You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2006/12/30 22:56:54 UTC
svn commit: r491329 - in /directory/sandbox/triplesec-jacc: ./ jacc/
jacc/src/main/java/org/apache/directory/
jacc/src/main/java/org/apache/directory/triplesec/
jacc/src/main/java/org/apache/directory/triplesec/jacc/
jacc/src/main/java/org/apache/geron...
Author: djencks
Date: Sat Dec 30 13:56:54 2006
New Revision: 491329
URL: http://svn.apache.org/viewvc?view=rev&rev=491329
Log:
move the beginnings of a jacc implementation over from geronimo
Added:
directory/sandbox/triplesec-jacc/jacc/
- copied from r491319, geronimo/sandbox/triplesec/geronimo-triplesec/
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java (with props)
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java (with props)
Removed:
directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/geronimo/triplesec/
Modified:
directory/sandbox/triplesec-jacc/jacc/pom.xml
directory/sandbox/triplesec-jacc/pom.xml
Modified: directory/sandbox/triplesec-jacc/jacc/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/pom.xml?view=diff&rev=491329&r1=491319&r2=491329
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jacc/pom.xml Sat Dec 30 13:56:54 2006
@@ -22,17 +22,22 @@
<modelVersion>4.0.0</modelVersion>
<parent>
- <groupId>org.apache.geronimo.triplesec</groupId>
- <artifactId>modules</artifactId>
- <version>1.2-SNAPSHOT</version>
+ <groupId>org.apache.directory.triplesec</groupId>
+ <artifactId>build</artifactId>
+ <version>1.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
- <artifactId>geronimo-triplesec</artifactId>
- <name>Geronimo :: TripleSec</name>
+ <artifactId>triplesec-jacc</artifactId>
+ <name>TripleSec :: JACC</name>
<dependencies>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>triplesec-jaas</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-j2ee-jacc_1.0_spec</artifactId>
Added: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java?view=auto&rev=491329
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java (added)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java Sat Dec 30 13:56:54 2006
@@ -0,0 +1,167 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.directory.triplesec.jacc;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.util.Enumeration;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.directory.triplesec.guardian.Profile;
+import org.apache.directory.triplesec.jaas.SafehausPrincipal;
+
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class TripleSecPolicyConfiguration implements PolicyConfiguration {
+ final static int OPEN = 1;
+ final static int IN_SERVICE = 2;
+ final static int DELETED = 3;
+
+ private final String contextID;
+ private int state;
+
+ TripleSecPolicyConfiguration(String contextID) {
+ this.contextID = contextID;
+ this.state = OPEN;
+ }
+
+ public String getContextID() throws PolicyContextException {
+ return contextID;
+ }
+
+ public boolean implies(ProtectionDomain domain, Permission permission) {
+
+ Principal[] principals = domain.getPrincipals();
+ if (principals.length == 0) return false;
+
+ for (int i = 0; i < principals.length; i++) {
+ Principal principal = principals[i];
+ if (principal instanceof SafehausPrincipal) {
+ Profile profile = ((SafehausPrincipal)principal).getAuthorizationProfile(contextID);
+
+ return profile.implies(permission);
+
+ }
+ }
+ // if no TripleSec principal found, deny access.
+ return false;
+ }
+
+ public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ Enumeration e = permissions.elements();
+ while (e.hasMoreElements()) {
+ addToRole(roleName, (Permission) e.nextElement());
+ }
+ }
+
+ public void addToRole(String roleName, Permission permission) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ //TODO Install contextId/rolename to permission association in TripleSec LDAP
+ }
+
+ public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ Enumeration e = permissions.elements();
+ while (e.hasMoreElements()) {
+ addToUncheckedPolicy((Permission) e.nextElement());
+ }
+ }
+
+ public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ //TODO Install permission association in TripleSec LDAP unchecked role
+ }
+
+ public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ Enumeration e = permissions.elements();
+ while (e.hasMoreElements()) {
+ addToExcludedPolicy((Permission) e.nextElement());
+ }
+ }
+
+ public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ //TODO Install permission association in TripleSec LDAP excluded (denied) role
+ }
+
+ public void removeRole(String roleName) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ //TODO remove contextId/role (?? maybe role in all contextIds?) from TripleSec LDAP
+ }
+
+ public void removeUncheckedPolicy() throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ //TODO remove contextId/unchecked (?? maybe unchecked in all contextIds?) from TripleSec LDAP
+ }
+
+ public void removeExcludedPolicy() throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ //TODO remove contextId/excluded (?? maybe excluded in all contextIds?) from TripleSec LDAP
+ }
+
+ public void linkConfiguration(javax.security.jacc.PolicyConfiguration link) throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+ }
+
+ public void delete() throws PolicyContextException {
+ state = DELETED;
+ }
+
+ public void commit() throws PolicyContextException {
+ if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
+
+ state = IN_SERVICE;
+ }
+
+ public boolean inService() throws PolicyContextException {
+ return (state == IN_SERVICE);
+ }
+
+ //TODO I have no idea what side effects this might have, but it's needed in some form from GeronimoPolicyConfigurationFactory.
+ //see JACC spec 1.0 section 3.1.1.1 discussion of in service and deleted.
+ //spec p. 31 3.1.7 on the effects of remove:
+ //If the getPolicyConfiguration method is used, the value true should be passed as the second
+ // argument to cause the corresponding policy statements to be deleted from the context.
+ public void open(boolean remove) {
+ if (remove) {
+ //TODO Clear triplesec ldap for this contextId (??)
+ }
+ state = OPEN;
+ }
+
+ int getState() {
+ return state;
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java?view=auto&rev=491329
==============================================================================
--- directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java (added)
+++ directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java Sat Dec 30 13:56:54 2006
@@ -0,0 +1,72 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.directory.triplesec.jacc;
+
+import java.util.HashMap;
+import java.util.Map;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class TripleSecPolicyConfigurationFactory extends PolicyConfigurationFactory {
+
+ private final Log log = LogFactory.getLog(TripleSecPolicyConfigurationFactory.class);
+ private static TripleSecPolicyConfigurationFactory singleton;
+ private Map configurations = new HashMap();
+
+ public TripleSecPolicyConfigurationFactory() {
+ synchronized (TripleSecPolicyConfigurationFactory.class) {
+ if (singleton != null) {
+ log.error("Singleton already assigned. There may be more than one TripleSecPolicyConfigurationFactory being used.");
+ throw new IllegalStateException("Singleton already assigned");
+ }
+ singleton = this;
+ }
+ }
+
+ public PolicyConfiguration getPolicyConfiguration(String contextID, boolean remove) throws PolicyContextException {
+ TripleSecPolicyConfiguration configuration = (TripleSecPolicyConfiguration) configurations.get(contextID);
+
+ if (configuration == null) {
+ configuration = new TripleSecPolicyConfiguration(contextID);
+ configurations.put(contextID, configuration);
+ } else {
+ configuration.open(remove);
+ }
+
+ log.trace("Get " + (remove ? "CLEANED" : "") + " policy configuration " + contextID);
+ return configuration;
+ }
+
+ public boolean inService(String contextID) throws PolicyContextException {
+ PolicyConfiguration configuration = getPolicyConfiguration(contextID, false);
+
+ log.trace("Policy configuration " + contextID + " put into service");
+ return configuration.inService();
+ }
+
+ static TripleSecPolicyConfigurationFactory getSingleton() {
+ return singleton;
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/pom.xml?view=diff&rev=491329&r1=491328&r2=491329
==============================================================================
--- directory/sandbox/triplesec-jacc/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/pom.xml Sat Dec 30 13:56:54 2006
@@ -133,6 +133,11 @@
<version>1.0.1</version>
</dependency>
<dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-j2ee-jacc_1.0_spec</artifactId>
+ <version>1.0.1</version>
+ </dependency>
+ <dependency>
<groupId>jetty</groupId>
<artifactId>org.mortbay.jetty</artifactId>
<version>5.1.12</version>
@@ -637,6 +642,7 @@
<module>profile</module>
<module>testdata</module>
<module>jaas</module>
+ <module>jacc</module>
<module>sms</module>
<module>itest-data</module>
<module>store</module>
@@ -678,6 +684,7 @@
<module>profile</module>
<module>testdata</module>
<module>jaas</module>
+ <module>jacc</module>
<module>sms</module>
<module>store</module>
<module>verifier</module>
@@ -734,6 +741,7 @@
<module>profile</module>
<module>testdata</module>
<module>jaas</module>
+ <module>jacc</module>
<module>sms</module>
<module>store</module>
<module>verifier</module>