KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > web > tomcat > security > authorization > delegates > WebXACMLUtil


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */

22 package org.jboss.web.tomcat.security.authorization.delegates;
23
24 import java.io.ByteArrayOutputStream JavaDoc;
25 import java.net.URI JavaDoc;
26 import java.security.Principal JavaDoc;
27 import java.security.acl.Group JavaDoc;
28 import java.util.Enumeration JavaDoc;
29 import java.util.HashSet JavaDoc;
30 import java.util.Iterator JavaDoc;
31 import java.util.Set JavaDoc;
32
33 import javax.security.jacc.PolicyContext JavaDoc;
34 import javax.servlet.http.HttpServletRequest JavaDoc;
35
36 import org.apache.catalina.connector.Request;
37 import org.jboss.logging.Logger;
38 import org.jboss.security.AuthorizationManager;
39 import org.jboss.security.SimplePrincipal;
40
41 import com.sun.xacml.Indenter;
42 import com.sun.xacml.attr.AnyURIAttribute;
43 import com.sun.xacml.attr.StringAttribute;
44 import com.sun.xacml.attr.TimeAttribute;
45 import com.sun.xacml.ctx.Attribute;
46 import com.sun.xacml.ctx.RequestCtx;
47 import com.sun.xacml.ctx.Subject;
48
49 //$Id: WebXACMLUtil.java 46543 2006-07-27 20:22:05Z asaldhana $
50

51 /**
52  * Utility class for creating XACML Requests
53  * @author <a HREF="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
54  * @since Jun 21, 2006
55  * @version $Revision: 46543 $
56  */

57 public class WebXACMLUtil
58 {
59    private static Logger log = Logger.getLogger(WebXACMLUtil.class);
60    private boolean trace = log.isTraceEnabled();
61    
62    public WebXACMLUtil()
63    {
64    }
65    
66    public RequestCtx createXACMLRequest(Request JavaDoc request,
67          AuthorizationManager authzManager, javax.security.auth.Subject JavaDoc callerSubject) throws Exception JavaDoc
68    {
69       HttpServletRequest JavaDoc httpRequest = (HttpServletRequest JavaDoc)request.getRequest();
70       if(httpRequest == null)
71          throw new IllegalArgumentException JavaDoc("Http Request is null");
72       if(authzManager == null)
73          throw new IllegalArgumentException JavaDoc("Authorization Manager is null");
74       String JavaDoc httpMethod = httpRequest.getMethod();
75       String JavaDoc action = "GET".equals(httpMethod)?"read":"write";
76       
77       //Non-standard uri
78
String JavaDoc actionURIBase = "urn:oasis:names:tc:xacml:2.0:request-param:attribute:";
79       
80       RequestCtx requestCtx = null;
81       Principal JavaDoc principal = request.getPrincipal();
82       String JavaDoc username = getUserName(callerSubject);
83       //Get the roles from the authorization manager
84
Set JavaDoc roles = authzManager.getUserRoles(principal);
85       //Create the subject set
86
URI JavaDoc subjectAttrUri = new URI JavaDoc("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
87       Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
88             new StringAttribute(username));
89       Set JavaDoc subjectAttrSet = new HashSet JavaDoc();
90       subjectAttrSet.add(subjectAttr);
91       subjectAttrSet.addAll(getXACMLRoleSet(roles));
92       
93       Set JavaDoc subjectSet = new HashSet JavaDoc();
94       subjectSet.add(new Subject(subjectAttrSet));
95       
96       //Create the resource set
97
URI JavaDoc resourceUri = new URI JavaDoc("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
98       Attribute resourceAttr = new Attribute(resourceUri,null,null,
99             new AnyURIAttribute(new URI JavaDoc(getRequestURI(request))));
100       Set JavaDoc resourceSet = new HashSet JavaDoc();
101       resourceSet.add(resourceAttr);
102       
103       //Create the action set
104
Set JavaDoc actionSet = new HashSet JavaDoc();
105       actionSet.add(new Attribute(new URI JavaDoc("urn:oasis:names:tc:xacml:1.0:action:action-id"),
106              null,null, new StringAttribute(action)));
107       
108       Enumeration JavaDoc enumer = request.getParameterNames();
109       while(enumer.hasMoreElements())
110       {
111          String JavaDoc paramName = (String JavaDoc)enumer.nextElement();
112          String JavaDoc paramValue = request.getParameter(paramName);
113          URI JavaDoc actionUri = new URI JavaDoc(actionURIBase + paramName);
114          Attribute actionAttr = new Attribute(actionUri,null,null,
115                new StringAttribute(paramValue));
116          actionSet.add(actionAttr);
117       }
118       //Create the Environment set
119
Set JavaDoc environSet = new HashSet JavaDoc();
120       //Current time
121
URI JavaDoc currentTimeUri = new URI JavaDoc("urn:oasis:names:tc:xacml:1.0:environment:current-time");
122       Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
123             new TimeAttribute());
124       environSet.add(currentTimeAttr);
125       
126       //Create the request context
127
requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
128       
129       if(trace)
130       {
131          ByteArrayOutputStream JavaDoc baos = new ByteArrayOutputStream JavaDoc();
132          requestCtx.encode(baos, new Indenter());
133          log.trace("XACML Request:"+baos.toString());
134          baos.close();
135       }
136       return requestCtx;
137    }
138    
139    private Set JavaDoc getXACMLRoleSet(Set JavaDoc roles) throws Exception JavaDoc
140    {
141       URI JavaDoc roleURI = new URI JavaDoc("urn:oasis:names:tc:xacml:2.0:example:attribute:role");
142    
143       Set JavaDoc roleset = new HashSet JavaDoc();
144       Iterator JavaDoc iter = roles != null ? roles.iterator(): null;
145       while(iter != null && iter.hasNext())
146       {
147          Principal JavaDoc role = (Principal JavaDoc)iter.next();
148          if(role instanceof SimplePrincipal)
149          {
150             SimplePrincipal sp = (SimplePrincipal)role;
151             Attribute roleAttr = new Attribute(roleURI,null,null,
152                 new StringAttribute(sp.getName()));
153             roleset.add(roleAttr);
154          }
155       }
156       return roleset;
157    }
158    
159    private String JavaDoc getRequestURI(Request JavaDoc request)
160    {
161       String JavaDoc requestUri = request.getRequestURI();
162       return requestUri;
163    }
164    
165    private String JavaDoc getUserName(javax.security.auth.Subject JavaDoc caller) throws Exception JavaDoc
166    {
167       String JavaDoc user = "";
168       Iterator JavaDoc iter = caller.getPrincipals().iterator();
169       while(iter.hasNext())
170       {
171          Principal JavaDoc p = (Principal JavaDoc)iter.next();
172          if(p instanceof SimplePrincipal && !(p instanceof Group JavaDoc))
173          {
174             SimplePrincipal sp = (SimplePrincipal)p;
175             user= sp.getName();
176          }
177       }
178       return user;
179    }
180 }
181
Popular Tags