@ -19,6 +19,8 @@ import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.ws.WebServiceContext;
+import org.apache.juddi.api_v3.AccessLevel;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
@@ -34,8 +36,10 @@ import org.uddi.api_v3.OperationalInfo;
import org.uddi.api_v3.RelatedBusinessInfo;
import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.ServiceInfos;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
+import org.uddi.api_v3.TModelInfos;
import org.uddi.v3_service.DispositionReportFaultMessage;
/**
@@ -77,13 +81,13 @@ public class AllowAllAccessControlImpl implements IAccessControl {
}
@Override
- public List<ServiceInfo> filterServiceInfo(WebServiceContext arg0, UddiEntityPublisher user, List<ServiceInfo> arg2) {
- return new ArrayList<>(arg2);
+ public ServiceInfos filterServiceInfo(WebServiceContext arg0, UddiEntityPublisher user, ServiceInfos arg2) {
+ return (arg2);
}
@Override
- public List<TModelInfo> filterTModelInfo(WebServiceContext arg0, UddiEntityPublisher user, List<TModelInfo> arg2) {
- return new ArrayList<>(arg2);
+ public TModelInfos filterTModelInfo(WebServiceContext arg0, UddiEntityPublisher user, TModelInfos arg2) {
+ return (arg2);
}
@Override
@@ -103,4 +107,11 @@ public class AllowAllAccessControlImpl implements IAccessControl {
throw new FatalErrorException(new ErrorMessage("errors.Unsupported"));
}
+ @Override
+ public boolean hasPermission(AccessLevel arg0, WebServiceContext arg1, UddiEntityPublisher arg2, String arg3, EntityType arg4) {
+ return false;
+ }
+
+
+
}
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
index 588c67c..6f294e2 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
@@ -19,6 +19,7 @@ import java.rmi.RemoteException;
import java.util.List;
import javax.xml.ws.WebServiceContext;
import org.apache.juddi.api_v3.AccessLevel;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
@@ -29,11 +30,10 @@ import org.uddi.api_v3.BusinessEntity;
import org.uddi.api_v3.BusinessInfo;
import org.uddi.api_v3.BusinessService;
import org.uddi.api_v3.OperationalInfo;
-import org.uddi.api_v3.RelatedBusinessInfo;
import org.uddi.api_v3.RelatedBusinessInfos;
-import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.ServiceInfos;
import org.uddi.api_v3.TModel;
-import org.uddi.api_v3.TModelInfo;
+import org.uddi.api_v3.TModelInfos;
import org.uddi.v3_service.DispositionReportFaultMessage;
/**
@@ -58,9 +58,9 @@ public interface IAccessControl {
public RelatedBusinessInfos filtedRelatedBusinessInfos(WebServiceContext ctx, UddiEntityPublisher username, RelatedBusinessInfos bindings);
- public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<ServiceInfo> serviceInfo);
+ public ServiceInfos filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, ServiceInfos serviceInfo);
- public List<TModelInfo> filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<TModelInfo> tModelInfo);
+ public TModelInfos filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, TModelInfos tModelInfo);
public List<OperationalInfo> filterOperationalInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<OperationalInfo> operationalInfo);
@@ -68,4 +68,5 @@ public interface IAccessControl {
public SetPermissionsMessageResponse setPermissions(SetPermissionsMessageRequest arg0) throws DispositionReportFaultMessage, RemoteException;
-}
+ public boolean hasPermission(AccessLevel level, WebServiceContext ctx, UddiEntityPublisher username, String entityId, EntityType type);
+}
\ No newline at end of file
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java
index a502846..fac093f 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java
@@ -20,6 +20,7 @@ import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
+import javax.persistence.Transient;
import org.apache.juddi.api_v3.AccessLevel;
/**
@@ -62,6 +63,7 @@ public class RbacRulesModel implements Serializable {
return (level);
}
+ @Transient
public AccessLevel getAccessLevelAsEnum() {
return AccessLevel.valueOf(getAccessLevel());
}
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
index d813834..7888378 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
@@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.api_v3.AccessLevel;
import org.apache.juddi.api_v3.Action;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.Permission;
@@ -47,9 +48,11 @@ import org.uddi.api_v3.PublisherAssertion;
import org.uddi.api_v3.RelatedBusinessInfo;
import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.ServiceInfos;
import org.uddi.api_v3.SharedRelationships;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
+import org.uddi.api_v3.TModelInfos;
import org.uddi.v3_service.DispositionReportFaultMessage;
/**
@@ -72,6 +75,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
private static final Log log = LogFactory.getLog(RoleBasedAccessControlImpl.class);
private static final String REDACTED = ResourceConfig.getGlobalMessage("rbac.redacted");
+ public static final String EVERYONE = "everyone";
private void redact(BusinessService bs) {
bs.setBusinessKey(REDACTED);
@@ -85,8 +89,14 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
}
- private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules) {
+ private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules, String username) {
for (RbacRulesModel r : rules) {
+ if (r.getContainerRole().equalsIgnoreCase(EVERYONE)) {
+ if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny
+ {
+ return false;
+ }
+ }
if (ctx.isUserInRole(r.getContainerRole())) {
if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny
{
@@ -94,6 +104,29 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
}
return true;
}
+ if (ctx.getUserPrincipal() != null && ctx.getUserPrincipal().getName().equals(username)) {
+ if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny
+ {
+ return false;
+ }
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private boolean has(WebServiceContext ctx, List<RbacRulesModel> rules, AccessLevel requiredLevel) {
+ for (RbacRulesModel r : rules) {
+ if (r.getContainerRole().equalsIgnoreCase(EVERYONE)) {
+ if (r.getAccessLevelAsEnum().getLevel() >= requiredLevel.getLevel()) {
+ return true;
+ }
+ }
+ if (ctx.isUserInRole(r.getContainerRole())) {
+ if (r.getAccessLevelAsEnum().getLevel() >= requiredLevel.getLevel()) {
+ return true;
+ }
+ }
}
return false;
}
@@ -181,7 +214,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -217,7 +250,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -253,12 +286,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
if (bs.getServiceInfos() != null) {
- filterServiceInfo(ctx, username, bs.getServiceInfos().getServiceInfo());
+ filterServiceInfo(ctx, username, bs.getServiceInfos());
}
}
@@ -291,7 +324,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -331,7 +364,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
}
@@ -367,7 +400,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -397,7 +430,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact = true;
break; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact = true; //also access denied, either no matching role or an explicit deny
break;
}
@@ -407,7 +440,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact = true;
break;
}
-
+
if (username.isOwner(ue2)) {
//keep it
continue;
@@ -419,18 +452,18 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact = true;
break; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact = true; //also access denied, either no matching role or an explicit deny
break;
}
}
- if (redact){
-
+ if (redact) {
+
}
}
-
+
}
}
@@ -438,9 +471,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
}
@Override
- public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher username, List<ServiceInfo> items) {
+ public ServiceInfos filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher username, ServiceInfos items) {
- for (ServiceInfo si : items) {
+ if (items == null) {
+ return null;
+ }
+ for (ServiceInfo si : items.getServiceInfo()) {
UddiEntity ue = loadEntity(si.getServiceKey(), org.apache.juddi.model.BusinessService.class);
if (ue == null) {
si.setServiceKey(REDACTED);
@@ -458,7 +494,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
List<RbacRulesModel> rules = getPermissionSet(si.getServiceKey());
- if (!rules.isEmpty() && !hasReadAccess(ctx, rules)) {
+ if (!rules.isEmpty() && !hasReadAccess(ctx, rules, username.getAuthorizedName())) {
si.setServiceKey(REDACTED);
}
if (rules.isEmpty()) {
@@ -466,20 +502,20 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
if (rules.isEmpty()) {
si.setBusinessKey(REDACTED);
} else {
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
si.setBusinessKey(REDACTED);
}
}
}
}
- return new ArrayList<>(items);
+ return items;
}
@Override
- public List<TModelInfo> filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher username, List<TModelInfo> items) {
+ public TModelInfos filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher username, TModelInfos items) {
//TODO
- return new ArrayList(items);
+ return (items);
}
@Override
@@ -549,8 +585,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
for (Permission perm : arg0.getLevel()) {
if (perm.getAction() != Action.NOOP) {
Query createQuery = null;
-
- createQuery = em.createQuery("delete from RbacRulesModel c where c.uddiEntityId=:id and c.containerRole=:user");
+ createQuery = em.createQuery("delete from RbacRulesModel e where e.uddiEntityId=:id and e.containerRole=:user");
createQuery.setParameter("id", perm.getEntityId());
createQuery.setParameter("user", perm.getTarget());
createQuery.executeUpdate();
@@ -608,4 +643,46 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
bs.getSharedRelationships().clear();
}
+ @Override
+ public boolean hasPermission(AccessLevel level, WebServiceContext ctx, UddiEntityPublisher actor, String entityid, EntityType type) {
+
+ UddiEntity ue = null;
+
+ switch (type) {
+ case BINDING:
+ ue = loadEntity(entityid, org.apache.juddi.model.BindingTemplate.class);
+ break;
+ case BUSINESS:
+ ue = loadEntity(entityid, org.apache.juddi.model.BusinessEntity.class);
+ break;
+ case SERVICE:
+ ue = loadEntity(entityid, org.apache.juddi.model.BusinessService.class);
+ break;
+ case TMODEL:
+ ue = loadEntity(entityid, org.apache.juddi.model.Tmodel.class);
+ break;
+ default:
+ log.warn("umhandled case for " + type);
+ }
+
+ if (ue == null) {
+ return false;
+ }
+ if (actor == null) {
+ return false;
+
+ }
+ if (actor.isOwner(ue)) {
+ return true;
+ }
+
+ List<RbacRulesModel> rules = getPermissionSet(entityid);
+
+ if (rules.isEmpty()) {
+ return false;
+ }
+
+ return has(ctx, rules, level);
+ }
+
}
diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
index 4294c41..20a55cc 100644
--- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
+++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
@@ -30,15 +30,18 @@ import java.util.concurrent.atomic.AtomicReference;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
import javax.xml.ws.Holder;
+import javax.xml.ws.WebServiceContext;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.juddi.api_v3.AccessLevel;
import org.apache.juddi.api_v3.AccessPointType;
import org.apache.juddi.api_v3.DeleteClerk;
import org.apache.juddi.api_v3.DeleteNode;
import org.apache.juddi.api_v3.DeletePublisher;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.SavePublisher;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Constants;
@@ -54,6 +57,7 @@ import org.apache.juddi.model.UddiEntity;
import org.apache.juddi.model.UddiEntityPublisher;
import org.apache.juddi.query.FindBusinessByPublisherQuery;
import org.apache.juddi.query.FindTModelByPublisherQuery;
+import org.apache.juddi.security.AccessControlFactory;
import org.apache.juddi.v3.client.UDDIConstants;
import org.apache.juddi.v3.client.UDDIConstantsV2;
import org.apache.juddi.v3.client.config.TokenResolver;
@@ -117,7 +121,7 @@ public class ValidatePublish extends ValidateUDDIApi {
* This flag will add additional output to stdout for debugging
* purposes, set this to true if
*/
- private Log log = LogFactory.getLog(this.getClass());
+ private static final Log log = LogFactory.getLog(ValidatePublish.class);
/**
* used from Install class
@@ -133,6 +137,10 @@ public class ValidatePublish extends ValidateUDDIApi {
public ValidatePublish(UddiEntityPublisher publisher) {
super(publisher);
}
+
+ public ValidatePublish(UddiEntityPublisher publisher, WebServiceContext ctx) {
+ super(publisher,ctx);
+ }
public void validateDeleteBusiness(EntityManager em, DeleteBusiness body) throws DispositionReportFaultMessage {
@@ -207,7 +215,7 @@ public class ValidatePublish extends ValidateUDDIApi {
//if you're are the owner, access granted
//if you are an admin && this item belongs to this node, access granted
//else denied
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.SERVICE);
i++;
}
}
@@ -244,7 +252,7 @@ public class ValidatePublish extends ValidateUDDIApi {
throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.BindingTemplateNotFound", entityKey));
}
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.BINDING);
i++;
}
@@ -281,13 +289,13 @@ public class ValidatePublish extends ValidateUDDIApi {
throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.TModelNotFound", entityKey));
}
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.TMODEL);
i++;
}
}
- private void accessCheck(Object obj, String entityKey) throws UserMismatchException {
+ private void accessCheck(Object obj, String entityKey, EntityType type) throws UserMismatchException {
boolean accessCheck = false; //assume access denied
if (!((UddiEntity) obj).getNodeId().equals(nodeID)) {
//prevent changes to data owned by another node in a replicated environment
@@ -305,6 +313,10 @@ public class ValidatePublish extends ValidateUDDIApi {
&& nodeID.equals(((UddiEntity) obj).getNodeId())) {
accessCheck = true;
}
+
+ if ( nodeID.equals(((UddiEntity) obj).getNodeId()) &&
+ AccessControlFactory.getAccessControlInstance().hasPermission(AccessLevel.WRITE, ctx, publisher, entityKey,type)){
+ }
if (!accessCheck) {
throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey));
@@ -706,7 +718,7 @@ public class ValidatePublish extends ValidateUDDIApi {
entityExists = true;
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.BUSINESS);
} else {
// Inside this block, we have a key proposed by the publisher on a new entity
@@ -842,7 +854,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.SERVICE);
// If existing service trying to be saved has a different parent key, then we have a problem
if (!parentKey.equalsIgnoreCase(bs.getBusinessEntity().getEntityKey())) {
@@ -887,7 +899,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this parent entity.
- accessCheck(parentTemp, parentKey);
+ accessCheck(parentTemp, parentKey,EntityType.BUSINESS);
// if (!publisher.isOwner((UddiEntity) parentTemp)) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwnerParent", parentKey));
//}
@@ -997,7 +1009,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.BINDING);
//if (!publisher.isOwner((UddiEntity) obj)&& !((Publisher) publisher).isAdmin()) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey));
// }
@@ -1035,7 +1047,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this parent entity.
- accessCheck(parentTemp, parentKey);
+ accessCheck(parentTemp, parentKey,EntityType.SERVICE);
// if (!publisher.isOwner((UddiEntity) parentTemp)) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwnerParent", parentKey));
// }
@@ -1092,7 +1104,7 @@ public class ValidatePublish extends ValidateUDDIApi {
entityExists = true;
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.TMODEL);
//if (!publisher.isOwner((UddiEntity) obj)&& !((Publisher) publisher).isAdmin()) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey));
// }
diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java
index 6ffcfeb..ed3c127 100644
--- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java
+++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java
@@ -14,13 +14,12 @@
* limitations under the License.
*
*/
-
package org.apache.juddi.validation;
-
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.persistence.EntityManager;
+import javax.xml.ws.WebServiceContext;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Property;
@@ -37,50 +36,68 @@ import org.uddi.v3_service.DispositionReportFaultMessage;
*/
public abstract class ValidateUDDIApi {
- protected UddiEntityPublisher publisher;
- protected String nodeID=null;
-
- /**
- * This is used only during the install process to prevent infinite loops
- * @param publisher
- * @param nodeid
- */
- public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid) {
- this.publisher = publisher;
- this.nodeID = nodeid;
- }
-
- public ValidateUDDIApi(UddiEntityPublisher publisher) {
- this.publisher = publisher;
- try {
- this.nodeID = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID);
- } catch (ConfigurationException ex) {
- Logger.getLogger(ValidateUDDIApi.class.getName()).log(Level.SEVERE, "unable to get the current node id, this may cause access control problems"
- + " and must be fixed. set " + Property.JUDDI_NODE_ID + " in juddiv3.xml", ex);
- }
- }
+ protected UddiEntityPublisher publisher;
+ protected String nodeID = null;
+ protected WebServiceContext ctx=null;
+
+ /**
+ * This is used only during the install process to prevent infinite loops
+ *
+ * @param publisher
+ * @param nodeid
+ */
+ public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid,WebServiceContext ctx ) {
+ this.publisher = publisher;
+ this.nodeID = nodeid;
+ this.ctx=ctx;
+ }
+
+ public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid) {
+ this.publisher = publisher;
+ this.nodeID = nodeid;
+
+ }
+
+
+
+ public ValidateUDDIApi(UddiEntityPublisher publisher){
+ this(publisher,(WebServiceContext)null);
+ }
+
+ public ValidateUDDIApi(UddiEntityPublisher publisher,WebServiceContext ctx) {
+ this.publisher = publisher;
+ this.ctx=ctx;
+ try {
+ this.nodeID = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID);
+ } catch (ConfigurationException ex) {
+ Logger.getLogger(ValidateUDDIApi.class.getName()).log(Level.SEVERE, "unable to get the current node id, this may cause access control problems"
+ + " and must be fixed. set " + Property.JUDDI_NODE_ID + " in juddiv3.xml", ex);
+ }
+ }
+
+ public UddiEntityPublisher getPublisher() {
+ return publisher;
+ }
+
+ public void setPublisher(UddiEntityPublisher publisher) {
+ this.publisher = publisher;
+ }
+
+ public static void unsupportedAPICall() throws DispositionReportFaultMessage {
+ throw new UnsupportedException(new ErrorMessage("errors.Unsupported"));
+ }
+
+ public static boolean isUniqueKey(EntityManager em, String entityKey) {
+ Object obj = em.find(UddiEntity.class, entityKey);
+ if (obj != null) {
+ return false;
+ }
- public UddiEntityPublisher getPublisher() {
- return publisher;
- }
+ obj = em.find(Subscription.class, entityKey);
+ if (obj != null) {
+ return false;
+ }
- public void setPublisher(UddiEntityPublisher publisher) {
- this.publisher = publisher;
- }
-
- public static void unsupportedAPICall() throws DispositionReportFaultMessage {
- throw new UnsupportedException(new ErrorMessage("errors.Unsupported"));
- }
-
- public static boolean isUniqueKey(EntityManager em, String entityKey) {
- Object obj = em.find(UddiEntity.class, entityKey);
- if (obj != null)
- return false;
-
- obj = em.find(Subscription.class, entityKey);
- if (obj != null)
- return false;
-
- return true;
- }
+ return true;
+ }
}
diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
index 802c9af..4962f8e 100644
--- a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
+++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
@@ -15,13 +15,38 @@
*/
package org.apache.juddi.api.impl;
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.Registry;
+import org.apache.juddi.api.impl.mock.WebServiceContextMock;
+import org.apache.juddi.api_v3.AccessLevel;
+import org.apache.juddi.api_v3.Action;
+import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
+import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
+import org.apache.juddi.api_v3.*;
+import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
+import org.apache.juddi.config.AppConfig;
+import org.apache.juddi.security.AccessControlFactory;
+import org.apache.juddi.security.rbac.RbacRulesModel;
+import org.apache.juddi.security.rbac.RoleBasedAccessControlImpl;
+import org.apache.juddi.v3.tck.TckBusiness;
+import org.apache.juddi.v3.tck.TckFindEntity;
+import org.apache.juddi.v3.tck.TckPublisher;
+import org.apache.juddi.v3.tck.TckTModel;
+
+import org.junit.Assert;
+
+import org.apache.juddi.v3.tck.TckSecurity;
+
import org.apache.juddi.v3.tck.TckSubscription;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.Test;
+import org.uddi.api_v3.TModel;
import org.uddi.v3_service.UDDISecurityPortType;
/**
@@ -29,19 +54,124 @@ import org.uddi.v3_service.UDDISecurityPortType;
* @author Alex O'Ree
*/
public class API_180_RbacSecurityTest {
-
- private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class);
- private JUDDIApiImpl publisher = new JUDDIApiImpl();
- private UDDISecurityPortType security = new UDDISecurityImpl();
- private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl());
-
- @BeforeClass
- public static void startRegistry() throws ConfigurationException {
- Registry.start();
+
+ private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class);
+
+ private static void grant(AccessLevel accessLevel, List<String> keys, String user) throws Exception {
+ JUDDIApiImpl publisher = new JUDDIApiImpl();
+ SetPermissionsMessageRequest req = new SetPermissionsMessageRequest();
+ req.setAuthInfo(authInfoUDDI);
+ for (String key : keys) {
+
+ Permission level = new Permission();
+ level.setAction(Action.ADD);
+ level.setEntityId(key);
+ level.setLevel(accessLevel);
+ level.setTarget(user);
+ level.setType(null);
+ req.getLevel().add(level);
+ }
+ SetPermissionsMessageResponse response = publisher.setPermissions(req);
+ }
+
+ private JUDDIApiImpl publisher = new JUDDIApiImpl();
+ private UDDISecurityPortType security = new UDDISecurityImpl();
+ private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl());
+
+ private static API_010_PublisherTest api010 = new API_010_PublisherTest();
+ private static TckTModel tckTModel = new TckTModel(new UDDIPublicationImpl(), new UDDIInquiryImpl());
+ private static TckBusiness tckBusiness = new TckBusiness(new UDDIPublicationImpl(), new UDDIInquiryImpl());
+ private static TckFindEntity tckFindEntity = new TckFindEntity(new UDDIInquiryImpl());
+ private static String authInfoJoe = null;
+ private static String authInfoSam = null;
+ private static final String TEST_ROLE = "TESTROLE1";
+ private static String authInfoUDDI = null;
+
+ @BeforeClass
+ public static void startRegistry() throws ConfigurationException {
+ System.setProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY, "src/test/resources/juddiv3rbac.xml");
+ Registry.start();
+ AccessControlFactory.reset();
+ Assert.assertTrue(AccessControlFactory.getAccessControlInstance() instanceof RoleBasedAccessControlImpl);
+ logger.info("API_180_RbacSecurityTest");
+ logger.debug("Getting auth token..");
+ try {
+ api010.saveJoePublisher();
+ api010.saveSamSyndicator();
+ UDDISecurityPortType security = new UDDISecurityImpl();
+ authInfoJoe = TckSecurity.getAuthToken(security, TckPublisher.getJoePublisherId(), TckPublisher.getJoePassword());
+ authInfoSam = TckSecurity.getAuthToken(security, TckPublisher.getSamPublisherId(), TckPublisher.getSamPassword());
+ authInfoUDDI = TckSecurity.getAuthToken(security, TckPublisher.getUDDIPublisherId(), TckPublisher.getUDDIPassword());
+ TModel m = tckTModel.saveUDDIPublisherTmodel(authInfoUDDI);
+ List<String> keys = new ArrayList<>();
+ keys.add(m.getTModelKey());
+ keys.clear();
+ grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
+ keys = tckTModel.saveTModels(authInfoUDDI, TckTModel.TMODELS_XML);
+
+ grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
+ tckTModel.saveJoePublisherTmodel(authInfoJoe);
+ tckBusiness.saveJoePublisherBusiness(authInfoJoe);
+ } catch (Exception e) {
+ logger.error(e.getMessage(), e);
+ Assert.fail("Could not obtain authInfo token.");
}
+ }
+
+ @AfterClass
+ public static void stopRegistry() throws ConfigurationException {
+ tckTModel.deleteCreatedTModels(authInfoJoe);
+ Registry.stop();
+ System.clearProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY);
+ AppConfig.triggerReload();
+ }
+
+ @Test
+ public void getSetDeletePerm() throws Exception {
+ publisher.ctx = new WebServiceContextMock(TckPublisher.getUDDIPublisherId(), TEST_ROLE);
+
+ GetPermissionsMessageRequest request = new GetPermissionsMessageRequest();
+ request.setAuthInfo(authInfoUDDI);
- @AfterClass
- public static void stopRegistry() throws ConfigurationException {
- Registry.stop();
+ GetPermissionsMessageResponse permissions = publisher.getPermissions(request);
+ //Assert.assertTrue(permissions.getLevel().isEmpty());
+
+ SetPermissionsMessageRequest req = new SetPermissionsMessageRequest();
+ req.setAuthInfo(authInfoUDDI);
+ Permission level = new Permission();
+ level.setAction(Action.ADD);
+ level.setEntityId(TckBusiness.JOE_BUSINESS_KEY);
+ level.setLevel(AccessLevel.READ);
+ level.setTarget(TckPublisher.getSamPublisherId());
+ level.setType(null);
+ req.getLevel().add(level);
+
+ SetPermissionsMessageResponse response = publisher.setPermissions(req);
+ Assert.assertNotNull(response);
+ permissions = publisher.getPermissions(request);
+ //Assert.assertEquals(permissions.getLevel().size(), 1);
+ boolean ok =false;
+ Permission p1=null;
+ for (Permission p:permissions.getLevel()){
+ if (p.getTarget().equals(TckPublisher.getSamPublisherId())
+ && p.getEntityId().equals(TckBusiness.JOE_BUSINESS_KEY)
+ && p.getLevel()==AccessLevel.READ){
+ ok=true;
+ p1=p;
+ }
+
+
}
+ Assert.assertTrue(ok);
+
+
+ p1.setAction(Action.REMOVE);
+ req.getLevel().clear();
+ req.getLevel().add(p1);
+ response = publisher.setPermissions(req);
+ Assert.assertNotNull(response);
+ permissions = publisher.getPermissions(request);
+ //Assert.assertEquals(permissions.getLevel().size(), 0);
+
+ }
}
diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java
new file mode 100644
index 0000000..c0cfa00
--- /dev/null
+++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2019 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.juddi.api.impl.mock;
+
+import java.security.Principal;
+import javax.xml.ws.EndpointReference;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+import org.w3c.dom.Element;
+
+/**
+ *
+ * @author AO
+ */
+public class WebServiceContextMock implements WebServiceContext {
+
+ public String role;
+ public String username;
+
+ public WebServiceContextMock(String username, String role) {
+ this.role = role;
+ this.username = username;
+
+ }
+
+ @Override
+ public MessageContext getMessageContext() {
+ return null;
+ }
+
+ @Override
+ public Principal getUserPrincipal() {
+ return new Principal() {
+ @Override
+ public String getName() {
+ return username;
+ }
+ };
+ }
+
+ @Override
+ public boolean isUserInRole(String arg0) {
+ return arg0.equals(role);
+ }
+
+ @Override
+ public EndpointReference getEndpointReference(Element... arg0) {
+ return null;
+ }
+
+ @Override
+ public <T extends EndpointReference> T getEndpointReference(Class<T> arg0, Element... arg1) {
+ return null;
+ }
+
+}
diff --git a/juddi-core/src/test/resources/META-INF/persistence.xml b/juddi-core/src/test/resources/META-INF/persistence.xml
index 725e81e..d4f2738 100644
--- a/juddi-core/src/test/resources/META-INF/persistence.xml
+++ b/juddi-core/src/test/resources/META-INF/persistence.xml
@@ -90,6 +90,8 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
diff --git a/juddi-core/src/test/resources/juddiv3rbac.xml b/juddi-core/src/test/resources/juddiv3rbac.xml
new file mode 100644
index 0000000..836264f
--- /dev/null
+++ b/juddi-core/src/test/resources/juddiv3rbac.xml
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+* Copyright 2001-2009 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICenSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+*/ -->
+<!--
+################################################################
+# jUDDI-v3.0 configuration. #
+################################################################
+# Note that the property settings in this #
+# file can be overriden by system parameters #
+# #
+################################################################
+-->
+<config>
+ <juddi>
+ <!-- The ${juddi.server.baseurl} token can be referenced in accessPoints and will be resolved at runtime. -->
+ <server>
+ <baseurl>http://localhost:8080/juddiv3</baseurl>
+ <baseurlsecure>https://localhost:8443/juddiv3</baseurlsecure>
+ </server>
+ <!-- The node Id must be unique when setup in a cluster of UDDI servers implementing the replication API
+ don't worry, jUDDI doesn't implement it right now, but it may come in the future -->
+ <nodeId>uddi:juddi.apache.org:node1</nodeId>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <root>
+ <!-- this is the 'root' username, or owner of the node -->
+ <publisher>root</publisher>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <businessId>uddi:juddi.apache.org:businesses-asf</businessId>
+ <partition>uddi:juddi.apache.org</partition>
+ </root>
+ <seed>
+ <always>false</always>
+ </seed>
+
+ <!-- Name of the persistence unit to use (the default, "juddiDatabase" refers to the unit compiled into the juddi library)-->
+ <persistenceunit>
+ <name>juddiDatabase</name>
+ </persistenceunit>
+
+ <!-- Check-the-time-stamp-on-this-file Interval in milli seconds -->
+ <configuration>
+ <reload>
+ <delay>2000</delay>
+ </reload>
+ </configuration>
+ <!--Default locale-->
+ <locale>en_US</locale>
+
+ <!--The UDDI Operator Contact Email Address-->
+ <operatorEmailAddress>admin@local.localhost</operatorEmailAddress>
+
+ <!-- The maximum name size and maximum number of name elements allows in several of the FindXxxx and SaveXxxx UDDI functions.-->
+ <maxNameLength>255</maxNameLength>
+ <maxNameElementsAllowed>5</maxNameElementsAllowed>
+
+
+ <!-- The maximum number of rows returned in a find_* operation. Each call can set this independently, but this property defines a global maximum.-->
+ <maxRows>1000</maxRows>
+ <!-- The maximum number of "IN" clause parameters. Some RDMBS limit the number of parameters allowed in a SQL "IN" clause.-->
+ <maxInClause>1000</maxInClause>
+
+ <!-- The maximum number of UDDI artifacts allowed per publisher. A value of '-1' indicates any number of artifacts is valid (These values can be overridden at the individual publisher level).-->
+ <maxBusinessesPerPublisher>100</maxBusinessesPerPublisher>
+ <maxServicesPerBusiness>100</maxServicesPerBusiness>
+ <maxBindingsPerService>100</maxBindingsPerService>
+ <maxTModelsPerPublisher>100</maxTModelsPerPublisher>
+
+ <!-- Days before a transfer request expires-->
+ <transfer>
+ <expiration>
+ <days>3</days>
+ </expiration>
+ </transfer>
+
+ <!-- Days before a subscription expires-->
+ <subscription>
+ <expiration>
+ <days>30</days>
+ </expiration>
+
+ <!-- Minutes before a "chunked" subscription call expires-->
+ <chunkexpiration>
+ <minutes>5</minutes>
+ </chunkexpiration>
+
+ <!--Since 3.1.5 the maxium ammount of returned subscription entities allowed-->
+ <maxentities>1000</maxentities>
+ </subscription>
+
+ <!-- jUDDI UUIDGen implementation to use-->
+ <uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
+
+ <!-- jUDDI Cryptor implementation to use-->
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
+
+ <!-- jUDDI Key Generator to use-->
+ <keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
+
+ <notification>
+ <!-- Specifies the interval at which the notification timer triggers-->
+ <interval>5000</interval>
+ <!-- Specifies the amount of time to wait before the notification timer initially fires-->
+ <start>
+ <buffer>0</buffer>
+ </start>
+ <acceptableLagtime>1000</acceptableLagtime>
+ <maxTries>3</maxTries>
+ <!-- 10 minutes -->
+ <maxTriesResetInterval>600000</maxTriesResetInterval>
+ <sendAuthTokenWithResultList>false</sendAuthTokenWithResultList>
+ </notification>
+ <!-- All Authentication related settings -->
+ <auth>
+ <!-- Specifies whether the inquiry API requires authentication, all other APIs require authN-->
+ <Inquiry>false</Inquiry>
+
+ <!-- When using file based authentication, this is the filename to use
+ <usersfile>juddi-users.xml</usersfile>-->
+ <!-- jUDDI Authentication module to use-->
+ <authenticator>
+ <!-- build in Authenticators:
+ org.apache.juddi.v3.auth.JUDDIAuthenticator - no authentication
+ LDAP Based
+ org.apache.juddi.v3.auth.LdapSimpleAuthenticator - use LDAP
+ org.apache.juddi.v3.auth.LdapExpandedAuthenticator - use LDAP
+
+ File based, see usersfile
+ org.apache.juddi.v3.auth.XMLDocAuthenticator - XML doc, clear text
+ org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - XML doc, encrypted
+ org.apache.juddi.v3.auth.MD5XMLDocAuthenticator - XML doc, Hashed
+ -->
+ <class>org.apache.juddi.v3.auth.JUDDIAuthenticator</class>
+ <!-- other settings
+ url
+ initialcontext
+ style
+ ldapexp
+ -->
+ </authenticator>
+
+ <token>
+ <!-- Time in minutes to expire tokes after inactivity-->
+ <Timeout>15</Timeout>
+ <!-- As of 3.1.5 Duration of time for tokens to expire, regardless of inactivity -->
+ <Expiration>15</Expiration>
+ </token>
+ </auth>
+
+
+
+
+ <validation>
+ <!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true. set to false for backwards compatibility or for a more lax registry-->
+ <enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+ </validation>
+
+ <!--As of 3.1.5 Email delivery options for subscription API functions-->
+ <mail>
+ <smtp>
+ <!--The Operator’s Email address
+ <from>admin@local.localhost</from>-->
+
+ <!--the hostname of the SMTP server
+ <host>localhost</host>-->
+
+ <!--The portname of the SMTP server
+ <port>25</port>-->
+
+ <!--If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.-->
+ <socketFactory>
+ <!--<class></class>-->
+
+ <!--If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true.
+ <fallback>true</fallback>-->
+ <!--Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used.
+ <port>25</port>-->
+ </socketFactory>
+ <!--if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false.
+ <starttls>
+ <enabled>false</enabled>
+ </starttls>-->
+
+ <!--If true, attempt to authenticate the user using the AUTH command. Defaults to false.
+ <auth>false</auth>-->
+
+ <!--Username used to authenticate to the SMTP server used only if mail.smtp.auth is true
+ <user>user</user>-->
+
+ <!--Password used to authenticate to the SMTP server, used only if mail.smtp.auth is true
+ <password encrypted="false">pass</password>-->
+ </smtp>
+ </mail>
+
+
+ <!-- additional access control module
+ provides item level access permissions.
+ default is everyone can read everything, only owners can change stuff
+ -->
+ <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider>
+ </juddi>
+</config>
\ No newline at end of file
diff --git a/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml
index 2480261..e44aece 100644
--- a/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml
+++ b/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml
@@ -97,6 +97,7 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
diff --git a/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml
index 433defb..48ecc33 100644
--- a/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml
+++ b/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml
@@ -98,7 +98,8 @@ under the License.
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
-
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
diff --git a/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml
index b9ffdd6..ad4777e 100644
--- a/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml
+++ b/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml
@@ -97,7 +97,8 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
-
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
index 4fc25e1..a089670 100644
--- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
+++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
@@ -318,6 +318,7 @@ public class TckBusiness {
// Now get the entity and check the values
GetBusinessDetail gb = new GetBusinessDetail();
gb.getBusinessKey().add(businessKey);
+ gb.setAuthInfo(authInfo);
BusinessDetail bd = inquiry.getBusinessDetail(gb);
List<BusinessEntity> beOutList = bd.getBusinessEntity();
BusinessEntity beOut = beOutList.get(0);
diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java
index 1feadf4..6bee798 100644
--- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java
+++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java
@@ -14,6 +14,7 @@
*/
package org.apache.juddi.v3.tck;
+import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import static junit.framework.Assert.assertEquals;
@@ -92,15 +93,17 @@ public class TckTModel {
*
* @param authInfo
* @param tModelXml this is a relative file path
+ * @return all created tmodel keys
*/
- public void saveTModels(String authInfo, String tModelXml) {
-
+ public List<String> saveTModels(String authInfo, String tModelXml) {
+ List<String> keys = new ArrayList<>();
// Add tModels
try {
SaveTModel st = (org.uddi.api_v3.SaveTModel) EntityCreator.buildFromDoc(tModelXml, "org.uddi.api_v3");
for (int i = 0; i < st.getTModel().size(); i++) {
saveTModel(authInfo, st.getTModel().get(i), false);
+ keys.add(st.getTModel().get(i).getTModelKey());
}
//st.setAuthInfo(authInfo);
//publication.saveTModel(st);
@@ -109,6 +112,7 @@ public class TckTModel {
logger.error(e.getMessage(), e);
Assert.fail("No exception should be thrown");
}
+ return keys;
}
public TModel saveTModel(String authInfo, TModel tmIn, boolean force) {
@@ -139,6 +143,7 @@ public class TckTModel {
keyscreated.add(tmIn.getTModelKey());
// Now get the entity and check the values
GetTModelDetail gt = new GetTModelDetail();
+ gt.setAuthInfo(authInfo);
gt.getTModelKey().add(tmIn.getTModelKey());
TModelDetail td = inquiry.getTModelDetail(gt);
List<org.uddi.api_v3.TModel> tmOutList = td.getTModel();
@@ -276,8 +281,8 @@ public class TckTModel {
* creates key generator
* @param authInfoTM
*/
- public void saveUDDIPublisherTmodel(String authInfoTM) {
- saveTModel(authInfoTM, TMODEL_PUBLISHER_TMODEL_XML, TMODEL_PUBLISHER_TMODEL_KEY, false);
+ public TModel saveUDDIPublisherTmodel(String authInfoTM) {
+ return saveTModel(authInfoTM, TMODEL_PUBLISHER_TMODEL_XML, TMODEL_PUBLISHER_TMODEL_KEY, false);
}
public void saveTmodels(String authInfoJoe) {
diff --git a/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java b/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java
index 294bc8d..9317cc7 100644
--- a/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java
+++ b/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java
@@ -27,11 +27,11 @@ import javax.xml.bind.annotation.XmlType;
@XmlEnum
public enum AccessLevel {
- NONE,
- READ,
- WRITE,
- OWN,
- CREATE;
+ NONE((short)0),
+ READ((short)1),
+ WRITE((short)2),
+ OWN((short)3),
+ CREATE((short)4);
public String value() {
return name();
@@ -40,5 +40,14 @@ public enum AccessLevel {
public static AccessLevel fromValue(String v) {
return valueOf(v);
}
-
+
+ private final short value;
+
+ private AccessLevel(short val){
+ value=val;
+ }
+
+ public short getLevel(){
+ return value;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org
[juddi] 02/02: JUDDI-558 WIP
Posted by al...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
alexoree pushed a commit to branch feature/JUDDI-558
in repository https://gitbox.apache.org/repos/asf/juddi.git
commit 56fb8a92c1ee463ec166b386d9642cd3453d184d
Author: Alex O'Ree <al...@apache.org>
AuthorDate: Thu Dec 12 17:14:24 2019 -0500
JUDDI-558 WIP
---
.../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 4 ++--
.../security/rbac/RoleBasedAccessControlImpl.java | 2 +-
.../juddi/api/impl/API_180_RbacSecurityTest.java | 22 +++++++++++-----------
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
index ea1d530..b3cbfb4 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
@@ -507,11 +507,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry
long procTime = System.currentTimeMillis() - startTime;
serviceCounter.update(InquiryQuery.GET_BUSINESSDETAIL, QueryStatus.SUCCESS, procTime);
- List<org.uddi.api_v3.BusinessEntity> FilterBindingTemplates =
+ List<org.uddi.api_v3.BusinessEntity> filterBindingTemplates =
AccessControlFactory.getAccessControlInstance().filterBusinesses(
this.ctx, entityPublisher, result.getBusinessEntity());
result.getBusinessEntity().clear();
- result.getBusinessEntity().addAll(FilterBindingTemplates);
+ result.getBusinessEntity().addAll(filterBindingTemplates);
return result;
} finally {
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
index 7888378..ce4203c 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
@@ -230,7 +230,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
//load access rules from database
for (BusinessEntity bs : items) {
//get the permission for this entity.
- UddiEntity ue = loadEntity(bs.getBusinessKey(), org.apache.juddi.model.BusinessService.class);
+ UddiEntity ue = loadEntity(bs.getBusinessKey(), org.apache.juddi.model.BusinessEntity.class);
if (ue == null) {
redact(bs);
continue; //access denied
diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
index 4962f8e..f36dcf1 100644
--- a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
+++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
@@ -105,10 +105,10 @@ public class API_180_RbacSecurityTest {
TModel m = tckTModel.saveUDDIPublisherTmodel(authInfoUDDI);
List<String> keys = new ArrayList<>();
keys.add(m.getTModelKey());
- keys.clear();
+ // keys.clear();
grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
keys = tckTModel.saveTModels(authInfoUDDI, TckTModel.TMODELS_XML);
-
+ keys.clear();
grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
tckTModel.saveJoePublisherTmodel(authInfoJoe);
tckBusiness.saveJoePublisherBusiness(authInfoJoe);
@@ -123,7 +123,9 @@ public class API_180_RbacSecurityTest {
tckTModel.deleteCreatedTModels(authInfoJoe);
Registry.stop();
System.clearProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY);
+
AppConfig.triggerReload();
+ AccessControlFactory.reset();
}
@Test
@@ -150,20 +152,18 @@ public class API_180_RbacSecurityTest {
Assert.assertNotNull(response);
permissions = publisher.getPermissions(request);
//Assert.assertEquals(permissions.getLevel().size(), 1);
- boolean ok =false;
- Permission p1=null;
- for (Permission p:permissions.getLevel()){
+ boolean ok = false;
+ Permission p1 = null;
+ for (Permission p : permissions.getLevel()) {
if (p.getTarget().equals(TckPublisher.getSamPublisherId())
&& p.getEntityId().equals(TckBusiness.JOE_BUSINESS_KEY)
- && p.getLevel()==AccessLevel.READ){
- ok=true;
- p1=p;
+ && p.getLevel() == AccessLevel.READ) {
+ ok = true;
+ p1 = p;
}
-
-
+
}
Assert.assertTrue(ok);
-
p1.setAction(Action.REMOVE);
req.getLevel().clear();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org