1 22 package org.jboss.web.tomcat.security.authorization.delegates; 23 24 import java.io.ByteArrayOutputStream ; 25 import java.net.URI ; 26 import java.security.Principal ; 27 import java.security.acl.Group ; 28 import java.util.Enumeration ; 29 import java.util.HashSet ; 30 import java.util.Iterator ; 31 import java.util.Set ; 32 33 import javax.security.jacc.PolicyContext ; 34 import javax.servlet.http.HttpServletRequest ; 35 36 import org.apache.catalina.connector.Request; 37 import org.jboss.logging.Logger; 38 import org.jboss.security.AuthorizationManager; 39 import org.jboss.security.SimplePrincipal; 40 41 import com.sun.xacml.Indenter; 42 import com.sun.xacml.attr.AnyURIAttribute; 43 import com.sun.xacml.attr.StringAttribute; 44 import com.sun.xacml.attr.TimeAttribute; 45 import com.sun.xacml.ctx.Attribute; 46 import com.sun.xacml.ctx.RequestCtx; 47 import com.sun.xacml.ctx.Subject; 48 49 51 57 public class WebXACMLUtil 58 { 59 private static Logger log = Logger.getLogger(WebXACMLUtil.class); 60 private boolean trace = log.isTraceEnabled(); 61 62 public WebXACMLUtil() 63 { 64 } 65 66 public RequestCtx createXACMLRequest(Request request, 67 AuthorizationManager authzManager, javax.security.auth.Subject callerSubject) throws Exception 68 { 69 HttpServletRequest httpRequest = (HttpServletRequest )request.getRequest(); 70 if(httpRequest == null) 71 throw new IllegalArgumentException ("Http Request is null"); 72 if(authzManager == null) 73 throw new IllegalArgumentException ("Authorization Manager is null"); 74 String httpMethod = httpRequest.getMethod(); 75 String action = "GET".equals(httpMethod)?"read":"write"; 76 77 String actionURIBase = "urn:oasis:names:tc:xacml:2.0:request-param:attribute:"; 79 80 RequestCtx requestCtx = null; 81 Principal principal = request.getPrincipal(); 82 String username = getUserName(callerSubject); 83 Set roles = authzManager.getUserRoles(principal); 85 URI subjectAttrUri = new URI ("urn:oasis:names:tc:xacml:1.0:subject:subject-id"); 87 Attribute subjectAttr = new Attribute(subjectAttrUri,null,null, 88 new StringAttribute(username)); 89 Set subjectAttrSet = new HashSet (); 90 subjectAttrSet.add(subjectAttr); 91 subjectAttrSet.addAll(getXACMLRoleSet(roles)); 92 93 Set subjectSet = new HashSet (); 94 subjectSet.add(new Subject(subjectAttrSet)); 95 96 URI resourceUri = new URI ("urn:oasis:names:tc:xacml:1.0:resource:resource-id"); 98 Attribute resourceAttr = new Attribute(resourceUri,null,null, 99 new AnyURIAttribute(new URI (getRequestURI(request)))); 100 Set resourceSet = new HashSet (); 101 resourceSet.add(resourceAttr); 102 103 Set actionSet = new HashSet (); 105 actionSet.add(new Attribute(new URI ("urn:oasis:names:tc:xacml:1.0:action:action-id"), 106 null,null, new StringAttribute(action))); 107 108 Enumeration enumer = request.getParameterNames(); 109 while(enumer.hasMoreElements()) 110 { 111 String paramName = (String )enumer.nextElement(); 112 String paramValue = request.getParameter(paramName); 113 URI actionUri = new URI (actionURIBase + paramName); 114 Attribute actionAttr = new Attribute(actionUri,null,null, 115 new StringAttribute(paramValue)); 116 actionSet.add(actionAttr); 117 } 118 Set environSet = new HashSet (); 120 URI currentTimeUri = new URI ("urn:oasis:names:tc:xacml:1.0:environment:current-time"); 122 Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null, 123 new TimeAttribute()); 124 environSet.add(currentTimeAttr); 125 126 requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet); 128 129 if(trace) 130 { 131 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 132 requestCtx.encode(baos, new Indenter()); 133 log.trace("XACML Request:"+baos.toString()); 134 baos.close(); 135 } 136 return requestCtx; 137 } 138 139 private Set getXACMLRoleSet(Set roles) throws Exception 140 { 141 URI roleURI = new URI ("urn:oasis:names:tc:xacml:2.0:example:attribute:role"); 142 143 Set roleset = new HashSet (); 144 Iterator iter = roles != null ? roles.iterator(): null; 145 while(iter != null && iter.hasNext()) 146 { 147 Principal role = (Principal )iter.next(); 148 if(role instanceof SimplePrincipal) 149 { 150 SimplePrincipal sp = (SimplePrincipal)role; 151 Attribute roleAttr = new Attribute(roleURI,null,null, 152 new StringAttribute(sp.getName())); 153 roleset.add(roleAttr); 154 } 155 } 156 return roleset; 157 } 158 159 private String getRequestURI(Request request) 160 { 161 String requestUri = request.getRequestURI(); 162 return requestUri; 163 } 164 165 private String getUserName(javax.security.auth.Subject caller) throws Exception 166 { 167 String user = ""; 168 Iterator iter = caller.getPrincipals().iterator(); 169 while(iter.hasNext()) 170 { 171 Principal p = (Principal )iter.next(); 172 if(p instanceof SimplePrincipal && !(p instanceof Group )) 173 { 174 SimplePrincipal sp = (SimplePrincipal)p; 175 user= sp.getName(); 176 } 177 } 178 return user; 179 } 180 } 181 | Popular Tags |