You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2019/12/12 22:14:31 UTC
[juddi] 01/02: JUDDI-558 processing with enhanced security,
still has lots of unit test failures, work in progress
This is an automated email from the ASF dual-hosted git repository.
alexoree pushed a commit to branch feature/JUDDI-558
in repository https://gitbox.apache.org/repos/asf/juddi.git
commit d352ac0aa6118934bd5bab204ea14dec873651c6
Author: Alex O'Ree <al...@apache.org>
AuthorDate: Sat Jul 27 18:32:06 2019 -0400
JUDDI-558 processing with enhanced security, still has lots of unit test failures, work in progress
---
.../src/test/resources/META-INF/persistence.xml | 2 +
.../src/test/resources/juddiv3rbac.xml | 215 +++++++++++++++++++++
juddi-core/pom.xml | 1 -
.../src/main/java/org/apache/juddi/Registry.java | 2 +-
.../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 15 +-
.../apache/juddi/api/impl/UDDIPublicationImpl.java | 34 ++--
.../apache/juddi/api/impl/UDDISecurityImpl.java | 4 +-
.../java/org/apache/juddi/config/AppConfig.java | 2 +-
.../apache/juddi/model/UddiEntityPublisher.java | 2 +-
.../juddi/security/AccessControlFactory.java | 18 +-
.../juddi/security/AllowAllAccessControlImpl.java | 19 +-
.../org/apache/juddi/security/IAccessControl.java | 13 +-
.../apache/juddi/security/rbac/RbacRulesModel.java | 2 +
.../security/rbac/RoleBasedAccessControlImpl.java | 123 +++++++++---
.../apache/juddi/validation/ValidatePublish.java | 34 ++--
.../apache/juddi/validation/ValidateUDDIApi.java | 109 ++++++-----
.../juddi/api/impl/API_180_RbacSecurityTest.java | 154 +++++++++++++--
.../juddi/api/impl/mock/WebServiceContextMock.java | 69 +++++++
.../src/test/resources/META-INF/persistence.xml | 2 +
juddi-core/src/test/resources/juddiv3rbac.xml | 215 +++++++++++++++++++++
.../WEB-INF/classes/META-INF/persistence.xml | 1 +
.../WEB-INF/classes/META-INF/persistence.xml | 3 +-
.../WEB-INF/classes/META-INF/persistence.xml | 3 +-
.../java/org/apache/juddi/v3/tck/TckBusiness.java | 1 +
.../java/org/apache/juddi/v3/tck/TckTModel.java | 13 +-
.../java/org/apache/juddi/api_v3/AccessLevel.java | 21 +-
26 files changed, 932 insertions(+), 145 deletions(-)
diff --git a/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml b/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml
index 1142ef5..fe10d56 100644
--- a/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml
+++ b/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml
@@ -90,6 +90,8 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="openjpa.jdbc.SynchronizeMappings" value="buildSchema(SchemaAction='dropDB,add')"/>
<property name="openjpa.Log" value="DefaultLevel=WARN, Tool=INFO"/>
diff --git a/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml b/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml
new file mode 100644
index 0000000..bac2aca
--- /dev/null
+++ b/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+* Copyright 2001-2009 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICenSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+*/ -->
+<!--
+################################################################
+# jUDDI-v3.0 configuration. #
+################################################################
+# Note that the property settings in this #
+# file can be overriden by system parameters #
+# #
+################################################################
+-->
+<config>
+ <juddi>
+ <!-- The ${juddi.server.baseurl} token can be referenced in accessPoints and will be resolved at runtime. -->
+ <server>
+ <baseurl>http://localhost:8080/juddiv3</baseurl>
+ <baseurlsecure>https://localhost:8443/juddiv3</baseurlsecure>
+ </server>
+ <!-- The node Id must be unique when setup in a cluster of UDDI servers implementing the replication API
+ don't worry, jUDDI doesn't implement it right now, but it may come in the future -->
+ <nodeId>uddi:juddi.apache.org:node1</nodeId>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <root>
+ <!-- this is the 'root' username, or owner of the node -->
+ <publisher>root</publisher>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <businessId>uddi:juddi.apache.org:businesses-asf</businessId>
+ <partition>uddi:juddi.apache.org</partition>
+ </root>
+ <seed>
+ <always>false</always>
+ </seed>
+
+ <!-- Name of the persistence unit to use (the default, "juddiDatabase" refers to the unit compiled into the juddi library)-->
+ <persistenceunit>
+ <name>juddiDatabase</name>
+ </persistenceunit>
+
+ <!-- Check-the-time-stamp-on-this-file Interval in milli seconds -->
+ <configuration>
+ <reload>
+ <delay>2000</delay>
+ </reload>
+ </configuration>
+ <!--Default locale-->
+ <locale>en_US</locale>
+
+ <!--The UDDI Operator Contact Email Address-->
+ <operatorEmailAddress>admin@local.localhost</operatorEmailAddress>
+
+ <!-- The maximum name size and maximum number of name elements allows in several of the FindXxxx and SaveXxxx UDDI functions.-->
+ <maxNameLength>255</maxNameLength>
+ <maxNameElementsAllowed>5</maxNameElementsAllowed>
+
+
+ <!-- The maximum number of rows returned in a find_* operation. Each call can set this independently, but this property defines a global maximum.-->
+ <maxRows>1000</maxRows>
+ <!-- The maximum number of "IN" clause parameters. Some RDMBS limit the number of parameters allowed in a SQL "IN" clause.-->
+ <maxInClause>1000</maxInClause>
+
+ <!-- The maximum number of UDDI artifacts allowed per publisher. A value of '-1' indicates any number of artifacts is valid (These values can be overridden at the individual publisher level).-->
+ <maxBusinessesPerPublisher>100</maxBusinessesPerPublisher>
+ <maxServicesPerBusiness>100</maxServicesPerBusiness>
+ <maxBindingsPerService>100</maxBindingsPerService>
+ <maxTModelsPerPublisher>100</maxTModelsPerPublisher>
+
+ <!-- Days before a transfer request expires-->
+ <transfer>
+ <expiration>
+ <days>3</days>
+ </expiration>
+ </transfer>
+
+ <!-- Days before a subscription expires-->
+ <subscription>
+ <expiration>
+ <days>30</days>
+ </expiration>
+
+ <!-- Minutes before a "chunked" subscription call expires-->
+ <chunkexpiration>
+ <minutes>5</minutes>
+ </chunkexpiration>
+
+ <!--Since 3.1.5 the maxium ammount of returned subscription entities allowed-->
+ <maxentities>1000</maxentities>
+ </subscription>
+
+ <!-- jUDDI UUIDGen implementation to use-->
+ <uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
+
+ <!-- jUDDI Cryptor implementation to use-->
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
+
+ <!-- jUDDI Key Generator to use-->
+ <keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
+
+ <notification>
+ <!-- Specifies the interval at which the notification timer triggers-->
+ <interval>5000</interval>
+ <!-- Specifies the amount of time to wait before the notification timer initially fires-->
+ <start>
+ <buffer>0</buffer>
+ </start>
+ <acceptableLagtime>1000</acceptableLagtime>
+ <maxTries>3</maxTries>
+ <!-- 10 minutes -->
+ <maxTriesResetInterval>600000</maxTriesResetInterval>
+ <sendAuthTokenWithResultList>false</sendAuthTokenWithResultList>
+ </notification>
+ <!-- All Authentication related settings -->
+ <auth>
+ <!-- Specifies whether the inquiry API requires authentication, all other APIs require authN-->
+ <Inquiry>false</Inquiry>
+
+ <!-- When using file based authentication, this is the filename to use
+ <usersfile>juddi-users.xml</usersfile>-->
+ <!-- jUDDI Authentication module to use-->
+ <authenticator>
+ <!-- build in Authenticators:
+ org.apache.juddi.v3.auth.JUDDIAuthenticator - no authentication
+ LDAP Based
+ org.apache.juddi.v3.auth.LdapSimpleAuthenticator - use LDAP
+ org.apache.juddi.v3.auth.LdapExpandedAuthenticator - use LDAP
+
+ File based, see usersfile
+ org.apache.juddi.v3.auth.XMLDocAuthenticator - XML doc, clear text
+ org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - XML doc, encrypted
+ org.apache.juddi.v3.auth.MD5XMLDocAuthenticator - XML doc, Hashed
+ -->
+ <class>org.apache.juddi.v3.auth.JUDDIAuthenticator</class>
+ <!-- other settings
+ url
+ initialcontext
+ style
+ ldapexp
+ -->
+ </authenticator>
+
+ <token>
+ <!-- Time in minutes to expire tokes after inactivity-->
+ <Timeout>15</Timeout>
+ <!-- As of 3.1.5 Duration of time for tokens to expire, regardless of inactivity -->
+ <Expiration>15</Expiration>
+ </token>
+ </auth>
+
+
+
+
+ <validation>
+ <!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true. set to false for backwards compatibility or for a more lax registry-->
+ <enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+ </validation>
+
+ <!--As of 3.1.5 Email delivery options for subscription API functions-->
+ <mail>
+ <smtp>
+ <!--The Operator’s Email address
+ <from>admin@local.localhost</from>-->
+
+ <!--the hostname of the SMTP server
+ <host>localhost</host>-->
+
+ <!--The portname of the SMTP server
+ <port>25</port>-->
+
+ <!--If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.-->
+ <socketFactory>
+ <!--<class></class>-->
+
+ <!--If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true.
+ <fallback>true</fallback>-->
+ <!--Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used.
+ <port>25</port>-->
+ </socketFactory>
+ <!--if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false.
+ <starttls>
+ <enabled>false</enabled>
+ </starttls>-->
+
+ <!--If true, attempt to authenticate the user using the AUTH command. Defaults to false.
+ <auth>false</auth>-->
+
+ <!--Username used to authenticate to the SMTP server used only if mail.smtp.auth is true
+ <user>user</user>-->
+
+ <!--Password used to authenticate to the SMTP server, used only if mail.smtp.auth is true
+ <password encrypted="false">pass</password>-->
+ </smtp>
+ </mail>
+
+
+ <!-- additional access control module
+ provides item level access permissions.
+ default is everyone can read everything, only owners can change stuff
+ -->
+ <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider>
+ </juddi>
+</config>
\ No newline at end of file
diff --git a/juddi-core/pom.xml b/juddi-core/pom.xml
index 46b026d..3a1049e 100644
--- a/juddi-core/pom.xml
+++ b/juddi-core/pom.xml
@@ -195,5 +195,4 @@ language governing permissions and * limitations under the License. * */ -->
<version>2.2.0</version>
</dependency>
</dependencies>
-
</project>
diff --git a/juddi-core/src/main/java/org/apache/juddi/Registry.java b/juddi-core/src/main/java/org/apache/juddi/Registry.java
index 4a1fff0..bd2fc89 100644
--- a/juddi-core/src/main/java/org/apache/juddi/Registry.java
+++ b/juddi-core/src/main/java/org/apache/juddi/Registry.java
@@ -31,7 +31,7 @@ import org.apache.juddi.subscription.SubscriptionNotifier;
public class Registry {
private static Registry registry = null;
- private static Log log = LogFactory.getLog(Registry.class);
+ private static final Log log = LogFactory.getLog(Registry.class);
private static SubscriptionNotifier subscriptionNotifier = null;
private static ReplicationNotifier replicationNotifier = null;
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
index d2dbfa1..ea1d530 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
@@ -342,13 +342,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry
long procTime = System.currentTimeMillis() - startTime;
serviceCounter.update(InquiryQuery.FIND_SERVICE, QueryStatus.SUCCESS, procTime);
- List<org.uddi.api_v3.ServiceInfo> FilterBindingTemplates =
+ result.setServiceInfos(
AccessControlFactory.getAccessControlInstance().filterServiceInfo(
this.ctx,
- entityPublisher, result.getServiceInfos().getServiceInfo());
- result.getServiceInfos().getServiceInfo().clear();
- result.getServiceInfos().getServiceInfo().addAll(FilterBindingTemplates);
-
+ entityPublisher, result.getServiceInfos()));
+
return result;
} finally {
if (tx.isActive()) {
@@ -391,12 +389,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry
long procTime = System.currentTimeMillis() - startTime;
serviceCounter.update(InquiryQuery.FIND_TMODEL, QueryStatus.SUCCESS, procTime);
- List<org.uddi.api_v3.TModelInfo> FilterBindingTemplates =
+ result.setTModelInfos(
AccessControlFactory.getAccessControlInstance().filterTModelInfo(
this.ctx,entityPublisher,
- result.getTModelInfos().getTModelInfo());
- result.getTModelInfos().getTModelInfo().clear();
- result.getTModelInfos().getTModelInfo().addAll(FilterBindingTemplates);
+ result.getTModelInfos()));
+
return result;
} finally {
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java
index b6ace81..5583bd2 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java
@@ -127,7 +127,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateAddPublisherAssertions(em, body);
+ new ValidatePublish(publisher,ctx).validateAddPublisherAssertions(em, body);
List<org.uddi.api_v3.PublisherAssertion> apiPubAssertionList = body.getPublisherAssertion();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -213,6 +213,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
}
}
+ @Override
public void deleteBinding(DeleteBinding body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -224,7 +225,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteBinding(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteBinding(em, body);
List<String> entityKeyList = body.getBindingKey();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -272,6 +273,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
}
+ @Override
public void deleteBusiness(DeleteBusiness body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -283,7 +285,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteBusiness(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteBusiness(em, body);
List<String> entityKeyList = body.getBusinessKey();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -323,6 +325,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
em.remove(obj);
}
+ @Override
public void deletePublisherAssertions(DeletePublisherAssertions body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -334,7 +337,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeletePublisherAssertions(em, body);
+ new ValidatePublish(publisher,ctx).validateDeletePublisherAssertions(em, body);
List<org.uddi.api_v3.PublisherAssertion> entityList = body.getPublisherAssertion();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -439,6 +442,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
}
+ @Override
public void deleteService(DeleteService body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -450,7 +454,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteService(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteService(em, body);
List<String> entityKeyList = body.getServiceKey();
List<ChangeRecord> changes = new ArrayList<ChangeRecord>();
@@ -511,7 +515,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateDeleteTModel(em, body);
+ new ValidatePublish(publisher,ctx).validateDeleteTModel(em, body);
// tModels are only lazily deleted!
List<String> entityKeyList = body.getTModelKey();
@@ -637,7 +641,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
/**
* {@inheritdoc}
*
+ * @throws org.uddi.v3_service.DispositionReportFaultMessage
*/
+ @Override
public RegisteredInfo getRegisteredInfo(GetRegisteredInfo body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -649,7 +655,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
- new ValidatePublish(publisher).validateRegisteredInfo(body);
+ new ValidatePublish(publisher,ctx).validateRegisteredInfo(body);
List<?> businessKeysFound = null;
businessKeysFound = FindBusinessByPublisherQuery.select(em, null, publisher, businessKeysFound);
@@ -718,7 +724,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
/**
* {@inheritdoc}
*
+ * @throws org.uddi.v3_service.DispositionReportFaultMessage
*/
+ @Override
public BindingDetail saveBinding(SaveBinding body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -730,7 +738,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- ValidatePublish validator = new ValidatePublish(publisher);
+ ValidatePublish validator = new ValidatePublish(publisher,ctx);
validator.validateSaveBinding(em, body, null, publisher);
BindingDetail result = new BindingDetail();
@@ -783,7 +791,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
/**
* {@inheritdoc}
*
+ * @throws org.uddi.v3_service.DispositionReportFaultMessage
*/
+ @Override
public BusinessDetail saveBusiness(SaveBusiness body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -795,7 +805,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- ValidatePublish validator = new ValidatePublish(publisher);
+ ValidatePublish validator = new ValidatePublish(publisher,ctx);
validator.validateSaveBusiness(em, body, null, publisher);
BusinessDetail result = new BusinessDetail();
@@ -864,7 +874,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- ValidatePublish validator = new ValidatePublish(publisher);
+ ValidatePublish validator = new ValidatePublish(publisher,ctx);
validator.validateSaveService(em, body, null, publisher);
ServiceDetail result = new ServiceDetail();
@@ -927,7 +937,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo());
publisher.populateKeyGeneratorKeys(em);
- new ValidatePublish(publisher).validateSaveTModel(em, body, null, publisher);
+ new ValidatePublish(publisher,ctx).validateSaveTModel(em, body, null, publisher);
TModelDetail result = new TModelDetail();
@@ -999,7 +1009,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub
UddiEntityPublisher publisher = this.getEntityPublisher(em, authInfo);
- new ValidatePublish(publisher).validateSetPublisherAssertions(em, publisherAssertion);
+ new ValidatePublish(publisher,ctx).validateSetPublisherAssertions(em, publisherAssertion);
List<?> businessKeysFound = null;
businessKeysFound = FindBusinessByPublisherQuery.select(em, null, publisher, businessKeysFound);
diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
index 24077c5..5d7eb56 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
@@ -71,6 +71,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri
serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
}
+ @Override
public void discardAuthToken(DiscardAuthToken body)
throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
@@ -110,6 +111,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri
}
+ @Override
public AuthToken getAuthToken(GetAuthToken body)
throws DispositionReportFaultMessage {
@@ -122,7 +124,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri
}
public AuthToken getAuthToken(String publisherId)
- throws DispositionReportFaultMessage {
+ throws DispositionReportFaultMessage {
long startTime = System.currentTimeMillis();
if (publisherId == null || publisherId.length() == 0)
diff --git a/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java b/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java
index d67f940..6779cf3 100644
--- a/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java
+++ b/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java
@@ -257,7 +257,7 @@ public class AppConfig
* @return the APplicationConfuration Singleton Instance.
* @throws ConfigurationException
*/
- public static AppConfig getInstance() throws ConfigurationException
+ public static synchronized AppConfig getInstance() throws ConfigurationException
{
if (instance==null) {
instance = new AppConfig();
diff --git a/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java b/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java
index 1aaa2f7..bcbcdb4 100644
--- a/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java
+++ b/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java
@@ -117,7 +117,7 @@ public class UddiEntityPublisher {
if (key == null)
return false;
- if (keyGeneratorKeys == null)
+ if (keyGeneratorKeys == null)//||keyGeneratorKeys.isEmpty()
populateKeyGeneratorKeys(em);
if (! key.contains(KeyGenerator.PARTITION_SEPARATOR)) return true; //v2 style key
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java b/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java
index 8493d7f..a2d6d24 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java
@@ -15,7 +15,6 @@
*/
package org.apache.juddi.security;
-
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.configuration.ConfigurationException;
@@ -24,6 +23,7 @@ import org.apache.juddi.config.Property;
/**
* Provides an accessor to the access control mechanism
+ *
* @since 3.4
* @author Alex O'Ree
*/
@@ -33,11 +33,15 @@ public class AccessControlFactory {
private static IAccessControl instance = null;
/**
- * Gets an instance of IAccessControl using the following procedure, in order<br>
+ * Gets an instance of IAccessControl using the following procedure, in
+ * order<br>
* <ol>
- * <li>Using the judiv3.properties configuration file setting Property.JUDDI_FINE_GRAIN_ACCESS_CONTROL_PROVIDER</li>
- * <li>If the previous fails to load or is not defined, DefaultCorseAccessControlImpl</li>
+ * <li>Using the judiv3.properties configuration file setting
+ * Property.JUDDI_FINE_GRAIN_ACCESS_CONTROL_PROVIDER</li>
+ * <li>If the previous fails to load or is not defined,
+ * DefaultCorseAccessControlImpl</li>
* </ol>
+ *
* @return should never return null or throw exceptions
* @see DefaultCorseAccessControlImpl
* @see Property
@@ -71,4 +75,8 @@ public class AccessControlFactory {
}
return new AllowAllAccessControlImpl();
}
-}
\ No newline at end of file
+
+ public static synchronized void reset() {
+ instance = null;
+ }
+}
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
index 3363e8a..23bd2aa 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
@@ -19,6 +19,8 @@ import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.ws.WebServiceContext;
+import org.apache.juddi.api_v3.AccessLevel;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
@@ -34,8 +36,10 @@ import org.uddi.api_v3.OperationalInfo;
import org.uddi.api_v3.RelatedBusinessInfo;
import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.ServiceInfos;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
+import org.uddi.api_v3.TModelInfos;
import org.uddi.v3_service.DispositionReportFaultMessage;
/**
@@ -77,13 +81,13 @@ public class AllowAllAccessControlImpl implements IAccessControl {
}
@Override
- public List<ServiceInfo> filterServiceInfo(WebServiceContext arg0, UddiEntityPublisher user, List<ServiceInfo> arg2) {
- return new ArrayList<>(arg2);
+ public ServiceInfos filterServiceInfo(WebServiceContext arg0, UddiEntityPublisher user, ServiceInfos arg2) {
+ return (arg2);
}
@Override
- public List<TModelInfo> filterTModelInfo(WebServiceContext arg0, UddiEntityPublisher user, List<TModelInfo> arg2) {
- return new ArrayList<>(arg2);
+ public TModelInfos filterTModelInfo(WebServiceContext arg0, UddiEntityPublisher user, TModelInfos arg2) {
+ return (arg2);
}
@Override
@@ -103,4 +107,11 @@ public class AllowAllAccessControlImpl implements IAccessControl {
throw new FatalErrorException(new ErrorMessage("errors.Unsupported"));
}
+ @Override
+ public boolean hasPermission(AccessLevel arg0, WebServiceContext arg1, UddiEntityPublisher arg2, String arg3, EntityType arg4) {
+ return false;
+ }
+
+
+
}
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
index 588c67c..6f294e2 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
@@ -19,6 +19,7 @@ import java.rmi.RemoteException;
import java.util.List;
import javax.xml.ws.WebServiceContext;
import org.apache.juddi.api_v3.AccessLevel;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
@@ -29,11 +30,10 @@ import org.uddi.api_v3.BusinessEntity;
import org.uddi.api_v3.BusinessInfo;
import org.uddi.api_v3.BusinessService;
import org.uddi.api_v3.OperationalInfo;
-import org.uddi.api_v3.RelatedBusinessInfo;
import org.uddi.api_v3.RelatedBusinessInfos;
-import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.ServiceInfos;
import org.uddi.api_v3.TModel;
-import org.uddi.api_v3.TModelInfo;
+import org.uddi.api_v3.TModelInfos;
import org.uddi.v3_service.DispositionReportFaultMessage;
/**
@@ -58,9 +58,9 @@ public interface IAccessControl {
public RelatedBusinessInfos filtedRelatedBusinessInfos(WebServiceContext ctx, UddiEntityPublisher username, RelatedBusinessInfos bindings);
- public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<ServiceInfo> serviceInfo);
+ public ServiceInfos filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, ServiceInfos serviceInfo);
- public List<TModelInfo> filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<TModelInfo> tModelInfo);
+ public TModelInfos filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, TModelInfos tModelInfo);
public List<OperationalInfo> filterOperationalInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<OperationalInfo> operationalInfo);
@@ -68,4 +68,5 @@ public interface IAccessControl {
public SetPermissionsMessageResponse setPermissions(SetPermissionsMessageRequest arg0) throws DispositionReportFaultMessage, RemoteException;
-}
+ public boolean hasPermission(AccessLevel level, WebServiceContext ctx, UddiEntityPublisher username, String entityId, EntityType type);
+}
\ No newline at end of file
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java
index a502846..fac093f 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java
@@ -20,6 +20,7 @@ import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
+import javax.persistence.Transient;
import org.apache.juddi.api_v3.AccessLevel;
/**
@@ -62,6 +63,7 @@ public class RbacRulesModel implements Serializable {
return (level);
}
+ @Transient
public AccessLevel getAccessLevelAsEnum() {
return AccessLevel.valueOf(getAccessLevel());
}
diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
index d813834..7888378 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
@@ -27,6 +27,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.api_v3.AccessLevel;
import org.apache.juddi.api_v3.Action;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.Permission;
@@ -47,9 +48,11 @@ import org.uddi.api_v3.PublisherAssertion;
import org.uddi.api_v3.RelatedBusinessInfo;
import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.ServiceInfos;
import org.uddi.api_v3.SharedRelationships;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
+import org.uddi.api_v3.TModelInfos;
import org.uddi.v3_service.DispositionReportFaultMessage;
/**
@@ -72,6 +75,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
private static final Log log = LogFactory.getLog(RoleBasedAccessControlImpl.class);
private static final String REDACTED = ResourceConfig.getGlobalMessage("rbac.redacted");
+ public static final String EVERYONE = "everyone";
private void redact(BusinessService bs) {
bs.setBusinessKey(REDACTED);
@@ -85,8 +89,14 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
}
- private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules) {
+ private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules, String username) {
for (RbacRulesModel r : rules) {
+ if (r.getContainerRole().equalsIgnoreCase(EVERYONE)) {
+ if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny
+ {
+ return false;
+ }
+ }
if (ctx.isUserInRole(r.getContainerRole())) {
if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny
{
@@ -94,6 +104,29 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
}
return true;
}
+ if (ctx.getUserPrincipal() != null && ctx.getUserPrincipal().getName().equals(username)) {
+ if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny
+ {
+ return false;
+ }
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private boolean has(WebServiceContext ctx, List<RbacRulesModel> rules, AccessLevel requiredLevel) {
+ for (RbacRulesModel r : rules) {
+ if (r.getContainerRole().equalsIgnoreCase(EVERYONE)) {
+ if (r.getAccessLevelAsEnum().getLevel() >= requiredLevel.getLevel()) {
+ return true;
+ }
+ }
+ if (ctx.isUserInRole(r.getContainerRole())) {
+ if (r.getAccessLevelAsEnum().getLevel() >= requiredLevel.getLevel()) {
+ return true;
+ }
+ }
}
return false;
}
@@ -181,7 +214,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -217,7 +250,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -253,12 +286,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
if (bs.getServiceInfos() != null) {
- filterServiceInfo(ctx, username, bs.getServiceInfos().getServiceInfo());
+ filterServiceInfo(ctx, username, bs.getServiceInfos());
}
}
@@ -291,7 +324,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -331,7 +364,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
}
@@ -367,7 +400,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact(bs);
continue; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact(bs); //also access denied, either no matching role or an explicit deny
continue;
}
@@ -397,7 +430,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact = true;
break; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact = true; //also access denied, either no matching role or an explicit deny
break;
}
@@ -407,7 +440,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact = true;
break;
}
-
+
if (username.isOwner(ue2)) {
//keep it
continue;
@@ -419,18 +452,18 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
redact = true;
break; //access denied
}
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
redact = true; //also access denied, either no matching role or an explicit deny
break;
}
}
- if (redact){
-
+ if (redact) {
+
}
}
-
+
}
}
@@ -438,9 +471,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
}
@Override
- public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher username, List<ServiceInfo> items) {
+ public ServiceInfos filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher username, ServiceInfos items) {
- for (ServiceInfo si : items) {
+ if (items == null) {
+ return null;
+ }
+ for (ServiceInfo si : items.getServiceInfo()) {
UddiEntity ue = loadEntity(si.getServiceKey(), org.apache.juddi.model.BusinessService.class);
if (ue == null) {
si.setServiceKey(REDACTED);
@@ -458,7 +494,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
List<RbacRulesModel> rules = getPermissionSet(si.getServiceKey());
- if (!rules.isEmpty() && !hasReadAccess(ctx, rules)) {
+ if (!rules.isEmpty() && !hasReadAccess(ctx, rules, username.getAuthorizedName())) {
si.setServiceKey(REDACTED);
}
if (rules.isEmpty()) {
@@ -466,20 +502,20 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
if (rules.isEmpty()) {
si.setBusinessKey(REDACTED);
} else {
- if (!hasReadAccess(ctx, rules)) {
+ if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) {
si.setBusinessKey(REDACTED);
}
}
}
}
- return new ArrayList<>(items);
+ return items;
}
@Override
- public List<TModelInfo> filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher username, List<TModelInfo> items) {
+ public TModelInfos filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher username, TModelInfos items) {
//TODO
- return new ArrayList(items);
+ return (items);
}
@Override
@@ -549,8 +585,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
for (Permission perm : arg0.getLevel()) {
if (perm.getAction() != Action.NOOP) {
Query createQuery = null;
-
- createQuery = em.createQuery("delete from RbacRulesModel c where c.uddiEntityId=:id and c.containerRole=:user");
+ createQuery = em.createQuery("delete from RbacRulesModel e where e.uddiEntityId=:id and e.containerRole=:user");
createQuery.setParameter("id", perm.getEntityId());
createQuery.setParameter("user", perm.getTarget());
createQuery.executeUpdate();
@@ -608,4 +643,46 @@ public class RoleBasedAccessControlImpl implements IAccessControl {
bs.getSharedRelationships().clear();
}
+ @Override
+ public boolean hasPermission(AccessLevel level, WebServiceContext ctx, UddiEntityPublisher actor, String entityid, EntityType type) {
+
+ UddiEntity ue = null;
+
+ switch (type) {
+ case BINDING:
+ ue = loadEntity(entityid, org.apache.juddi.model.BindingTemplate.class);
+ break;
+ case BUSINESS:
+ ue = loadEntity(entityid, org.apache.juddi.model.BusinessEntity.class);
+ break;
+ case SERVICE:
+ ue = loadEntity(entityid, org.apache.juddi.model.BusinessService.class);
+ break;
+ case TMODEL:
+ ue = loadEntity(entityid, org.apache.juddi.model.Tmodel.class);
+ break;
+ default:
+ log.warn("umhandled case for " + type);
+ }
+
+ if (ue == null) {
+ return false;
+ }
+ if (actor == null) {
+ return false;
+
+ }
+ if (actor.isOwner(ue)) {
+ return true;
+ }
+
+ List<RbacRulesModel> rules = getPermissionSet(entityid);
+
+ if (rules.isEmpty()) {
+ return false;
+ }
+
+ return has(ctx, rules, level);
+ }
+
}
diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
index 4294c41..20a55cc 100644
--- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
+++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
@@ -30,15 +30,18 @@ import java.util.concurrent.atomic.AtomicReference;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
import javax.xml.ws.Holder;
+import javax.xml.ws.WebServiceContext;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.juddi.api_v3.AccessLevel;
import org.apache.juddi.api_v3.AccessPointType;
import org.apache.juddi.api_v3.DeleteClerk;
import org.apache.juddi.api_v3.DeleteNode;
import org.apache.juddi.api_v3.DeletePublisher;
+import org.apache.juddi.api_v3.EntityType;
import org.apache.juddi.api_v3.SavePublisher;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Constants;
@@ -54,6 +57,7 @@ import org.apache.juddi.model.UddiEntity;
import org.apache.juddi.model.UddiEntityPublisher;
import org.apache.juddi.query.FindBusinessByPublisherQuery;
import org.apache.juddi.query.FindTModelByPublisherQuery;
+import org.apache.juddi.security.AccessControlFactory;
import org.apache.juddi.v3.client.UDDIConstants;
import org.apache.juddi.v3.client.UDDIConstantsV2;
import org.apache.juddi.v3.client.config.TokenResolver;
@@ -117,7 +121,7 @@ public class ValidatePublish extends ValidateUDDIApi {
* This flag will add additional output to stdout for debugging
* purposes, set this to true if
*/
- private Log log = LogFactory.getLog(this.getClass());
+ private static final Log log = LogFactory.getLog(ValidatePublish.class);
/**
* used from Install class
@@ -133,6 +137,10 @@ public class ValidatePublish extends ValidateUDDIApi {
public ValidatePublish(UddiEntityPublisher publisher) {
super(publisher);
}
+
+ public ValidatePublish(UddiEntityPublisher publisher, WebServiceContext ctx) {
+ super(publisher,ctx);
+ }
public void validateDeleteBusiness(EntityManager em, DeleteBusiness body) throws DispositionReportFaultMessage {
@@ -207,7 +215,7 @@ public class ValidatePublish extends ValidateUDDIApi {
//if you're are the owner, access granted
//if you are an admin && this item belongs to this node, access granted
//else denied
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.SERVICE);
i++;
}
}
@@ -244,7 +252,7 @@ public class ValidatePublish extends ValidateUDDIApi {
throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.BindingTemplateNotFound", entityKey));
}
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.BINDING);
i++;
}
@@ -281,13 +289,13 @@ public class ValidatePublish extends ValidateUDDIApi {
throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.TModelNotFound", entityKey));
}
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.TMODEL);
i++;
}
}
- private void accessCheck(Object obj, String entityKey) throws UserMismatchException {
+ private void accessCheck(Object obj, String entityKey, EntityType type) throws UserMismatchException {
boolean accessCheck = false; //assume access denied
if (!((UddiEntity) obj).getNodeId().equals(nodeID)) {
//prevent changes to data owned by another node in a replicated environment
@@ -305,6 +313,10 @@ public class ValidatePublish extends ValidateUDDIApi {
&& nodeID.equals(((UddiEntity) obj).getNodeId())) {
accessCheck = true;
}
+
+ if ( nodeID.equals(((UddiEntity) obj).getNodeId()) &&
+ AccessControlFactory.getAccessControlInstance().hasPermission(AccessLevel.WRITE, ctx, publisher, entityKey,type)){
+ }
if (!accessCheck) {
throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey));
@@ -706,7 +718,7 @@ public class ValidatePublish extends ValidateUDDIApi {
entityExists = true;
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.BUSINESS);
} else {
// Inside this block, we have a key proposed by the publisher on a new entity
@@ -842,7 +854,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.SERVICE);
// If existing service trying to be saved has a different parent key, then we have a problem
if (!parentKey.equalsIgnoreCase(bs.getBusinessEntity().getEntityKey())) {
@@ -887,7 +899,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this parent entity.
- accessCheck(parentTemp, parentKey);
+ accessCheck(parentTemp, parentKey,EntityType.BUSINESS);
// if (!publisher.isOwner((UddiEntity) parentTemp)) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwnerParent", parentKey));
//}
@@ -997,7 +1009,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.BINDING);
//if (!publisher.isOwner((UddiEntity) obj)&& !((Publisher) publisher).isAdmin()) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey));
// }
@@ -1035,7 +1047,7 @@ public class ValidatePublish extends ValidateUDDIApi {
}
// Make sure publisher owns this parent entity.
- accessCheck(parentTemp, parentKey);
+ accessCheck(parentTemp, parentKey,EntityType.SERVICE);
// if (!publisher.isOwner((UddiEntity) parentTemp)) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwnerParent", parentKey));
// }
@@ -1092,7 +1104,7 @@ public class ValidatePublish extends ValidateUDDIApi {
entityExists = true;
// Make sure publisher owns this entity.
- accessCheck(obj, entityKey);
+ accessCheck(obj, entityKey,EntityType.TMODEL);
//if (!publisher.isOwner((UddiEntity) obj)&& !((Publisher) publisher).isAdmin()) {
// throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey));
// }
diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java
index 6ffcfeb..ed3c127 100644
--- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java
+++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java
@@ -14,13 +14,12 @@
* limitations under the License.
*
*/
-
package org.apache.juddi.validation;
-
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.persistence.EntityManager;
+import javax.xml.ws.WebServiceContext;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Property;
@@ -37,50 +36,68 @@ import org.uddi.v3_service.DispositionReportFaultMessage;
*/
public abstract class ValidateUDDIApi {
- protected UddiEntityPublisher publisher;
- protected String nodeID=null;
-
- /**
- * This is used only during the install process to prevent infinite loops
- * @param publisher
- * @param nodeid
- */
- public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid) {
- this.publisher = publisher;
- this.nodeID = nodeid;
- }
-
- public ValidateUDDIApi(UddiEntityPublisher publisher) {
- this.publisher = publisher;
- try {
- this.nodeID = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID);
- } catch (ConfigurationException ex) {
- Logger.getLogger(ValidateUDDIApi.class.getName()).log(Level.SEVERE, "unable to get the current node id, this may cause access control problems"
- + " and must be fixed. set " + Property.JUDDI_NODE_ID + " in juddiv3.xml", ex);
- }
- }
+ protected UddiEntityPublisher publisher;
+ protected String nodeID = null;
+ protected WebServiceContext ctx=null;
+
+ /**
+ * This is used only during the install process to prevent infinite loops
+ *
+ * @param publisher
+ * @param nodeid
+ */
+ public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid,WebServiceContext ctx ) {
+ this.publisher = publisher;
+ this.nodeID = nodeid;
+ this.ctx=ctx;
+ }
+
+ public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid) {
+ this.publisher = publisher;
+ this.nodeID = nodeid;
+
+ }
+
+
+
+ public ValidateUDDIApi(UddiEntityPublisher publisher){
+ this(publisher,(WebServiceContext)null);
+ }
+
+ public ValidateUDDIApi(UddiEntityPublisher publisher,WebServiceContext ctx) {
+ this.publisher = publisher;
+ this.ctx=ctx;
+ try {
+ this.nodeID = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID);
+ } catch (ConfigurationException ex) {
+ Logger.getLogger(ValidateUDDIApi.class.getName()).log(Level.SEVERE, "unable to get the current node id, this may cause access control problems"
+ + " and must be fixed. set " + Property.JUDDI_NODE_ID + " in juddiv3.xml", ex);
+ }
+ }
+
+ public UddiEntityPublisher getPublisher() {
+ return publisher;
+ }
+
+ public void setPublisher(UddiEntityPublisher publisher) {
+ this.publisher = publisher;
+ }
+
+ public static void unsupportedAPICall() throws DispositionReportFaultMessage {
+ throw new UnsupportedException(new ErrorMessage("errors.Unsupported"));
+ }
+
+ public static boolean isUniqueKey(EntityManager em, String entityKey) {
+ Object obj = em.find(UddiEntity.class, entityKey);
+ if (obj != null) {
+ return false;
+ }
- public UddiEntityPublisher getPublisher() {
- return publisher;
- }
+ obj = em.find(Subscription.class, entityKey);
+ if (obj != null) {
+ return false;
+ }
- public void setPublisher(UddiEntityPublisher publisher) {
- this.publisher = publisher;
- }
-
- public static void unsupportedAPICall() throws DispositionReportFaultMessage {
- throw new UnsupportedException(new ErrorMessage("errors.Unsupported"));
- }
-
- public static boolean isUniqueKey(EntityManager em, String entityKey) {
- Object obj = em.find(UddiEntity.class, entityKey);
- if (obj != null)
- return false;
-
- obj = em.find(Subscription.class, entityKey);
- if (obj != null)
- return false;
-
- return true;
- }
+ return true;
+ }
}
diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
index 802c9af..4962f8e 100644
--- a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
+++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java
@@ -15,13 +15,38 @@
*/
package org.apache.juddi.api.impl;
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.Registry;
+import org.apache.juddi.api.impl.mock.WebServiceContextMock;
+import org.apache.juddi.api_v3.AccessLevel;
+import org.apache.juddi.api_v3.Action;
+import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
+import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
+import org.apache.juddi.api_v3.*;
+import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
+import org.apache.juddi.config.AppConfig;
+import org.apache.juddi.security.AccessControlFactory;
+import org.apache.juddi.security.rbac.RbacRulesModel;
+import org.apache.juddi.security.rbac.RoleBasedAccessControlImpl;
+import org.apache.juddi.v3.tck.TckBusiness;
+import org.apache.juddi.v3.tck.TckFindEntity;
+import org.apache.juddi.v3.tck.TckPublisher;
+import org.apache.juddi.v3.tck.TckTModel;
+
+import org.junit.Assert;
+
+import org.apache.juddi.v3.tck.TckSecurity;
+
import org.apache.juddi.v3.tck.TckSubscription;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.Test;
+import org.uddi.api_v3.TModel;
import org.uddi.v3_service.UDDISecurityPortType;
/**
@@ -29,19 +54,124 @@ import org.uddi.v3_service.UDDISecurityPortType;
* @author Alex O'Ree
*/
public class API_180_RbacSecurityTest {
-
- private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class);
- private JUDDIApiImpl publisher = new JUDDIApiImpl();
- private UDDISecurityPortType security = new UDDISecurityImpl();
- private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl());
-
- @BeforeClass
- public static void startRegistry() throws ConfigurationException {
- Registry.start();
+
+ private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class);
+
+ private static void grant(AccessLevel accessLevel, List<String> keys, String user) throws Exception {
+ JUDDIApiImpl publisher = new JUDDIApiImpl();
+ SetPermissionsMessageRequest req = new SetPermissionsMessageRequest();
+ req.setAuthInfo(authInfoUDDI);
+ for (String key : keys) {
+
+ Permission level = new Permission();
+ level.setAction(Action.ADD);
+ level.setEntityId(key);
+ level.setLevel(accessLevel);
+ level.setTarget(user);
+ level.setType(null);
+ req.getLevel().add(level);
+ }
+ SetPermissionsMessageResponse response = publisher.setPermissions(req);
+ }
+
+ private JUDDIApiImpl publisher = new JUDDIApiImpl();
+ private UDDISecurityPortType security = new UDDISecurityImpl();
+ private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl());
+
+ private static API_010_PublisherTest api010 = new API_010_PublisherTest();
+ private static TckTModel tckTModel = new TckTModel(new UDDIPublicationImpl(), new UDDIInquiryImpl());
+ private static TckBusiness tckBusiness = new TckBusiness(new UDDIPublicationImpl(), new UDDIInquiryImpl());
+ private static TckFindEntity tckFindEntity = new TckFindEntity(new UDDIInquiryImpl());
+ private static String authInfoJoe = null;
+ private static String authInfoSam = null;
+ private static final String TEST_ROLE = "TESTROLE1";
+ private static String authInfoUDDI = null;
+
+ @BeforeClass
+ public static void startRegistry() throws ConfigurationException {
+ System.setProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY, "src/test/resources/juddiv3rbac.xml");
+ Registry.start();
+ AccessControlFactory.reset();
+ Assert.assertTrue(AccessControlFactory.getAccessControlInstance() instanceof RoleBasedAccessControlImpl);
+ logger.info("API_180_RbacSecurityTest");
+ logger.debug("Getting auth token..");
+ try {
+ api010.saveJoePublisher();
+ api010.saveSamSyndicator();
+ UDDISecurityPortType security = new UDDISecurityImpl();
+ authInfoJoe = TckSecurity.getAuthToken(security, TckPublisher.getJoePublisherId(), TckPublisher.getJoePassword());
+ authInfoSam = TckSecurity.getAuthToken(security, TckPublisher.getSamPublisherId(), TckPublisher.getSamPassword());
+ authInfoUDDI = TckSecurity.getAuthToken(security, TckPublisher.getUDDIPublisherId(), TckPublisher.getUDDIPassword());
+ TModel m = tckTModel.saveUDDIPublisherTmodel(authInfoUDDI);
+ List<String> keys = new ArrayList<>();
+ keys.add(m.getTModelKey());
+ keys.clear();
+ grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
+ keys = tckTModel.saveTModels(authInfoUDDI, TckTModel.TMODELS_XML);
+
+ grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
+ tckTModel.saveJoePublisherTmodel(authInfoJoe);
+ tckBusiness.saveJoePublisherBusiness(authInfoJoe);
+ } catch (Exception e) {
+ logger.error(e.getMessage(), e);
+ Assert.fail("Could not obtain authInfo token.");
}
+ }
+
+ @AfterClass
+ public static void stopRegistry() throws ConfigurationException {
+ tckTModel.deleteCreatedTModels(authInfoJoe);
+ Registry.stop();
+ System.clearProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY);
+ AppConfig.triggerReload();
+ }
+
+ @Test
+ public void getSetDeletePerm() throws Exception {
+ publisher.ctx = new WebServiceContextMock(TckPublisher.getUDDIPublisherId(), TEST_ROLE);
+
+ GetPermissionsMessageRequest request = new GetPermissionsMessageRequest();
+ request.setAuthInfo(authInfoUDDI);
- @AfterClass
- public static void stopRegistry() throws ConfigurationException {
- Registry.stop();
+ GetPermissionsMessageResponse permissions = publisher.getPermissions(request);
+ //Assert.assertTrue(permissions.getLevel().isEmpty());
+
+ SetPermissionsMessageRequest req = new SetPermissionsMessageRequest();
+ req.setAuthInfo(authInfoUDDI);
+ Permission level = new Permission();
+ level.setAction(Action.ADD);
+ level.setEntityId(TckBusiness.JOE_BUSINESS_KEY);
+ level.setLevel(AccessLevel.READ);
+ level.setTarget(TckPublisher.getSamPublisherId());
+ level.setType(null);
+ req.getLevel().add(level);
+
+ SetPermissionsMessageResponse response = publisher.setPermissions(req);
+ Assert.assertNotNull(response);
+ permissions = publisher.getPermissions(request);
+ //Assert.assertEquals(permissions.getLevel().size(), 1);
+ boolean ok =false;
+ Permission p1=null;
+ for (Permission p:permissions.getLevel()){
+ if (p.getTarget().equals(TckPublisher.getSamPublisherId())
+ && p.getEntityId().equals(TckBusiness.JOE_BUSINESS_KEY)
+ && p.getLevel()==AccessLevel.READ){
+ ok=true;
+ p1=p;
+ }
+
+
}
+ Assert.assertTrue(ok);
+
+
+ p1.setAction(Action.REMOVE);
+ req.getLevel().clear();
+ req.getLevel().add(p1);
+ response = publisher.setPermissions(req);
+ Assert.assertNotNull(response);
+ permissions = publisher.getPermissions(request);
+ //Assert.assertEquals(permissions.getLevel().size(), 0);
+
+ }
}
diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java
new file mode 100644
index 0000000..c0cfa00
--- /dev/null
+++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2019 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.juddi.api.impl.mock;
+
+import java.security.Principal;
+import javax.xml.ws.EndpointReference;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+import org.w3c.dom.Element;
+
+/**
+ *
+ * @author AO
+ */
+public class WebServiceContextMock implements WebServiceContext {
+
+ public String role;
+ public String username;
+
+ public WebServiceContextMock(String username, String role) {
+ this.role = role;
+ this.username = username;
+
+ }
+
+ @Override
+ public MessageContext getMessageContext() {
+ return null;
+ }
+
+ @Override
+ public Principal getUserPrincipal() {
+ return new Principal() {
+ @Override
+ public String getName() {
+ return username;
+ }
+ };
+ }
+
+ @Override
+ public boolean isUserInRole(String arg0) {
+ return arg0.equals(role);
+ }
+
+ @Override
+ public EndpointReference getEndpointReference(Element... arg0) {
+ return null;
+ }
+
+ @Override
+ public <T extends EndpointReference> T getEndpointReference(Class<T> arg0, Element... arg1) {
+ return null;
+ }
+
+}
diff --git a/juddi-core/src/test/resources/META-INF/persistence.xml b/juddi-core/src/test/resources/META-INF/persistence.xml
index 725e81e..d4f2738 100644
--- a/juddi-core/src/test/resources/META-INF/persistence.xml
+++ b/juddi-core/src/test/resources/META-INF/persistence.xml
@@ -90,6 +90,8 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
diff --git a/juddi-core/src/test/resources/juddiv3rbac.xml b/juddi-core/src/test/resources/juddiv3rbac.xml
new file mode 100644
index 0000000..836264f
--- /dev/null
+++ b/juddi-core/src/test/resources/juddiv3rbac.xml
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+* Copyright 2001-2009 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICenSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+*/ -->
+<!--
+################################################################
+# jUDDI-v3.0 configuration. #
+################################################################
+# Note that the property settings in this #
+# file can be overriden by system parameters #
+# #
+################################################################
+-->
+<config>
+ <juddi>
+ <!-- The ${juddi.server.baseurl} token can be referenced in accessPoints and will be resolved at runtime. -->
+ <server>
+ <baseurl>http://localhost:8080/juddiv3</baseurl>
+ <baseurlsecure>https://localhost:8443/juddiv3</baseurlsecure>
+ </server>
+ <!-- The node Id must be unique when setup in a cluster of UDDI servers implementing the replication API
+ don't worry, jUDDI doesn't implement it right now, but it may come in the future -->
+ <nodeId>uddi:juddi.apache.org:node1</nodeId>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <root>
+ <!-- this is the 'root' username, or owner of the node -->
+ <publisher>root</publisher>
+ <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data -->
+ <businessId>uddi:juddi.apache.org:businesses-asf</businessId>
+ <partition>uddi:juddi.apache.org</partition>
+ </root>
+ <seed>
+ <always>false</always>
+ </seed>
+
+ <!-- Name of the persistence unit to use (the default, "juddiDatabase" refers to the unit compiled into the juddi library)-->
+ <persistenceunit>
+ <name>juddiDatabase</name>
+ </persistenceunit>
+
+ <!-- Check-the-time-stamp-on-this-file Interval in milli seconds -->
+ <configuration>
+ <reload>
+ <delay>2000</delay>
+ </reload>
+ </configuration>
+ <!--Default locale-->
+ <locale>en_US</locale>
+
+ <!--The UDDI Operator Contact Email Address-->
+ <operatorEmailAddress>admin@local.localhost</operatorEmailAddress>
+
+ <!-- The maximum name size and maximum number of name elements allows in several of the FindXxxx and SaveXxxx UDDI functions.-->
+ <maxNameLength>255</maxNameLength>
+ <maxNameElementsAllowed>5</maxNameElementsAllowed>
+
+
+ <!-- The maximum number of rows returned in a find_* operation. Each call can set this independently, but this property defines a global maximum.-->
+ <maxRows>1000</maxRows>
+ <!-- The maximum number of "IN" clause parameters. Some RDMBS limit the number of parameters allowed in a SQL "IN" clause.-->
+ <maxInClause>1000</maxInClause>
+
+ <!-- The maximum number of UDDI artifacts allowed per publisher. A value of '-1' indicates any number of artifacts is valid (These values can be overridden at the individual publisher level).-->
+ <maxBusinessesPerPublisher>100</maxBusinessesPerPublisher>
+ <maxServicesPerBusiness>100</maxServicesPerBusiness>
+ <maxBindingsPerService>100</maxBindingsPerService>
+ <maxTModelsPerPublisher>100</maxTModelsPerPublisher>
+
+ <!-- Days before a transfer request expires-->
+ <transfer>
+ <expiration>
+ <days>3</days>
+ </expiration>
+ </transfer>
+
+ <!-- Days before a subscription expires-->
+ <subscription>
+ <expiration>
+ <days>30</days>
+ </expiration>
+
+ <!-- Minutes before a "chunked" subscription call expires-->
+ <chunkexpiration>
+ <minutes>5</minutes>
+ </chunkexpiration>
+
+ <!--Since 3.1.5 the maxium ammount of returned subscription entities allowed-->
+ <maxentities>1000</maxentities>
+ </subscription>
+
+ <!-- jUDDI UUIDGen implementation to use-->
+ <uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
+
+ <!-- jUDDI Cryptor implementation to use-->
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
+
+ <!-- jUDDI Key Generator to use-->
+ <keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
+
+ <notification>
+ <!-- Specifies the interval at which the notification timer triggers-->
+ <interval>5000</interval>
+ <!-- Specifies the amount of time to wait before the notification timer initially fires-->
+ <start>
+ <buffer>0</buffer>
+ </start>
+ <acceptableLagtime>1000</acceptableLagtime>
+ <maxTries>3</maxTries>
+ <!-- 10 minutes -->
+ <maxTriesResetInterval>600000</maxTriesResetInterval>
+ <sendAuthTokenWithResultList>false</sendAuthTokenWithResultList>
+ </notification>
+ <!-- All Authentication related settings -->
+ <auth>
+ <!-- Specifies whether the inquiry API requires authentication, all other APIs require authN-->
+ <Inquiry>false</Inquiry>
+
+ <!-- When using file based authentication, this is the filename to use
+ <usersfile>juddi-users.xml</usersfile>-->
+ <!-- jUDDI Authentication module to use-->
+ <authenticator>
+ <!-- build in Authenticators:
+ org.apache.juddi.v3.auth.JUDDIAuthenticator - no authentication
+ LDAP Based
+ org.apache.juddi.v3.auth.LdapSimpleAuthenticator - use LDAP
+ org.apache.juddi.v3.auth.LdapExpandedAuthenticator - use LDAP
+
+ File based, see usersfile
+ org.apache.juddi.v3.auth.XMLDocAuthenticator - XML doc, clear text
+ org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - XML doc, encrypted
+ org.apache.juddi.v3.auth.MD5XMLDocAuthenticator - XML doc, Hashed
+ -->
+ <class>org.apache.juddi.v3.auth.JUDDIAuthenticator</class>
+ <!-- other settings
+ url
+ initialcontext
+ style
+ ldapexp
+ -->
+ </authenticator>
+
+ <token>
+ <!-- Time in minutes to expire tokes after inactivity-->
+ <Timeout>15</Timeout>
+ <!-- As of 3.1.5 Duration of time for tokens to expire, regardless of inactivity -->
+ <Expiration>15</Expiration>
+ </token>
+ </auth>
+
+
+
+
+ <validation>
+ <!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true. set to false for backwards compatibility or for a more lax registry-->
+ <enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+ </validation>
+
+ <!--As of 3.1.5 Email delivery options for subscription API functions-->
+ <mail>
+ <smtp>
+ <!--The Operator’s Email address
+ <from>admin@local.localhost</from>-->
+
+ <!--the hostname of the SMTP server
+ <host>localhost</host>-->
+
+ <!--The portname of the SMTP server
+ <port>25</port>-->
+
+ <!--If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.-->
+ <socketFactory>
+ <!--<class></class>-->
+
+ <!--If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true.
+ <fallback>true</fallback>-->
+ <!--Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used.
+ <port>25</port>-->
+ </socketFactory>
+ <!--if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false.
+ <starttls>
+ <enabled>false</enabled>
+ </starttls>-->
+
+ <!--If true, attempt to authenticate the user using the AUTH command. Defaults to false.
+ <auth>false</auth>-->
+
+ <!--Username used to authenticate to the SMTP server used only if mail.smtp.auth is true
+ <user>user</user>-->
+
+ <!--Password used to authenticate to the SMTP server, used only if mail.smtp.auth is true
+ <password encrypted="false">pass</password>-->
+ </smtp>
+ </mail>
+
+
+ <!-- additional access control module
+ provides item level access permissions.
+ default is everyone can read everything, only owners can change stuff
+ -->
+ <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider>
+ </juddi>
+</config>
\ No newline at end of file
diff --git a/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml
index 2480261..e44aece 100644
--- a/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml
+++ b/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml
@@ -97,6 +97,7 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
diff --git a/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml
index 433defb..48ecc33 100644
--- a/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml
+++ b/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml
@@ -98,7 +98,8 @@ under the License.
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
-
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
diff --git a/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml
index b9ffdd6..ad4777e 100644
--- a/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml
+++ b/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml
@@ -97,7 +97,8 @@
<class>org.apache.juddi.model.ControlMessage</class>
<class>org.apache.juddi.model.ReplicationConfigurationNode</class>
<class>org.apache.juddi.model.EdgeReceiverAlternate</class>
-
+ <class>org.apache.juddi.security.rbac.RbacRulesModel</class>
+
<properties>
<property name="hibernate.archive.autodetection" value="class"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
index 4fc25e1..a089670 100644
--- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
+++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
@@ -318,6 +318,7 @@ public class TckBusiness {
// Now get the entity and check the values
GetBusinessDetail gb = new GetBusinessDetail();
gb.getBusinessKey().add(businessKey);
+ gb.setAuthInfo(authInfo);
BusinessDetail bd = inquiry.getBusinessDetail(gb);
List<BusinessEntity> beOutList = bd.getBusinessEntity();
BusinessEntity beOut = beOutList.get(0);
diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java
index 1feadf4..6bee798 100644
--- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java
+++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java
@@ -14,6 +14,7 @@
*/
package org.apache.juddi.v3.tck;
+import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import static junit.framework.Assert.assertEquals;
@@ -92,15 +93,17 @@ public class TckTModel {
*
* @param authInfo
* @param tModelXml this is a relative file path
+ * @return all created tmodel keys
*/
- public void saveTModels(String authInfo, String tModelXml) {
-
+ public List<String> saveTModels(String authInfo, String tModelXml) {
+ List<String> keys = new ArrayList<>();
// Add tModels
try {
SaveTModel st = (org.uddi.api_v3.SaveTModel) EntityCreator.buildFromDoc(tModelXml, "org.uddi.api_v3");
for (int i = 0; i < st.getTModel().size(); i++) {
saveTModel(authInfo, st.getTModel().get(i), false);
+ keys.add(st.getTModel().get(i).getTModelKey());
}
//st.setAuthInfo(authInfo);
//publication.saveTModel(st);
@@ -109,6 +112,7 @@ public class TckTModel {
logger.error(e.getMessage(), e);
Assert.fail("No exception should be thrown");
}
+ return keys;
}
public TModel saveTModel(String authInfo, TModel tmIn, boolean force) {
@@ -139,6 +143,7 @@ public class TckTModel {
keyscreated.add(tmIn.getTModelKey());
// Now get the entity and check the values
GetTModelDetail gt = new GetTModelDetail();
+ gt.setAuthInfo(authInfo);
gt.getTModelKey().add(tmIn.getTModelKey());
TModelDetail td = inquiry.getTModelDetail(gt);
List<org.uddi.api_v3.TModel> tmOutList = td.getTModel();
@@ -276,8 +281,8 @@ public class TckTModel {
* creates key generator
* @param authInfoTM
*/
- public void saveUDDIPublisherTmodel(String authInfoTM) {
- saveTModel(authInfoTM, TMODEL_PUBLISHER_TMODEL_XML, TMODEL_PUBLISHER_TMODEL_KEY, false);
+ public TModel saveUDDIPublisherTmodel(String authInfoTM) {
+ return saveTModel(authInfoTM, TMODEL_PUBLISHER_TMODEL_XML, TMODEL_PUBLISHER_TMODEL_KEY, false);
}
public void saveTmodels(String authInfoJoe) {
diff --git a/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java b/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java
index 294bc8d..9317cc7 100644
--- a/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java
+++ b/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java
@@ -27,11 +27,11 @@ import javax.xml.bind.annotation.XmlType;
@XmlEnum
public enum AccessLevel {
- NONE,
- READ,
- WRITE,
- OWN,
- CREATE;
+ NONE((short)0),
+ READ((short)1),
+ WRITE((short)2),
+ OWN((short)3),
+ CREATE((short)4);
public String value() {
return name();
@@ -40,5 +40,14 @@ public enum AccessLevel {
public static AccessLevel fromValue(String v) {
return valueOf(v);
}
-
+
+ private final short value;
+
+ private AccessLevel(short val){
+ value=val;
+ }
+
+ public short getLevel(){
+ return value;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org